Windows Phone 7

First I wanted to say that I’m loving my new Windows Phone.  It’s a Samsung Focus from at&t.  I’ve been holding out for the Windows Phone 7 release date for months counting down the days until November 8th, 2010.  Yes I was at the at&t store at 9am to make sure I got one.  There isn’t anything wrong or OCD with that is there?  

Over the next few weeks it’s going to be a learning experience using this new device.  Currently there isn’t a lot of documentation out there so my goal is to learn one new thing per workday and blog about it for the next few weeks.

11/09/2010

I decided to get a phone that didn’t have a physical keypad.  I’m a touchy feely kind of person so this was a difficult decision for me.  I felt in time most phones would be 100% touchscreen so I better make the change now than later.  It took me about 15 minutes of typing to get use to the on-screen keypad.  I thought it would take days.  Windows Phone 7 has predictive text so when you’re typing it gives you some choices at the top of the keypad.  I also noticed when you type it clicks but every once in a while when I would hit the space button it would click two times.  It turns out it was automatically correcting my misspellings when I would hit an incorrect letter to two.  That is nice, very nice.  Blogs are boring without screenshots so take a look below.  I’m not aware of any screen capture application from the Microsoft Marketplace as of yet so please excuse my photo.

DSCF1547

Opening, editing, and printing multiple files by right clicking limit

UPDATE:  I got the open, edit, and print options but when I tried to open, edit, or print more than 15 items I got a single IE window or a single print window and it only opened 1 item or printed 1 item 😦

YOU DO HAVE TO log off then back on for it to work properly.  

I’ve been noticing something while out at a client’s site and it’s been driving me crazy but today I decided to look into it further.  I want to print multiple htm files by selecting all of them, right clicking, and choose print but I can only do it to a maximum of 15 at a time (see screenshot 1).  Once I choose one more I can’t print multiple files at once (see screenshot 2).

It turns out there is a registry modification you can do to allow you to open, edit, or print more than 15 files at a time.  Be careful doing this as if you select multiple files and click the wrong thing you’re computer might be nonresponsive for a while.  The KB article says it’s for Windows 7 but it works for Windows 2008 R2.  This registry change does not require a reboot (see screenshot 3).

Context menus are shortened when more than 15 files are selected
http://support.microsoft.com/kb/2022295/
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorer
Name : MultipleInvokePromptMinimum
Type : DWORD
Range: 1 – 16 (decimal)
Default : 15 (decimal)

A value of 16 is interpreted as "unlimited".

Screenshot 1

screenshot.8

Screenshot 2

screenshot.9

Screenshot 3

screenshot.10

Does my server meet the requirements for Maximum Bit Length, Hardware Data Execution Prevention, and Hardware Virtualization to use Microsoft Hyper-V?

Does my server meet the requirements for Maximum Bit Length, Hardware Data Execution Prevention, and Hardware Virtualization to use Microsoft Hyper-V?  Well I don’t know but Steve Gibson can quickly tell you.  Check out http://www.grc.com/securable.htm .  Download and run the file named SecurAble.exe .  It doesn’t install anything, it’s just a self-contained executable.

Here’s the results of my work notebook:

screenshot.6

If you click on one of the three results it will tell you in greater detail what is going on.

64-Bit Processing Available

This processor does offer 64-bit modes of operation. This means that this system is able to run the significantly more secure 64-bit versions of Microsoft’s Windows XP and Vista operating systems.

The biggest challenge for 64-bit Windows systems is the fact that existing 32-bit device drivers cannot be used by the 64-bit operating system kernel. So if you do plan to try switching to 64-bit Windows, you should be sure to have a means for reverting to 32-bit operation if your system’s hardware turns out to be incompatible with 64-bit operation. Many people have reverted to 32-bit operation after bravely giving 64-bits a try for a short time.

Hardware DEP Available

This processor does support hardware-based data execution prevention (DEP).

When hardware DEP support is teamed up with a properly configured operating system (and that part is crucial), computer security mistakes involving the deliberate overrunning of communications buffers can be automatically detected and prevented throughout the entire computer system. This makes data execution prevention, when available and active, the single most promising improvement for PC security ever. Really.

