When Windows Server 2008 is adopted by more people I will combine Admin Reports Forum into the new forum to make a one stop shop for all your Windows Server needs.

Be one of the first to register at the new Windows Server 2008 Forum.

Also coming soon will be a Windows Server 2008 forum

In the upcoming days I will be adding articles about my experience setting up and configuring Windows Server 2008. Many tasks that I used to make my life easier are already included and only have to be installed and turned on. For one backing up the servers will be much easier.

For now I’ll post a screenshot of Windows Server 2008. This was taken after the initial install. This is a large screenshot, 1920×1200, so be aware of that before you open it.

Look for more articles, tutorials, screenshots, tips and tricks in the near future. I will document each step of the way as I upgrade all my servers to Windows Server 2008.

Read on to determine if RPC over HTTP is installed and if it is how to secure your server against any attack that exploits this vulnerability.

The DCOM exploits present in Windows Server 2003, referenced in Microsoft Security Bulletin MS03-039 and CERT Advisory CA-2003-19, are also present in the RPC over HTTP interface.

This interface is not installed by default, but can be added using the Add / Remove Programs control panel applet.

To determine if RPC over HTTP is installed:

1. In Control Panel, click Add / Remove Programs.
2. Click Add / Remove Windows Components.
3. Click Networking Services, then click Details.
4. If the RPC over HTTP Proxy box is checked, then RPC over HTTP is installed on the server.

DCOM is a protocol than can be used oon top of RPC over HTTP. By default, any server with RPC over HTTP installed will accept DCOM requests using this protocol. Accepted DCOM requests are then sent to TCP port 593.

Security best practices demand the disabling or removal of all non-essential components and services. DCOM support within RPC over HTTP can be removed by modifying the registry.

To remove DCOM support within RPC over HTTP:

1. Use a registry editing tool to navigate to the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy
2. Locate the ValidPorts value.
3. By default, the value will contain the following entry: :100-5000This allows RPC over HTTP to use TCP ports 100 through 5000. As DCOM uses TCP port 593, we can disable it as follows:
4. Edit the ValidPorts value to contain the following: :100-592;:594-5000
5. Remove or amend any other entries that contain reference to TCP port 593 or port ranges spanning TCP port 593 in the manner demonstrated above.

When you remove entries for port 593, you prevent DCOM from being used through the RPC over HTTP protocol, but RPC programs (like the Outlook 2003 client) are permitted to connect to the RPC server (Exchange 2003 Server) through RPC over HTTP. More information on RPC over HTTP can be found on the Microsoft website.

Use it when you move to another Windows server. You can even use it to load a new website so you don’t have to configure PHP or any other extensions or loadable modules. Keep in mind if you do want to load a new website to duplicate the configuration you’ll have to change the host headers and IP address assigned to the new site in Windows Server IIS manager.

Let’s get started.

First thing to do is start IIS manager. Start > Administrative Tools > Internet Information Services(IIS) Manager.

Once you have it open right click Websites and select New > New website from file. A browse to box will popup and you can browse to the location you saved the site configuration to.

Once you browse to the file click Read. In the bottom box some text will scroll and it will say successful if it imported correctly. If it didn’t it will tell you the errors. You can manually edit the xml file to correct the errors if you wish.

If you used this to create a new website with the same configuration as an existing site then right click the new website and change host headers and IP address.

Thats’ it. If you have any questions post a comment to this article. If you need one on one help visit Admin Reports Forum.

Let’s get started.

Open up IIS Manager, Start > Internet Information Services(IIS) Manager.

Once you have IIS manager started right click the website and select all tasks > save configuration to file.

A box will popup that you can fill in to save the file.

You’ll want to fill in the file name. I use site-name.xml since the file is an XML formatted document. Then you’ll want to browse to the directory where you want to save the file. Make it a place you can easily remember so you can send the file to your backup server.

You can also password protect the file so no one can access it except the person that knows the password. Set a password if you choose. I never set this option since I am the only one with access to the servers.

That’s it. You now have a backup of your site meta data. If you move servers or the data gets corrupted you can easily restore it using the file you just created.

If you find this info helpful or have any questions post a comment to this article. If you need one on one help start a thread on the forum.

