From a TechNet Lurker to a TechNet Contributor

I am an IT professional and oftentimes when I encounter problems in the systems I am administering, I would search for possible solutions using Google Search from the internet. Ninety-nine point ninety nine percent of the time, someone else has already encountered the problem and, if I'm in luck, a solution has already been found and posted.

The Microsoft TechNet is my usual haunt for Microsoft-related stuff. For years, I've been lurking in the TechNet forums, browsing for TechNet (and at times, MSDN) articles, whitepapers and guides, copy-and-pasting studying scripts from the ScriptCenter, rummaging through the Virtual Labs to try my hands on new technologies, and a lot of other occasions. Never did it cross my mind during those years that I can actually contribute to those other IT pros seeking answers and solutions; I had doubts and reservations on my expertise, however minute it may be.

But things have changed. A bit. I have been posting on the forums in a scale I've never done before. This sort of builds up my confidence and self-esteem. And now, here I am, a TechNet forums regular poster. And, look, I just got my third medal!

Why am I doing this? Helping out those who seek answers? Paying it forward; for all those times when I was the one looking for help and the forums were there to save me, it's payback time.

Shooting Digitals - Series 2

Tokyo is a very expensive city. I remember ordering ramen from a guy selling with his pushcart by the roadside, thinking that the guy should be selling cheap, and ended up paying over 20 Singa-bucks! That's a week's lunch allowance, with kopi change to spare! Anyways, one of the more prominent landmarks in Tokyo, Japan is the Tokyo Tower. Here's a brief excerpt from Wikipedia regarding this landmark:

Tokyo Tower (東京タワー, Tōkyō-tawā?) is a communications tower located in Shiba Park, Minato, Tokyo, Japan. At exactly 332.6 meters (1,091 ft), this orange and white lattice tower is the tallest self-supporting steel structure in the world, the tallest artificial structure in Japan and is the 20th tallest tower in the world. Built in 1958, this Eiffel Tower-like structure supports an antenna that broadcasts television and radio signals for important Japanese media outlets such as NHK, TBS and Fuji TV. In recent years, the tower has also been instrumental in furthering Japan's push to switch from an analog signal to digital signal.

In addition to being a television and radio communications tower, Tokyo Tower doubles as a major Tokyo tourist site. Over 2.5 million people annually visit the tower's recreational Foot Town and two observations decks. Foot Town is a 4-story building located directly under the tower that houses several museums, restaurants and shops. Departing from here, guests can also visit the two observation decks. The 2-story Main Observatory is located at 150 meters (492 ft), while the smaller Special Observatory reaches a height of 250 meters (820 ft). (source: Wikipedia)

The second photo was taken from my room's minibar at the Holiday Inn Pudong (Shanghai). I was fascinated by the mix of colors in the menagerie of items, err, sinful and otherwise.



The last picture in this series was taken from a street in Taipei in which most of the food stalls has, for their specialty, stinky tofu on the menu. If you are wondering how "smelly" stinky tofu is, it scores high in my stink-o-meter. This is a stuff made for Fear Factor max edition. Below is a short write-up from Wikipedia on stinky tofu:



Stinky tofu is a form of fermented tofu, which, as the name suggests, has a strong odor. It is a popular snack in East and Southeast Asia, particularly Taiwan, Indonesia, and China, where it is usually found at night markets or roadside stands, or as a side dish in lunch bars.

It is perhaps interesting to note that the words "stinky tofu" is a direct translation of the Mandarin term chou doufu. However, the Mandarin word chou does not have the same negative connotation as the English word "stinky". Chou therefore serves mainly as a factual descriptor and not a judgment on the virtues of the odor. Occasionally chou is translated as "fragrant", but this too imposes a "pleasant" or "flowery" judgment on the term, which does not accurately represent the food either. (source: Wikipedia)

The "Braindump-buster" Exam 70-113: Registration Extended

Here's an update from the Beta Exam Announcements blog:
==========================================================
Registration is extended till December 17th for testing New Virtual Lab based Exam 70-113: TS: Windows Server 2008 Active Directory, Configuring
==========================================================
Have you seen the future of Microsoft certification exams yet? If not, you still have time: We’re extending the registration for exam 70-113 until December 17th. Call your nearest test center before December 17th to register and experience the new virtual lab based testing and prepare for your experience during scored testing. The new pilot exam 70-113: TS: Windows Server 2008 Active Directory, Configuring tests your ability to actually perform tasks and solve problems in a virtual lab environment, like you would do it normally in the real world. Can’t do it? Then you can’t pass it! We are pleased to offer you this exciting opportunity to test the scope of your abilities with this pilot exam at no charge and we are eager to receive your opinion.
The virtual lab based pilot Exam 70-113 is available worldwide, with a high concentration of test centers ready to receive registrations for this pilot exam in Malaysia, Australia, New Zealand, Philippines, Saudi Arabia, UK, Egypt, UAE, South Africa, US, India, Eastern Europe, Russia (Moscow) and China.

Upon completion of this pilot exam, the first 3000 candidates will receive three (!) free exam vouchers that can be used to register for any Microsoft Certification exam delivered at a Prometric testing center. The vouchers will be distributed electronically up to four weeks after the end of Pilot (i.e. in February 2009). This pilot exam will not provide you with a score as with normal beta exams. This pilot is a test of the exam experience, so only a portion of the final exam will be presented to you during this pilot. This pilot exam will not be added to your transcript and you will need to take the exam in its released form in order to be awarded the credential. Find exam preparation information: http://www.microsoft.com/learning/exams/70-640.mspx

Registration Information
You must register at least 7 days prior to taking the exam. Register before December 17th to take the exam before December 31st. Please use the following promotional code when registering for the exam: H640 (promo code is active till December 31st) Receiving this invitation does not guarantee you a seat in the pilot; we recommend that you register immediately.