It is very important to note, however, that hardware support for DEP is only one of several enabling requirements that must be met before any benefit can be obtained. GRC will be following up the release of SecurAble with another powerful tool, DEPuty, that will help to properly configure, test and verify the operation of your system’s critical DEP subsystem.

Hardware Virtualization

This processor does offer advanced hardware support for virtualization. However, while running under a 64-bit version of Windows this program cannot execute its 32-bit kernel code to determine whether Intel’s VMX virtual machine extensions are being locked on, locked off, or neither. Since there’s a chance that your system’s BIOS may be deliberately disabling support for hardware virtualization (some do) you should re-run this program, if possible,  with administrative privileges under a 32-bit version of NT, XP, or Vista. That will allow SecurAble to run a bit of kernel-mode code in order to determine exactly what’s going on. (Note that you can also poke around in your system’s BIOS to see whether you’re able to find any references to "hardware virtualization" or "VMX", etc.

Here’s the results of my personal netbook:

screenshot.4

If you click on one of the three results it will tell you in greater detail what is going on.

64-Bit Processing Available

This processor does offer 64-bit modes of operation. This means that this system is able to run the significantly more secure 64-bit versions of Microsoft’s Windows XP and Vista operating systems.

The biggest challenge for 64-bit Windows systems is the fact that existing 32-bit device drivers cannot be used by the 64-bit operating system kernel. So if you do plan to try switching to 64-bit Windows, you should be sure to have a means for reverting to 32-bit operation if your system’s hardware turns out to be incompatible with 64-bit operation. Many people have reverted to 32-bit operation after bravely giving 64-bits a try for a short time.

Hardware DEP Disabled!!

This processor does offer hardware support for valuable Data Execution Prevention (DEP) … but it has been disabled.

Hardware DEP support is so important and powerful that Microsoft has obtained the commitment from all system manufacturers to begin enabling DEP support in all system BIOSes. However, early BIOSes either disabled hardware DEP in the interest of compatibility, or allow their users to optionally enable it through BIOS setup screens … but still disable it by default.

SecurAble has confirmed that this system’s processordoes offer valuable support for hardware DEP, but that it has been deliberately disabled by the BIOS. You should shutdown and restart this system, and enter the BIOS setup screens as the system restarts. Then locate and enable the system’s support for "Execution Disable" or "No Execute Bit" or something similarly named. Then restart your system and re-run this utility to verify that hardware DEP support has been enabled. (And please also click the Hardware D.E.P. icon again to receive additional help for the next steps to take.)

If you are unable to locate anything in your BIOS to allow hardware DEP support to be enabled please keep an eye out for our follow-on utility, DEPuty, which will provide solutions for users having very stubborn BIOSes.

No Hardware Virtualization

This processor does not offer advanced hardware support for hardware virtualization.

There is some suggestion that future operating systems of all sorts (Linux, Mac, Windows, etc.) may be able to use hardware virtualization to indirectly enforce greater security upon the operating system’s "kernel" by preventing it from being modified as a means for thwarting dangerous "root kit" style exploits.

The idea is that our future operating systems wouldalways be running inside a virtual machine under the watchful eye of an OS "hypervisor." This has not been practical before now, without hardware support for virtualization, because virtualization required too much real-time involvement of software which introduced an unacceptable amount of overhead and slowed everything down. Hardware virtualization means that virtual machines – and even the entire operating system running inside a virtual machine container – would be able to run at 100% full speed, thus making a persistent security-oriented OS "hypervisor" practical for the first time.

But don’t hope for this to ever help with the security of 32-bit Windows platforms. Due to the amount of kernel modification already being done by benign kernel drivers in 32-bit versions of Windows, "hypervisory kernel locking" could only ever be implemented under 64-bit versions of Windows where kernel modification has always been actively prohibited. And due to serious compatibility problems inherent in 64-bit systems, it’s also not at all clear (at the start of 2007) how quickly, or even whether, 64-bit Windows will become practical on the desktop.

