June 2009 - Posts

• The Active Directory Management Gateway Service is now available!!

  The Microsoft Active Directory Management Gateway Service lets information technology professionals manage Active Directory Directory Service and Active Directory Lightweight Directory Service instances that are running on the same server. The Active Directory Management Gateway Service is available as part of Windows Server 2008 R2 and available as a separate download for some previous versions of Windows Server 2008 and Windows Server 2003. Information technology professionals can use Active Directory Module for Windows PowerShell or Microsoft Active Directory Administrative Center (ADAC) to manage Active Directory Management Gateway Service instances on servers that are running Windows Server 2008 Service Pack 1 (SP1) and later versions and Windows Server 2003 Service Pack 2 (SP2) and later versions. The Active Directory Management Gateway Service provides the same functionality as Active Directory Web Services on Windows 7. After you install the Active Directory Management Gateway Service, the service runs as the Windows Server R2 Active Directory Web Services service. http://support.microsoft.com/kb/969041 Posted Jun 11 2009, 02:40 PM by Mark Parris with no comments Filed under: R2, Windows Server 2008, Active Directory, Windows 7, Administration, [ADUG], Windows Server 2008 R2

• Active Directory Domain Services in the Perimeter Network?

  Microsoft have released this white paper on placing Windows Server 2008 Read Only Domain Controllers (RODC’s) in the perimeter network. This guide contains direction for determining whether Active Directory Domain Services (AD DS) is appropriate for your perimeter network (also known as the DMZs or extranets), the various models for deploying AD DS in perimeter networks, and planning and deployment information for Read Only Domain Controllers (RODCs) in the perimeter network. Because RODCs provide new capabilities for perimeter networks, most of the content in this guide describes how to plan for and deploy this new Windows Server 2008 feature. However, the other Active Directory models introduced in this guide are also viable solutions for your perimeter network. http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c1d0fd00-bf31-4b20-95c6-279a4ce7c2b4 Posted Jun 11 2009, 04:43 AM by Parris with no comments Filed under: R2, Windows Server 2008, Active Directory, Windows 7, Administration, RODC, [ADUG]

• Windows Server 2000 Domain Controller’s?

  If you are still running Windows Server 2000 domain controllers then you should install MS09-018. Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) This security update resolves two privately reported vulnerabilities in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. The more severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. MS09-018 Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) Windows 2000 Server Consistent exploit code is likely that can cause a denial of service condition on Windows 2000 servers that expose the LDAP or LDAPS service on the network. However, due to additional checks on the heap, a functioning remote code execution exploit is very unlikely. Windows Server 2003 The security effect of this vulnerability is a memory leak that can eventually lead to denial of service. Code execution is not possible. Posted Jun 11 2009, 04:38 AM by Parris with no comments Filed under: Active Directory, Windows 7, Administration, Security, [ADUG], Windows 2000 Server