A ZDNet blog post contains a bit more ‘measured’ information about it along with responses from one of the guys who reported the exploit.

Due for general release later this year, Microsoft has overhauled its licensing terms following customer feedback on its current Windows Small Business Server 2003 R2 offering.

The new licensing terms mean that customers will be able to purchase single client access licences, allowing them to pay only for the exact number of employees using the product.

Windows Small Business Server 2008 Standard Edition software, including five licences, will be priced at US$1,089 with each additional licence costing US$77. The premium version will cost US$1,899 with extra licences priced at US$189.

Windows Essential Business Server 2008 Standard Edition software, including five licences, will carry a $5,472 price tag. Additional licences will be charged at $81.

The premium version will set customers back $7,163, with extra licences costing US$195.

“Small and midsize companies are looking for many of the same IT capabilities and benefits as those sought by large enterprises,” said Ray Boggs, vice president of small/medium business research at IDC.

“But the technology has to be delivered as part of simpler, integrated and more affordable solutions for organisations with minimal IT staff and resources.”

Now, as the company acknowledged in a security bulletin yesterday, a malicious program running as a local or network service can leverage another local or network service running in the same system, to elevate its own privilege and potentially cause damage.

As of early Friday evening, there was no known exploit for this vulnerability, and thus security firm Secunia has given it a “less critical” rating. The nature of Microsoft’s report today indicates that it may have been alerted to the problem by a security engineer who discovered a proof of concept, though no credit has yet been given.

It would be a very sophisticated exploit, and if it were tested in the field, the likelihood of it causing damage would appear to be low…unless a separate malicious payload were somehow crafted to ensure the running status of one network service, in order to leverage it to elevate its own privilege, and then use that privilege to execute a second payload. Unfortunately, Microsoft’s bulletin admits, SQL Server and Internet Information Services — two widely used network services — are among the network services that could conceivably be leveraged in such an attempt.

Even more unfortunate is the news that Windows Server 2008, in the 32-bit and 64-bit as well as Itanium-based editions, are susceptible, as well as Windows Server 2003 SP2 — server systems where those two network services would most likely be implemented. Windows Vista with Service Pack 1 and Windows XP Professional with Service Pack 2 are also on the list.

Three suggested workarounds for the problem, in a sense, offer more insight into the nature of the problem itself: They all involve IIS 6.0 or 7.0, and instruct administrators to create a worker process identity for application pools to utilize a specially crafted, privileged account — apparently one that cannot be leveraged. They then suggest that admins disengage the Distributed Transaction Coordinator, which would presumably disable network transactions from services not added to the pool. Microsoft warns that doing this will likely increase system overhead and slow down execution.

Source: BetaNews

The 2007-2008 Global Server Operating System Reliability Survey presents a substantially different picture compared to the results of the last such survey in 2006, in which Windows administrators reported less downtime than their counterparts who used Linux — a result that stirred up controversy at the time.

Over 2007 and 2008, Linux distributions from Red Hat and Novell increased reliability by an average of 75 percent, respondents to the survey said.

Downtime on Windows Server 2003, increased by 25 percent, to nearly nine hours per server, per year.

“Windows Server 2003′s decreased reliability is attributable to a series of security alerts that Microsoft issued in the [northern] summer and autumn timeframe which caused network administrators to take their Windows Server 2003 machines offline for significantly longer periods of time to apply remedial patches,” said Yankee Group analyst Laura DiDio in a research note.

The 2006 survey found that both Linux and Windows Server 2003 were relatively crash-prone compared to Unix, but that the Linux systems surveyed have now closed the gap slightly.

Unix systems, which represented about 10 percent of the installed base covered by the survey, still achieved the highest reliability figures. IBM’s AIX came highest, with enterprises reporting an average of 36 minutes of downtime per server over a 12-month period. HP-UX version 11.1 recorded 1.1 hours of downtime, while Sun Solaris users reported 1.4 hours per server, per year.

Novell’s Suse Linux implementations saw downtime decline by 73 percent, from about four hours in the 2006 survey to just over one hour per server, per year, in the latest survey.

At the same time, Suse’s market share rose from 13 percent in 2006 to 17 percent, according to the latest poll.

Downtime for Red Hat’s standard, off-the-shelf Red Hat Enterprise Linux (RHEL) distribution declined by 75 percent, from 7.1 hours to 1.75 hours per server, per year. Custom implementations fared better, recording 52 minutes of downtime per server, per year.

Market share for off-the-shelf RHEL rose from 26 percent in 2006 to 31 percent among respondents to the survey .

Debian servers recorded just over five hours of downtime, a decrease of 41 percent from the previous figure.

Ubuntu, which has only recently begun focusing on server customers, appeared in the survey for the first time, with 22 percent of respondents saying they had at least one Ubuntu server on the network. Users reported 1.1 hour of downtime per server, per year.

Twenty-four percent of respondents said they had at least one Debian server on the network, compared to 15 percent in the previous survey, indicating that Debian is seeing increased enterprise usage.

The results are based on an online survey of 700 users from 27 countries. Yankee Group said it used intrusion-detection and authentication mechanisms to ensure accuracy.

Open the Command Prompt and type in the following:

Change 192.168.10 to match you own network.

By using -n 1 you are asking for only 1 packet to be sent to each computer instead of the usual 4 packets.

The above command will ping all IP Addresses on the 192.168.10.0 network and create a text document in the C:\ drive called ipaddresses.txt.  This text document should only contain IP Addresses that replied to the ping request.

Although it will take quite a bit longer to complete, you can also resolve the IP Addresses to HOST names by simply adding -a to the ping command.

GUI Based Discovery

If you’re not confident using the command prompt, there are alternative GUI based applications that you can use.

TCPNetView – No installation is required, simply double-click the executable and away it goes.  It will find all active IP Addresses on the subnet you are currently connected too.
- Download Here

Advanced IP Scanner – If you are after something with a few more options and features, Advanced IP Scanner is an excellent free utility.
- More Information Here

nLite is a tool for pre-installation Windows configuration and component removal at your choice. Optional bootable image ready for burning on media or testing in virtual machines.

With nLite you will be able to have Windows installation which on install does not include, or even contain on media, the unwanted components.

Features

• Service Pack Integration
• Component Removal
• Unattended Setup
• Driver Integration *
• Hotfixes Integration **
• Tweaks
• Services Configuration
• Patches ***
• Bootable ISO creation

* – Textmode (CD Boot) and normal PnP
** – hotfixes with white icons, *KB*.exe, including update packs
and Internet Explorer 7
*** – supports generic SFC, Uxtheme, TcpIp and Usb Polling patching.

nLite supports Windows 2000, XP x86/x64 and 2003 x86/x64 in all languages.

If you would like to know more about nLite, or to download the software, visit the nLite website at http://www.nliteos.com

No, you don’t have to pay a cent for nLite.  Infact, nLite is completely free!  That said, I’m sure they would appreciate a donation.

Open the Exchange System Manager, expand Servers, right-click your server, click Properties, select the General tab (if it isn’t already selected) and you should see something similar to this:

Exchange 2000

4417.5 – Exchange 2000 RTM
4629.1 – SBS 2000 Exchange 2000
4712.7 – Exchange 2000 SP1
5762.4 – Exchange 2000 SP2
6249.4 – Exchange 2000 SP3

Exchange 2003

6944.4 – Exchange 2003 RTM (including SBS2003)
7226.6 – Exchange 2003 SP1
7638.2 – Exchange 2003 SP2

FSMO Roles

In a forest, there are at least five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:

• Schema Master: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.
• Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest.
• Infrastructure Master: The infrastructure is responsible for updating references from objects in its domain to objects in other domains. At any one
  time, there can be only one domain controller acting as the infrastructure master in each domain.
• Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. At any one time, there can be only one domain controller acting as the RID master in the domain.
• PDC Emulator: The PDC emulator is a domain controller that advertises itself as the primary domain controller (PDC) to workstations, member servers, and domain controllers that are running earlier versions of Windows. For example, if the domain contains computers that are not running Microsoft Windows XP Professional or Microsoft Windows 2000 client software, or if it contains Microsoft Windows NT backup domain controllers, the PDC emulator master acts as a Windows NT PDC. It is also the Domain Master Browser, and it handles password discrepancies. At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.

You can transfer FSMO roles by using the Ntdsutil.exe command-line utility or by using an MMC snap-in tool. Depending on the FSMO role that you want to transfer, you can use one of the following three MMC snap-in tools:

• Active Directory Schema snap-in
• Active Directory Domains and Trusts snap-in
• Active Directory Users and Computers snap-in

If a computer no longer exists, the role must be seized. To seize a role, use the Ntdsutil.exe utility.

Transfer the Schema Master Role

Use the Active Directory Schema Master snap-in to transfer the schema master role. Before you can use this snap-in, you must register the Schmmgmt.dll file.

Register schmmgmt.dll

1. Click Start, and then click Run.
2. Type regsvr32 schmmgmt.dll in the Open box, and then click OK.
3. Click OK when you receive the message that the operation succeeded.

Transfer the Schema Master Role

1. Click Start, click Run, type mmc in the Open box, and then click OK.
2. On the File, menu click Add/Remove Snap-in.
3. Click Add.
4. Click Active Directory Schema, click Add, click Close, and then click OK.
5. In the console tree, right-click Active Directory Schema, and then click Change Domain Controller.
6. Click Specify Name, type the name of the domain controller that will be the new role holder, and then click OK.
7. In the console tree, right-click Active Directory Schema, and then click Operations Master.
8. Click Change.
9. Click OK to confirm that you want to transfer the role, and then click Close.

Transfer the Domain Naming Master Role

1. Click Start, point to Administrative Tools, and then click Active Directory Domains and Trusts.
2. Right-click Active Directory Domains and Trusts, and then click Connect to Domain Controller.

Note: You must perform this step if you are not on the domain controller to which you want to transfer the role. You do not have to perform this step if you are already connected to the domain controller whose role you want to transfer.

3. Do one of the following:

In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.

- or -

In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.

4. In the console tree, right-click Active Directory Domains and Trusts, and then click Operations Master.
5. Click Change.
6. Click OK to confirm that you want to transfer the role, and then click Close.

Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles

1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Right-click Active Directory Users and Computers, and then click Connect to Domain Controller.

Note: You must perform this step if you are not on the domain controller to which you want to transfer the role. You do not have to perform this step if you are already connected to the domain controller whose role you want to transfer.

3. Do one of the following:

In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.

- or -

In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.

4. In the console tree, right-click Active Directory Users and Computers, point to All Tasks, and then click Operations Master.
5. Click the appropriate tab for the role that you want to transfer (RID, PDC, or Infrastructure), and then click Change.
6. Click OK to confirm that you want to transfer the role, and then click Close.

And there you have it. How to view and transfer FSMO roles in Windows Server 2003.

Note: The Remote Assistance feature in Microsoft Windows XP may not work correctly if you change the listening port.

To change the port that Remote Desktop listens on, follow these steps:

1. Start the Registry Editor by click on the Start button, selecting Run, type in regedit, and then press Enter.
2. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\TerminalServer\WinStations\RDP-Tcp\PortNumber

3. On the Edit menu, click Modify, and then click Decimal.

4. Type the new port number, and then click OK.

5. Quit Registry Editor.

To connect to the computer you changed the listening port on, you must specify the port number in the Remote Desktop Connection dialogue box. For example, instead of just typing the computer name, you need to add Portnumber to the end (where portnumber is the listening port).

Default – No port specified – connecting to the default port of 3389.

Adding the listening port number to the computer name.

You can configure firewall settings under both the Domain Profile and Standard Profile subfolders. You use the domain profile when the computer is connected to the Active Directory network and the standard profile when the machine isn’t connected to the corporate network. This setup lets you configure different settings for networked machines and remote machines, as this figure shows.

Click to enlarge

The options under each of the two branches are identical, and you can click an item to view its description. Here are some key settings you may want to enable:

1. Windows Firewall: Protect all network connections. This setting essentially forces the firewall on or off for the profile.
2. Windows Firewall: Do not allow exceptions. This option instructs the firewall to ignore any exceptions that have been defined. Enabling this setting is equivalent to selecting the “Don’t allow exceptions” check box on the General tab of Windows Firewall in Control Panel.
3. Windows Firewall: Define program exceptions Properties. This setting lets you define custom programs, to which you can then grant exceptions to pass through the firewall.
4. Windows Firewall: Prohibit notifications. This setting stops the firewall from prompting users whether they want to allow exceptions for a currently stopped program.
5. Windows Firewall: Allow logging. This option lets you configure the logging level for the firewall, the log size, and its name and location.

For more information about Windows Firewall policy settings, see Windows Firewall Technical Reference in the Network Security Technologies section of the Networking Collection on the Microsoft Windows Server 2003 TechCenter site on TechNet.