4sysops

UAC off = IE protected mode off – Windows Phone 7 to drop multitasking – How Wi-Fi attackers are poisoning Web browsers

Michael Pietroforte — Mon, 08 Feb 2010 21:12:45 +0000

UAC off = IE protected mode off The Google hack vulnerability probably is harmless if IE protected mode is enabled.
Windows Phone 7 to drop multitasking? Can’t believe that MS copies this ridiculous iPhone “feature”.
How Wi-Fi attackers are poisoning Web browsers VPN is a must in public Wi-Fi networks.

Raffle: Oops!Backup – Continuous Data Protection for client computers

Michael Pietroforte — Mon, 08 Feb 2010 21:05:11 +0000

Altaro is raffling 15 licenses of their nifty backup tool for desktops and laptops. Each license is worth US$37. I tested Oops!Backup for a few days and was quite content with the results. I am a big fan of Continuous Data Protection (CDP), not only because the backup intervals are significantly shorter than with conventional backup tools, but also because configuration and handling are much easier. In this post, I will outline the CDP features of Oops!Backup and, in my next post, I will discuss the tool’s ReverseDelta technology and its suitability for laptop backups.

The name Oops!Backup fits well for a CDP backup solution because it protects users from their own mistakes. If you accidentally delete or overwrite a text document on which you have been working for the last few hours, then yesterday’s backup won’t be helpful. Oops!Backup secures user data every hour by the default, but you can also configure it to check for changed files every five minutes. This makes the tool a “near CDP program” , the difference being that real CDP backup solutions save new data immediately.

In my opinion, five-minute intervals are enough for client computers. In my test, this interval worked fine and didn’t slow down my computer. Actually, one of the disadvantages of conventional backup tools is that they slow down the computer during backups because they have to scan the file system for changed files.

In contrast, Oops!Backup listens to Windows file system events in order to detect file changes. Thus, when the time of the backup is reached, Oops!Backup already knows which files have been modified and only these are accessed during the backup process. In most cases, the backup is finished after one or two seconds.

What I like most about CDP solutions is that you don’t have to mess with incremental or differential backups. There is just one backup job and that’s it. This not only makes the backup job configuration easier, it also tremendously simplifies restoring files. To restore a file, you only have to select a snapshot and you will get the file’s state at that point in time. If you work with incremental backups, you have to find the corresponding backup job first. If you don’t know when the file was last changed, this can be quite time consuming.

Moreover, with differential and incremental backups, if you have to restore all files in case of a disaster recovery, you will also restore files that have been deleted deliberately since the last full backup. Hence, you will never get the exact state before the disaster. Oops!Backup, on the other hand, removes deleted files automatically from the latest backup. Therefore, any snapshot represents the exact state of the file system at that point in time.

If you’d like to have the chance to win one of the 15 Oops!Backup licenses, please send an email to

with the subject line

Oops!Backup.

The deadline for entering this contest is March 8, 2010.

Related

New IE vulnerability – Massive Windows patch day next week – VM support for Azure – IE as popular as ever – MS Office in the cloud

Michael Pietroforte — Fri, 05 Feb 2010 20:23:51 +0000

New Internet Explorer vulnerability
Microsoft plans massive Windows patch day next week
Microsoft to add Remote Desktop and VM support to Azure
Internet Explorer in enterprises as popular as ever
Microsoft May Launch New Office Cloud License

FREE: JiJi Self Service Password Reset – Allows end users reset their password

4sysops reader — Fri, 05 Feb 2010 20:08:59 +0000

Submitted by Santhosh – Blog: JiJi Technologies

With JiJi Self Service Password Reset(JSSPR), end-users now have the ability to securely reset their own Active Directory passwords without having to involve highly technical helpdesk professionals. JSSPR lowers end-user downtime, end-users no longer have to wait for a member of the helpdesk staff to reset their forgotten or lost password.

JiJi Self Service Password Reset is free up to 50 users.

