Kurt Shintaku's Blog

We are pleased to announce our first beta release of the SQL Server 2012 Baselines for Security Compliance Manager (SCM). These baselines include Microsoft best practice recommendations that can help you secure and monitor your database servers. This beta release includes baselines for 5 SQL Server 2012 roles, PowerShell-based tools to facilitate compliance scanning and reporting, and a security guide that provides additional advice on managing the security of SQL Server 2012.

We invite you to participate in the beta review program that includes the following SQL Server 2012 baselines for Security Compliance Manager:

• SQL2012 Analysis Services-Beta
• SQL2012 Database Engine Services-Beta
• SQL2012 Integration Services-Beta
• SQL2012 Replication-Beta
• SQL2012 Reporting Services-Beta

To download the beta release of SQL Server 2012 Baselines for Security Compliance Manager join the review program on Microsoft Connect: (https://connect.microsoft.com/site715/InvitationUse.aspx?ProgramID=7896&InvitationID=SQLB-YTPC-T9YJ )

SCM is a free tool from the Microsoft Solution Accelerators Team designed to help you quickly configure and manage the security of your computers, whether there are located on-premises, in a traditional data center, or in a private cloud, using Group Policy and Microsoft System Center Configuration Manager. To learn more about the current version of the application, SCM 3.0, see the Microsoft Security Compliance Manager page in the TechNet Library at: (http://microsoft.com/scm).

Please send any questions or comments to the Solution Accelerators Security Team: secwish aht microsoft dawt com

Upgrading your System Center 2012 implementation to Service Pack 1?   I received some information from our Technology Specialist, Justin Stanton that may help.

The first thing to know is that SP1 for System Center 2012 is not a complete reinstall nor is it a single installer. It is, in fact, a set of separate installers for each component in the suite.  (i.e. SP1 for Configuration Manager 2012, SP1 for Service Manager 2012, etc.). 

• If you have an MSDN subscription, you can download each installer separately, just search for System Center SP1.
• If you have a Volume License Agreement, you can visit the Licensing Service Center to download the products here.

It is however very important to understand the order in which components should be upgraded since some have dependencies on others. 

• Upgrade order for System Center 2012 SP1
  http://technet.microsoft.com/en-us/library/jj628203.aspx
  (Again, be sure to read bottom of the article for details on ‘Understanding the Upgrade Sequence’)

Here’s a few additional references that might be useful.

• Here’s a video on doing an IN-PLACE upgrade to SP1 for Configuration Manager 2012.
  http://channel9.msdn.com/Shows/TechNet+Radio/TechNet-Radio-Upgrading-System-Center-2012-Configuration-Manager-to-Service-Pack-1
• Here’s the write up how Microsoft did an IN-PLACE upgrade to SP1 for Service Manager 2012.
  http://blogs.technet.com/b/wincat/archive/2013/01/22/upgrading-to-system-center-2012-sp1-service-manager-scsm-at-microsoft.aspx

More is coming from the Partner & Solutions Blog regarding upgrading Operations Manager so stay tuned.

Learn how Windows Server 2012, Hyper-V, and System Center 2012 SP1 can help you build, deploy, and manage a private cloud architecture with two new courses from Microsoft Virtual Academy:

• System Center 2012 SP1 Updates 
  System Center is a comprehensive management platform that enables you to more easily and efficiently manage your IT environments, including your server infrastructure and client devices. With System Center 2012 SP1, you get the most cost effective and flexible platform for managing your traditional datacenters, private and public clouds, and client computers and devices. System Center 2012 is the only unified management platform where you can manage multiple hypervisors, physical resources, and applications in a single offering.In this course you will learn about the broad vision and goals for SP1, as well as see the improvements across the individual components, including App Controller (SCAP), Configuration Manager (SCCM), Data Protection Manager (DPM), Endpoint Protection (SCEP), Operations Manager (SCOM), Orchestrator (SCO), Service Manager (SCSM) and Virtual Machine Manager (SCVMM).
• System Center SP1 for VMware Professionals
  This course focuses on how using the Windows Server 2012 Hyper-V and System Center 2012 SP1 can help you build, deploy, and manage private cloud architecture. After completing these two modules, you will have learned about a number of the key features Microsoft uses to build and support the virtualized and physical resources that are part of your private cloud infrastructure. This course will specifically show the competitive advantages Microsoft has over the technologies and products from VMware. We will illustrate how using Windows Server 2012 Hyper-V and System Center 2012 as part of your private cloud infrastructure will benefit both your organization, and you as the IT Professional.

TRAINING: Free System Center 2012 SP1 training from MVA
http://www.microsoftvirtualacademy.com/tracks/System-Center-2012-Service-Pack-1-Updates

Interested in a Surface for Windows 8 Pro?  (More info available here; also the datasheet is available here)

There’s going to be a line for folks looking to get one on launch day at the Microsoft Store & we’ll likely sell out again on day 1 just as we did with Surface for Windows RT… but you can reserve one and ensure you get one on launch day!

