There's one thing that I don't get sometimes about Microsoft's advice.. for being so Enterprisey... they aren't.  Take the SRD blog advice...

http://blogs.technet.com/b/srd/archive/2010/08/31/an-update-on-the-dll-preloading-remote-attack-vector.aspx

 we have a defense in depth patch that is two fold.. you must deploy it to your systems ...but it's not on WSUS ... okay so they heard that feedback and it will be.

...and then you must set a registry key.... but... the advice they give for deploying and fixing when you find an issue is so single user centric....

While the impact of the above change seems to be low, a reader of this blog wrote in that he experienced a compatibility issue with the Outlook 2002 address book. If you experience issues such as this, they can be mitigated by setting a special policy for the affected binaries that overrides the default CWDIllegalInDllSearch. The following steps show how to do this for OUTLOOK.EXE:

Hewlett Packard NEW Datavault (Vail) and SBS MVP Kevin Royalty Roadshow - coming to a city near you! - Blain Barton's Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/blainbar/archive/2010/08/30/hewlett-packard-new-datavault-vail-and-sbs-mvp-kevin-royalty-roadshow-coming-to-a-city-near-you.aspx

Join Microsoft SBS and Home Server MVP Kevin Royalty, (Cincinnati, OH), 
for an evening Roadshow event in conjunction with Hewlett Packard that 
is focused on the “New” upcoming DataVault based on codename ”Vail”.

He will also will be talking about other stuff in the HP stack for Small 
Business IT Professionals like G6 Servers, HP Laptops and more.

Free Food will be provided at All events in addition to a Special 
Discount code for All that attend in person for an HP DataVault.

New York:
http://hpdatavaultnews.com/sbs/newyork/index.html

Philadelphia
http://www.hpdatavaultnews.com/sbs/philadelphia/index.html

Tampa

http://hpdatavaultnews.com/sbs/tampa/index.html

Fort Lauderdale
http://hpdatavaultnews.com/sbs/ftlauderdale/index.html

http://msmvps.com/blogs/bradley/archive/2010/08/30/a-bit-of-group-policy-for-aurora.aspx

Oops I forgot a step.

One thing that SBS does for you in connect that Aurora does not is move the computer to the Organizational unit you set up.

Go into the active directory computers and users and right mouse click on that computer and...

...move it to the proper OU you set up

Again this is where you have to decide how you are going to enable group policy... in this demo I made it match exactly how SBS had set up it's Organizational unit structure.  You may not want to do this.  But bottom line, move the computer to the OU so that the group policy will kick in.

Like any good cook you'll want to have a recipe and customize it for your own.

http://social.technet.microsoft.com/wiki/contents/articles/small-business-server-code-name-aurora-build-document.aspx

While I've started a community wiki build document for Aurora, think of what your "dish" will look like and ways you might customize it.

One of the things you notice upon cracking open the current beta of Aurora is that while it has the Group policy management console it does not have group policy predone for you.  Given the small network marketplace I can kinda understand why they are making this decision (but nevertheless if I were in charge of the Universe I'd have the policies preloaded but just not enforced to make it easier to use group policy should you want to)  But no worries you can export them from SBS 2008 and put similar ones in Aurora.

Now you won't need the WSUS group polices as WSUS is not on Aurora, but you might want those handy dandy Win7 and XP firewall policies.

To export out of SBS 2008 and import into Aurora do the following:

Go down to the Group policy objects section and right mouse click on the group polices you want to export.

XChange: Microsoft Dangles Incentives To Cloud-Wary Partners:
http://www.crn.com/news/cloud/226900062/xchange-microsoft-dangles-incentives-to-cloud-wary-partners.htm;jsessionid=iuY3ZR+JHHQTrkrsav9bAA**.ecappj02

"This isn't just about signing partners up -- we want to make sure we are assisting partners to transform their business into the world of cloud," he said.

The ongoing industry shift to the cloud is even more dramatic than resellers that made the transition to being solution providers, but the good news is that the return is much larger, noted Martorano.

"The services revenue is six times the software revenue opportunity," he declared.

=======

Do you make money off of selling Microsoft licenses?  I'm guessing not.  I'm guessing it costs you more (as it does me) to figure out the licensing nuances than you make off of it.  And I'll bet many of you still make money off of desktop services even if you aren't "all in" on the cloud.