· Go to the Prometric Website: http://www.prometric.com/microsoft
· Find Microsoft exam 70-113: TS: Windows® Server 2008 Active Directory, Configuring
· Use Promo Code H640 (promo code is active till December 31st)

So I got PW3ND, now what? (MS08-067)

So the day went past with nary a trace of an outbreak. Good, no need to work long hours this round. Bad, no free pizza. Nonetheless, I came prepared. To wage battle. My weapon of choice? The usual arsenal -- my scripts, Sysinternals' tools, and a few resource kit tools comprising my rootkit toolkit.

The scenario played out here does not, in any way, mirror an actual incident. This is just a simulation and the actual malware may behave differently than what is described here.

First, I would look into the autostarting programs using Sysinternals autoruns. Notice the presence of N2.exe and winbaseInst.exe from the image shown:

This confirms that the computer is infected. Next, I fire up pslist to view a list of running processes (alternatively, I could use Process Monitor (procmon) in lieu of pslist). 

Here's a script which was done in a matter of minutes (scripting cosmetics will be applied later, time permitting). The main body of the script calls three procedures StopProcess(), CleanRegistry(), and DeletePayload(). The malware processes have to be stopped before the payloads and malware executables can be deleted.

The StopProcess() procedure will terminate the process passed as parameter. An array (arrstrproc) contains a list of the malware processes to be terminated.

The CleanRegistry() procedure will, in turn, remove the autostarting entries from the RUN key in the registry. Note that the parameter passed is trimmed of its file extension (".exe") before it is checked. If the string is found in the RUN key, the entry is deleted.

The DeletePayload() procedure will then delete all the malware payload and executables. Malicious DLLs, executables or batch files which are stored in the arrpayload array are passed as parameters to the procedure and are deleted.

A reboot is required; the script doesn't take care of this part. Leave something for the support guys like me to do.

MS08-067 Face-off

In about 8 hours time, I will be in the office (Monday was a public holiday where I come from), cautious, bearing in mind that the malware exploiting the MS08-067 vulnerability could break through our defenses, if it hasn't yet. I have prepared a script to stop the malware services/processes, do a check for all the reported payload drop-offs, delete them if found, clean up the registry and what-nots. Whatever the day turns out to be, I will be sharing my codes in this blog. A busy day, it will be.

Sleep comes hard when you know you have war to wage.

How to Retrieve CPU and Memory Utilization using a script (VBS)

Here's a simple vbs script that displays the CPU and memory utilization of a computer (works on Windows XP and above):

' Salvador Manaois III

' http://badzmanaois.blogspot.com

' =========================================================================

' You have a royalty-free right to use, modify, reproduce and distribute

' this script (and/or any modified version) in any way you find useful,

' provided that you agree that the author has no

' warranty, obligations or liability for the script. If you modify

' or quote the script, you must retain this copyright notice.

' -------------------------------------------------------------------------

On Error Resume Next

strComputer = "."

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")

'Get CPU Usage

myQuery = "SELECT * FROM Win32_PerfFormattedData_PerfOS_Processor WHERE Name = '_Total'"

For Each objItem in objWMIService.ExecQuery(myQuery)

   ProcTime = "Processor time " & objItem.PercentProcessorTime & "  %"

next

'Get Memory Information

myQuery = "select FreeVirtualMemory,FreePhysicalMemory from Win32_OperatingSystem"

for each objItem in objWMIService.ExecQuery(myQuery)

for each oProperty in objItem.Properties_

if oProperty.Name = "VirtualMemFreeMemory" then

VirtualMemFree = oProperty.Value

elseif oProperty.Name = "PhMemFreeMemory" then

PhMemFree = oProperty.Value

end if

next

next

myQuery = "select TotalVirtualMemory,TotalPhysicalMemory from Win32_LogicalMemoryConfiguration"

for each objItem in objWMIService.ExecQuery(myQuery)

for each oProperty in objItem.Properties_

if oProperty.Name = "TotalVirtualMemory" then

VirtualTotal = oProperty.Value

elseif oProperty.Name = "TotalPhysicalMemory" then

PhysicalTotal = oProperty.Value

end if

next

next

VirtualUsed = 100 - (100 * (VirtualMemFree / VirtualTotal))

PhysicalUsed = 100 - (100 * (PhMemFree / PhysicalTotal))

wscript.echo Date() & " " & Time()

wscript.echo "Processor Time : " & ProcTime

wscript.echo "Percent Used Virutal Memory" & VirtualUsed

wscript.echo "Percent Used Physical Memory" & PhysicalUsed

MS08-067 Vulnerability : My Random Rundown

Background

The out-of-band patch released by Microsoft a couple of days back addresses a vulnerability caused by the Windows Server service not being able to handle malformed RPC (Remote Procedure Call) requests. The vulnerable component of the Server service is netapi32.dll (Net Win32 API DLL). The out-of-band update addresses the vulnerability by correcting the manner in which the Server service handles RPC requests.

