Luckily for those among us who will be falling  over themselves to implement windows 8 it has been confirmed  that the price will be only a paltry $85-$90!    So while early adopters with money in the bank breathe a sigh of relief and buy themselves something nice with that $15 the rest of us are left to collectively roll our eyes wondering what the astronomical cost to the end-user will be.

All of this really is doing very little to dispel the lingering uncertainty that the jump to windows 8 might not even be worth it for the majority of workstation and laptop users.   This should be a concern for Microsoft, as it traditionally represents much of their market in terms of consumer computing.

With competitors like Ubuntu, making significant inroads into the market such as their partnerships with major players such as Dell, IBM, Lenovo and, ASUS- Microsoft should rightly be looking over their shoulder.

To be fair there has been a lot of speculation on  Windows 8, and all of us trashing it online and in the real world might be forced to eat a slice of humble pie upon launch should it be worth the price tag.    Should this not happen however, it is possible that we might be seeing a different strategy being employed by the Microsoft marketing team to grab a slice of another competitor’s market.

By pricing Windows 8 licenses in a high bracket, it is possible that Microsoft sees itself wresting the high end tablet and touch screen device market from Apple.  Costing licensing for OEMs three times more than Windows 7 might be a strategy to keep the market from being flooded by cheap Windows 8 devices and devaluing the new OS’s brand image.

Yet Microsoft’s wish to push the brand in the direction of Apple’s traditional market could backfire on them severely, by vacating the low end affordable device spectrum they abandon many of their traditional customers who realistically could not afford hyper-expensive iOS devices, and in large found that they retained all the functionality and more with their Windows devices in terms of integration and software.

All the negative press generated by this aside, it is possible that Microsoft’s exec’s came to the decision that individuals likely to purchase a tablet or a touch screen device would likely already find themselves in a higher income bracket,  thereby already excluding their “traditional” demographic from the market.   Combined with the presence of inexpensive Android devices on the market, this may be a very intentional move to try and fill a void that Microsoft perceives in the market.  Interestingly enough, the valuable and successful marketing of the XBOX360 versus the PS3 was based exactly on the reverse of this principle, with few people willing to initially shell out the astronomical amounts required for a PS3 around launch Sony was forced to keep bringing the price down so that it could compete with the XBOX360.

Why Microsoft would swap their time honoured and successful marketing strategy is beyond me, but it isn’t altogether out of character for the company to have such blundering missteps in terms of product launch and marketing, lest we forget another flashy much touted Vista which unfortunately still haunts the recent memory of many Windows users.

That being said, it would perhaps be prudent then not to make two out of the last three OS launches be a total disaster.

Let’s hope they prove me wrong in a big way, or not, either way yours truly will probably be holding onto my W7 for the foreseeable future.

-

Stefan Avlijas @ XiiTec in Vancouver

The three modules of Flame- Snack, Gadget and Munch download themselves as a fake update on the infected computer and then proceed to install themselves on the local machine.

These three modules work to infect other machines on the network, routing web traffic through the Flame compromised computer first in an effort to spread the malware across as many machines in a network as possible.   The Gadget model provides the necessary binary signed by a certificate pretending to belong to Microsoft in order to trick a Windows machine into accepting the “Update” connection in the first place.

Senior director of the Microsoft Security Response centre,Mike Reavy alleges that Microsoft is looking into the issue- as he detailed in his blog

To increase protection for customers, the next action of our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution,” he added. “We will begin this update following broad adoption of Security Advisory 2718704 in order not to interfere with that update’s worldwide deployment.

If you are concerned about your network or system’s ability to respond to emerging cyber threats, check out five must have capabilities for controlling modern malware and stay tuned to our blog for all the latest in tech news.

Stefan Avlijas @ XiiTec in Vancouver

Insert a Windows Server 2003 CD into the Windows 2000 domain controller or map a drive to the files contained on the CD. Run the following command from the \i386 directory:

	> winnt32 /checkupgradeonly

Using a command-line interface

To produce a compatibility report from the command line, first you need to create a text file containing the following information:

[Unattended]

Win9xUpgrade = Yes

[Win9xUpg]ReportOnly = Yes

SaveReportTo = "\\server1\upgradereports\"

Save this file as unattend.txt, and then run the following from the command-line:

	> winnt32 /checkupgradeonly /unattend:c:\unattend.txt

The big question is: which audit settings should you enable? If you turned on everything, your server would start flooding your Security event log and ultimately it wouldn’t be very useful. In fact, there are no hard and fast rules for which settings you should enable.

