Beta : Windows SteadyState 2.5


Specific Beta Feedback
Your customer feedback and support is valuable to the upcoming release of Windows SteadyState 2.5 and we want to ensure that we provide a great experience for you! Email comments and issues to or post at our SteadyState Beta Community Site. Continually check the SteadyState Beta Community Site for announcements and topic discussions during our Beta program. We are specifically looking for feedback around:

  • Overall Performance and Stability with Windows Vista Features
  • Windows Disk Protection
  • User Restrictions and Setting with Microsoft Office and Internet Explorer 7

Along with the Beta, be sure to download the updated Windows SteadyState Handbook.

Features Included with Windows SteadyState
Windows SteadyState includes the following features to help you manage your shared computers:

  • Getting Started – Provides the initial steps to help you during your first time use of Windows SteadyState.
  • Windows Disk Protection – Help protect the Windows partition, which contains the Windows operating system and other programs, from being modified without administrator approval. Windows SteadyState allows you to set Windows Disk protection to remove all changes at a certain date and time or to not remove changes at all. If you choose to use Windows Disk Protection to remove changes, any changes made by shared users when they are logged on to the computer are removed when the computer is restarted.
  • User Restrictions and Settings – The user restrictions and settings can help to enhance and simplify the user experience. Restrict user access to programs, settings, Start menu items, and options in Windows. You can also lock shared user accounts to prevent changes from being retained from one session to the next.
  • User Account Manager – Create and delete user accounts. You can use Windows SteadyState to create user accounts on alternative drives that will retain user data and settings even when Windows Disk Protection is turned on. You can also import and export user settings from one computer to another—saving valuable time and resources.
  • Computer Restrictions – Control security settings, privacy settings, and more, such as preventing users from creating and storing folders in drive C and from opening Microsoft Office documents from Internet Explorer.
  • Schedule Software Updates – Update the shared computer with the latest software and security updates when it is convenient for you and the shared users.

Download Windows SteadyState 2.5

Source : /

Windows Live OneCare 2.0 launchday

Today marks the launch of Windows Live OneCare 2.0, Microsoft’s 2nd revision of its all-in-one home computer management offering, combining anti-virus, firewall, spyware protection and backup software all into the same application. So what’s new in this version?  According to a new OneCare 2.0 Reviewer’s Guide, quite a bit:

Security and Protection Technologies

· Wi-Fi connection security (New)

· Real-time and scheduled anti-malware scanning

· Two-way managed firewall with automatic policy updates

· Internet Explorer® 7 Phishing Filter integration

· Microsoft Update integration

· OneCare advisories

PC Performance Tuning and Optimization

· Proactive fixes and recommendations for PC health (New)

· Start-time optimizer/turn off unused programs (New)

· Automatic disk defragmentation and hard drive cleanup

Data Backup and Restore

· Centralized backup for multiple local networked PCs (New)

· Online backup for photos (available at added cost) (New)

· Full and differential backups for key file types, including music, photos and financial documents

· Backs up to CD, DVD, external hard drive, local network drive and USB-connected devices

Network and Multi-PC Management

· Multi-PC management and monitoring (New)

· Automatic printer-sharing configuration (New)

· Firewall Connection Wizard for complex connections

Reporting, Licensing and Support

· Monthly report of service and results (New)

· Free version upgrades over the course of the 12-month subscription

· Telephone, chat and e-mail support

· Freedom to install OneCare on up to three PCs

OneCare is available in 17 countries and 7 languages, at (unlike zuneoriginals which is well, disappointing people outside the USA).  Finally if you have any problems with the new release don’t forget the official Windows Live OneCare forums.

Source : LiveSide.NET

Windows Live OneCare 2.0 Final – Coming Soon


Looks like OneCare 2.0 could be going gold very soon. As well as it showing up on with a retail release date of next week, an email sent to OneCare users tonight suggests that a web release will be even sooner than that. On top of that, the OneCare installation page has been unavailable for several hours tonight, which is always a good sign that a release is right around the corner.

Click for larger image

For those of you already using OneCare, you should be prompted to upgrade once the new version is available, though you can still upgrade manually once its out. If you haven’t been testing the OneCare 2.0 beta, you should read up on the new features before it launches – new features include multi PC management, centralised backups and much more. You never know, it might just catch your eye…  😉

Source : LiveSide.NET

2007 Microsoft Office Security Guide


I read the following on Microsoft IT Pro Evanvgelist Jeff Alexander’s blog :

Do you have email systems? Do you use desktop applications like Microsoft Office?  We all do right?  Collaboration tools are an essential part of our working life today.  Unfortunately the bad guys know this as well so they are regularly targeting organizations that use these collaboration tools.  As a result IT Pro’s are concerned about users opening back doors to attackers by simply opening an email attachment, running a macro or using add-ins that contain viruses or other malicious software.

The 2007 Microsoft Office release is the most secure version of Office we have released to date and comes with many new security features.  To help customers deploy these features quickly and easily we have released the

2007 Microsoft Office Security Guide.  The guide is based on real-world experience from key customers, government agencies and Microsoft security experts.  We also include a GPO Accelerator tool as part of the guide that will allow you to deploy Office security settings in minutes not days!

So if you are in the middle of a deployment or are about to deploy check out this guide because it will save you heaps of time!

More Info about 2007 Microsoft Office Security Guide
Download 2007 Microsoft Office Security Guide
Download GPO Accelerator Tool

Network Monitor 3 OneClick Capture Tool (beta)

Thanks go to Steven Bink (from for blogging the following :

Wish you could get a network capture from a computer with no capture software installed? Wish you could have a network traffic “flight recorder” on a USB key? Here’s your answer!”

The motivation behind creating this tool was to provide an extremely simple way to get a trace from an end user. And the name says it all, though maybe a small bit of false advertisement as it may take a bit more than just one click :). Once you have it downloaded to your machine, you can launch the executable and it will lead you through some simple dialogs that install the tool and start a trace. Once the trace is complete, which means it was manually stopped by the user or the default time of 2 hours have passed, a window will be opened to the location for the capture, called OneClick.cap.

Two Versions for Two Scenarios

One Click Autorun: The main scenario is a customer who has network access and can simply click on the EXE from a share or get the tool locally using the internet. Running this version will install NM 3.1 on your machine (if you do not already have a previous version of NM 3) and begin capturing. The capture will terminate after 2 hours, or if you press the ‘x’ key on your keyboard. If you did not have NM3 on your machine previously, NM 3.1 will subsequently be uninstalled.

Extract Only: For this scenario, the user doesn’t have network access at all. This version is tailor made for use with a USB drive to be inserted into a problem machine. If you place the files on the root of a flash drive, One Click will run automatically when you insert the drive.  You can also run One Click by double clicking the file “OneClick.cmd” in the destination folder. The resulting capture will be copied back onto the USB device.

Detailed Tour of a One Click Capture

First thing I should mention is if you are running on Vista and don’t have NM3.1 previously installed or you are not a member of the Netmon User’s group, then you will need to run the EXE with elevated rights. Just right click the EXE and select “Run as Administrator”.

When you launch the One Click tool, it will prompt you with a EULA dialog. Assuming you accept the terms, then click YES. Remember that we do install a driver for Vista in cases where NM3 is not already installed. Also one caveat here is that if NM3.0 is installed, we use that driver rather than installing a new one. The disadvantage here is that NM3.0 can’t do wireless monitor mode or RAS capturing.

Once you accept the EULA, a CMD prompt dialog with a red background and white text shows up. We leverage NMCap for this job which is a command line utility, hence the CMD window. The window contains instructions as to where the capture file will be put by default. If you want to change this location, you can type a new one now.

If you choose the default be pressing enter, the capture will be started. At this point typing X on the keyboard will stop the capture once you are done. If you don’t press the X key, the capture will complete after 2 hours.

When the capture completes, an explorer window will open to the location where the capture file was stored. This allows the user to simply send the file to you in email or upload it to a location where it can be accessed by the original requestor.