On a computer running Microsoft Windows 2000, Windows XP and Windows Server 2003, an attacker who is able to exploit this hole could take control of a vulnerable system remotely without any authentication (anonymous) to execute arbitrary code. The non-affected versions include, 5.0.2195.7203 for Windows 2000 SP4, on Windows XP SP3 5.1.2600.5694 and on Vista SP1 there are several 6.0.6000.xxxx versions (see KB958644 for details). This particular vulnerability could be used in the crafting of a wormable exploit. If successfully exploited, an attacker could gain system-level privileges (able install programs or view, change, or delete data; or create new accounts with full user rights) and take complete control of the affected system. The relative attack surface on a Windows Vista or Windows Server 2008 machine is considerably weaker as compared to the earlier mentioned vulnerable versions. On these two versions, the vulnerable code path is only accessible to authenticated users, hence, is not liable to be triggered if the attacker is not authenticated.

Workaround

The security bulletin lists the following workarounds:

-Disable the Server and Computer Browser services
-Block TCP ports 139 and 445 at the firewall

However, implementing these may pose adverse effects on certain services (file and print sharing, for example) and applications that are dependent on the Server and Computer Browser services. Blocking TCP ports 139 and 445 at the firewall may also cause applications and services (Net Logon, Group Policy, DFS, to name a few) to not function properly, if at all.

Malware Exploiting the MS08-067 Vulnerability

Here's a list of the reported malware as detected by some of the more popular antivirus programs:

Authentium - W32/Gimmiv.A
CA - Win32/Gimmiv.A 
Dr.Web - DLOADER.PWS.Trojan
F-Secure - Trojan-Spy:W32/Gimmiv.A
McAfee - PWS.y!C91DA1B9 
Microsoft - TrojanSpy:Win32/Gimmiv.A[.dll] 
- exploit: Exploit:Win32/MS08067.gen!A
Panda – Gimmiv.A 
Sophos - Sus/Dropper-A
Symantec - Trojan.Gimmiv.A 
Trend Micro - WORM_GIMMIV.A 

The malware's payload tries to gather the following information:

*User Name
*Computer Name
*Network Adapters / IP Addresses
*Installed com objects
*Installed programs and installed patches
*Recently opened documents
*Outlook Express and MSN Messenger credentials
*Protected Storage credentials

With a reported "call-home" capability, the malware contacts a remote web server with the information extracted. A more detailed description of this capability is described in the Analysis section for the malware in the Microsoft Malware Protection Center. Note that the malware encrypts the data sent back to the remote web server with AES before dropping a batch file that deletes the malware service and deletes itself from the affected system.

Changes to the File System and Registry

The malware modifies the KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysmgr registry key. It also downloads the files basesvc.dll, syicon.dll, winbase.dll and winbaseInst.exe to the System32\wbem folder. These files are deleted after the malware has completed its run and reported back to the remote web server. 

MS08-067 Exploit Out in the wild

Here are some info regarding some MS08-067 working exploits:

=============================================

http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html

TrojanSpy:Win32/Gimmiv.A.dll

Also Known As:

DLOADER.PWS.Trojan (Dr.Web)

Summary

TrojanSpy:Win32/Gimmiv.A.dll is a trojan that gathers system information from the host computer on which it is installed. The trojan runs as a service for a short time and may delete itself after performing its data gathering routine.

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

=============================================

TrojanSpy:Win32/Gimmiv.A

Also Known As:

DLOADER.PWS.Trojan (Dr.Web)

Summary

TrojanSpy:Win32/Gimmiv.A is a trojan that gathers system information from the host computer on which it is installed. The trojan may delete itself after performing its data gathering routine.

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

=============================================

milw0rm Exploit:

http://www.milw0rm.com/exploits/6824

http://milw0rm.com/sploits/2008-ms08-067.zip

=============================================

And here's Alex Sotirov's decompilation of vulnerable function addressed by MS08-067:

http://www.phreedom.org/blog/2008/decompiling-ms08-067/

Out-of-Band Microsoft Patch (MS08-067) Released

I had to rush back from the TechFest HOLs earlier in the afternoon due to the Out-of-Band security update from Microsoft (MS08-067) which needed to be pushed to all of our machines in view of its criticality and the proliferation of exploits in the wild. Here are the contents of the email from CERT:

Original release date: October 23, 2008

Overview

Microsoft has released updates that address a vulnerability in Microsoft Windows 2000, Windows XP, and Windows Vista.  A vulnerability in the way the Microsoft Windows server service handles RPC requests could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges.

Description

A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system to crash. Since the Server service runs with SYSTEM privileges, an attacker could take complete control of a vulnerable system. 

Microsoft has released Microsoft Security Bulletin MS08-067 to address a buffer overflow vulnerability in the Windows Server service.  The vulnerability is caused by a flaw in the way the Server service handles Remote Procedure Call (RPC) requests.  For systems running Windows 2000, XP, and Server 2003, a remote, unauthenticated attacker could exploit this vulnerability.  For systems running Windows Vista and Server 2008, a remote attacker would most likely need to authenticate. 

Microsoft Security Bulletin MS08-067 rates this vulnerability as "Critical" for Windows 2000, XP, and Server 2003. The bulletin also notes "…limited, targeted attacks attempting to exploit the vulnerability." 

This vulnerability has been assigned CVE-2008-4250. Further information is available in a Security Vulnerability & Research blog entry and US-CERT Vulnerability Note VU#827267.

Impact

A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system to crash. Since the Server service runs with SYSTEM privileges, an attacker could take complete control of a vulnerable system.