JiJi Self Service Password Reset

Related

FREE: Elevation Gadget – Drag and drop to elevate programs

Michael Pietroforte — Thu, 04 Feb 2010 09:02:32 +0000

There are quite a few ways to elevate a program (run with administrator rights) under Vista and Windows 7. The sidebar widget Elevation Gadget is another option that can be helpful in some situations. You can place it on your desktop and drag applications or scripts on it that you want to run in elevated mode.

It is also possible to run multiple programs with admin privileges this way. You just have to select the corresponding icons and move them onto the Elevation Gadget. You can also type commands inside the widget to launch programs. The tool’s history buffer allows you to start previously launched programs.

I think, the Elevation Gadget is most useful if you have to fire up elevated scripts often. It is faster than through an elevated command prompt, because the gadget always sits on your desktop.

Unfortunately, one can’t drag text files onto the tool. For example, it would be nice if one could launch an elevated notepad with a text file from the Programs folder, by just dragging the text file to the Elevation Gadget. I still find it quite inconvenient that I can’t edit a file in these restricted folders by just double clicking on it. What is your solution to this problem?

Elevation Gadget

Related

Office 2010 release date – Deploy Windows without WDS – Hyper-V and memory overcommitment – Microsoft outpaces Apple in customer satisfaction

Michael Pietroforte — Wed, 03 Feb 2010 20:51:27 +0000

Microsoft confirms Office 2010 has reached the Release Candidate stage
Microsoft nears Office 2010 release
Installing Windows from a network server without Windows Deployment Services
Hyper-V to get memory overcommitment with the next Service Pack?
Microsoft Outpaces Apple in Customer Satisfaction
Windows veteran Mike Nash to leave Microsoft

FREE: BlueScreenView – Display Blue Screen of Death (BSoD) information

Michael Pietroforte — Wed, 03 Feb 2010 20:10:07 +0000

In my article about the analysis of Windows crashes, readers recommended the freeware tool BlueScreenView from Nirsoft. I had a look at it, and it is indeed quite useful. It helped me to get an idea about the cause of the crashes of my Windows 7 machine. The portable tool reads the data from the crash dump files in c:\Windows\Minidump.

The lower pane shows all drivers that have been loaded when the system crashed. The ones that have been in the crash stack; that is, the ones that are most likely responsible for the crash can be highlighted. You can also display the original blue screen that Windows displayed after the crash.

The upper pane displays all dump files with the most important parameters: “Crash Time”, “Bug Check String”, “Caused by Driver”, “File Description”, etc. In my case, the revealing information was the value “DRIVER_POWER_STATE_FAILURE” of the Bug Check String. It indicates that the standby mode was the culprit. I don’t remember that I have ever had a computer where the Windows standby mode worked reliably. I suppose, Windows is much too complex for such a feature. There is always a third party driver that is sulking if it is forced to go to sleep.

Another crash was caused by my SATA driver (iaStorV.sys). Further investigation revealed that the power savings mode of an eSATA drive made my system unstable, so I disabled this feature.

BlueScreenView

Related

How to monitor Exchange 2003 – Windows 7 battery life failures – IE8 most-used browser – Windows Azure Drive Beta – 10 Best IT jobs

Michael Pietroforte — Tue, 02 Feb 2010 21:45:40 +0000

How to REALLY monitor SMTP, POP3 and IMAP on Exchange 2003
Microsoft looking into Windows 7 battery life failures
Internet Explorer 8 Officially Becomes World’s Most-Used Browser
Microsoft Windows Azure Drive Beta Released
10 Best IT Jobs Right Now

FREE: Bad Application – Test application crashes

Michael Pietroforte — Tue, 02 Feb 2010 21:20:58 +0000

For once, this is a really useful application that the WindowsBlog (German) dug out. I couldn’t resist reviewing it for 4sysops. The main purpose of Bad Application is to crash. Yes, you just read the last sentence correctly. As you can see in the screenshot, the tool has four options: hang process, crash process, start flashing, and terminate Explorer. The last two features are bit lame, but I do like the first two.

Hang process will just start an endless loop, which will change its window title to the well-known and often experienced “not responding”. I get this telling “not responding” message from Firefox and Outlook at least once a day. It is good to know that other apps have this feature, too.