HOW?
Walk into your local Microsoft Store and request a reservation.  When you do, you’ll need to select what model you want to purchase ($899/64GB or $999/128GB SSD model) provide some contact information and all that (no credit card required) and they’ll give you a $0 receipt and a glossy reservation card. 

Below is the card from Century City:

You’ll notice the white box in the bottom right hand corner:  That’s where you place in line would go.  That’s because there’s only a limited number of reservations that they’re taking & each card in numbered.  When I say limited, the total number of reservations available isn’t something I’m allowed to post but it’s REALLY SMALL… so I’d get in there if I were you.

THEN WHAT?
The day of the launch – Feburary 9th – come on in to the store (last time there was a requirement that you do so by 12 Noon; don’t know about this time) and you’ll be guaranteed a unit.  Even if they’ve sold out and are turning away customers, they’ll still have one reserved for you in the back.

WHAT ABOUT ONLINE?  (http://surface.microsoft.com)
If you recall, online orders for the $499 model of Surface for Windows RT sold out in one day.  And online orders have not been announced yet, so I’d get on this if you’re near a store.

Wow.  For a limited time, get get a Free in-store Answer Desk Service.*

• DEAL: Free in-store Answer Desk Service
  http://content.microsoftstore.com
  /store/offers/?WT.mc_id=PromoEmail_Services
  Promo_Online_1-18-13_SeefulldetailsCTA

How to redeem this offer

• Visit your local Microsoft store to register or;
• Register online at http://content.microsoftstore.com/store/content/AnswerDesk.
• Select from one of the following services:
  • Extended Diagnostics
    We’ll analyze, test and diagnose your device.
  • PC Performance Tune Up
    We’ll help improve the speed, performance, and security of your PC.
  • Virus and Spyware Removal
    Removal of any viruses, spyware, and malware from your PC. We’ll then review your security settings, install the latest security updates, and install Microsoft Security Essentials antivirus software.
  • Software Install
    Save time by letting us install and/or remove up to three software titles for you. Software sold separately
  • Hardware Install
    Let us install new hardware for your PC purchased from the Microsoft store to get you up and running quickly.
  • Microsoft Signature Upgrade (Windows 8 upgrade)
    Installation of everything you need and remove the things you don’t, for a faster, more efficient, and more secure PC experience. Windows 8 sold separately.
  • Device Setup
    Installation, set up, and testing of your device.
  • Xbox 360 Hard Drive Data Transfer
    Transfer downloaded games, photos, music, movies, and other files to your new Xbox.
  • Microsoft Signature Upgrade (Windows 8 purchased in-store)
    We’ll install everything you need and remove the things you don’t, for a faster, more efficient, and more secure PC experience. Windows 8 sold separately.
  • Mobile Device Setup
    Installation, set up, and testing of your mobile device.
  • Backup/Restore CD
    Let us back up your files to help keep your information safe.
  • Microsoft Data Migration/Transfer
    Transfer your files from your old PC to your new one.
• See store associate for more detail.

*Valid January 6, 2013 until February 28, 2013, or while supplies last. Available in select stores in US (including Puerto Rico) and Canada; not valid online. Customers receive up to $99 towards one eligible Answer Desk in-store service. See store associate for available Answer Desk services. Not applicable for warranty plans or software support subscriptions. Redeemable until March 31, 2013; full value must be redeemed in a single visit. Offer cannot be transferred or otherwise redeemed for cash or gift cards. Answer Desk service must be scheduled in advance and additional Answer Desk terms and conditions may apply. Limit 1 per customer.

With the rapid evolution of cloud computing, mobile devices and other technologies, user data has become increasingly dependent on the security of software. The amount and types of data available for collection, analysis and dissemination have increased the importance of reducing the risk associated with protecting data.

The second annual Security Development Conference will bring together some of the best and brightest information security professionals from a variety of industries. Attendees will learn about proven security development practices through interactions with peers, industry luminaries and other organizations.

Sessions will cover the latest in security development techniques and processes that can reduce risk and help protect organizations in this rapidly evolving technology landscape.

• May 14-15: 2013 Security Development Conference – San Francisco, CA
  http://www.securitydevelopmentconference.com/

This is the START page on my Surface for Windows RT.  Notice anything different?

Four rows of tiles on a Surface for Windows RT Start page

What you need to do is:

1. Open the Registry via the desktop using REGEDIT.EXE
2. Create the following key[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
   CurrentVersion\Explorer\Scaling]
3. Create the following String value in this key:
   MonitorSize"="12.1
4. Reboot

Don’t fully know all the side effects of this change, other than the keyboard getting a bit smaller and the fonts looking a little less sharp.  You can however roll back the changes by removing the Scaling key.

More info here: http://support.microsoft.com/kb/2737167

Much to my delight, I believe, sometime toward the end December 2012, the 20MB download limit on Windows Phone was apparently raised to 50MB.  Maybe it started around 2013 but whenever it was, it’s certainly changed now. 