Lets get to it.

First thing to do is right click My Computer and select Properties:

Select Advanced tab and you’ll see what is shown in figure 2 above. Now click Environment variables button.

In the bottom box select Path as shown in figure 1 above. Click edit. You’ll get a box like figure 2 above with path highlighted. Click into the box at the end of the path and add:

;C:\path\to\mysql\bin for mySQL

;C:\path\to\php for PHP

Don’t forget the leading ” ; ” when adding the paths. Those are the path seperators.

That’s all there is to it. If you have any question post a comment. If you need one on one help visit the forum.

MySQL is prone to multiple vulnerabilities, including privilege-escalation and denial-of-service issues.

Exploiting the privilege-escalation vulnerability may allow attackers to perform certain actions with elevated privileges. Successful exploits of the denial-of-service issue will cause the database server to crash, denying service to legitimate users.

These issues affect versions prior to MySQL 5.0.52, MySQL 5.1.23, and MySQL 6.0.4.

To exploit these issues, attackers can use standard database client software in conjunction with standard operating system utilities.

Solution:
The vendor released updates to address these issues. Please see the references for more information.
Note that MySQL 6.0.4 and 5.1.23 have not been released yet.

You can find the forum at Windows Server Forums

Password protecting websites, directories and files on Windows 2003 Servers is very easy. It only takes a couple clicks and it’s done. For users to access the protected areas they’ll need to have an account on the server. There are ways to avoid this by using Passport authorization, but for this article we’ll use Integrated Windows authentication.

First thing to do is open IIS Manager. Once you have it open select the website that has the directory or file you want to protect. Click on the + next to the website to expand the directory and file list.
Right click the directory or file and select properties. A property box will popup. Now select the Directory Security tab at the top of the properties dialogue.
Select Authentication and access control by clicking the button that says edit.
Uncheck the box that says enable anonymous access. Check the box below that says Intergrated Windows Authentication.
Close the box and select apply in the properties box. The directory is now protected and can only be accessed by users that have a valid user account on your server. Test it out by going to yoursite.tld/protected_directory.

If you want to password protect a directory or file in the website click the website in the left window and when the files expand in the right window right click the directory or file and follow the procedure above to password protect it.
If you have any questions post a comment to this article ask in Windows/IIS Forum.

Hewlett-Packard plans to begin selling a water-cooling system next week to address the power and heat problems that new technology inflicts on computer administrators.

The Modular Cooling System attaches to the side of an HP rack of computing gear, providing a sealed chamber of cooled air separated from the rest of a data center, said Paul Perez, vice president of storage, networking and infrastructure for HP’s Industry Standard Server group.

“We used to talk to IT” when approaching customers, Perez said. But because of the power issue, “now we’re talking to IT and facilities together. The customers ask, ‘What should our power budget be over next three years?’ After the sticker shock for energy costs, they say, ‘How is HP going to help get the cost down?’”

You can read the rest at ZDNet

First thing you need to do is buy the hardware. No need to spend a lot of money. You should easily be able to build a home server for less than $500. The first thing you’ll need is a motherboard. You should buy a motherboard that has integrated graphics. Most motherboards will have this. For a server you don’t need the latest and greatest video adapter. You can get a cheap motherboard with integrated graphics for less than $100. Here is one example of a MSI socket 775 motherboard for under $100. It has everything you need and supports the newest Pentium 4 LGA775 processors that are 64BIT enabled. There are many other options for cheaper than that if you want to run an older Pentium 4 or an Athlon XP processor. Just make sure it has integrated graphics and intergrated network.
All you need now is a hard drive, floppy and cdrw. It is always a good idea to have a floppy in a home server to flash the bios or save small files. You don’t need one of you are going to build a server and send it off to a colo. A cdrw is a good idea so that you can make a hard copy backup of you site files and database. Once you have the server built and running you can read Backing Up Your Data With cwRsync and sync2nas to have a live copy of your site running at home. You can then back that up to CD with a burner installed.
Any size hard drive will do. They are relatively cheap. here is a 120 Gig for less than $100. Other than those items you’ll need memory. Any amount is fine, but, I would suggest 1 Gig or more.
Now you have the hardware so lets put it all together.