If multiple captures are taken with the tool, the current OneClick.cap file will be renamed and appended with an incrementing number on the end.

Obtaining the Tool

At this point we are beta testing the tool. So the only means of getting it is on the Network Monitor project on When you join the project, you will see both the Auto-run and Extract Only packages in the download section. Once we release the tool, we will make it available on the Microsoft Download site as this is more convenient, which is our goal for this tool.

Forefront Multi-Engine Scanning Comparison


Last week I’ve been on a Forefront Training at Microsoft. For the guys/girls that don’t know Forefront : Check out the ForeFront Website or the ForeFront Team Blog, there’s a lot of information available there!
One of the good things about Forefront is that it runs several Scan Engines at once so there’s always an engine running that detects the virus/mallware/etc.

At the Forefront blog an updated comparison of the Single-AV engines vs. the multi-engine approach by Forefront Security for Exchange Server and Forefront Security for SharePoint is shown. The tests were run over the summer, by, and show the considerable difference in performance.

Forefront Client Security Health Management Pack for MOM 2005 SP1 Available

Today I read the following on the Forefront Client Security weblog :

While you’ve always had the ability to use MOM 2005 to monitor things like IIS and SQL for your Client Security servers, this management pack gives you the additional ability to monitor some key FCS services:

  • Definition Import Failure
  • Microsoft Client Security Update Assistant service—That’s the service that allows WSUS 2.0 to be configured to receive updates every hour rather than just once a day. For those of you running WSUS 2.0, you’ll be glad to have the ability to monitor this!
  • Forefront Client Security Management service—This service is important because it parses antimalware definitions and adds the information to the collection database table fcs_Threat_Metadata_tbl. And that table is not only read by the management console when you set overrides based on threat, it’s also used by FCS reporting for information about specific threats.

I should clarify; the management pack is installed in your MOM 2005 environment to extend existing MOM functionality, not on your FCS servers.

Of course, loading the management pack doesn’t impact how you’ll be monitoring your client computers. In other words, you won’t need to redeploy your implementation in order to add this additional monitoring functionality. You’ll continue to use the Client Security consoles you’re familiar with for your client monitoring. The Health Management pack is just for monitoring your FCS servers, not client computers. And just for environments that choose to implement a MOM 2005 monitoring solution.

(notice, it’s a MOM 2005 management pack, not a SCOM management pack, just in case you were wondering “Hey, will this work with SCOM?”)

Download the MOM 2005 Management Pack

Security : DHCP Server & MAC address filtering with Server 2008

The DHCP Server Callout DLL helps to filter out DHCP requests based on MAC address.

When a device or computer tries to connect to network, it first tries to obtain an IP address from the DHCP Server. The Callout DLL (read: hook-in DLL) also works and should continue to work on Windows Server 2008.

The DHCP Server Callout DLL checks if this device MAC address is present in known list (text file) of MAC addresses configured by administrators.
If it is present, the device will be allowed to obtain an IP address or the device requests will be ignored based on the action configured by administrator.
MAC address based filtering will allow network administrators to ensure that only a know set of devices in the system are able get ip address from DHCP Server. This DLL will help administrators to enforce additional security into network.

After installation, both the DLL (MacFilterCallout.dll) and the installation/configuration instructions (SetupDHCPMacFilter.rtf) are available under %windir%system32.

Download MacFilterCallout.dll

Additional Information : DHCP Team Blog

Source : TechLog

Microsoft Forefront Server Security Management Console

Vandaag heeft Microsoft de Forefront Server Security Management Console ter download beschikbaar gesteld.

Met deze Management Console kun je Forefront Security for Exchange, Forefront Security for Sharepoint en Microsoft Antigen eenvoudig beheren door middel van een web-based console. Ook kun je eenvoudig nieuwe signatures verspreiden, scan engines updaten of uitgebreide rapportages genereren. De Forefront Security Management Console geeft beheerders ook de tools om snel te kunnen reageren op virusuitbraken.

Klik hier om de Forefront Security Management Console te downloaden