References

US-CERT Vulnerability Note VU#827267 -  

US-CERT Technical Cyber Security Alert TA08-297A -

Microsoft Security Bulletin MS08-067 -  

Microsoft Security Response Center (MSRC) -

Magnificent Malacca Recollections - Part 1

About 3 and a half hours drive from Singapore, Malacca lies approximately 250 kilometers north of the Lion City and about 150 kilometers south of Kuala Lumpur . It is located in the western coast of Peninsular Malaysia facing the Straits of Malacca. Accentuating on its rich cultural past, the rather sleepy city has been listed as a World Heritage Site of UNESCO since the 7th of July 2008.

I have been to this city numerous times (all due to work) and has had the chance to visit a few of the historical attractions and famous local spots, especially the makan places. I would rate Malacca as second only to Penang as far as the culinary treats I have tried are concerned. The Malacca cuisine is worth a thousand posts, so I am going to save the juicier makan posts for later.

The remains of the old Portuguese fort A Famosa (Porta de Santiago) can be found on Jalan Kota, around St. Paul's Hill. What can be seen nowadays is a mostly Dutch reconstruction, bearing the VOC (Verenigde Oostindische Compagnie) coat of arms.

Below the hill,  the Muzium Budaya museum (Melaka Cultural Museum) lies perched on a carpet of lush grass . It is a reconstruction of the istana of the sultan. Built in 1985, it is open to the public daily from except on Tuesdays (on Fridays, it is only open in the afternoon).

This is a must-see place. Not just because of its historic places to see, but more on the wonderful gastronomic delights in its nooks and corners.

Shooting Digitals

Photography was a hobby of mine which has seen major downtime the past year. I used to bring my digital camera wherever I go, wary that any moment, the "shot of a lifetime" could materialize within view. Sort of, my ticket to being a Nat-Geo wildlife photographer.

But I was rather slow on the trigger. And I sometimes mix up my ISOs and aperture settings, resulting in a Salvador Dali-ish photo. That, or a shot that would make Picasso proud. My macro shots are, well, macaronic and hard to describe.

Why do I wax lyrical about photography so suddenly? Well, my hard drive crashed yesterday, and til now, I have yet to make a full recovery of its contents. It is still accessible, thank goodness, but it was a scare of epic proportions. My family's photos, my travel journal (lucky me for having been to a few interesting places), food pics, and others are stored in this drive. I've made a mental note to get a new hard disk over the weeken and start archiving all my important stuff.

Sample three of the photos I've taken (from my backup) here in Singapore, one of which shows the CBD skyline during the day and one showing it's night view.

 

Here's another one taken during the eve of Hari Raya in Geylang Serai:

How to disable User Account Control in Windows Vista (vbs)

The introduction of User Account Control (UAC) on Windows Vista (and, subsequently, on Windows Server 2008) demonstrated a complete turnaround as far as Microsoft's strategy on handling administrative privileges is concerned. In contrast, during the initial installation of Microsoft Windows® XP, the Windows XP Setup Wizard creates all user accounts as local administrators. This meant that these users and ensuing users who are added to the local administrators group, having system-level privileges, are able to install, update, and run software. 

UAC on Vista and Windows Server 2008 forces users who are members of the local administrators group to run like they were regular users with no administrative privileges.  This feature automatically reduces the potential of security breeches in the system. For example, if a user runs an application which in turn tries to modify, say, the firewall settings, the system will trigger an UAC prompt (either a confirmation dialog or a UAC credentials dialog) and the user can choose to proceed with the action or not.

I have written a script that turns on or off the UAC on a Vista machine:

The script checks for the value (DWORD) of EnableLUA on the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System key in the registry. It displays the setting to the user (enabled or disabled) and prompts him to change or ignore this setting.

  

If the user chooses to modify the setting (for example, disabling it), the script will modify the registry value and pops-up a MsgBox informing the user that the change requires a reboot. The script will not trigger a reboot although this functionality should be very easy to incorporate within the script itself.

A function (Getanswer) and a sub procedure (SwitchValue) are called within the script. Two parameters are passed to the function Getanswer,  the string strstatus and strset, and it returns the user's response to the MsgBox invoked (6 = OK, 7 = No, 2 = Cancel).

The SwitchValue sub procedure switches the value of the strValue variable (which stores the EnableLUA value extracted from the registry). If the value of strValue is 1, it is changed to 0, and vice versa.

Yummy Delights : 119 Aljunied Crescent Coffeeshop

A mere 10-minute walk from our flat is the bustling yet somehow laidback Aljunied Crescent district. To its south is the Geylang Polyclinic while the Geylang East swimming complex lies to the east, this district is bounded by a number of HDB flats on the west and the Pan Island Expressway to the north. A number of commercial shops litter the state, from big to small grocery stores, banks, clinics, hawker centres and coffee shops, a wet marketto name a few.

One of the more popular makan place in the area is the coffeeshop located at 119 Aljunied Crescent. About eight food stalls occupy the coffeshop serving different fares ranging from Western style food, zi cha, seafood, claypot chicken, soup, and more. On lunch during weekdays, the place is the usual haunt of groups  of office workers from around the vicinity of the district and from afar.

On certain days, likely weekends, I would bring my family to this coffeeshop for a sampling of the food. There is a famous claypot chicken stall here where the normal waiting time for an order, specially during dinner, is a patience-testing 30 minutes. My kids love the chicken wings, fried to a not-so-oily perfection, from the same stall. The accompanying chili sauce has the right mix of spiciness of chilli and ginger, without the piquant whiff of the latter.