WHO CARES?
Well, I do.  And so does anyone that uses podcasts.  Y’see, this has bothered me primarily because I’m a heavy podcast listener.  Having to drive more than 1hr to many of my customers means that I’m spending a lot of time in the car… and most radio these days no longer captures my interest.  (Except maybe JACK-FM:  Yes, CBS Radio, you guys know what you’re doing because I’m clearly that demographic that you’re losing on ‘the other radio station’)

When podcasts get downloaded to Windows Phone, if it exceeded 20MB, it would get “backed up” in a queue, stating that the user need to connect to a WiFi point to get the download.  So on a regular basis, I’d turn on WiFi just to get a “full download” of my podcasts.

WAIT.  IT’S ALREADY BEEN CHANGED?
Anyway, this has been one of my pet peeves on Windows Phone because, it was frankly so easily fixable.  It was a software limitation, not one enforced on the network by the carriers.  I got to pinging Daniel Rubino, the editor-in-chief of WPCentral, and he informed me that the limit had already been adjusted to 50MB.

Which suddenly made sense… because for the past week or so, I haven’t had any notifications show up on my phone telling me that I had podcasts backed up, ready to download over WiFi.

So looks like we both won:  Daniel wrote up a post for it today & frankly, I think it’s an exclusive because I searched long and hard and couldn’t find any reference to this change in the download limit.

Read the details of the change here, who it applies to, etc.:

• WPCENTRAL: “Should Microsoft lift the 20MB download cap for Windows Phone? They already have.”
  http://www.wpcentral.com/microsoft-lift-20mb-download-limit-windows-phone

This 11 page document goes over the management capabilities of SCCM 2012 SP1 & Windows Intune.

• Using Windows Intune for Direct Management of Windows Phone devices
• Configuring Windows Intune to Manage Devices
• Setting up Windows Intune for Windows Phone 8
• Enrolling Windows Phone Devices in Windows Intune
• Using System Center Configuration Manager SP1 to manage Windows Phone Devices 9
• Resources

If you’re using Windows Intune, one step involves the synchronization of your Active Directory with Windows Azure Active Directory to provide external recognition of users & computer objects.  This may be a little involved so read this section carefully. 

For System Center Configuration Manager 2012 users, the release of Service Pack 1 lets you manage Windows Phone 8 devices by using the Windows Intune service over the Internet. Although you use the Windows Intune service, management tasks are completed by using the Configuration Manager console. You can use the Windows Intune connector site system role in the Configuration Manager console to connect to the Windows Intune service.

• DOWNLOAD: Managing Windows Phone 8 with Windows Intune
  http://www.microsoft.com/en-us/download/details.aspx?id=36174

<original post from WMPowerUser>

This is what we know will happen April 8th, 2014.

• All patches for Windows XP will cease on this final Patch Tuesday.
• One last release of patches will be made before the spigot on security patches is turned off for Windows XP.
• The remaining 15-25% of the world still running on Windows XP will no longer be secure from this day forward.

Now I had a horrible thought the other day about this scenario.  What if, on April 8th, 2014, the following hypothetical scenario occurs:

• Microsoft turns out to be aware of more bugs in their products than they can patch, and thus they patch opportunistically based on the level of the threat & the imminence of danger.  On April 8th, anything remaining goes unpatched.
• Having known about April 8th, 2014 for a while, “Black Hats” release malware (viruses, trojans, browser flaws, etc.) that they’ve been saving specifically for this date, knowing that their flaws will not be fixed.
• Antivirus & traditional thread detection is rendered moot.  Primary attack vectors turn out to be the quickest, most difficult-to-prevent means of infection, such as by browsing a web page with a Javascript threat… or possibly the means with the widest reach on day one: Email attachment executable.
• To sustain the threat as long as possible, polymorphism will be the default, to attempt to mitigate protection through rapid ‘zero-day’ virus definition updates, knowing that antivirus agents are the only protection XP systems have.
• Compromised workstations are zombied to initiate infections remotely to peer workstations on the same LAN segments. Network traffic increases to astronomical congestive levels from beaconing infected workstations. 
• Even if patches were available, networks without managed QoS find themselves unable to emergency patch PCs dues to overwhelming traffic.
• Antivirus companies are swamped with 911 calls to update definitions.  Response times for analysis are slowed to a crawl.

Again, “what if” in the aftermath:

• Organizations that have not moved off of Window XP without Microsoft Custom Support agreements, scour the web for ‘renegade’ fixes written by independent organizations.  Illicit public domain patches become the easiest way for blackhats to implement other threats at an administrative level.
• Meetings are held to estimate the costs of a Windows XP custom support agreement for customers with Premier Support in place that are eligible for CSAs.  Costs for support exceed the cost of simply upgrading Windows XP.
• Business grinds to a halt for organizations with infected Windows XP PCs.  PC-to-PC manual remediation is found to, at least initially, be the only way to reduce traffic until desktop management software can be effective again.
• Body shops are called in to assist.  Overnight, round-the-clock shifts are taken to mitigate the threats as they come.
• Security engagements with white hat/cybersecurity teams skyrocket to investigate more complex threat penetration to key systems such as Domain Controllers.
• Reports… lots of reports, status, CYA documentation… must be written.

And while the Business section of the newspaper reports the impact to the world, companies with IT depts that migrated off Windows XP look on with a sense of relief.