Scott's Weblog The weblog of an IT pro specializing in virtualization, networking, open source, and cloud computing

Apache as an OWA Front-End

A while ago, I discussed the use of Apache to protect OWA from web-based attacks. This configuration placed an Apache HTTP server in front of a server running Microsoft Exchange Server 2003 to protect it against web-based attacks, offload SSL encryption, and enable name-based virtual hosts (for the conservation of public DNS hostnames, especially important for smaller organizations). While this is a useful configuration, it is not without its drawbacks.

(Read more...)

Converting SSL Certificates with OpenSSL

The OpenSSL toolkit is a veritable Swiss Army knife of SSL functionality. Among the many, many things that can be done using OpenSSL is converting SSL certificates between formats. This is particularly helpful in a heterogeneous environment where different platforms may require SSL certificates to be in different formats.

(Read more...)

Weblog Moved to a New Host

As of last night, I’ve moved this weblog to a new host. Now that I’m not running my own business anymore (I went to work for ePlus Technology a few months ago), it didn’t really make sense for me to have all this equipment (including the server that was running this weblog). I couldn’t really justify paying for Internet service with a static IP address and hosting all my own equipment at home. In addition, maintaining that equipment and the operating system(s) was starting to become difficult since I was no longer working from home and working at an office instead.

(Read more...)

More Excel Flaws

A third Excel flaw has been uncovered in a week, giving Excel users one more thing to worry about and opening one more door for hackers to get into corporate networks.

(Read more...)

Enumerating Universal Group Membership

It’s a fairly well-known fact that universal group membership in Active Directory is replicated among all Global Catalog (GC) servers. That is, when the membership of a universal group changes, that change must be replicated to all GC servers in the forest. In Windows 2000, a change to universal group membership replicated the entire membership again; in Windows Server 2003, only the changes are replicated. Even though Windows Server 2003 reduces the load for replicating universal group membership, it’s still considered a best practice to keep universal group membership fairly static and to use global groups instead of users. But how does an administrator check that? In large organizations, it’s easy to lose control of universal groups and their memberships, especially when delegations have been performed to allow another group to handle group memberships. Fortunately, the directory service command line tools provide the functionality necessary to make this a relatively easy task even in large distributed enterprises.

(Read more...)

Mass Changes in Active Directory

I’d previously published information on making bulk changes in Active Directory, but those changes previously involved changing one attribute to the same value for all the accounts. For example, earlier I described how to make mass password changes using dsquery and dsmod. But what about those situations where simple piping of output doesn’t work, like when multiple attributes need to be changed? Here’s one technique.

(Read more...)

Zero-Day Excel Exploit

Less than a month after the disclosure of a zero-day exploit in Microsoft Word, another zero-day exploit has been found in Microsoft Excel and is being exploited in a highly targeted attack. As with the Word vulnerability, this one has shown up in attacks against a single customer, but it has gotten the attention of many of the major security vendors.

(Read more...)

More on Microsoft's Calling Home Problem

I wrote a short while ago about the fact that Microsoft’s Windows Genuine Advantage tool is phoning home on a regular basis (daily, in fact). This issue has garnered more attention over the last week or so, and very smart people are tackling the issue.

(Read more...)

Mass-Creating Exchange Mailboxes

While performing some testing and research at the office today, I found myself in need of a way to mass-create some Exchange mailboxes. A very quick Google search revealed just the tool I needed to perform the task: ExchMbx, a freeware utility by the same author of AdFind and AdMod.

(Read more...)

Tag Changes Ahead

Due to the changes to the site I described earlier, there are some changes ahead in how posts will be categorized and tagged. Because Ultimate Tag Warrior now causes WordPress to include the tags as well as the category in the RSS feed (to properly link up with Technorati), I will be removing tags that duplicate the category and instead using tags that are more specific, where possible.

(Read more...)