All audit settings have three possible configurations: not configured, Success, and Failure. Not configured means auditing isn’t enabled for the setting, Success means log any applicable event that was successful, and Failure means log any applicable event that failed. Often, it is more useful to log Failure events since you want to discover someone who is attempting to perform an activity surreptitiously, which may mean doing it several times until successful.

With some settings, simply enabling Success or Failure won’t actually cause any events to be logged. You also have to enable auditing on specific objects, such as a particular file, before events will be audited. This is useful because in some cases, such as files and folders, you may only want to audit certain ones. If auditing were enabled for all files, the amount of events would render auditing unfeasible.

Using a graphical user interface

1. Open the Local Security Policy snap-in.

2. In the left pane, expand Local Policies -> Audit Policy.

3. In the right pane, double-click the setting you want to enable, and check the box beside Success and/or Failure depending on the types of events you want to audit.

You can force new auditing settings to be applied by running the secedit command on Windows 2000 or the gpupdate command on Windows Server 2003.

Run the following command on Windows 2000:

> secedit /refreshpolicy machine_policy

And run this command on Windows Server 2003:

> gpupdate /target:computer

MBSA has both a graphical and command-line interface. The MBSA graphical interface allows you to scan a single or multiple computers at one time (up to 10,000).

The MBSA command-line interface, mbsacli.exe, has the same functionality as the graphical interface. With it, you can easily automate periodic scans of your servers.

For more information on MBSA, including download instructions, see http://www.microsoft.com/technet/security/tools/mbsahome.mspx.

MBSA keeps itself up to date with the latest vulnerabilities and security updates by automatically polling Microsoft when you start the program. As of Version 1.2, you can alternately point MBSA at a SUS server to download the update catalog. This lets you determine what servers in your network are up to date according to your internal SUS server.

Using a graphical user interface

1. Open the Exchange System Manager (ESM) snap-in.
2. In the left pane, browse to the server and storage group that contains the mailbox store you want to manipulate.
3. Right-click on the mailbox store and select Dismount Store.
4. Click Yes when prompted to continue.

Using VBScript

' This code mounts/dismounts a Mailbox Store.

' ------ SCRIPT CONFIGURATION ------

strServer  = "<Exchange Server>"     ' e.g., ExchServer2

strSGName  = "<Storage Group Name>"  ' e.g., SG1

strMailStoreName = "<Database Name>" ' e.g., DB1

' ------ END CONFIGURATION ---------' Find Storage Group URL

strSearch = "CN=" & strSGName  & ","

set objSrv = CreateObject("CDOEXM.ExchangeServer")

objSrv.DataSource.Open strServer

for each sg in oSrv.StorageGroups

if (instr(1,sg,strSearch,1)>0) then strSGUrl = sg

next

' Generate Mailbox Store URL

strMBUrl = "LDAP://CN=" & strMailStoreName & "," & strSGUrl

' Open Mailbox Store

set objMb = CreateObject("CDOEXM.MailBoxStoreDB")

objMb.DataSource.Open strMBUrl

if (objMb.Status = 0) then

Wscript.Echo "Mailbox store is mounted, dismounting..."

objMb.Dismount

else

Wscript.Echo "Mailbox store is dismounted, mounting..."

objMb.Mount

end if

Wscript.Echo "Script completed successfully."

While the GUI provides only a listing of the domain controllers and global catalog servers in use, the WMI provider offers considerably more information. This additional information can be extremely important during troubleshooting, so you should have this script or something similar available to your Exchange Admins for troubleshooting purposes.

Using a graphical user interface

1. Open the Exchange System Manager (ESM) snap-in.
2. In the left pane, browse to the Servers container.
3. Right-click on the target server and select Properties.
4. Click on the Directory Access tab and view the domain controllers being used.

Using VBScript

' This code enumerates domain controllers being used.' ------ SCRIPT CONFIGURATION ------

strComputer = "<Exchange Server>" 'e.g., ExchServer2

' ------ END CONFIGURATION ---------set objWMI = GetObject("winmgmts:\\" & strComputer & _

"\root\MicrosoftExchangeV2")

set objDCList = objWMI.ExecQuery("Select * from Exchange_DSAccessDC",,48)

for each objDc in objDCList

Wscript.Echo "DCName: objDc.name"

strTemp = "Automatic"

if (dc.ConfigurationType=0) then strTemp="Manual"

Wscript.Echo "  Selection: " & strTemp

Wscript.Echo "  Is Fast  : " & objDc.IsFast

Wscript.Echo "  In Sync  : " & objDc.IsInSync

Wscript.Echo "  Is Up    : " & objDc.IsUp

Wscript.Echo "  Ldap Port: " & objDc.LDAPPort

strTemp = "Global Catalog"

if (objDc.type=0) then strTemp = "Config"

if (objDc.type=1) then strTemp = "Local Domain"

Wscript.Echo "  Role     : " & strTemp

Wscript.Echo "-----------"

Next

Wscript.Echo "Script completed successfully.

Depending on the version (Standard or Enterprise) of Exchange, you can have up to four storage groups per server and up to five mailbox stores per storage group. ESM enforces these limits, but it is possible to directly modify Active Directory to exceed these limits. If you create more databases or storage groups than allowed, the additional databases will not mount.

Mailbox stores are represented in Active Directory by the msExchPrivateMDB class. This class is not as simple as some of the other classes used by Exchange. In addition, several of the attributes hold binary data, so working directly with these Active Directory objects can be difficult via VBScript or command-line methods. One of the more notable attributes of the mailbox store objects is a back-link attribute called homeMDBBL. This multivalued attribute links back to all of the user objects that have mailboxes in this mailbox store.

Using a graphical user interface

1. Open the Exchange System Manager (ESM) snap-in.
2. In the left pane, browse to the server and storage group where you want to create a new mailbox store.
3. Right-click on the storage group and select New -> Mailbox Store.
4. Enter a name for the store, configure the settings on each tab, and click OK.
5. When prompted to mount the store, click Yes.

Using VBScript

' This code creates a Mailbox Store.' ------ SCRIPT CONFIGURATION ------

strServer  = "<Exchange Server>"          ' e.g., ExchServer2

strSGName  = "<Storage Group Name>"       ' e.g., SG1

strMailStoreName = "<MailBox Store Name>"  ' e.g., DB1

' ------ END CONFIGURATION ---------' Find Storage Group URL

strSearch = "CN=" & strSGName  & ","

set objSrv = CreateObject("CDOEXM.ExchangeServer")

objSrv.DataSource.Open strServer

for each strSg in objSrv.StorageGroups

if (instr(1,strSg,strSearch,1)>0) then strSGUrl = strSg

next

' Generate Mailbox Store URL

strMBUrl = "LDAP://CN=" & strMailStoreName & "," & strSGUrl

' Create/configure Mailbox Store and save it

set objMb = CreateObject("CDOEXM.MailBoxStoreDB")

objMb.DataSource.SaveTo strMBUrl

' Mount DataBase

objMB.Mount

Wscript.Echo "Successfully created mailbox store."

Depending on the version (Standard versus Enterprise) of Exchange, you can have up to four storage groups per server and up to five mailbox stores per storage group. ESM enforces these limits, but it is possible to directly modify Active Directory to exceed them. If you create more databases or storage groups than allowed by your version, the additional databases will not mount.

Storage groups are represented in Active Directory by the msExchStorageGroup class. This class has several attributes that have fairly intuitive string values and names and can be matched up to the options in ESM. Unfortunately, the raw Active Directory objects and attributes and their valid values for Exchange are not well documented. You can experiment with their settings, but do so only in a lab environment.

Using a command-line interface

A bad aspect of creating storage groups by direct Active Directory object manipulation is that you will not get warnings concerning the maximum number of storage groups allowed.

Using VBScript

The process of calling the CDOEXM interfaces to create storage groups is rather straightforward once you have the URL for the object’s location in Active Directory. In this solution, to get the storage group container’s distinguished name for the server, the script loops through all storage groups on the sever and sets strTemp to the URL value of the last storage group. This value is then parsed to get the parent container for the storage groups to build the new storage group URL.

Using a graphical user interface

1. Open the Exchange System Manager (ESM) snap-in.
2. In the left pane, browse to the server that you want to create a new storage group for.
3. Right-click on the server and select New -> Storage Group.
4. Enter a name, transaction log location, system path location for storage of temporary and recovered files, and click OK.

Using a command-line interface

First, create an LDIF file called add_sg.ldf with the following contents:

dn: CN=<Storage Group Name>,<ParentDN>changetype: add

objectClass: msExchStorageGroup

cn: <Storage Group Name>

showInAdvancedViewOnly: TRUE

systemFlags: 1610612736

msExchESEParamEnableIndexChecking: TRUE

msExchESEParamEnableOnlineDefrag: TRUE

msExchESEParamSystemPath: <Path to store system files>

msExchESEParamPageFragment: 8

msExchESEParamPageTempDBMin: 0

msExchRecovery: TRUE

msExchESEParamZeroDatabaseDuringBackup: 0

msExchESEParamBaseName: E01

msExchESEParamCircularLog: 0

msExchESEParamEventSource: MsExchangeIS

msExchESEParamCheckpointDepthMax: 20971520

msExchESEParamCommitDefault: 0

msExchESEParamLogFilePath: <Path to log files>

msExchESEParamDbExtensionSize: 256

msExchESEParamLogFileSize: 5120

Replace <Storage Group Name> with the name of the storage group, <ParentDN> with the distinguished names of the storage groups container for the appropriate server, <Path to store system files> with the filesystem path where you want system files (temporary and recovered files), and <Path to log files> with the filesystem path where you want exchange log files. Then run the following command:

>ldifde -i -f add-sg.ldf

Using VBScript

' This code creates a Storage Group.' ------ SCRIPT CONFIGURATION ------

strServer = "<Exchange Server>"      ' e.g., ExchServer2

strName   = "<Storage Group Name>"   ' e.g., SG1

strPath   = "<File Path>" & strName  ' e.g., D:\Program Files\ExchSrvr

' ------ END CONFIGURATION ---------' Create URL to Storage Group

Set objSrv = CreateObject("CDOEXM.ExchangeServer")

objSrv.DataSource.Open strServer

' This for loop is a bit of a hack to retrieve the first Storage Group

' in the collection. VBScript doesn't let you access specific elements

' of a collection the way Jscript can.

for each strSg in objSrv.StorageGroups

strTemp = strSg

exit for

next

strTemp = mid(strTemp,instr(2,strTemp,"cn",1))

strSGUrl = "LDAP://cn=" & strName & "," & strTemp

' Create/configure Storage Group and save it

set objSG = CreateObject("CDOEXM.StorageGroup")

objSG.MoveSystemFiles(strPath)

objSG.MoveLogFiles(strPath)

objSG.DataSource.SaveTo strSGUrl

Wscript.Echo "Successfully created storage group."

Recipient policy is too involved to do simply from the command line or through VBScript. Several of the values in the Active Directory msExchRecipientPolicy class are binary types, which are not trivial to manipulate with LDIF or VBScript. If you wish to programmatically create recipient policies, you can do it, but you will need to use something a bit more involved, such as Visual Basic or C++.

One note of warning: do not test the manipulation of recipient policies in your production environment. Changes to recipient policies get stamped on many or possibly all mail-enabled objects in the directory, and you could unintentionally bring down entire sections of your mail delivery system. Due to its widespread effect, you could have great difficulty getting it all back up and running quickly. One company that shall remain unnamed had gone through a merger process and was trying to standardize some of their mail systems. Unfortunately, they unintentionally changed the primary email address of more than 100,000 employees with one small incorrect recipient policy change. Due to the type of mistake, this wasn’t noticed internally. It took a couple of days for people outside of the company to notice and report the issue to the company before it was corrected. In the meanwhile, most email going into the company from the outside was not properly delivered.

Using a graphical user interface

1. Open the Exchange System Manager (ESM) snap-in.
2. In the left pane, browse to the Recipients -> Recipient Policies container.
3. Right-click on Recipient Policies and select New -> Recipient Policy.
4. Select the property pages you want on the recipient policy form and click OK.
5. Enter the recipient policy name.
6. Click on Filter Rules, click Modify, select the search criteria, click OK.
7. Read the warning message that is displayed and click OK.
8. Set the desired policies on the E-Mail Addresses (Policy) and Mailbox Manager Settings (Policy) tabs.
9. When you are done, click OK.