Crash process reliably does what it is supposed to do. It crashes the Bad Application process, which will call Windows into action “checking for a solution to the problem”. As usual, Windows somehow can’t find a solution, so you better just hit the “cancel” button.

Now, you will probably ask, what the heck is such a tool good for? The answer is simple. If you want to test a monitoring solution such as System Center Desktop Error Monitoring, then you need an application that crashes reliably. It is not that it is difficult to find applications that crash regularly. The problem is that most applications only crash at the worst moment, but usually not when you want them to. There is no doubt that Murphy’s Law belongs to the best confirmed scientific laws.

Bad Application is also useful for Apple believers. If you want to convert one of your friends and make her support your church, then you just have to crash Bad Application a couple of times on her new Windows 7 laptop, and then show her the reliability history in the reliability monitor. If you look long enough at the curve, you might even be able to confirm your own religious prejudices.

Bad Application

Related

Windows 8 release date – Windows 7 adoption – iPad vs. A Rock – DPM 2010 Beta 1 review – Azure launch – Google drops IE6 support

Michael Pietroforte — Mon, 01 Feb 2010 20:56:12 +0000

Ex-Microsoft worker pens Windows 8 for July 2011
Windows 7 adoption swells, as XP suffers record drop
Microsoft has sold over 60 million Windows 7 licenses; it is the fastest selling operating system in history
Microsoft Reports Record Second-Quarter Results It seems the recession is over for some companies.
iPad v. A Rock Agreed. The iPad won this comparison.
Review: Microsoft System Center Data Protection Manager 2010 Beta 1
Microsoft releases tool to restore NTBackup files on Windows 7 and Windows Server 2008 R2
Microsoft To Launch Pennies-Per-Hour Azure Cloud Service Monday
Google begins dropping support for Internet Explorer 6
Windows 7 RC nears auto-shutdown deadline, Microsoft warns

FREE: Extended Task Manager – Find resource eaters

Michael Pietroforte — Mon, 01 Feb 2010 20:40:32 +0000

Free Extended Task Manager adds a few useful features to the Windows Task Manager. The tool does not have as many functions as Process Explorer or Process Hacker, but it could be particularly useful if you are having performance problems and want to quickly find the culprit.

If your computer behaves sluggishly, then there are usually three possible causes: An application occupies too many CPU resources, needs too much RAM, or keeps your hard disk busy. Free Extended Task Manager tool adds a third graph to the Performance tab that displays the disk input/output activity. This way, you’ll see all three important parameters (CPU usage, RAM usage, Disk I/O) at a glance.

Once you know which of the three parameters is affected, you can hover with the mouse over the corresponding chart. Extended Task Manager will then display the process that occupies most of the resources.

Another interesting feature is the “freeze function”. It allows you to stop a process without terminating it. As soon as you resume the process, it will just continue where it stopped. Thus, if an application demands too many resources at an inconvenient moment, you can just freeze it and let it continue once you have finished your work. A typical example is if a backup program keeps your hard disk so busy that the whole system performance is affected. However, I am not sure if all applications will like such rude intervention.

I also like the features that enable you to determine by what process a file has been locked. Locked files can’t be deleted or moved, which can be annoying at times. Free Extended Task Manager can display all files locked by a selected process and it can find all processes locking a specified file.

Free Extended Task Manager

Related

Raffle: GFI WebMonitor 2009 – Web Security

Michael Pietroforte — Fri, 29 Jan 2010 17:05:09 +0000

In my last post, I described GFI WebMonitor’s filtering features. Today, I will introduce the tool’s security functions. If you want to have a chance to win a license for 500 clients worth 8,500 dollars, please refer to the end of the article.

As noted in the first post of this series, there is a Web Security edition, which can be purchased separately, or with the Web Filtering edition. The Web Security edition consists of four modules: Download Control Policies, IM Control Policies, Virus Scanning Policies, and the Anti-Phishing Engine.

