Blog

Western Banking, a magazine serving the Western states, is currently offering a Free subscription to their magazine.

To sign up for your free subscription now, visit http://www.banknews.com/WB-Free-Subscription-Form.465.0.html    [more]

Note: Free Subscrition is for U.S. residents only.

Exchange 2007 does not automatically update address lists, global address lists, or user objects subject to an email address policy. In Exchange 2003, recipient update services used to take care of this, but this services is not present in Exchange 2007. Now, you must use scheduled powershell commands to update address lists if they are build upon object attributes that can change from time to time. For example, the address lists of one of our customers are build to key on the "office location" user object attribute. However, if the attribute is changed, Exchange does not automatically recalculate the address list membership. The following scripts are a good way to keep them updated by scheduling them with the Window's scheduler: [more]

• Get-AddressList | Update-AddressList
• Get-EmailAddressPolicy | Update-EmailAddressPolicy

The Board of Governors of the Federal Reserve System (Board) is proposing amendments to Subpart A of Regulation S, which implements the requirement under the Right to Financial Privacy Act (RFPA) that the Board establish the rates and conditions under which payment shall be made by a government authority to a financial institution for assembling or providing financial records pursuant to RFPA.  These proposed amendments update the fees to be charged and takes account of recent advances in electronic document productions.

Comments must be submitted on or before September 29, 2008.

To read the Press Release from the Board of Governors of the Federal Reserve System, visit http://www.federalreserve.gov/newsevents/press/other/other20080813a1.pdf

The OTS presented a live, ninety-minute, telephone briefing today (Monday, August 11, 2008) beginning at 2:00pm Eastern Time on the new Identity Theft Rules and Guidelines that go into effect on November 1, 2008.  The presentation went through a review of the rules and guidelines, exam procedures, and answered questions.  Below are links to two of the PowerPoint's used during the briefing:

• Identity Theft Rules and Guidelines - http://files.ots.treas.gov/489851.pdf
• Identity Theft - Red Flags Industry Guidance and Compliance Procedures - http://files.ots.treas.gov/489861.pdf

On July 8, security researcher Dan Kaminsky announced he planned to reveal details about the DNS vulnerability (DNS cache poisoning) at Black Hat.  Since then, many technology vendors have provided patches to help fix the flaw.

Kaminsky has provided a "DNS Checker" self test on his website - see his personal blog at http://www.doxpara.com/

• Link to Wall Street Journal article about the security vulnerability - http://blogs.wsj.com/biztech/2008/08/06/disclosing-a-hole-in-the-internet/
• Link to InformationWeek article about the security vulnerability - http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=209903948

When trying to install updates on our Windows 2003 Server domain controllers, the install kept failing with an Insufficient Permissions error. This is strange since I am a Domain Admin on a Domain Controller. The fix from Microsoft was to go into the Default Domain Controller GPO under "Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment" and add the Domain Admin group to the following four policies: Restore files and directories, Manage auditing and security logs, Backup files and directories, and Take ownership of files and folders. This information has not been released yet from Microsoft into a public knowledge base article.

I needed to troubleshoot a printing problem on one of our test servers to determine if the problem was caused by software updates that I did or if it was pre-existing.  I had a snapshot of the server prior to any of my work, so I wanted to create a new snapshot so I could roll back, test, and roll forward again after the test. 

For some reason, when I rolled back the server to the earlier snapshot, I could not login with domain credentials.  The event log had recorded: “Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.”  Typically when this is seen, the computer account is messed up and you can unjoin and rejoin the computer to the domain to reestablish the account. 

After my testing was finished, I decided to go ahead jump forward to the recent backup before I rolled back.  I received the same message and could not login to the domain.  I went into the system properties and changed the PC from domain to workgroup named “workgroup”.  After this, the server asked me to reboot to finish applying the changes.  When I rebooted the server, I noticed all the software that was pushed out by group policy was now being uninstalled.  I went ahead and kept going and rejoined the server to the domain (10 – 15 minutes later to allow for AD replication).  The server asked me to reboot again after joining the domain, and it proceeded to install the group policy software that had just been removed.  Even though I could now login to the domain, there were a few things that still didn’t work quite right because of this, such as programs that GP should have been removed from a previous MW were still there. [more]

I reverted back to my snapshot again, changed the server from domain to workgroup, and let it sit for (10-15 minutes) while declining to reboot.  I joined the server back to the domain and then elected to reboot the server.  This successfully kept all of the previous software installed by GP and uninstalled the software that was specified by the previous MW GP modifications.  So to save yourself problems in the future when fixing computer account association, don’t reboot after unjoining the domain, but DO reboot after rejoining.

We recently ran into a problem where one of our customer's servers was randomly rebooting. It looked like the cause of this was the updates from Backup exec that were being downloaded and installed. We checked backup exec and it was not set to install updates at all. After some research we found that they updates were being installed even though it wasn't set to do so. [more]

We noticed the updates were occurring the same time as the SMSE updates. After researching with Symantec I found that by default Backup Exec is registered with LiveUpdate and is configured to receive updates ANYTIME LiveUpdate is run from ANY Symantec application configured to use LiveUpdate. Thus every time that SMSE started LiveUpdate it would install Backup Exec updates as well. I downloaded a utility (BeUpdateOps.exe) that I used to unregister Backup Exec from LiveUpdate and this stopped the random reboots.

My external hard drive that I back up my home computer to crashed the other day. My replacement options included buying another external HDD @ $200+ or find another way to back up my data. I have too much data to backup to DVD. There is always the SOHO RAID solutions but those are $500+. What I wanted was the “no crash, no maintenance” backup solution. [more]I found an online backup company called Mozy (http://www.mozy.com/). Mozy is an EMC company and for $4.95 per computer per month, you have unlimited online backups. I figured I would get my money’s worth out of that high speed connection and give it a try. As of yet, I don’t know if it is really “unlimited” but I have about 100 GB uploaded so far and still going. You can retrieve via web, locally installed client app, or by ordering a DVD collection. At that price, I can use this back up service 3 years for the price of an external HDD. It’s not as fast obviously, but my connection is idle most of the time anyway.  Plus now I have an offsite backup of my files.  So, check it out if your looking for a back up solution for your home computer.