However, the other current and real security-related application for hardware virtualization is for running your own virtual machines – at 100% full speed – on top of your host operating system. This is possible today with commercial and completely free software from Microsoft, VMware and Parallels. This has an indirect, though strongly positive, impact
upon security since possibly unsafe activities such as Internet surfing or peer-to-peer file sharing can be 100% contained within the virtual environment to make online activities much safer.

This can still be done, of course, without hardware virtualization support, but the virtual machine environment as well as the hosting operating system will be running at substantially less than full speed.

Pretty cool ‘eh?

Microsoft Forefront Client Security Service/processes Exclusion tip (Do not scan files accessed by these processes)

I’m out working at a client’s site with some fellow Catapult co-workers.  They’re doing Microsoft Exchange stuff and I’m doing Microsoft Forefront Client Security stuff.  They setup a total of five Microsoft Exchange 2010 servers and asked me to install, setup, and configure Microsoft Forefront Client Security on all of them.  Two of the servers have the Hub Transport/Client Access roles installed.  Two of the servers have the Mailbox role installed.  One server has the Unified Messaging role installed.  If you’ve ever seen the exclusion list for Microsoft Exchange 2010 it’s long, complicated, and takes quite some time to exclude items via the Microsoft Forefront Client Security Console (http://technet.microsoft.com/en-us/library/bb332342.aspx).  When you get into setting service/processes exclusions it takes even longer because you have to set service/processes exclusions on each server one by one.  There is no supported way from Microsoft to centralize service/processes exclusions.  I thought there has to be an easier and faster way to set service/processes exclusions with this project and there was.  Since there are multiple servers that are setup the same way and have the same Microsoft Exchange roles I setup service/processes exclusions on one of the servers, exported the processes exclusions registry key, imported that registry key into the same type of server, then installed Forefront Client Security.  The steps are listed below and I would only do this if I knew both type of servers are built the same exact way and only if they have the same roles.  It’s also important to note you have to import the registry keys on the new server BEFORE installing FCS because FCS modifies the registry keys so local admins can’t import registry keys in the branch after FCS is installed.

Registry branch for the service/processes exclusions on the first Hub Transport/Client Access server after I added them via the FCS GUI.  HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft ForefrontClient Security1.0AMExclusionsProcesses

screenshot.1

Just exporting the branch

screenshot.2

Saving the branch.

screenshot.3

BEFORE installing FCS on the new server you have to import the registry key.  This is because Forefront modifies the permissions for the Forefront registry keys so a local admin by default won’t have the access to add them after FCS is installed.

screenshot.4

On the new server you’ll see the exclusions before FCS is installed.

screenshot.7

On the new server you’ll see the exclusions after FCS is installed.  The service/processes exclusions are still there!

screenshot.8

Time saver!

Installing Microsoft Forefront Endpoint Protection 2010 Beta

On July 19th, 2010 Microsoft released Microsoft Forefront Endpoint Protection 2010 Beta or as I like to say say FEP.  This is a drastic change from the current Microsoft Forefront Client Security (FCS) that is in production.  FCS used a special version of Microsoft Operations Manager 2005 (MOM).  MOM in FCS was used for the clients to report back to the Forefront server on their status.  FEP got rid of MOM and is now using System Center Configuration Manager 2007 (SCCM).  Exactly how this is different will be discussed in future blogs.  This blog today will focus on the install of FEP.

The requirements can be found here but basically you need a fully functionally SCCM 2007 environment.  This means SQL and SCCM.  For my test environment I’m using a Hyper-V server with a single Windows Server 2008 R2 server acting as the the DC, SQL, SCCM, and FEP roles.  Of course best practices and common sense says never to have all of those roles on a DC but hey, it’s a test environment.

Let’s spice up the blog with some photos won’t we?