Download Control Policy

Download Control identifies the file types being downloaded and lets you configure whether WebMonitor allows the download, deletes the corresponding file, or quarantines it. For instance, you can allow HTML files, but block Windows executables or Javascript. I will say more about the quarantine feature below. There are 25 pre-defined file types, but you can also add your own. WebMonitor enables you to treat unknown attachments and all other file types separately. As with all WebMonitor policies, you can apply them only to certain users, groups, or IPs. It is possible to configure multiple policies and to configure different email addresses that will receive a notification in case of a policy violation.

IM Control Polices

The IM Control Policies enable you to block MSN and Windows Live Messenger traffic. However, this only works if you have configured Internet Explorer to use WebMonitor as web proxy. You probably know that you can also disable Microsoft’s Messenger through Group Policy. The advantage of using WebMonitor for this purpose is that you can easily set different polices for different users, groups, and IP addresses.

Virus and spyware protection

The Virus Scanning Policies are certainly the most important part of the WebMonitor’s WebSecurity edition. Even if you restrict downloads to non-executable file types with the Download Control Policies, malware can still find ways to allow them on users’ desktops because the file types could have been modified.

WebMonitor supports three scanning engines from well known anti-virus software vendors: BitDefender, Kaspersky, and Norman. Only Norman and BitDefender are included as standard, while Kaspersky is an optional add-on that has to be purchased separately. (Note that the winner of the 4sysops contest will get a license key that includes the Kaspersky scanning engine.)

All three scanning engines can run simultaneously, which gives you much better protection than using just one anti-virus software. Usually, anti-malware vendors are able to detect the majority of old viruses, but the real danger stems from new viruses that have not yet been analyzed. Using multiple scanning engines increases the likelihood that one of the vendors already has the signatures to protect your network from the latest threats. Of course, there is no problem using another on-demand scanning engine on your desktop; it would only add another line of defense.

You can configure separately the time interval WebMonitor looks for new anti-virus updates, and the administrator can be informed whenever the virus signatures have been successfully updated.

Anti-Phishing Engine

Since GFI is well-known vendor for anti-phishing solutions, WebMonitor is delivered with its own anti-phishing engine. The number of phishing sites is increasing steadily and their methods are becoming more and more sophisticated. A successful phishing attack can cause more damage to your organization than a virus that just cripples some of your PCs. Just imagine what happens if the bad guys get access to one of your company’s bank accounts. Thus, anti-phishing software has become essential for corporate networks. Whenever a user tries to open a phishing site, WebMonitor can block access and inform the user with a notification page. It is also possible to inform an administrator by email.

Quarantine

Any security software will cause false-positives, i.e. cases when blocking access to a service is unjustified. To help you manage such cases, WebMonitor comes with a quarantine feature. Potentially harmful files or URLs are stored in a protected location. Since users are notified when a WebMonitor policy has been breached, they can contact an administrator if they think it was unjustified. WebMonitor quarantines potentially harmful items that were detected by the Download Control Policies, the Web Filtering Policies, and the Virus Scanning Policies. This means that you have just one quarantine folder for both WebMonitor editions, which simplifies the handling of false positives if web security and web filtering is managed with one product. You can display items that have been quarantined by “today”, “yesterday”, “this week”, or “all items”. Approved items will be transferred to the Temporary Whitelist, which allows the user to access the corresponding item.

If you’d like to have the chance to win a GFI WebMonitor license for 500 clients worth 8,500 US dollars, please send an email to

with the subject line,

GFI WebMonitor.

Please give your full name and the name of your organization. The deadline for entering this contest is February 25, 2010.

Related

Raffle: GFI WebMonitor – Web Filtering

Michael Pietroforte — Thu, 28 Jan 2010 19:00:24 +0000

In my last post, I described GFI WebMonitor’s monitoring capabilities. Today, I will introduce the tool’s web-filtering features. If you want to have a chance to win a license for 500 clients worth 8,500 dollars, please refer to the end of the article.

The main purpose of web filtering is to prevent your company’s employees from spending time on the web for personal interests. Since many of the sites with the most popular web content—you know what I’m talking about—often contain malware, it will also improve security if you block them. The temptation to use the web for private matters at work has been growing along with the possibilities of the web.

