Windows 7 Public Beta Available for Download!

TechNet, MSDN and Techbeta customers can download it now.

image

Consumers who want to test-drive the beta will be able to download it beginning Jan. 9 at http://www.microsoft.com/windows7 .

Here is the full press release:

Microsoft’s Ballmer Announces Availability of Windows 7 Beta and Windows Live

For TechNet, MSDN and Techbeta customers it is already available here;

Windows 7 Beta 64-bits (Download also this MP3 Fix !)
Windows 7 Beta 32-bits (Download also this MP3 Fix !)

Release notes Windows 7

This Post lists the best practices for securing Terminal Server or Windows XP (for use with VDI)

How can I protect my terminal servers from Spyware, Malware, Trojans, Worms, Viruses and un-authorized software?


  1. Start with a secure installation of the Operating System.  Windows Server 2003 installs by default with the users being able to create files and folders in the root of the system drive and Windows 2000 Server installs by default with the Everyone group having Full Control NTFS Permissions to the entire System Drive.  To lock down the System Drive on Windows 2000 Server, start with the following settings:

    1. Root of System Drive – Authenticated Users = "Read and Execute"

    2. Root of System Drive – Administrators = "Full Control"

    3. Root of System Drive – System = "Full Control"

    4. Program Files Directory – Authenticated Users = "Read and Execute"

    5. Program Files Directory – Administrators = "Full Control"

    6. Program Files Directory – System = "Full Control"

  2. NEVER allow anyone to logon as an administrator or power user, unless they are a member of the IT Staff / IT Consulting Firm that is responsible for the server, and they are logging on to perform administrative functions, i.e. installing software, performing a backup…

  3. Force "Empty Temporary Internet Files when browser closed" via Group Policy.  This will delete most bad files from the Temp IE location of the user’s profile, and leave only the cookie files.

  4. Implement Roaming Terminal Server Profiles, Mandatory Terminal Server Profiles or Flex Terminal Server Profiles.

  5. Enable DeleteRoamingCache in the registry, or via "Delete Cached Copies of Roaming Profiles " in Group Policy.  Since the Roaming Profile does not propagate the user’s Temp Directory, enabling this policy will usually delete that anything the user downloaded unintentionally.  This policy deletes the user’s local profile at logoff once it’s been successfully unloaded and copied to the roaming location.

  6. Install the User Profile Hive Cleanup Service , which helps to ensure user sessions are completely terminated when a user logs off.  Without this service, user profiles are often not unloaded successfully which causes the copy to the roaming profile location and DeleteRoamingCache setting to fail.

  7. Install a Terminal Server compatible anti-virus scanner on each terminal server, a VSAPI anti-virus scanner on each SMTP Server, and an anti-virus scanner at the Internet Gateway.

  8. Set the Terminal Services Configuration Permission Compatibility to "Full Security" (Windows Server 2003) , or to "Windows 2000 Users" (Windows 2000 Server) . If you use the "Permissions compatible with Terminal Server 4.0 Users" (Windows 2000 Server) or "Relaxed Security" (Windows Server 2003), each user logging on is added to the TSUser Security Group, which has permissions and rights of the Power Users Group.

  9. Enable Software Restriction Policies in Group Policy, to define which files can be executed by users.

  10. If users need only one application, specify this program to start when they logon.  This can be done for everyone via Group Policy or Terminal Services Configuration , or for specific users via Active Directory or Local User Account.

  11. Consider locking down the user environment with a FREE program like BrsSuite , designed by Terminal Server Security Expert "Fabrice Cornet", of FC Consult, Belgium .

  12. Restrict access to applications normal users shouldn’t ever use, or that do not follow the policy restrictions in place, i.e. winfile and command.com

How can provide the most secure access to terminal servers from the Public Internet?  The RDP Protocol is secure and uses RSA Security’s RC4 cipher, at either 56 or 128 bits, however the following should be considered when providing access to terminal servers over the Public Internet:


  1. Set the RDP-Tcp Encryption Level to "High" (Windows 2000 Server or Windows Server 2003)

  2. Define and enforce a strong password policy .

  3. If you require password authentication to access a Remote Desktop Web Connection (RDWC, aka TSAC or TSWeb), do so over an SSL Connection.  Since you have to logon to the Terminal Server, there really is no advantage to requiring authentication to access a RDWC.

  4. Do NOT use traditional client-to-server VPN to provide secure access to Terminal Servers.  This may sound strange, but traditional client-to-server VPNs require connectivity over non-standard ports client software on the remote computer. These often prevent remote users from being able to connect.  In addition to the connectivity problems traditional VPN can cause, traditional client-to-server VPNs can open the corporate network to viruses, trojans or worms, because they extend the corporate network to the remote client.