The first thing to do is to run Serversetup.exe.

screenshot.1

Of course you’ll want to run the file so click Run.

screenshot.2

Fill in your Name and Organization then click Next.

screenshot.3

You’re going to have to put a check in I accept the software license terms.  When you do Next will be available so click Next.

screenshot.4

Now this is where you’re be choosing your topology.  For this example we’ll go ahead and chose a Basic topology.  This will install Microsoft Forefront Endpoint Protection 2010 Database, Site Server Extension, Console Extension, Reporting components, and Reporting database based on your current Configuration Manager deployment.  Maybe in future blogs I’ll go through other deployment options.  Don’t forget to click Next.

screenshot.5

Here is where you will setup the Reporting server account information.  Mostly it will be filled out by the user running setup but you can change the domainusername.  Click Next.

screenshot.6

If the password you typed doesn’t match the domainusername you’ll get the error below.
Microsoft Forefront Endpoint Protection 2010
Error: The password is incorrect, or this account is not valid.  Account : domainusername

screenshot.7

After I corrected my intentional typo FEP is now warning me that I shouldn’t use my domain admin account.

Microsoft Forefront Endpoint Protection 2010
For security reasons, it is not recommended to use a domain administrator account ‘domainusername’ as the reporting account.

screenshot.8

I’m going to OK this because it’s just a test lab.

By default FEP will want to Join the Customer Experience Improvement Program.  I recommend keeping this checked.  I also checked User Microsoft Update to keep my products up to date.

screenshot.9

Join Microsoft Spynet Basic is checked by default.  I changed mine to Advanced SpyNet.

screenshot.10

Location and disk space requirements blah blah blah.

screenshot.11

Oh no!  It looks like my Verifying SQL Server prerequisite Failed with an Error. 

screenshot.12

When I click the More link I see the error below

Forefront Endpoint Protection 2010 requires that the SQL Server Agent service is running. Set the service to start automatically, and then start the service.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01

Warning: Forefront Endpoint Protection 2010 requires the following services to be set to start automatically.
Service Name: SQLSERVERAGENT
Server Name: SERVER01

Forefront Endpoint Protection 2010 requires that the SQL Server Agent service is running. Set the service to start automatically, and then start the service.
Service Name: SQLSERVERAGENT
SQL Server: SE
RVER01

Warning: Forefront Endpoint Protection 2010 requires the following services to be set to start automatically.
Service Name: SQLSERVERAGENT
Server Name: SERVER01

Warning: Setup has detected that the connection to the SQL Server is not encrypted. If the SQL Server and  Forefront Endpoint Protection 2010 are not located on a shared secure subnet, transmitted data can be viewed by third parties. We recommend that you secure the connection to the SQL Server. For more information, see Securing SQL Server in the SQL Server documentation.

screenshot.13

Fixing the error was simple.  I set the SQL Server Agent to Automatic and started it.

screenshot.14

When I ran the Prerequisites Verification again (by clicking back then next) I got a warning.

screenshot.15

Clicking more gave me the message below.

Warning: Setup has detected that the connection to the SQL Server is not encrypted. If the SQL Server and  Forefront Endpoint Protection 2010 are not located on a shared secure subnet, transmitted data can be viewed by third parties. We recommend that you secure the connection to the SQL Server. For more information, see Securing SQL Server in the SQL Server documentation.

screenshot.16

I like the fact that it’s encouraging you to enable SQL server encryption but since this is for testing and and on the same box this isn’t required.  I’m going to ignore this warning.

The final screen is where you’ll get a summery of what the setup application will do.

Microsoft Forefront Endpoint Protection 2010

General Settings

Local Computer Name: server01.fep.local
Location of Setup media files: C:UsersAdministrator.SERVER01Desktopevalcdmedia_en_amd64
Installation Directory: C:Program FilesMicrosoft Forefront
Configuration Manager Console Directory: C:Program Files (x86)Microsoft Configuration ManagerAdminUIbin

Updates, Spy Net and Customer Experience Options

Windows Update: Enabled
Participation in Customer Experience Improvement Program: Enabled
Participation Microsoft SpyNet: Join with an advanced membership

FEP 2010 Site Extension for Configuration Manager

Configuration Manager Site Server: server01.fep.local

FEP 2010 Reporting and Monitoring components

Configuration Manager Site Server: server01.fep.local
Configuration Manager Database Server: SERVER01
Configuration Manager Database Instance Name: MSSQLSERVER
Configuration Manager Database Name: SMS_AAA
FEP 2010 Database Name: FEPDB_AAA
FEP 2010 Reporting Database Server: SERVER01
FEP 2010 Reporting Database Instance Name: MSSQLSERVER
FEP 2010 Reporting Database Name: FEPDW_AAA
Liveness checking URL for SQL Reporting Service: <a href="http://server01.fep.local/ReportServer/ReportService2005.asmx">http://server01.fep.local/ReportServer/ReportService2005.asmx</a&gt;
User account used for accessing of FEP 2010 Reports: FEPAdministrator

Configuration Manager Console Extensions for Forefront Endpoint Protection 2010

No additional properties for this component

screenshot.18

Clicking Next will start the install so sit back and take a break.  I know I did.

screenshot.19

screenshot.20

Hello.  Why are you popping up?

screenshot.21

It appears a hotfix got installed and is asking for a reboot.  I’m not sure if it’s because of the FEP install or not. 
http://support.microsoft.com/kb/981889
A Windows Filtering Platform (WFP) driver hotfix rollup package is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

screenshot.22

The install was successful.

screenshot.23.

I’m going to view the log.

[7/26/2010 1:55:43 PM] Setup Started
[7/26/2010 1:55:44 PM] Product ID validation succeeded (Product ID: 03116-270-0001260-04309)
[7/26/2010 1:56:28 PM] For security reasons, it is not recommended to use a domain administrator account ‘FEPAdministrator’ as the reporting account.
[7/26/2010 1:56:33 PM] Error: The password is incorrect, or this account is not valid. Account: FEPAdministrator
[7/26/2010 1:56:45 PM] For security reasons, it is not recommended to use a domain administrator account ‘FEPAdministrator’ as the reporting account.
[7/26/2010 1:57:19 PM] Setup Log has been relocated from ‘C:UsersAdministrator.SERVER01AppDataLocalTemp1ServerSetup_26072010_135543.log’
[7/26/2010 1:57:21 PM] [7/26/2010 1:57:21 PM] Verifications
started:

[7/26/2010 1:57:21 PM]
[7/26/2010 1:57:21 PM] Verification(Verifying hardware requirements) passed

[7/26/2010 1:57:21 PM]
[7/26/2010 1:57:21 PM] Verification(Verifying .NET Framework 3.5 SP1 prerequisite) passed

[7/26/2010 1:57:41 PM]
[7/26/2010 1:57:41 PM] Verification(Verifying SQL Server prerequisite) failed
Forefront Endpoint Protection 2010 requires that the SQL Server Agent service is running. Set the service to start automatically, and then start the service.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01

Warning: Forefront Endpoint Protection 2010 requires the following services to be set to start automatically.
Service Name: SQLSERVERAGENT
Server Name: SERVER01

Forefront Endpoint Protection 2010 requires that the SQL Server Agent service is running. Set the service to start automatically, and then start the service.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01

Warning: Forefront Endpoint Protection 2010 requires the following services to be set to start automatically.
Service Name: SQLSERVERAGENT
Server Name: SERVER01

Warning: Setup has detected that the connection to the SQL Server is not encrypted. If the SQL Server and  Forefront Endpoint Protection 2010 are not located on a shared secure subnet, transmitted data can be viewed by third parties. We recommend that you secure the connection to the SQL Server. For more information, see Securing SQL Server in the SQL Server documentation.

[7/26/2010 1:58:05 PM]
[7/26/2010 1:58:05 PM] Verification(Verifying SQL Reporting Services prerequisite) passed

[7/26/2010 1:58:06 PM]
[7/26/2010 1:58:06 PM] Verification(Verifying Configuration Manager version) passed
About to compare required version ‘4.0.6487.2000’ to installed version ‘4.0.6487.2000’

[7/26/2010 1:58:06 PM]
[7/26/2010 1:58:06 PM] Verification(Verifying Configuration Manager Site Server permissions) passed
About to verify Configuration Manager Site Server permissions

[7/26/2010 1:58:08 PM]
[7/26/2010 1:58:08 PM] Verification(Verifying Configuration Manager client components) passed
About to verify client component ‘Configuration Management Agent’ is enabled

About to verify client component ‘Hardware Inventory Agent’ is enabled

About to verify client component ‘Software Distribution’ is enabled

[7/26/2010 1:58:08 PM]
[7/26/2010 1:58:08 PM] Finished running verifications.