The WebGrade database

GFI maintains a list of sites that are most likely unrelated to work in the so-called WebGrade database. I tried a few popular sites and GFI WebMonitor always blocked access to them. In such cases, WebMonitor displays a message in the user’s browser that the web site has been blocked from viewing.

GFI categorizes web sites, which allows you to block only certain site types. For example, you could block games and dating sites, but allow financial services. There are more than 70 such categories, which gives you an idea of how big this database already is. Of course, it is practically impossible to categorize the whole web. Therefore, there are certainly sites that users aren’t supposed to access but which are in the WebGrade database. However, this doesn’t really affect the effectiveness of WebMonitor’s filter.

First of all, the majority of users will try to access the most popular sites, which are all in the database. This alone prevents a lot of damage to your company. Even more importantly, users can’t know in advance which sites are blocked because GFI doesn’t publish the contents of the WebGrade database.

Once your users know that access to blocked sites is logged with their user names, and that admins will be notified whenever a company policy is violated, they will no longer feel like trying to outsmart your filter. And, since the WebGrade database is updated regularly, they can never be sure that a site that once was accessible is now in the list of blocked sites. Thus, whenever they are tempted to distract themselves from their work by surfing the web, they have to worry about being exposed.

Configuring web access

Just in case your company allows users to access the web for private matters after office hours, you can schedule WebMonitor’s filtering policies. Furthermore, you can apply a policy only to certain users, groups, or IP addresses; and you can define exceptions. It is also possible to assign different admin email addresses to which a notification will be sent whenever a user violates a policy.

If you’d like to have the chance to win a GFI WebMonitor license for 500 clients worth 8,500 US dollars, please send an email to

with the subject line,

GFI WebMonitor.

You can also just leave a comment below. The deadline for entering this contest is February 25, 2010.

Related

Hyper-V Manager – Microsoft virtualization technologie overview – VDI overrated – UK Security Breach Investigations Report

Michael Pietroforte — Wed, 27 Jan 2010 18:39:57 +0000

Hyper-V Manager: Sits in the System Tray and allows you to Start, Stop, Save State, and Pause the VMs running on the box
WindowsITPro magazine: Understanding Microsoft’s Virtualization Technologies Good introduction for virtualization newbies
Everyone who needs VDI already has it Good point by Brian Madden. VDI has always been overrated.
UK Security Breach Investigations Report, An Analysis of Data Compromise Cases (35 pages, PDF)

FREE: DHCP Reservation Manager – Easily migrate DHCP reservations

Alexander Weiß — Wed, 27 Jan 2010 18:34:26 +0000

We recently migrated our Windows Server 2003 based DHCP Server to Windows Server 2008 R2 because I wanted to use Network Access Protection to improve our network security. After half an hour the software was installed and I started to configure the DHCP server. I quickly defined scope, NAP configuration, and all the other options and all I had left to do was move the DHCP reservations to the new server. I had no intention of transferring the addresses manually—it’s not that I am lazy, but copying and pasting many items is an error-prone process—and so I started looking for a migration tool.

Microsoft’s GUI for managing DHCP doesn’t provide any solution for this matter. Gladly I found a script called the DHCP Reservation Manager that does exactly what I needed: automatically migrate DHCP reservations. You can read about its features here. The tool offers four options:

Migrate reservations from one DHCP server to another
Synchronize reservations between two DHCP servers
Dump leases
Read reservations from a text file

In my case I just had to type the following command:

cscript rmanager.vbs Rmanager –migrate 192.168.1.1 192.168.1.2 all

The script correctly transferred all reservations to the new server. However, I realized that the script didn’t copy the description field of the reservations. As our organization no longer uses this field this was not a problem.

If you don’t want to synchronize every scope to another server, you can still use the tool because it allows you to identify which scopes to transfer. You can limit the scopes by adding them to the command:

cscript rmanager.vbs Rmanager –migrate 192.168.1.1 192.168.1.2 192.168.1.0 192.168.2.0 192.168.3.0

This command would add the reservations from the three subnets 192.168.1.0, 192.168.2.0, and 192.168.3.0 to the DHCP server. I don’t want to go into more detail here because the blog entry at blogs.technet.com is quite comprehensive.