For my wife, she would normally go for the yam ring. The taro is shaped into a ring and lightly fried. The toppings is a mix of chicken, shrimp, fish and veggies, stir-fried to perfection. Crispy egg crystal noodles are laid out on the base of the dish adding a contrast to the rather soft yet not sodden yam ring. A distinctive addition, which I didn't normally see from the other yam rings I've tried from other places, are the different nuts added as toppings; a combination of walnuts, peanuts and a mix of other nuts. 

For myself, I would normally order fish and a couple of vegetable dishes. I've tried the curry fish head before and I would say it ranks high in my short list of nice curry fish heads I've sampled. The sambal kangkong is also a must-have; the sambal, full of flavour yet not salty as in most sambal kangkongs I've tried. The first time I tried the asam fish, a type of dish where the fish is cooked in the juice of the tamarind (asam) fruit, I couldn't help but to polish off the fish to the bone. 

Here's a Wikipedia excerpt on how to cook this rather easy-to-prepare, yet heavenly delectable dish:

The cooking process involves soaking the pulp of the fruit until it is soft and then squeezing out the juice for cooking the fish. Asam paste may be substituted for convenience. Various vegetables such as brinjals (Indian eggplants), okra and tomatoes are added. Fish (such as mackerel or red snapper) or fish heads are also added to make a spicy and tart fish stew. It is important that the fish remain intact for serving so generally the fish is added last.

The fish was very fresh; one can tell by the taste. The soup base, sinfully thick and spicy, with a mix of lady's fingers, chili and onion augmented the fish to a mouth-watering mishmash. Once I started with the dish, I couldn't stop. No edible parcel was left untouched; definitely a die-die must-try dish in my makan wish list.

This is how the dish looked like after I was done with it. Next stop, the dimsum place opposite Lorong 9 Geylang!

Windows 2008 Server Core Installation Guide

What is Server Core?

A Server Core installation, a new installation option available with Windows Server 2008, provides a scaled-down, minimal environment for runing specific server roles. It reduces the maintenance and management requirements and, due to the lesser binary footprint, minimizes the relative OS attack surface. All configuration and maintenance of a Server Core installation is done entirely through command line interface windows, or by connecting to the machine remotely using Microsoft Management Console (via the Remote Server Administration Tools or RSAT). Notepad and a few control panel applets, such as Regional Settings, are available, however.

A server running a Server Core installation supports the following server roles:

Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), DHCP Server, DNS Server, File Services, Hyper-V, Print Services, Streaming Media Services, Web Server (IIS)

The Server Core installation option installs only the subset of the binary files that are required by the supported server roles. For example, the Explorer shell is not installed as part of a Server Core installation. Instead, the default user interface for a server running a Server Core installation is the command prompt.

What’s new in the Server Core installation option?

The Server Core installation option of Windows Server 2008 requires initial configuration at a command prompt. A Server Core installation does not include the traditional full graphical user interface. Once you have configured the server, you can manage it locally at a command prompt or remotely using a Terminal Server connection. You can also manage the server remotely using the Microsoft Management Console (MMC) or command-line tools that support remote use.

Benefits of a Server Core installation

The Server Core installation option of Windows Server 2008 provides the following benefits:

Reduced maintenance. Because the Server Core installation option installs only what is required to have a manageable server for the AD DS, AD LDS, DHCP Server, DNS Server, File Services, Print Services, and Streaming Media Services roles, less maintenance is required than on a full installation of Windows Server 2008.

Reduced attack surface. Because Server Core installations are minimal, there are fewer applications running on the server, which decreases the attack surface.

Reduced management. Because fewer applications and services are installed on a server running the Server Core installation, there is less to manage.

Less disk space required. A Server Core installation requires only about 1 gigabyte (GB) of disk space to install and approximately 2 GB for operations after the installation.

Steps for configuring a Server Core installation

The following procedures explain how to configure a computer running a Server Core installation. The steps include:

1. Setting the administrative password
2. Setting a static IP address
3. Joining a domain
4. Activating the server
5. Configuring the firewall

1. Setting the administrative password

When your computer starts for the first time after the installation completes, press CTRL+ALT+DELETE. Type Administrator for the user name and leave the password blank.

The system will inform you that the password has expired and will prompt you to enter a new password. Type an appropriate password.

2. Setting a static IP address

At a command prompt, type the following:

netsh interface ipv4 show interfaces

Make a note of the number shown in the Idx column of the output for your network adapter. If your computer has more than one network adapter, make a note of the number corresponding to the network adapter for which you wish to set a static IP address.

3. Joining a domain

At a command prompt, type:

netdom join /domain: /userd: /passwordd:*

Where:

ComputerName is the name of the server that is running the Server Core installation.

DomainName is the name of the domain to join.

UserName is a domain user account with permission to join the domain.

When prompted to enter the password, type the password for the domain user account specified by UserName.

If you need to add a domain user account to the local Administrators group, type the following command:

net localgroup administrators /add \

Restart the computer by typing the following at a command prompt:

shutdown /r /t 0

To rename the server

Determine the current name of the server with the hostname or ipconfig command.

At a command prompt, type:

netdom renamecomputer /NewName:

Restart the computer.

4. Activate the server

At a command prompt, type:

slmgr.vbs -ato

If activation is successful, no message will return in the command prompt.

5. Configure the firewall

To configure the firewall

Use the netsh advfirewall command. For example, to enable remote management from any MMC snap-in, type the following:

netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

Server Roles

After the Server Core installation is complete and the server is configured, you can install one or more server roles. The Server Core installation of Windows Server 2008 supports the following server roles:

Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), DHCP Server, DNS Server, File Services, Hyper-V, Print Services, Streaming Media Services, Web Server (IIS)

I'll try to cover the topic of managing a Server Core installation and installing additional server roles on Server Core with another post.

Beta Exam 71-403: TS: System Center Virtual Machine Manager 2008, Configuring

I am a beta exam buff. I love the challenge of taking an exam when there aren't that much available resources to refer to. Just old plain Technet and a few virtual machines on my trusty old PowerEdge. That, and gallons of coffee.

Microsoft has recently released two (2) beta exams, 71-403 and 71-433. Here's a rundown of the 71-403 beta exam announcement from Microsoft:

===============================

Exam 71-403: TS: System Center Virtual Machine Manager 2008, Configuring 

About this Exam

This exam will validate skills needed to configure Systems Center Virtual Machine Manager (SCVMM) in a Windows Server infrastructure.

  

Audience Profile

Candidates for this exam use SCVMM and have at least 6 months to 1 year of experience using virtualization and more than 1 year of experience with Windows Server infrastructures. 

Credit Toward Certification

When you pass Exam 70-403: TS: System Center Virtual Machine Manager 2008, Configuring, you complete the requirements for the following certification(s):

Microsoft Certified Technology Specialist: Microsoft System Center Virtual Machine Manager 2008, Configuration

Exam 70-403: TS: System Center Virtual Machine Manager 2008, Configuring: counts as credit toward the following certification(s):

·          TS: Microsoft System Center Virtual Machine Manager 2008, Configuration 

Availability

Registration begins: September 23, 2008

Beta exam period runs: September 30, 2008– October 24, 2008

Hangzhou's West Lake, Heaven on Earth

"Above is heaven, below is Hangzhou."

This famous Chinese saying is an allegory to the majestic beauty of the city of Hangzhou, the capital of Zheijiang province. Located 180 kilometres southwest of Shanghai, Hangzhou is one of the most renowned and prosperous cities of China for much of the last 1,000 years. Aside from its reknowned and glorious past, the city is also well-known for its beautiful natural scenery, with the West Lake as the most well-known location.

The following is an excerpt from Wikipidea.org:

The West Lake is surrounded by mountains on three sides, with an area of around 6.5 square kilometers. The distance from north to south is about 3.2 kilometers, and east to west, 2.8 kilometers. The circumference is around 15 kilometers. The average depth of West Lake is 2.27 meters, and the capacity is about 14,290,000 cubic meters. The lake is divided by Gu Shan, Bai, Su and Yanggong Causeways into five areas. Ordered by their areas, they are Outer West Lake (外西湖), West Inner Lake (西裡湖, or 後西湖, or 後湖), North Inner Lake (北裡湖 or 裡西湖), Little South Lake (小南湖 or 南湖) and Yue Lake (岳湖). "Outer West Lake" is the largest. "Gu Shan" or Gu Hill is the largest natural island in the lake. Su & Bai Causeways run cross the lake. Three small man-made islands, "Xiao Ying Zhou" (小瀛洲), "Hu Xing Ting" (湖心亭), "Ruan Gong Dun" (阮公墩), lie in the center of Outer West Lake. Thus, the basic layout is "one hill, two causeways, three islands, and five lakes".

West Lake is not only famous for its picturesque landscape, it is also associated with many scholars, national heroes and revolutionary martyrs, thus embracing many aspects of Chinese culture. In addition, many ancient buildings, stone caves and engraved tablets in surrounding areas are among the most cherished national treasures of China, with significant artistic value.

Due to its prominent historical and cultural status among Chinese scenic resorts, West Lake was elected as a National Key Scenic Resort in 1982, one of Ten Scenic Resorts in 1985 and national 5A tourist resort in 2006. Moreover, the picture of "Three Ponds Mirroring the Moon" was printed on the backs of both the foreign exchange certificate one yuan bill issued by the government in 1979 and the fifth version of RMB one yuan bill issued in 2004, indicating the status of West Lake in China.

Traditionally, there are ten best-known scenic spots on the Xī Hú (West Lake), each remembered by a four-character epithet. Collectively, they are known as the "Ten Scenes of Xī Hú" (10 Scenic Spots in Xī Hú 西湖十景). Each is marked by a stela with the epithet written in the calligraphy of the Qianlong Emperor. They are:

- Dawn on the Su Causeway in Spring (蘇堤春曉)

- Curved Yard and Lotus Pool in Summer (曲院風荷)

- Moon over the Peaceful Lake in Autumn (平湖秋月)

- Remnant Snow on the Bridge in Winter (斷橋殘雪)

- Leifeng Pagoda in the Sunset (雷峰夕照)

- Two Peaks Piercing the Clouds (雙峰插雲)

- Orioles Singing in the Willows (柳浪聞鶯)

- Fish Viewing at the Flower Pond (花港觀魚)

- Three Ponds Mirroring the Moon (三潭印月)

- Evening Bell Ringing at the Nanping Hill (南屏晚鐘)

I had taken a trip down to Hangzhou, together with a few colleagues, when I was assigned at Wuxi last year for a few days. We took a bus around 7 AM from the Wuxi Central Station to Hangzhou and reached the city somewhere around 10:30 AM. We then took a cab to the West Lake and walked the whole perimeter of the lake the whole day. In between, we sampled the menu of a few (if memory serves me right, three) restaurants, trying out a mish mash of Chinese noddle, meat and vegetable dishes.  

The scenery was very serene, relaxing to a fault. The sunset was spectacular; the colors playfully smearing the horizon with hues of red, yellow, orange, violet and blue. As if in unison, the lake, teasingly muddles up these colors revealing a rich golden tint.

Scores of tourists, both local and foreign, were around that day; awed, like me, with the beauty and magnifiscence of West Lake and the city that is "Heaven on Earth."  

When Wall Street Sneezed

...and the whole world caught the cold.

The Wall Street stock market took a severe beating yesterday sending off shockwaves amongst the global stock markets. The Asian market, for one, opened  in the red, down by several percentage points. Shades of the '97 financial crisis appear to be looming and the impact on the overall Asian economy is now being felt by businesses. Words of job cuts, hiring freeze, downsizing and the like, have started to spread around.

Investors are wary to put their money into the market under this volatile condition. The general public is jittery and apprehensive. Not even the substantial reduction in the global price of oil seems to dampen the impact of this financial meltdown. 

This crisis merits a thorough root cause analysis rundown. What went wrong? Why did things go wrong? Who are responsible for this? What can the public do to protect themselves from the rammification of such a crisis?

A rethinking of the global financial system, the way it operates, how it links the global economies in a fragile web, is ripe. Should there be a change in the system? A paradigm shift, as far as the mindset of all financial stakeholders are concerned, maybe. I am not well-versed in the internals of the financial system but I am one with those who think a change in the system is needed. 

I hope  this ends soon. Nonetheless, life goes on. 

Question: What do Microsoft fanboys gorge on during meet ups?

Answer: Pizza!

Interesting Facts About Singapore

The island-nation of Singapore has been home for myself and my family for the past 8 years. Here are some interesting facts about this little red-dot of a country:

1.       Singapore consists only of one main island and 63 other tiny islands. Most of these islands are uninhabited.  One of the better known of these islands, the Pedra Branca island, was the centre of a territorial dispute between Singapore and Malaysia for almost 30 years. The International Court of Justice, which presided over this dispute, ruled in favour of Singapore when it handed down its decision on 23 May 2008. 

2.       Singapore is among the 20 smallest countries in the world, with a total land area of only 682.7 square kilometres. The USA is about 15,000 times bigger. 

3.       Apart from Monaco, Singapore is the most densely populated country in the world, with 6,430 people per square kilometre. Majority of the population live in public housing HDB towns and estates. 

4.       Singapore became the 117th member of the United Nations on 21 September 1965. 

5.       Symbolism of the National Flag: Red symbolises universal brotherhood and equality of man while white signifies purity and virtue. The crescent moon represents a young nation on the rise and the five stars signify the ideals of democracy, peace, progress, justice and equality. 

6.       The national flower of Singapore, Vanda Miss Joaquim, was first discovered in 1893 by Agnes Joaquim, an Armenian. The orchid is a natural hybrid between Vteres and Vhookeriana. 

7.       The Merlion, a half-fish, half-lion beast, is a fitting symbol of Singapore. The "Singa" or lion represents the animal that a Sumatran prince saw which resembled a lion, and the fish is a tribute to Singapore's history as "Temasek", the ancient sea town. 

8.       Singlish, a Singaporean patois mixing English with the odd phrase of Chinese, Malay and even Tamil, has two entries - lah and sinseh - in the online version of the Oxford English Dictionary. 

9.       Although English is the official working language and the most widely used language in Singapore, the national anthem 'Majulah Singapura' is actually sung in Malay. 

10.   The flying fox, the world's largest bat with a wingspan of up to 1.5 metres, can be found on Pulau Ubin, one of the islands off mainland Singapore. 

11.   Singapore is a stopover point for thousands of migratory birds travelling the East Asian Flyway. 

12.   Arguably the most popular fruit in Singapore is the Durian. It is the only type of fruit that has its own signage, the “no durian” sign, in public buses and the MRT. Rows and rows of Durian stalls line up Sims Avenue near the Geylang area and there are even tables and chairs set up beside the road to accommodate customers who partake on this “king of the fruits.”

13.   The world's first night zoo, The Night Safari, is located in Singapore. 

14.   Despite being largely urbanised, Singapore is the largest exporter of ornamental fish (25% of the world market). 

15.   The Bukit Timah Nature Reserve in Singapore contains more species of trees than the entire North American continent. 

16.   The highest natural point in Singapore is Bukit Timah Hill, which is only 164 metres high (Singapore has a very flat terrain). 

17.   Buildings in Singapore cannot be higher than 280 metres. There are presently three buildings of that height: OUB Centre, UOB Plaza and Republic Plaza. 

18.   The world's highest man-made waterfall, standing at 30 metres, is located at the Jurong BirdPark. 

19.   The largest fountain in the world is located in Singapore at Suntec City. Made of cast bronze, it cost an estimated US$6 million to build in 1997. 

20.   The buildings of Suntec City have been built in the shape of a palm of a hand symbolising good "feng shui". 

21.   In 2003, Singapore's Changi Airport won the award for "Best Airport Worldwide" for the 16th consecutive year from the UK/Europe edition of the Business Traveller magazine. 

22.   The Guinness book record for the longest human domino chain was set in Singapore on 30th September 2000Formed by 9,234 students, it measured 4.2km. 

23.   The world domino topple record (303,621 men) was set in Singapore on 18th August 2003 by a 24-year-old woman from China. 