[7/26/2010 1:59:52 PM] [7/26/2010 1:59:52 PM] Verifications started:

[7/26/2010 1:59:52 PM]
[7/26/2010 1:59:52 PM] Verification(Verifying hardware requirements) passed

[7/26/2010 1:59:52 PM]
[7/26/2010 1:59:52 PM] Verification(Verifying .NET Framework 3.5 SP1 prerequisite) passed

[7/26/2010 2:00:08 PM]
[7/26/2010 2:00:08 PM] Verification(Verifying SQL Server prerequisite) failed
Forefront Endpoint Protection 2010 requires that the SQL Server Agent service is running. Set the service to start automatically, and then start the service.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01

Forefront Endpoint Protection 2010 requires that the SQL Server Agent service is running. Set the service to start automatically, and then start the service.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01

Warning: Setup has detected that the connection to the SQL Server is not encrypted. If the SQL Server and  Forefront Endpoint Protection 2010 are not located on a shared secure subnet, transmitted data can be viewed by third parties. We recommend that you secure the connection to the SQL Server. For more information, see Securing SQL Server in the SQL Server documentation.

[7/26/2010 2:00:09 PM]
[7/26/2010 2:00:09 PM] Verification(Verifying SQL Reporting Services prerequisite) passed

[7/26/2010 2:00:09 PM]
[7/26/2010 2:00:09 PM] Verification(Verifying Configuration Manager version) passed
About to compare required version ‘4.0.6487.2000’ to installed version ‘4.0.6487.2000’

[7/26/2010 2:00:10 PM]
[7/26/2010 2:00:10 PM] Verification(Verifying Configuration Manager Site Server permissions) passed
About to verify Configuration Manager Site Server permissions

[7/26/2010 2:00:11 PM]
[7/26/2010 2:00:11 PM] Verification(Verifying Configuration Manager client components) passed
About to verify client component ‘Configuration Management Agent’ is enabled

About to verify client component ‘Hardware Inventory Agent’ is enabled

About to verify client component ‘Software Distribution’ is enabled

[7/26/2010 2:00:11 PM]
[7/26/2010 2:00:11 PM] Finished running verifications.

[7/26/2010 2:00:52 PM] [7/26/2010 2:00:52 PM] Verifications started:

[7/26/2010 2:00:52 PM]
[7/26/2010 2:00:52 PM] Verification(Verifying hardware requirements) passed

[7/26/2010 2:00:53 PM]
[7/26/2010 2:00:53 PM] Verification(Verifying .NET Framework 3.5 SP1 prerequisite) passed

[7/26/2010 2:01:08 PM]
[7/26/2010 2:01:08 PM] Verification(Verifying SQL Server prerequisite) warning
Warning: Setup has detected that the connection to the SQL Server is not encrypted. If the SQL Server and  Forefront Endpoint Protection 2010 are not located on a shared secure subnet, transmitted data can be viewed by third parties. We recommend that you secure the connection to the SQL Server. For more information, see Securing SQL Server in the SQL Server documentation.

[7/26/2010 2:01:09 PM]
[7/26/2010 2:01:09 PM] Verification(Verifying SQL Reporting Services prerequisite) passed

[7/26/2010 2:01:09 PM]
[7/26/2010 2:01:09 PM] Verification(Verifying Configuration Manager version) passed
About to compare required version ‘4.0.6487.2000’ to installed version ‘4.0.6487.2000’

[7/26/2010 2:01:10 PM]
[7/26/2010 2:01:10 PM] Verification(Verifying Configuration Manager Site Server permissions) passed
About to verify Configuration Manager Site Server permissions

[7/26/2010 2:01:11 PM]
[7/26/2010 2:01:11 PM] Verification(Verifying Configuration Manager client components) passed
About to verify client component ‘Configuration Management Agent’ is enabled

About to verify client component ‘Hardware Inventory Agent’ is enabled

About to verify client component ‘Software Distribution’ is enabled

[7/26/2010 2:01:11 PM]
[7/26/2010 2:01:11 PM] Finished running verifications.