This tool saved me a significant amount of time and made the migration as smooth as it can be. Everybody’s reserved IP address was retained after the old server was switched off. I doubt that this would have been the case if I would have moved them manually. Until Microsoft includes such a feature in the GUI, this tool is an acceptable alternative for managing DHCP reservations.

DHCP Reservation Manager

Related

Raffle: GFI WebMonitor 2009 – Web monitoring

Michael Pietroforte — Tue, 26 Jan 2010 18:45:24 +0000

In my last article, I introduced GFI WebMonitor 2009, the product of the latest 4sysops contest. Today, I will discuss its web monitoring features in more detail. If you want to have a chance to win a license for 500 clients worth 8,500 dollars, please refer to the end of the article.

Active Connections and Past Connections

Before you start configuring Web Filtering and Web Security, you should monitor the web activity of your users for a while. This will give you hints as to where the biggest problems are. The Activity Log gives you an overview of what kind of URLs have been accessed and by whom. WebMonitor enables you to monitor active connections and past connections. Hidden downloads, i.e. downloads unattended by the users (for example by applications), are displayed in a separate folder. Note that you will only be able to catch those downloads, if you have configured GFI WebMonitor as a gateway.

Statistical Data

It is also possible to access the statistical data of past web usage. You can access information about the bandwidth consumption of top sites, top users, and top categories. The top users’ statistics is only available if you enable user authentication in WebMonitor. By the way, the latter also works fine with Firefox. Categories are automatically assigned to web sites through GFI’s Webgrade database. I will say more about this feature in my next post.

The Sites History displays information about the top time consumption and the top hits count. Both statistics give you an idea about what users are doing when they access the web. If domains not related to the business of your company are among the top sites, then this might be of interest to your boss.

The User History will reveal the top surfers, the top hit counts (for each user), and the top policy breakers (GFI WebMonitor policies). If you don’t work with user authentication, then GFI WebMonitor will display IP addresses instead of user names. Please note that some countries do not allow storage of such personal data. In this case, you have to make sure that IP addresses can’t be ascribed to persons, for example by using short DHCP lease time periods.

Whitelist and Blacklist

GFI WebMonitor allows you to block web sites by adding URLs or domains to a blacklist. You can use wildcards if you want to block sub domains or even top-level domains. The latter makes sense if your users are supposed to access only specific web sites, for instance the sites of your company. Web sites in the Whitelist are accessible even if they are blocked by the Blacklist or by another WebMonitor filter. The Blacklist and the Whitelist may contain not only sites, but also IP addresses and Windows user names. Working with the Blacklist and Whitelist feature only makes sense if the number of sites allowed in your organization is small. If the employees in your company are supposed to use the web for their work, but not for private purposes, then you will need a more sophisticated web filtering solution. This will be the topic of my next post.

If you’d like to have the chance to win a GFI WebMonitor license for 500 clients worth 8,500 US dollars, please send an email to

with the subject line,

GFI WebMonitor.

Please give your full name and the name of your organization. The deadline for entering this contest is February 25, 2010.

Related

Raffle: GFI WebMonitor 2009 – Introduction

Michael Pietroforte — Mon, 25 Jan 2010 17:35:38 +0000

GFI, a longstanding 4sysops sponsor, has a very generous offer for our readers. You have the chance to win a GFI WebMonitor 2009 license for 500 clients that is worth 8,500 U.S. dollars! You will find more information about this raffle at the end of this review.

Microsoft ISA Server veterans will probably know GFI WebMonitor, a web filtering and web security software that ISAserver.org readers have voted year after year as the best ISA Server add-on. Last November, GFI released a new version, GFI WebMonitor 2009, which is also available as standalone, gateway, and proxy software. This review is about the standalone version. Please note that there is also a free edition of GFI WebMonitor.