  5. Do consider providing secure access to terminal servers via SSL VPN or a Terminal Server Secure Gateway , as these can provide access over standard ports like 443 or 80, which makes connectivity easy for remote users.  These devices or software applications also provide access to a specific computer, or set of computers, instead of opening a secure tunnel to the entire corporate network.

Windows Vista SP2 Beta Public Download

The public downloads for Windows Vista SP2 are out . Remember if you are going to install this to do yourself a favor and backup your machine first.

SP2 Beta Standalone updates for computers with one or more of the following five languages: English, French, German, Japanese , and Spanish. If your computer has any other language installed this option will not work.

  • Windows Update installation of SP2 for Windows Server 2008 x86/x64/ia64 and Windows Vista x86/x64
  • Five Language SP2 Standalone:
    • ISO for Windows Server 2008 x86/x64/ia64 and Windows Vista x86/x64
    • x86 for Windows Server 2008 and Windows Vista x86
    • x64 for Windows Server 2008 and Windows Vista x64
    • IA64 for Windows Server 2008 ia64

Media Center Gadgets for SideShow released!

We’ve just relased the Windows Media Center gadgets for SideShow!

There are four gadgets – TV, Music, Pictures + Videos, and Now Playing – that let you browse and control your Media Center PC from any SideShow remote control or device, or even a Windows Mobile phone (if it has the platform installed). The gadgets let you browse the TV guide and details, recorded shows, your photos, music (with cover art), and have playback controls to start/stop/record/etc media.

It was a pleasure to work with the SideShow team on this project. Thanks to everyone in the community for your feedback via Microsoft Connect and community sites. We read every comment and used them to make the gadgets better or just used as feedback for the future.

Download locations:
Install the 32-bit version
Install the 64-bit version

For more details, please see the SideShow blog at http://blogs.msdn.com/sideshow/archive/2008/10/21/media-center-gadgets-for-sideshow-released-available-on-the-windows-live-gallery.aspx

Download

Windows Vista® Performance and Tuning

Windows Vista and SP1 focus on delivering greater performance and overall system responsiveness. By striking a balance between speed and responsiveness, Windows Vista and SP1 deliver a level of performance that has the greatest positive impact on the system’s usability.This guide looks at the following areas of performance improvement:

• Making configuration changes that help a computer feel more responsive when you use it.
• Using hardware to boost the actual physical speed of a computer.
• Making configuration changes that help a computer to start faster.
• Making the computer more reliable may help increase performance.
• Monitoring performance occasionally so that you can stop problems before they get too big.

Download here;

http://www.microsoft.com/downloads/details.aspx?FamilyID=ab377598-a637-432c-a3c8-1607ab629201&DisplayLang=en

Extra Windows Dreamscene Content Videos

After a short while you may become bored of the stock videos that come with Windows Dreamscene.  Below are some sites that I use to download additional videos that I use as my Dreamscene wallpaper.  Some of these sites offer free downloads while others are not. If you find a video you like keep in mind that you can always edit it to shorten it in Windows Movie Maker.

Access Sysinternals utilities over the web with command prompt

The Microsoft acquisition Sysinternals that is famous for their useful Windows utilities has a new site up that allows you to easily access any of their utilities for free over the internet in your command prompt. This allows you to run any of their utilities without first downloading it to your computer.  Just open an administrative level command prompt and type in:

\\live.sysinternals.com\tools\toolname.exe

For example if you want to run Autoruns (a great program to see what starts up automatically) type \\live.sysinternals.com\tools\autoruns.exe and hit Enter.

Every Sysinternals utility is available for “live” use.

Available Commands

How to install Windows Server 2008 Admin tools on Vista SP1

With the release of Windows Server 2008 and Windows Vista SP1 Microsoft removed the old management tools that shipped with RTM Vista.  When you install Windows Vista SP1 you will notice that the Group Policy Management Client (GPMC.msc) and other features are no longer available.  They have been uninstalled from your system.

Microsoft replaced the old uitilities with updated version in the Remote Server Administrative Tools  (RSAT) package.

Download the 32-bit version for Vista SP1

Download the 64-bit version for Vista SP1

Once you have downloaded and installed the administrative tools you need to turn the features on.

  1. Open Control Panel and go to Programs and Features.
  2. Click Turn Windows features on or off located on the side menu.
  3. Check Remote Server Administrative Tools and hit OK.

Good Luck!