[7/26/2010 2:23:20 PM]
[7/26/2010 2:23:20 PM] Installation tasks started:
Root Folder: C:UsersAdministrator.SERVER01Desktopevalcdmedia_en_amd64
Current Folder: C:UsersAdministrator.SERVER01Desktopevalcdmedia_en_amd64

[7/26/2010 2:25:04 PM]
[7/26/2010 2:25:04 PM] Installation(Installing the Microsoft Forefront Endpoint Protection 2010 Security Client) completed

Installing FepInstall.exe.

completed

[7/26/2010 2:25:42 PM]
[7/26/2010 2:25:42 PM] Installation(Installing Microsoft Forefront Endpoint Protection 2010 Console Extensions for Configuration Manager) completed

Installing FEPUX.msi.

completed

[7/26/2010 2:29:45 PM]
[7/26/2010 2:29:45 PM] Installation(Installing Microsoft Forefront Endpoint Protection 2010 Site Server Extension for Configuration Manager) completed

Installing FEPExt.msi.

completed

[7/26/2010 2:40:03 PM]
[7/26/2010 2:40:03 PM] Installation(Installing Microsoft Forefront Endpoint Protection 2010 Reporting) completed

Installing FepReport.msi.

completed

[7/26/2010 2:40:04 PM]
[7/26/2010 2:40:04 PM] Finished running installation tasks.

[7/26/2010 2:40:05 PM] Setup has completed successfully.

Here’s the
final screen in the setup program.  I really want to see the Console and check for updates so I’ll leave them both checked and click Finish.

screenshot.24

As I’m waiting for SCCM to open I’ll look and see what databases FEP created.
It appears it created a FEPDB_AAA and FEPDW_AAA database.  AAA being my SCCM site code.

screenshot.25

Well there it is.  FEP installed and in SCCM.  FEP looks like it’s going to be completely different than FCS so in my upcoming blogs I’ll talk about the differences.

screenshot.26

Pizza Hotel Flyers

I know this is a little off topic but it is work related, interesting, and good to know.

We’ve all seen those pizza flyers that are slid under your door when you’re staying at a hotel right?  I’ve been staying at a hotel in San Antonio for the past two weeks and I’ve seen my share of them.  When I woke up this morning, I saw two in my room.  Each one was from a different place.  Ordering from these places can be risky.  The stories are true of some being a front to steal your credit card info but most commonly, it is poor quality pizza made in someone’s garage or by some fly by night business.  Some places are honest but after researching this more I’ll never order from these places.  I wanted to let others know how unethical these "businesses" are.

The first one was from Pizza Sub Shop (original name right?) and the address listed on the flyer was 234 Broadway.  When I Binged that name the address that came back is 240 Broadway.  That’s a red flag when the address on your flyer doesn’t match web results.  The other flyer was from Pizza Express (another stand out name) and they don’t even list an address on their flyer.  Both places have two phone numbers listed on their flyers.  That’s also strange because most businesses have a single phone number unless you’re using cell phones/pre-paid cell phones or are so cheap you just pay for two phone lines with no type of phone system in place.  Another red flag.

Knowing that more than likely these are not honest businesses or even a scam I decided to talk to the hotel staff to learn more.  The gentleman from the hotel I spoke with said those people are not allowed to come on the hotel’s property to distribute flyers.  If they do, they could be charged with trespassing but that doesn’t stop them.  I also asked why on both flyers it says "Cell phone required for delivery orders" or "Trouble getting thru! Please use your cell phone".  The hotel gentleman said since they don’t follow the hotel’s rules the hotel blocks their phone numbers to stop guests from calling and to discourage them from trespassing to distribute their flyers.  NOW THAT MAKES SENSE.  That’s why it says on the flyers to dial from your cell phone.  Because of their repeated unethical behavior the hotels have blacklisted their phone numbers from their system but these "businesses" continue to do what they do.

My advice is if a business is trespassing and circumventing what the hotel has in place to discourage these unethical practices I wonder how honest they are with your credit card information and order.  Something to think about the next time you see a pizza flyer under your door.

WOW, I just saw on the back of one flyer it says "Now hiring delivery drivers & couponers".  You too can possibly be charged with criminal trespassing.  Nice.