I suppose all administrators agree that having a UDP and TCP port filter gateway is an absolute must for every corporate network. But the bad guys shifted their focus from port scans to web-based attacks long ago. Their main targets are no longer the well protected net services running on servers; instead, they use end users as “open ports” to the corporate network. In my opinion, security software that protects the network from web-based attacks has become as essential as a gateway firewall.

However, the web—as useful as it is—poses another threat for companies. In particular, all kinds of Web 2.0 services are a great temptation for users, distracting them, and thereby, significantly reducing their productivity. Instead of working, they play on Facebook, search for their next romance on countless dating sites, or just do online shopping.

I believe that many admins underestimate the dangers that the web pose for their networks and the costs incurred by their companies because of uncontrolled, private web surfing. GFI WebMonitor is a technical solution for both threats. There is a security edition and a web filtering edition that can be purchased separately. However, it makes sense to manage both issues in one product. This will become clearer in the course of this review.

Both editions come with web monitoring capabilities that give you a good overview of what kind of web traffic goes through your network. Furthermore, you can define white and black lists of Internet domains that can be accessed by users, no matter which edition you have installed. This is already basic web filtering, but you will see later that WebMonitor’s web filter is far more sophisticated.

There are two ways to install WebMonitor. You can run it as a gateway, which requires two NICs in the server. It is also possible to install WebMonitor as web proxy. Personally, I would prefer the latter method because a new gateway firewall will make your network configuration more complicated. If your gateway becomes unavailable for whatever reason, it will take considerable effort to reroute the web traffic through another gateway. By contrast, the proxy settings in web browsers can be changed easily through Group Policy.

GFI WebMonitor also supports Web Proxy Autodiscovery Protocol (WPAD). Note that you always have to make sure that end users are unable to change the proxy settings or use another web browser, or all your efforts will be for nothing. This is the advantage of the gateway configuration, as it is more difficult for end users to circumvent.

In my next post, I will discuss GFI WebMonitor’s monitoring features in more detail.

If you’d like to have the chance to win a GFI WebMonitor 2009 license for 500 clients worth 8,500 US dollars, please send an email to

with the subject line,

GFI WebMonitor.

Please also add your full name and the name of your organization. The deadline for entering this contest is February 25, 2010.

Related

FREE: Remote Reboot X – The ultimate WSUS companion tool

4sysops reader — Sat, 23 Jan 2010 01:47:11 +0000

Submitted by Doug Z

Remote Reboot X is very useful for sys admins to install updates on MANY remote computers simultaneously and then reboot them all with real-time monitoring.

The tool works in conjunction with WSUS, so if you have a WSUS server (or use Microsoft’s update server) but need precise control over when your computers install the updates and reboot, you can use my tool to handle the process. So, for example, I have about 150 servers that need to be updated and rebooted once per month, but I only have a 1-hour maintenance window. I’m able to load the list of 150 servers into my tool and initiate the updates installation and reboot on all machines simultaneously while monitoring the status in real-time.

If there is a problem either with installing an update or rebooting any of the machines (sometimes a machine might hang on reboot, for example), I learn about it immediately and can address it right away. To my knowledge there is no other tool that provides this degree of control.

The tool does not pull updates from WSUS to push to remote servers. My tool simply tells the remote servers to install updates that they have already downloaded, or if they have not been downloaded it can initiate both the download and installation process.

Specific recommendations for best ways to use this tool are explained on my website, but generally speaking admins should use Group Policy to tell their machines to download but not install updates from WSUS. Then the updates are ready and waiting for the admin to initiate at his/her convenience using Remote Reboot X.

Remote Reboot X

Related

IE patch available – Analysis of 32 million breached passwords – Nmap 5.20 – System Center Essentials 2010 and virtualization – OS deployment in Configuration Manager 2007 R3

Michael Pietroforte — Fri, 22 Jan 2010 03:01:11 +0000

IE patch is now available:
Analysis of 32 million breached passwords
Nmap 5.20 released (free utility for network exploration or security auditing) Also check out Zenmap
Microsoft integrates virtualization capabilities in System Center Essentials 2010
OS Deployment enhancements in Configuration Manager 2007 R3

Amazon EC2 – Boot from EBS volumes

Michael Pietroforte — Fri, 22 Jan 2010 02:55:55 +0000

Amazon has added an interesting new feature to EC2 that allows you to boot from Elastic Block Storage (EBS) volumes. If you are not familiar with EC2, please read my review of the Amazon AWS Management console first.