Now mind you it looks to me that the SBSC $500 is not the cloud services $500... so check out Mark

TIF, TIFF, and MDI files are no longer associated with Microsoft Office Document Imaging (MODI) after you install Office 2003 Service Pack 3 or certain post-SP3 security bulletins:
http://support.microsoft.com/kb/967055/
After you install Microsoft Office 2003 Service Pack 3 (SP3) or certain post-SP3 security bulletins, the TIF, TIFF, and MDI files are no longer associated with Microsoft Office Document Imaging (MODI).

This problem is resolved in the Word 2003 hotfix package that was released on February 24, 2009. For more information about the hotfix package, click the following article number to view the article in the Microsoft Knowledge Base:
967054  (http://support.microsoft.com/kb/967054/ ) Description of the Word 2003 hotfix package (Modifileassoc.msp): February 24, 2009

http://www.minasi.com/newsletters/nws1008a.htm

The new kindle reviews are coming in.

In reading Mark's review of the new kindle, and now two days into ownership myself, the pros of the Kindle (or any ebook reader for that matter).. is the instantaneous gratification of an immediate book purchase.

But you know the one thing I miss... and I miss this in my Zune/iTunes experience as well, something I'm going to call the "art of the analog".  I'm of that old fuddy duddy generation that actually remembers what an Album cover looks like.  And as we've progressed into our march to all digital it's the art of the covers of things that I miss the most.

Take album covers.  Even in the cd era it's hard to replace the large square area of space that could be artwork on one side, and background stories on the other. 

And sometimes it

Third Tier offering Technical Training at SMBNation PreDay Event! :: Third Tier:
http://www.thirdtier.net/2010/08/third-tier-offering-technical-training-at-smbnation-preday-event/

Planning to go to SMBnation?  Consider one of the preday events.  In addition to Karl's cloud sessions (see http://www.smbbooks.com/index.php?option=com_flexicontent&view=items&cid=48:seminars&id=140:walking-into-the-cloud&Itemid=89) Third tier will be having a deep technical preday event.

Check it out!

I didn't expect that my newly received Kindle would know I bought it.

It's already called "Susan's Kindle", it's hooked to my Amazon account and recommends a combo of security books and "chick flick" books.

Kinda cool but kinda creepy that it already knows who I am and what I read because it's prelinked to my Amazon account.

So I gotta ask.. is there a password on here or is there some other magic mumbo jumbo under the hood?

Rational Survivability: Amazon's Kindle: Some Interesting Security Thoughts:
http://rationalsecurity.typepad.com/blog/2009/02/amazons-kindle-some-interesting-security-thoughts.html

Ah I see someone else who works in cloud security has thought of this prior to me.

Robert Crane has started up a new podcast series and we kick it off with chatting about XP, Security, Microsoft security essentials, and the new betas in the house.

Computer Information Agency - Need to Know Podcasts:
http://www.ciaops.com/n2k

Check it out

Event ID 4107 or 11 is logged in the Application Log in Windows Vista or Windows Server 2008 and later:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2328240&sd=rss&spid=14498

On a computer that is running Windows 7 or Windows Server 2008 R2, an error that resembles the following is logged in the Application log:

ME:  Resembles?  Resembles?  How about driving me insane it's logging so much in the Application log!

 Or, on a computer that is running Windows Vista or Windows Server 2008, an error that resembles the following is logged in the Application log:

One of the questions I've seen come up regarding the technical issues regarding SBS Aurora is where is the DHCP on the box.

Well it's on "a" box but not on Aurora as it will be shipped.  And the reason is that Aurora's intent is to be the first domain server after a peer to peer setting and that DHCP will be on the router/firewall.  To make it easier for the transition on Aurora you don't have to change the router at all, the server will have a dynamic IP and pick up the IP address from the server.

That doesn't mean you can't install it and enable it just like it is in SBSv7.  In fact it will be an item we'll be documenting in the Aurora build document. 

But to make it a painless transition from peer to peer Aurora will assume the DHCP is turned on the router.

QuickBooks Support - Error: Qbw32.exe or AVMTimer:qbw32.exe application error, or QuickBooks has stopped working:
http://support.quickbooks.intuit.com/support/Pages/KnowledgeBaseArticle/899185

.net mangles Quickbooks

QuickBooks 2010 R8 : Practical QuickBooks:
http://qbblog.ccrsoftware.info/2010/08/quickbooks-2010-r8/

R8 is the release that will fix it.

Update for Windows Server 2008 R2 x64 Edition (KB2264080)
Install this update to resolve a set of known issues with Hyper-V. For complete details of this update, see the associated Knowledge Base Article. After you install this item, you may have to restart your computer.

