RSS

Tag Archives: security

Microsoft – Important changes to the update mechanism in Windows 8 and Windows Server 2012

For a very long time, the update mechanism for both Windows clients and Windows servers have been the same. With Windows 8 and Windows Server 2012 this has changed.

Even though I’d already found out that something had changed with the Windows 8/Windows Server 2012 update mechanism by using it, I didn’t really know what changed and why.

  1. Windows 8 Modern (Metro) Apps security patching does not work the same as regular security patching. For more information, read “Microsoft’s new security patching routine raises concerns“.
  2. Default behavior after you install an important update in Windows 8 or in Windows Server 2012 is that you receive a notice that you have to restart the computer in three days. If the restart does not occur in three days, the computer displays a 15-minute countdown and then automatically restarts. By default, this automatic restart is delayed if the computer is locked, and the countdown will begin the next time that you sign in to the computer. Update KB2835627 has been released that introduces a new registry key called AlwaysAutoRebootAtScheduledTime which enables you to configure a forced restart after installation if desired.
  3. This great blog post provides more insight: “Managing Updates with Deadlines in an era of Automatic Maintenance“. The reactions are also very interesting.Some of the key takeaways from this post:
    • A new feature called Automatic Maintenance, runs nightly and performs various tasks such as lightly defragmenting hard drives (or TRIMming SSDs if necessary), checking, repairing, and optimizing the system component store, running anti-virus scans, installing updates, and more.
      • The setting for when to download and install updates doesn’t work in the same way as it did. While you can still set Windows Update to download updates and install them automatically or not, the day-of-the-week setting is not effective. It is included in the automatic maintenance and there isn’t a way to individually specify which maintenance tasks run on which day.
      • The Windows Update Agent doesn’t have to be active in the background all the time because of this. This consolidation reduces system resource usage and battery usage.
    • If you want to be in control of when updates will be installed you have to use WSUS and set deadlines for updates.

Even though I understand the reasoning behind the change, I would have preferred that Microsoft gave customers options to choose their preferred method. In my opinion this method makes sense for clients, but not so much for servers.

Also for some (smaller) companies the specific day and time patching method (including downloading from Microsoft Update) worked fine and now they might have to install, configure and maintain a WSUS server (including patch approvals) to achieve the same result.

What do you think about this ? Leave a comment on either my blog or on the original blog post : Managing Updates with Deadlines in an era of Automatic Maintenance

 

Tags: , , , , , , , , , , , , , , , , , ,

Windows 8 – What’s new in Windows 8.1 and how to prepare for the preview

As some of you might know, the Windows 8.1 Preview and Server 2012 R2 Preview (code name Windows Blue) will become available on the 26th of June. Personally I’m looking forward to both of them and can’t wait for it. Also for those who missed it, The Windows 8.1 / Windows RT 8.1 update will be free. The final RTM version of Windows 8.1 is expected to be available August 1st.

When you’re planning to install a new version, you might want to prepare for it. Even though I tried to keep it as generic as possible, some of the steps described are not applicable to Windows RT but you should be able to understand what the goal is. You can probably also re-use these preparations when you want to update from the Preview version to the RTM version.

Preparations could include, but are not limited to:

  1. Determining if you can/want to install the update.
  2. Determining how you are going to run the Windows 8.1 Preview. Some functionality is best tested on hardware installations, but virtualized installations can be more convenient/flexible.
    • Virtualized (by example using Client Hyper-V)
      • Install Windows 8 already and wait for the 8.1 Preview to become available.
        • Will consume more space.
        • Will allow you to install the 8.1 RTM.
      • Wait for full Windows 8.1 Preview ISO to become available.
        • Will consume less space.
        • Might not allow you to install the 8.1 RTM version.
    • Physical
      • Create a new Windows To Go (WTG) installation.
        • On an officially supported WTG certified storage device.
        • On an unofficial non WTG supported storage device.
      • Create a dual/multi boot environment on a physical disk.
        • Create a new installation.
          • Gather required drivers and store them in an easy to access location.
          • Gather applications you want to install.
          • Install.
          • Installation directly to disk.
          • Use the boot from VHD method
      • Update your existing installation.
        • Ensure your important data is safe prior to updating. Even though the update should not destroy data, there is always a chance that it might.
          • Ensure you have recovery media and/or create a USB recovery drive.
          • Move/backup your data.
            • Verify if the new location / backup contains all your data. With backups, verify if you can restore
          • Sync to cloud services (Skydrive, Dropbox, Google Drive).
            • Realize this is not the same as a backup.
        • Document the installed applications (using PowerShell):
          • For Modern/Metro applications:
            Get-AppxPackage | Export-Csv -NoTypeInformation -path “C:\MyMetroApplications.csv”
          • For regular applications:
            Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select DisplayName, DisplayVersion, Publisher, InstallDate, HelpLink, UninstallString | Export-Csv -NoTypeInformation -path “C:\MyRegularApplications.csv”
        • Check if your current Windows 8 installation is healthy and if it is not, make it healthy again before installing the 8.1 Preview.
        • Install 8.1 Preview when it is available through the Windows Store
          • In the past I’ve seen issues with Service Pack updates caused by anti-virus solutions. So you might want to disable it until the installation has completed.
          • If you get an error “The windows 8.1 preview isn’t available right now. Please try again later.” take a look here.

With TechEd Europe 2013 in Barcelona and the Microsoft Build 2013 in San Francisco this week there’s probably a lot more news coming. So you might want to keep an eye on news on all websites. You can also check live streams on Channel 9.

I hope this was informative. If you have any other questions, suggestions or just want to share what you’re looking forward to the most, please leave a comment.

 
Leave a comment

Posted by on June 23, 2013 in ICT, Microsoft, Windows, Windows 8

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Microsoft – Resources to get more familiar with Active Directory Federation Services (ADFS)

Nowadays more and more work, communication and collaboration involves multiple external parties. This can involve by example employees, customers, partners, suppliers, cloud providers/platforms/applications.

This means it is becoming increasingly important to have proper authentication and authorization methods in place for single sign on (SSO) so users can be more productive. Besides the ease-of-use It can also lead to better security.

Microsoft’s Active Directory Federation Services (ADFS) will make this possible. For more information on ADFS, here are some resources. Keep in mind though that while some information may be outdated, it will give you a broad idea of the concept and the inner workings. The current version of ADFS in Windows Server 2012 is 2.1 , while Windows Server 2008 uses 2.0

PS: Microsoft is moving more and more towards claims based authentication. Examples include Windows Server 2012 Dynamic Access Control and also SharePoint 2013 that has switched to claims based authentication by default now.

If you have some other resources that might be useful, please let me know so I can add them as well.

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Security – Java releases update for major Java vulnerability

Last sunday I warned about a major vulnerability in Java.

It wasn’t expected that Java would come have an update available this quickly, but it is good that they did. So be sure to update to Java 7 Update 11 : http://java.com

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Security – Major Java vulnerability, don’t become a victim

[EDIT 14-01-2013]

Oracle release Java 7 Update 11 to fix this security issue. Be sure to update: http://java.com/

[EDIT]

Normally when I read about security vulnerabilities, I don’t really get a sense of urgency.

With the current Java vulnerability however, I do feel like people have to act quick because there are so many respected companies and even countries actively taking action:

Apparently this vulnerability is actively being exploited already and Oracle hasn’t released a Java fix yet. You might want to consider a combination of the options below:

Personally I like the way FireFox is handling the issue because it blocks by default, but allows users to easily override this behavior for specific sites. Also I’m getting quite fed up with all these Java security vulnerabilities lately :(

I’d like to know what you’ll be doing. Have you or are you going to disable Java ? Which methods will you use ? Why ?

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

 
Follow

Get every new post delivered to your Inbox.

Join 862 other followers

%d bloggers like this: