Licensing CALs for onsite systems can be done in a couple different ways:

• Per-Device: Each computer that is bound to Active Directory receives a CAL
• Per-User: Each user that uses a computer that is bound to Active Directory receives a CAL

In an environment where there are many users per device, then per-device licensing is always going to be cheaper (unless of course there are more devices than users, which wouldn’t make sense in a many to one environment). In a one-to-one environment where users come and go (e.g. by transferring between schools), but the number of computers remains somewhat static, per-device licensing still works out better as it simplifies license allocation.

Per-User CALs for education environments typically run around $1 USD per CAL for students. Per-User CALs for educators that work in the environment and are bound in that same environment typically run around $8 USD per CAL. If the systems aren’t bound, then licensing is only based on users that access file and print services, or other services; however, this becomes a bit of a challenge to calculate unless you reactively look at triggers that can be generated. But because most environments now use Active Directory binding on client systems, the CALs end up becoming one-to-one about as quickly as the computers become one-to-one.

But you should most definitely not take this article as being the rules set in stone. There are a number of scenarios that can change the licensing situation (most of them have to do with not binding clients or running computers that are offsite and/or employee owned). Contact Microsoft’s licensing desk using the contact information here, or contact a reseller like 318 for more more information.

Will the future require CALs? In an increasingly iOS and Android world, there are a few issues to sort out in many environments (e.g. IIS vs. AD licensing). This has so far ended up being in a case-by-case basis. 318 is a Microsoft reseller and can help you through these complex licensing issues, if you need it. Please feel free to contact your 318 Professional Services Manager, or sales@318.com if you would like more information.

Lack of font management is a cost center for many organizations. There is a loss of productivity every time a user has to manually add fonts when opening co-workers documents, or the cost of a job going out with the wrong version of a font. Some of the other benefits of fonts servers are separate font sets for different workgroups and isolating corrupt fonts to clean up large font libraries, along with quick searching and identification of fonts.

Font Management and Best Practices

Anyone who uses fonts for daily workflow needs font management. This could be a standalone product such as Suitcase Fusion or Font Agent Pro. But larger environments invariably need to collaborate and share fonts between users, meaning many environments need font servers. Two such products include Extensis Universal Type Server and Font Agent Pro Server. But before adding font management products, users should clean up and any fonts loaded or installed and added prior to moving to a managed font environment. Places to look for fonts when cleaning them up include the following:

• ~/Library/Fonts
• /Library/Fonts
• /System/Library Fonts

Leaving any necessary system, Microsoft Web Core, and required Adobe fonts.

The best resource for this process can be found at Extensis Font Best Practices in OX v.7, which can be found at: http://www.extensis.com/en/downloads/document_download.jsp?docId=5600039

Types of Font Server Products Available

There are two major font server publishers: Extensis and Font Agent Pro. Both have workgroup and enterprise products. All server products from both products work on a client/server model. Both can sync entire font sets or serve fonts on-demand. The break down for the Extensis Universal Type Sever is at 10 clients. Below 10 clients Universal Type Server Lite is a 10 clients product, which lacks Enterprise features, such as the ability to use a SQL database or integrate in Open Directory or Active Directory. The full Universal Type Server Professional adds Directory integration, external database use, and font compliance features and is sold as 10-user license, with an additional per seat license.

Insider Software offers two levels of font servers. The first is FontAgent Pro Team Server designed for small workgroups and sold in a 5 or 10 client configuration. The next level of product is Font Agent Pro Enterprise server. This adds the same directory services integration as Universal Type Server Professional. This product also has Kerberos single sign on, server replication and fail over. It uses the same per-seat pricing structure as Universal Type Server Professional.

A third tool is also available in Monotype Font Explorer, at http://www.fontexplorerx.com, which we will look at later in this article.

Pre-Deployment Strategies and Projects

Before any font server deployment, there are a few things to take into consideration. First is number of clients. This will guide you to which product will be appropriate for installation. Also note if Directory integration and compliance is needed. Is failover or a robust database important. The most important part of any font server installation is the fonts. How may are there, where are they coming from, are separate workgroups needed? Are all your fonts legal? In my experience probably not. Is legal compliance required for you organization or your clients? What is the preferred font type, PostScript Type 1, Open Type? What version are the fonts? Most fonts have been “acquired” over time, with some Postscript fonts dating back to early to mid nineties. As a font server is just a database, the axiom “garbage in, garbage out” is true here as well. This should lead to a pre-deployment font library consolidation and clean up. This can be either be done by 318 or we can train the you to perform this task. If compliance is an issue this is where we would weed out unlicensed fonts. Which to my experience is about 90% of all fonts. A clean, organized font set is the most important part of pre-deployment.

A major part of any font server roll out should be compliance and licensing. This allows for the tracking and reporting of font licenses and to make sure that stays in licensing and compliance.

Extensis

Universal Type Server includes the ability to generate and export reports to help you determine if you are complying with your font licenses. The font compliance feature only allows you to track your licensing compliance and does not restrict access to noncompliant fonts. To help you understand how the font licensing compliance, let’s look at the following typical example of how to use licenses and the font compliance report in your environment.

Say you are starting up your own design shop and need a good group of licensed fonts for your designers to create projects that will bring you fame and fortune. You know that fonts are valuable, and you want to be sure that you have purchased enough licenses for your requirements. So, you purchase a 10­user license of a sizable font library. Using the Universal Type Client, these fonts are added to a Type Server workgroup as a set. A font license is then created and the Number of Seats field is set to 10. This license is then applied to all fonts in the set.

When you run the font compliance report, Universal Type Server compares the number of seats allowed to the total number of unique users who have access to the workgroup. If more users have access than licenses available, the fonts are listed as “non-­compliant.” You can now either remove users from the workgroup or purchase more font licenses to become compliant.

Universal Type Server is unique amongst other products in that it uses a checksum process to catalog fonts. Others just use file names and paths.

Universal Type Server Deployment

Universal Type Server system requirements include the following:

Macintosh Server

•          Mac OS X v 10.5.7, 10.6 Mac OS X Server 10.5 or 10.6•          1.6 GHz or faster 32-bit (x86) or 64-bit (x64) processor (PowerPC is not supported)
•          1 GB available RAM
•          250 MB of hard disk space + space for fonts
•          Safari 3.0 or Firefox 3.0 or higher*
•          Adobe Flash Player 10 or higher*

Windows Server

•          Windows XP SP3 (32-bit only), Server 2003 SP2, Server 2008 SP2 (32 or 64-bit version**)
•          P4 or faster processor***
•          1 GB available RAM
•          250 MB of hard disk space + space for fonts
•          Internet Explorer 7 or Firefox 3.0 or higher*
•          Adobe Flash Player 10 or higher*
•          Adobe Reader 7 to read PDF documentation*
•          Microsoft .NET 3.5 or higher

Universal Type Server Installation Process:

1.         Verify server system requirements
2.         Run the installer on the target server machine
3.         Login to the Server Administration web interface
4.         Serialize the server
5.         Set the Bonjour Name
6.         Resolve any port conflicts
7.         Set any desired server configuration options, including backup schedule, log file configuration, secure connection options, and any other necessary server settings.
8.         After installing the server, configure workgroups, roles and add users.

The basic user and workgroup configuration steps include:

1.   Plan your configuration
2.   Create workgroups
3.   Create new users
4.   Add users to workgroups
5.   Assign workgroup roles to users
6.   Modify user settings as required

Optional Setup:

1. Managing System Fonts with System Font Policy The System Font Policy feature allows Universal Type Server administrators to create a list of system fonts that are allowed in a user’s system font folder.
2. Font Compliance Reporting
   The font compliance feature only allows you to track your licensing
   compliance and does not restrict access to noncompliant fonts.
3. Directory Integration
   Directory integration allows network administrators to automatically
   synchronize users from an LDAP service
   (Active Directory on Windows or Open Directory on Mac OS X) with Universal Type Server workgroups.

* UTS Documentation:

http://tinyurl.com/4xgn9rr

Both Universal Type Server Professional and Font Agent Pro Enterprise can be configured for Open Directory, Active Directory, and LDAP integration. Both also can utilize Kerberos Single User sign on. Universal Type Sever Professional directory integration instructions can be found in the UTS 2 Users and Workgroups Administration Guide at http://tinyurl.com/4xgn9rr. Some users have reported issues connecting to Open Directory (which happens with all products, not just this one).

Universal Type Server runs in Flash for administrative functions, which many do not like.

Monotype Font Explorer

Monotype Font Explorer is a third tool that can be used to manage fonts. Available at http://www.fontexplorerx.com there are some things that some environments do not like about Universal Type Server or Font Agent Pro. Let’s face it, the reason there are multiple products and multiple workflows is that some work for some environments and others work for other environments/workflows better. For example, Font Agent Pro stores master fonts on one client machine, which is then synchronized to the server, and from there to the rest of the clients; not everyone wants a client system acting as a master to the server. Font Explorer keeps the master is on the server, groups and synchronization works well and the administration is in the same window as font management. And best of all, Font Explorer is also typically cheaper than its server-based competitors in the font management space.

Extensis publishes a guide as to which fonts to include in the system and which to handle in the font management software. According to Apple documentation, and fonts in my ~/Library/Fonts folder take precedence to fonts in /Library/Fonts, which again takes precedence to /System/Library/Fonts. That means that if I install Times in my ~/Library/Fonts folder, it will be used instead of the font with the same name in /Library/Fonts or in /System/Library/Fonts. So how is it that I should care which fonts is installed where, as the font management applocation should simple take precedence to the others? If it does not take precedence, then where in the chain is it actually activating fonts? Maybe fonts are handled in these solution in parallel with the system mechanism? Thats the only explanation I can find to that, but is then only valid for UTS, or is it also valid for the other solutions?

End User Training and Font Czar

No font server installation would be complete without end user training and the appointment of a Font Czar. User training can be a fairly easy endeavor if client systems are using the same publishers stand-alone font client. Other times it could entail discussing licensing and compliance concepts along with adding metadata to fonts. An onsite Font Czar (or more than one) is very important to font server installations. The Font Czar cleans up and ingests new fonts, adds new users to font server, and in general be the Font Admin. This is usually a senior designer or technical point of contact for the creative environment.

Conclusion

Font Book is adequate for most users that don’t need a server. Universal Type Server, Font Agent Pro and FontExplorer are all great products if you need a font server. They all are installed centrally and allow end users to administer fonts, based on the server configuration and group memberships. They all work with directory services (some better than others) and can be mass deployed. In big workgroups or enterprises, where only a few people are handling the administration of fonts for a lot of people, a centralized font management solution is a must. But in much smaller organizations, it requires care and feeding, which represents a soft cost that often rivals a cost to purchase the solution.

Finally, test all of the tools available. Each exists for a reason. Find the one that works with the workflow of your environment before purchasing and installing anything.

Note: Thanks to Søren Theilgaard of Humac for some of the FontExplorer text!

Installing Snort in Windows Server 2008 is a fairly straight forward maneuver. Simply install winpcap, then barnyard and then snort itself. You’ll also want to install the snort rules available on the snort downloads page.

Once snort is installed, it’s fairly simple to run it from the Windows Server 2008 command line. To do so, use the snort.exe that was distributed in the installer (by default it would be at c:\snort\bin\snort.exe). You can then run it in a simple form to check that the interfaces are available:

c:\snort\bin\snort.exe -W

And then use one of the listed interfaces, invoke it with a -i option followed by the interface. You can also specify a custom logging location using -l and a custom configuration file using -c. This would result in something similar to the following:

c:\snort\bin\snort.exe -i 1 -l c:\snort\log -c c:\snort\etc\snort.conf

There are a lot more options, but this article is about converting it into a service. Once you’ve found a configuration that works for you manually, you can then take that, throw a /SERVICE /INSTALL after the snort.exe but before the operators and viola you’ve converted snort into a service:

c:\snort\bin\snort.exe /SERVICE /INSTALL -i 1 -l c:\snort\log -c c:\snort\etc\snort.conf

Once snort has become a service, many will want to have it start automatically. This is possible using the sc command to configure the snortsvc to start automatically:

sc config snortsvc start= auto

And then, start her up:

sc start snortsvc

Intrusion Detection (IDS) and Prevention (IPS) solutions can be invaluable to an organization. If you would like to discuss running snort or any other IDS or IPS, please feel free to contact your 318 Professional Services Manager, or sales@318.com if you do not yet have one!

http://vil.nai.com/vil/5958_false.htm

Exchange 2007 has a lot of prerequisites that need to be installed before you can install Exchange 2007. Instead of going through a bunch of Wizards and using trial and error to make sure you have everything installed, you can set them up using a command line.

The first command that should be run is:

ServerManagerCmd -i PowerShell

This will install and configure everything that Exchange 2007 needs for PowerShell.

IIS has several components that need to be installed to use Exchange 2007. You can create a quick batch script that includes them all. The following commands need to be run:

ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Digest-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Dyn-Compression

If you plan on using RPC over HTTP (Outlook Anywhere) you will need to run this command after all of the IIS commands have finished:

ServerManagerCmd -i RPC-over-HTTP-proxy

After running these commands you should be ready to run the actual setup files. When you run setup.exe you should see that everything before option 4. Is greyed out. Option 4. is what triggers the install. If anything has not finished look through the command lines to make sure no errors have shown up.

The 1.5 version of the Google Apps connector for Blackberry has now been released. This update brings maturity, additional capacity and overall performance enhancements. But most importantly, it can be run on 64-bit operating systems. You can also now use BlackBerry Professional with the Google Apps Connector for BlackBerry Enterprise Server.

If your organization is considering a move to Google Apps, contact 318 now and we can help to plan the transition; whether from Exchange or Lotus Notes or even good ‘ole postfix, 318 is here to help!

Mail Archiva is an open source project aimed at bringing messaging archival to Microsoft Exchange, Zimbra, Mac OS X Server, Postfix, SendMail, IpSwitch, Axigen and a number of other messaging servers.

If you are in need of mail archival then feel free to reach out to us for more information on Mail Archiva today!

Happy upgrades and if you need any help, as always, feel free to call 318.

VPN’s come in many different types (protocols).   Some of the most common include the following:

PPTP

Often called “dial up VPNs”, it technically extends the functionality of PPP. It was originally started by Microsoft, US Robotics, Ascend Communication, 3Com, and ECI Telematics.  Their first draft of their IETF document for the protocol extension was submitted in June, 1996.  The protocol extension is supported by Linux, Mac and Windows workstations.

Current versions of all three operating systems include the VPN Client application pre-installed in the operating system.  All three operating system server versions can also be setup to allow PPTP connections. A Microsoft Routing and Remote Access Server (RRAS) typically uses Microsoft Point to Point Encryption (MPPE) which is based on RSA RC4 and supports up to 128 bit encryption.

IPSec

IPSec is short for Internet Protocol Security.  It works on Layer 3, and is often called “Site to Site VPN”.  It is usually used to connect one LAN to another LAN, most times using two hardware VPN units at each side communicating with each other.  It can also be used to connect a workstation to the corporate LAN, typically using proprietary software from the VPN manufacturer/developer (although you can sometimes use the built in software in the operating system – as is the case with Windows). The protocol can function in two modes (Transport and Tunnel) and provides end to end security by authenticating and encrypting the packets between parties.  It can support up to 168bit encryption with 3DES.

SSL VPN

SSL VPN is a type of VPN that allows communication to happen over https via web browsers.  The main advantage of SSL VPN is that no additional client software is required besides a web browser.  Since no software needs to be installed on a computer, a user can access the corporate network via VPN from just about any computer (i.e, Public Computer, kiosk, etc.).   The disadvantage is that because it tends to make the applications you would normally use a web type of application, you often lose some of the intended user experience of those converted applications.

L2TP

L2TP is short for Layer 2 Tunneling Protocol.   It doesn’t do any encryption on it’s own, and is often used in conjunction with IPSec (L2TP/IPsec VPN). The biggest thing to remember about L2TP is that it allows more types of applications to communicate through the VPN connection that otherwise are not supported in a standard IPSec implementation.

In a nutshell, deciding which VPN protocol to implement depends on your budget, the hardware that you have, what will be connecting (workstation/user, or LAN to LAN) and the ease of use.  Please feel free to contact us, and we will be happy to help plan out your VPN infrastructure, or answer any questions that you may have.

Whether you are a BRU, Atempo, Bakbone, Backup Exec or Retrospect environment, 318 can assist you with planning, testing, verifying or restoring backups. Contact your 318 account manager today for more details.

Exchange 2010 includes server-side email archival, which will be a big boon to many Mac environments (Entourage still doesn’t have an auto-archive feature). Server-side email archiving also allows enterprise organizations to gain further control over archives and enforce better policy management for mailboxes.

Exchange 2010 allows users to manage many of their own common tasks rather than opening a service request.  Exchange will also warn users (and allow administrators to make policies based on these types of events) before they make common mistakes such as sending mail to large distribution groups, to recipients who are out of the office or to recipients outside the organization.  Overall, this move towards self-service should reduce overall support costs.

Text based voice mail preview, voice mail rules and further integrated Outlook Web Access (OWA) and Outlook Mobile dominate the theme of Exchange 2010.  Users of the Microsoft unified communications environment will be able to see text previews of voice mail using Outlook, delete voice mails out of Outlook without picking up a hand set and even create rules for dealing with certain types of messages (for example if a voice mail is less than 1 second it should probably just be deleted). There are a number of other features, most of which (such as a message indicator light, caller ID and voice control over voice mail) are already present in other modern phone systems – the key word here is other as Microsoft now has what amounts to a phone system built into Exchange.

As always, many of the new features of Exchange will revolve around new features within the Office product line, which will also receive a refresh in 2010.  Public folders (not shared folders) will more than likely be moved into SharePoint, which will also see an update in 2010.  There will also be a number of upgraded Powershell commands that will further automate the use of Exchange with the upcoming Windows 7 operating system.

Overall, for many environments, Exchange 2010 should represent a lower Total Cost of Ownership (TCO) than previous releases.  However, it will need to be strategically planned well in advance, especially if your organization will be skipping Exchange 2007 and upgrading from 2003 into Exchange 2010.  If you need help with the strategy and assistance, please feel free to contact 318 and we will do whatever possible to aid in the planning of this transition.

LCR can be used to reduce the recovery time in disaster recovery scenarios for the whole database, instead of restoring a database you can simply mount the replica.  However, this is not to be used for day-to-day mailbox recovery, message restores, etc.  It’s there to end those horrific eseutil /rebuild and eseutil /defrag scenarios.  Given the sizes that Exchange environments are able to get in Exchange 2003 R2 and Exchange 2007, this alone is worth the drive space used.

Like with many other things in Windows, LCR can be configured using a wizard.  The Local Continuous Backup wizard (I know, it should be the LCR wizard) can be accessed using the Exchange Management Console.  From here, browse to the storage group you would like to replicate and then click on the Enable Local Continuous Backup button.  The wizard will then ask you for the path to back up to and allow you to set a schedule.  Once done, the changes will replicate, but the initial copy will not.  This is known as seeding and will require a little PowerShell to get going.  Using the name of the Storage Group (in this example “First Storage Group”) you will stop LCR, manually update the seed, then start it again, commands respectively being:

Suspend-StorageGroupCopy –identity “First Storage Group”

Update-StorageGroupCopy –identity “First StorageGroup”

Resume-StorageGroupCopy –identity “First StorageGroup”

Now that your database is seeded, click on the Storage Group in the Exchange Management Console and you should see Healthy listed in the Copy Status column for the database you’re using LCR with.  Loop through this process with all of your databases and you’ll have a nice disaster recovery option to use next time you would have instead done a time consuming defrag of the database.

esxupdate -query

Once you know what updates have already been applied to your system it’s time to go find the updates that still need to be applied. You can download the updates that have not yet been run at http://support.vmware.com/selfsupport/download/. Here you will see a bevy of information about each patch and can determine whether you consider it an important patch to run. At a minimum, all security patches should be run as often as your change control environment allows. Once downloaded make sure you have enough free space to install the software you’ve just downloaded and then you will need to copy the patches to the server (using ssh, scp or whatever tool you prefer to use to copy files to your ESX host). Now extract the patches prior to running them. To do so use the tar command, as follows:

tar xvzf .tgz

Once extracted, cd into the patch directory and then use the esxupdate command with the update flag and then the test flag, as follows:

esxupdate –test update

Provided that the update tests clean, run the update itself with the following command (still with a working directory inside the extracted tarball from a couple of steps ago):

esxupdate update

There are a couple of flags that can be used with esxupdate. Chief amongst them are -noreboot (which doesn’t reboot after a given update), -d, -b and -l (which are used for working with bundles and depots).

If esxupdate fails with an error code these can be cross referenced using the ESX Patch Management Guide.

You can also run patches without copying the updates to the server manually, although this will require you to know the URL of the patch. To do so, first locate the patch number that you would like to run. Then, open outgoing ports on the server as follows:

esxcfg-firewall -allowOutgoing

Next, issue the esxupdate command with the path embedded:

esxupdate –noreboot -r http:// update

Once you’ve looped through all the updates you are looking to run, lock down your ESX firewall again using the following command:

esxcfg-firewall -blockOutgoing

rundll32 powrprof.dll,SetSuspendState

To lock a Windows computer from the command line, use the following command:

rundll user32.dll,LockWorkStation

To put a machine in Hibernation mode:

rundll32 powrprof.dll,SetSuspendState Hibernate

If you would rather simply shut the computer down, then there is also the shutdown command, which can be issued at the command line. You can also use tsshutdn, which provides a few more options than the traditional shutdown command. All of these commands can also be scripted. For example, using the at command to provide a one time instance (which is actually a feature built into tsshutdn and shutdown). Another way to automate these in WIndows would be to issue the schtasks command (or simply write a batch file and use the GUI).

Because Conficker is able to communicate with other infected hosts and download updates to itself (in the form of new payloads), it is able to morph into a new virus, able to do more damage to a system or be used for distributed attacks against larger environments. Because Conficker disables anti-virus software and Automatic Updates from Windows, the best fix is to download and run a tool designed for the task. You can download a free removal tool at Sophos.com.

SystemExplorer can show file paths, parent processes, process publishers, action histories and let you search for details against a database. In short, there have been great replacements for Windows’ Task Manager for years but this one might just be one of the better ones we’ve tried.

So first impressions? Office Live Workspace doesn’t let you edit documents. Anyone who has used Google Docs or Zoho is going to be looking for that feature. There is a nice plug-in that is free that allows you to save up to 500 Megabytes of new or existing files into the Workspace portal as well as edit documents that are actually located on the portal. You can also create multiple locations for others to access, called workspaces and sync task lists or online events with Microsoft Outlook (a feature most Outlook Web Access users are already using). If you don’t have Office though, you can only view files and create notes about them. Changes are automatically synchronized so you can easily work while offline without a lot of headache.

There’s also SharedView. SharedView is part of Microsoft Office Live Workspace and gives other users the ability to view or take over your desktop as part of the collaboration benefits of Microsoft Office Live Workspace. This is already available through other Microsoft technologies, but this is a little more user friendly and nicely ties together with the document editing process.

All in all, users of Microsoft Office just got a host of new features with the Microsoft Office Live Workspace. So we might as well take use of this new technology since Microsoft was so nice to give it to us. However, if we’re looking for something that mirrors the functionality of Google Docs then this isn’t it. It’s more of meeting half-way between Google Docs and Microsoft Office.

Toshiba will also begin making Solid-state SATA drives in May that can be used in desktop systems.

Citrix has purchased XenSource, a company that provided virtualization products based on the Xen Open Source virtualization platform. XenSource is now a prodcut of Citrix that is meant to compete directly with VMWare on the virtualization scene. Why use something like XenSource instead of just building a virtual cluster based on the actual Open Source Xen packages? Citrix offers annual support plans for Standard Edition, which allows customers to receive support. In addition, Citrix is providing free web-based resources, including online product documentation, a knowledge base, and discussion forums, as is done with their popular Metaframe products. And of course, XenSource becomes the preferred platform to run Citrix clusters on. Not that VMWare won’t do a fine job, but support will be a lot easier if you’re using XenSource.

Note: Over the course of working with this type of infrastructure for years, it should be noted that using Exchange Enterprise and using multiple message stores is the best way to handle this issue if you have the appropriate licensing and disk space.

Another common issue that is encountered with administering Entourage that is not likely to occur with Exchange is that the change of a users message store to a new server with a new address requires that the client be reconfigured to accommodate for the new address. So if a users mailbox is moved from Exchange23 to Exchange 87 then the client will need to be updated. This is not typically the case with Outlook as it will use x.500 records to update the users client software to reflect the new location of the message store on a per client basis.

To begin to setup the first account, from Entourage select Tools -> Accounts and you will see the accounts window. Entourage can actually log into multiple Exchange accounts concurrently. If the user has POP and IMAP accounts in addition to the Exchange account, the Accounts landing page will be where all accounts are configured. To configure an Exchange account, click on arrow to the right of the New button and click Exchange.

This will bring up the Account Setup Assistant. Here, you will enter the default Email address for the account into the Email Address field and check the box for My account is on an Exchange server. Then you will enter the users login credentials for Active Directory in the User ID field and the Active Directory domain in the Domain field. The password for the user should be entered into the password field and then click on the right arrow to allow the client to attempt to find the appropriate server information automatically. If this fails do not be alarmed, it will typically fail. However, if the DNS information in the users TCP/IP settings is correct then at times it will succeed.

Once you have entered the data, click on the right arrow button. If DNS settings are configured effectively then it may setup the account automatically; however, this is prone to failure.

Click on the Configure account manually button to bring up a screen that will allow you to enter the needed information to configure the account properly. Settings in the Account Settings tab include:
1) The Name is the name that will be placed in the From: field of emails sent through this account.
2) The Email address is the DEFAULT email address for the user.
3) The Account ID is the users login credentials to Active Directory. There are times when the Account ID will also need the NetBIOS domain prepended to it. For example, if the NetBIOS domain name in your environment is Patagonia, then the Account ID might read MyDomain/administrator. The settings used here should be easily mirrored from what is used by Outlook Web Access.
4) The Exchange server address is not automatically detected when performing a manual setup, so if you have multiple Exchange servers in your environment you may have to manually enter the DNS name or IP address of the server in the Exchange server: field.

Once you are satisfied with the settings under the Account Settings screen, click on the Options tab of the Edit Account Window. Options include:
1) Receive complete messages – This is typically the best choice over partially receive messages for most users
2) Partially receive messages over – For larger messages, you can choose to only receive the first 50 (or whatever number you enter into this field) KB of the message. This is often used to make mail appear faster, although for attachments it can cause the user to have to manually retrieve the attachment which can be fairly annoying. This is also helpful in troubleshooting as a large message can clog up the ability to download a mailbox.
3) Default Signature – Choose the signature you would like to use for your Exchange account.
4) Headers – Headers can be used for rule processing. If you are not using this then you likely do not need to use this field.

Once you are satisfied with your settings for the account options page, click on the Advanced screen to configure public folder settings and LDAP settings. Options here include:
1) Public folders server – This is the IP address or DNS name of the Exchange server. If you have Exchange servers dedicated to public folder storage then you would use the address of these in this field, otherwise it should be set to be the same as the Exchange server being used to log in. In Microsoft Exchange, not all servers house public folders. Each folder can be set to replicate amongst specified servers. Outlook enumerates this automatically but Entourage does not.
2) DAV service requires a secure connection (SSL)
3) Override default DAV port – If Outlook Web Access is running on a port other than 80 (or 443 if SSL is being used) then this setting will need to be used.
4) LDAP Server – This is the IP address or DNS name of the LDAP server that you will be accessing. Sometimes this is an Active Directory controller, but other times this is the Exchange server according to how roles have been assigned to computers.
5) This server requires me to log on – unless your Active Directory server allows unauthenticated logons (very rare) this option needs to be checked
6) This LDAP Server requires a secure connection (SSL) – If your LDAP server needs an SSL Cert then you will need to check this box. If this is the case then you will need to install the SSL certificate using Keychain Access.
7) Override default LDAP port – If the LDAP port or you are running for Active Directory has been customized or if you are running a 3rd party LDAP store then this setting will need to be changed.
Maximum number of results to return – for companies larger than 1,000 users you may need to increase this to see the entire GAL.
9) Search Base – leaving this field blank is usually fine unless you want users to have access to the GAL. GAL access can be obtained by filling in the appropriate search base.

Once you have set the Advanced Options we can configure Delegate access. To do so, click on the Delegate tab and configure delegation for the specified user. The My Delegates section is where you provide other users with the ability to send on the users behalf. Other users can be added by clicking on the Add… button. To add other users whose mailbox the user has access to you would use the Users I am a delegate for section. Here, you can click on the Add… button to add users whose folders and send on behalf of permissions this mail client should have access to. Just as with Outlook, for specific folder access you would grant this by right-clicking (control-clicking in a Mac environment with a one-button mouse) and clicking on the permissions button. As with Microsoft Outlook, permission must be given at the root folder and then any folders in the folder structure below that folder. Unlike an Outlook environment, occasionally the permissions button will timeout. If this is the case then use the Microsoft Outlook client while logged in as the user to make these types of delegation changes for the user.

Once you have set the Delegate options, click on the Security tab if you need to configure SSL options. Otherwise you can skip this section and click on OK. If you do need to configure SSL, click on the Security tab and use the Select button to choose any certs that are installed on the computer.

Once you have configured all of the settings for the Exchange account, click OK. Now you can go to the Entourage Main Window and verify that your account is online. If the account says (Not connected) then connectivity is not there and you will need to troubleshoot.

What is it? Malware, short for Malicious software, is the macro concept behind names like “Adware”, “Spyware”, “Hijackers”, “Toolbars” and “Dialers”. Malware is a growing PC-related assault epidemic (doesn’t effect Macintosh too much yet).

How you get it? Malware tends to sneak into your life (usually in a hidden or invisible manner) via third party software (software from less-than well known developers) disguised as added functionality to your work flow and your internet experience (and other bells and whistles) in order to execute many malicious tasks that are bad for business.

Tell tail signs you have it- there’s the activity you can see; Pop-up ads, re-directing of your browser, out-of-the-ordinary sluggishness, and other virus-like activity. Then there’s the activity you can’t see (and generally the most malicious of all); The taking of personal information from different parts of your PC, keeping track of web sites you visit and web searches you make, files you download, software you install.

All of this can (and usually does) involve your personal and sometimes private information, cause system slow down or even interruption inproductivity and produce virus-like activity to the point of annoyance or even system crash. This involves security issues, downtime and productivity loss (money lost!)

Discovering you are one of malware’s victims is critical and yet only half the battle. Knowing what steps to take to rid your life of it (and possibly to prevent future attacks) is then key. The point is, malware is bad and Three18 can help you get rid of it.

At Three18 we continue to stay on top of current malware and other emerging malicious technologies and we pride ourselves on educating our clientele on the benefits of using practical skeptical computing technique to reduce the possibility of malware ever getting to your system and/or network.

If you do get malware’d, Three18 will help to get you and your network cleaned up and safely back onto the information super highway!