24.   The Great Singapore Duck Race, an annual event that raises funds for charity, set a new world record in 2002 when more than 123,000 toy ducks took to the Singapore River. 

25.   Russell Lee, a pseudonym for a team of ghost-writers, is the hottest-selling local author in Singapore. His 11 volumes of True Singapore Ghost Stories have sold more than 600,000 copies to date. 

26.   The fastest selling book of all time in Singapore is Hello Chok Tong, Goodbye Kuan Yew: The Untold Story. Written and drawn by political cartoonist George Nonis, it sold 40,000 copies in two months. 

27.   The highest grossing locally made movie of all time is Money No Enough, raking in S$6.02 million in 1998. 

28.   The first Singaporean film to be shown at the Cannes Film Festival was director Eric Khoo's 12 Storeys in 1997. 

29.   British pop violinist Vanessa Mae Nicholson was born in Singapore and moved to England when she was four. 

30.   In Singapore, it is very common to find people queuing. People have queued up for their favourite food (donuts, for example), collection item (the McDonald’s Hello Kitty craze), items on sale, you name it.

31.   More Singaporeans are born in the month of October than any other month of the year. 

32.   The first population census taken in 1824 revealed that the total population was 10,683The 2000 census showed that the population of Singapore is 4.2 million. 

33.   Nearly 9 out of 10 Singaporeans live in public housing flats.

34.   The most common Chinese surnames in Singapore are Tan, Lim and Lee. 

35.   8 in 10 people in Singapore own cell phones. In fact, telecom companies issue new numbers at the rate of 30,000 to 40,000 per month. 

36.   Swimmer Ang Peng Siong was ranked world number one in the 50m Freestyle in 1982. 

37.   The Singapore Sling was first served in 1915 at the Long Bar of the Raffles Hotel. The ingredients are gin, Cointreau, cherry brandy, Dom Benedictine, pineapple juice, Grenadine, Angoustura bitters and limes.

38.   Singapore has more than 3,000 kilometres of roads. Stretched end to end, they can cover the distance from Singapore to Hong Kong. 

39.   Singapore's best showing in the Olympic Games ever was a silver medal won by weightlifter Tan Howe Liang in Rome in 1960. This has since been equalled by the silver medal feat of the Singapore women’s table tennis team in the 2008 Beijing Olympics. Composed of Wang Yue Gu, Feng Tian Wei and Li Jia Wei, the team lost to the Chinese team in the finals. 

40.   The highest grossing movie of all time in Singapore is Titanic, raking in S$6.65 million in 1997.

41.   The record for the biggest ever game of pass-the-parcel was set in Singapore on 28 February 1998It involved 3,918 students removing 2,200 wrappers from a 1.5 x 1.5 x 0.5 m parcel. 

42.   The record for the most number of people participating in line dancing was set in Singapore in May 2002 with 11,967 dancers. 

Checking for Password Complexity Using Regular Expressions

There is this very interesting thread on the Microsoft Technet Forums (Scripting) wherein one poster was inquiring about ways of checking for password complexity using visual basic scripting. One very effective and, in my book, very efficient way to accomplish this task is using Regular Expressions.

What are Regular Expressions?

Regular expressions, commonly known as regex or regexp, are a set of key combinations that are meant to allow people to have a large variety of control over what they are searching for. A regular expression, often called a pattern, is an expression that describes a set of strings. They are usually used to give a concise description of a set, without having to list all elements. (Source: wikipedia.org)

The power of Regular Expressions

Regular Expressions are a neat way to perform powerful, fast and effective string pattern matching and replacing. Starting with VBScript Version 5.0, the RegExp object is made available for developers. 

The most commonly used types of regular expressions matching include character matching, repetition matching, and position matching.

Character matching is, as the term suggests, searching for a match within a string literal. In the example I have posted on the Technet, I used the RegExp Test method to validate the password given. This  method takes a string as its argument and returns True if the regular expression can successfully be matched against the string, otherwise False is returned.

Repetition matching, through the use of repetition operators or quantifiers, details how many times to search for a specified string. The operators are used in conjunction with character-matching syntax to search for multiple characters. By using repetition matching, we can specify the number of times an element may be repeated in a regular expression.

Symbol	Function
{x}	Match exactly x occurrences of a regular expression.    "\d{5}" matches 5 digits.
{x,}	Match x or more occurrences of a regular expression.    "\s{2,}" matches at least 2 space characters.
{x,y}	Matches x to y number of occurrences of a regular expression.    "\d{2,3}" matches at least 2 but no more than 3 digits.
?	Match zero or one occurrences. Equivalent to {0,1}.    "a\s?b" matches "ab" or "a b".
*	Match zero or more occurrences. Equivalent to {0,}.
+	Match one or more occurrences. Equivalent to {1,}.

Position matching involves the use of the ^ and $ to search for beginning or ending of strings. Setting the pattern property to "^Microsoft" will only successfully match "Microsoft makes cool products." But it will fail to match "I hate Microsoft."

Symbol	Function
^	Only match the beginning of a string. "^A" matches first "A" in "An A+ for Anita."
$	Only match the ending of a string. "t$" matches the last "t" in "A cat in the hat"
\b	Matches any word boundary "ly\b" matches "ly" in "possibly tomorrow."
\B	Matches any non-word boundary

Going back to the Technet forum post, I have posted a script which utilizes the RegExp object and a pattern matching loop to verify the complexity of the password inputted.