Got HyperV?  Get that rollup that includes all the needed hotfixes to have a stable R2 HyperV box.

Metasploit: Exploiting DLL Hijacking Flaws: http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html

Application DLL Load Hijacking « Rapid7 Network Security Blog: http://blog.rapid7.com/?p=5325

http://threatpost.com/en_us/blogs/hd-moore-windows-dll-vulnerability-082310?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular

http://threatpost.com/en_us/blogs/dll-hijacking-exploit-code-posted-powerpoint-other-apps-082410?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular

From the "patching is not enough" category is this latest issue.  Of which MS has released a security advisory on the issue.

http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx

http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx

From the blog by HD Moore

While working on the Windows Shortcut exploit, I stumbled on this class of bugs and identified a couple dozen applications that seemed to be affected by this problem.  iTunes was one of these applications and the details in the Acros advisory made it clear that this was indeed the same flaw. I was planning to finish the advisories and start contacting vendors on August 20th (last Friday). The  Acros advisory on the 18th threw a wrench into this process.I contacted Acros and asked whether they were aware that this problem affected other applications and whether they would like to coordinate the disclosure process. The reply is quoted below.

Phishing Likely Behind Reports of iTunes Security Hole | John Paczkowski | Digital Daily | AllThingsD:
http://digitaldaily.allthingsd.com/20100823/the-real-itunes-fraud-vulnerability-gullible-users/

I would be so bold to say that I am a savvy person, and I know I have not clicked on any phishing scams.  I can also say that I scanned all of the computers in my possession and short of some new backdoor that is unknown, I challenge the view that this issue is bot related.  If so ...why in the world take "just" the iTunes access?

I did have my paypal account hooked to the iTunes.  Mind you it was relatively recently that I had hooked it to Paypal in a mistaken idea that that was safer than having my credit card in there.  So I challenge the idea that this is my fault and gullible users were at play here.

"Phishing likely behind reports of iTunes Security hole"

http://www.pcworld.com/article/203979/itunes_scam_how_to_protect_yourself.html?tk=hp_new

 iTunes users often don

Want to learn more about Small Business Server Code Name “Aurora”? - The Official SBS Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/sbs/archive/2010/08/23/want-to-learn-more-about-small-business-server-code-name-aurora.aspx

Download the videos there...

https://connect.microsoft.com/sbs

Go there

https://connect.microsoft.com/programdetails.aspx?ProgramDetailsID=2292

If you don't have a LiveID sign up there - https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1282630963&rver=6.0.5286.0&wp=MBI_SSL&wreply=https:%2F%2Fconnect.microsoft.com%2Fprogramdetails.aspx%3FProgramDetailsID%3D2292&lc=1033&id=64416

Now once you are signed up go to https://connect.microsoft.com/sbs

Ensure you are signed in with your LiveID

And now you should be able to click on this link and get into Aurora's download

https://connect.microsoft.com/SBS/Downloads/DownloadDetails.aspx?DownloadID=30362

If you don't see

Title  Windows Small Business Server Code Name 'Aurora' Preview  
Release Date  8/16/2010  
Size  4,842.05 MB  
Version   
Category  Build  

Then you didn't sign in with LiveID.  Holler if you have issues getting into the beta.

One more part to finish off our Fairy tale of DSRM passwords and domain admin accounts and kingdoms.

When you log into dsrm mode you may fail to remember exactly HOW you are supposed to log in. 

When you get to the login window, don't forget you are no longer the second King to the Kingdom but the first one.... so you don't log in as Domain\Administrator name but rather use .\Administrator instead as it wants the machine name, not the domain name when logging in.

Yes, that's a period there, then a slash, then the admin account.

http://msmvps.com/blogs/bradley/archive/2010/08/21/once-upon-a-time-about-7-years-ago.aspx

We're revisiting our Fairy tale because we have a different ending to tell for SBS 2003 that came to light when discussing the issue with other members of the Kingdom.

Remember in SBS 2008 SP2 in order to set up the sync task to sync up the DSRM password and the Domain admin password we have to set up a scheduled task.  The key point for SBS 2008 is that you have to have SP2 -OR- the hotfix I linked to.  If you already have installed SP2 you have the item you need to sync 'any' account to the DSRM password.  The local admin normally syncs, in SBS 2008 you want to hook it to the secondary account set up by the install routine.  While it does this upon first install, to make your life easier, set up the task to keep it sync'd after that..  The good news is we don