I have criticized EC2’s complicated OS image creation process (AMI bundling) before. Thus far, it was only possible to store images on Amazon’s storage service S3. S3 and EC2 don’t really harmonize well, and that is probably the reason why Amazon needed to introduce EBS in the first place. Until now, you could only attach EBS volumes to instances (virtual machines), but could not use an EBS volume as boot device. I suppose, many EC2 customers were asking for this feature, and now it is here. It simplifies many things, but it also has some downsides compared to using S3 as AMI (Amazon Machine Image) storage. Note that the original method is still available. Amazon calls the corresponding images instance-store, or S3 AMIs, as opposed to the new EBS AMIs.

Booting from an EBS volume

To boot from an EBS volume, you have to use one of the AMIs that Amazon has prepared for this purpose. Amazon offers Windows and Fedora EBS AMIs. By the way, Amazon finally supports Windows Server 2008. Since they needed almost two years after its release for this step, it is not very likely that they will officially support Windows Sever 2008 R2 any time soon. However, there are probably ways to get R2 running on EC2.

Once the boot process is completed, a new EBS volume will appear in the corresponding pane in the AWS Management Console. This also means that you will be charged for the EBS storage, in addition to the instance costs. This is a downside compared to instance-store machines, where you only pay for the running instance. However, storage costs are very low compared to the instance fees. Thus, working with EBS instances won’t have a significant effect on your overall costs.

Advantages and disadvantages

One of the main advantages of booting from an EBS volume is that these instances can be stopped. As opposed to terminating an instance, stopping the virtual machine won’t delete the system drive. However, as it will release the instance’s compute resources; you will only be charged for the EBS volume storage once the virtual machine is in the stopped state. Thus, stopping an instance just means shutting down the corresponding virtual machine. It is possible to modify the properties of a stopped instance. For example, you can change instance type (available RAM, CPU power etc.) or detach and attach EBS volumes.

If you want to keep the configuration of an instance-store virtual machine, you have to bundle the instance, save it to your S3 storage, and then register it as an AMI. This is far less convenient than simply shutting down the virtual machine, as you can do with EBS instances.

Another nice feature of EBS instances is that you can easily bundle them. You just have to select the corresponding running instance and select “Create Image (EBS AMI)”. Unfortunately, this will take the virtual machine offline until the cloning process is completed. In my test, this always took 10-15 minutes for a Windows Server 2008 machine with a 30GB system drive.

EBS instances running Linux will also go offline when you bundle them. As you might know, it is possible to bundle Linux-based instance-store machines without taking the VM offline. I really wonder why Amazon doesn’t support live cloning. This is a major downside, when comparing EC2 to modern on-premise virtualization solutions.

However, since you can create snapshots of EBS volumes, you don’t need to bundle an instance if you just want to make a backup. Snapshot creation is much faster than bundling. It only took two minutes for my Windows test server. Creating the second snapshot took only a few seconds because only the changes were copied. It is just a pity that you can’t simply boot from a volume that you created with this snapshot. I attached such a volume as root device to an EBS instance, but the Windows server did not boot up, even though the AWS Management Console signaled that the instance was running.

Another disappointment is that the AWS Management Console doesn’t allow you to convert an S3 AMI to an EBS image. Thus, if you want to move your AMI from S3 to EBS, you have start with a new image and install everything from scratch. There is no straightforward way using the AWS Management Console to move AMIs from S3 to EBS.

All in all, I think the EBS boot function is an important EC2 enhancement, even though Amazon still has to add quite a few features if they want to compete with modern on-premise virtualization solutions. Many things in EC2 just seem to be incomplete. However, Amazon is adding new features to its cloud infrastructure at a remarkable pace. There is no doubt that Amazon has left Google and Microsoft already far behind when it comes to cloud computing. More detailed information about booting from EBS volumes can be found in this guide (PDF).

Related