Office 12 no longer has drop down menus. This has been a hallmark of Microsoft Office since the first version. Nearly every other productivity suite has been built around drop down menus on every platform since the days before point-and-click. Microsoft has replaced drop down menus with a new concept that they are calling the ribbon. When you click on what were once drop down menus, the toolbars change to include only the features relevant to that option. By placing buttons and menus in the ribbon, Microsoft is able to include many new features without forcing users to have so many toolbars that their workspace is greatly reduced. The ribbon is not resizeable, so users of bigger monitors will likely approve of this feature than users of smaller monitors.

Other new features in Office 12 include the ability to save files into read-only PDFs, an Inspector that allows users to hide text or reveal text, the ability to remove the document creators name and contact information, a live preview feature that allows users to view the effect of changes before making them and tighter integration with OneNote.

There are also new features specific to components of Office 12. Word 12 includes a new zoom bar, which is meant to help zoom in and out of text rapidly as well as a new bar at the bottom of the screen that includes word count, page count and other information about the document. Conditional formatting in Excel 12 allows users to spruce up their spreadsheets with colors and effects based on formula outputs. PowerPoint 12 now gives a greater sense of control with more streamlined features. Outlook 12, unlike the rest of the Office suite, did not receive the ribbon. It did get the sleek new interface, a To-Do bar and color coded users, a feature useful in shared environments. Finally, Access was given a new interface to make it easier and faster to rapidly create databases.

Microsoft Office has given the world a standard for documents that has enabled sharing to a level that might not have otherwise been possible. With their latest version they are making their format for documents open source, or freely useable by other organizations, in order to enable people to share documents between applications more freely. With this innovation in the way that Microsoft goes about business, they are joining the packs of companies such as Novell, RedHat and Apple. While Microsoft has been criticized in the past for their fierce competition, this change will actually foster innovation in the field of word processing, spreadsheet creation and presentations. The new format will also allow users to make larger files and shrink existing files, as it splits each file into separate components stored in a .zip format. The new format will have an x at the end of the name of each extension for old formats. For example, Word files would be .docx and PowerPoint files would be .pptx.

There will be an initial learning curve for adopters of Microsoft Office 12, but the productivity enhancements will quickly offset this with the proper training and planning.

Malware applications are typically bundled as a hidden component of shareware programs, online music, scripts hidden on websites and viruses that can be downloaded from the Internet. Over the past two years, many products have been released such as Windows XP Service Pack 2, Adaware and Spybot Search and Destroy that can effectively remove spyware. However, spyware and adware authors were able to make a lot of money from their pseudo-legal actions and have become better programmers in their newfound spare time.

Many spyware and adware products have begun to incorporate the use of root kits into their software. A root kit is a set of tools used by intruders once they have hacked into a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes. Root kits often discuise themselves in order to prevent detection. Root kits exist for a variety of operating systems such as Linux, Solaris, and versions of Microsoft Windows. Root kits are typically used by attackers to build collections of slave systems and hide their tracks.

By using techniques that are most commonly attributed to attackers, spyware and adware products are becoming more and more harmful to systems. The utilities that once helped to resolve malware issues on systems are not working as well as they once did because of these new techniques employed by malware authors. Many of these techniques go far beyond simply hiding the malware and involve teaching the operating system to pretend that the malware doesn’t exist to make it almost impossible to find.

RootKit Revealer is a free product distributed by sysinternals.com that can search for known root kits. A litmitation of this application is that it doesn’t find new attacks that were released since the last revision of Rootkit Revealer. Microsoft is also looking into software that can detect root kits with their Strider Ghostbuster Project. Both RootKit Revealer and Strider Ghostbuster not only look for root kits but also look for any attempts to hide any applications from the operating system.

This was effective when the projects were announced and first released. Now, a new generation of malware is coming along that is intelligent enough to actually hide itself from standard searches and then not hide itself from the RootKit Revealer or Strider Ghostbuster scans. The finesse with which authors of malware are creating their root kits often leaves one wondering who is ahead in the game.

For more information on the many rootkit removal services that may be available to your business, please contact Three18, Inc. at 310-581-9500 or via email at sales@318.com

The Graphical User Interface (GUI) level changes are too numerous to review. A conversion from Outlook 2001 to Entourage 2004 requires retooling the workforce for the new application. Schedules, cached email addresses, signatures and other settings will be lost during the migration, but mail, contacts, calendars, to-do items and tasks should survive the migration.

Once common theme across the two is wasted resources. Outlook 2001 required OS 9 to run in OS X. Entourage 2004 requires Rosetta to run in OS X. Both waste a considerable amount of resources. However, both are the only supported clients for Microsoft Exchange for the Mac platform. One note about a possible Exchange 2007 upgrade is that you will loose your free CAL licensing for Entourage. If you read the EULA you no longer receive free Entourage licenses per CAL of Exchange 2007.