BTW that first part was a bit blonde ('tis a Saturday and the dew hasn't
kicked in)..what I meant was...there isn't any special flag that needs
to be kicked on the Vista's like there is on XP sp2 to get that Dcom
thing working?
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
Some questions:
-------------
* In order to help provide our services, we occasionally provide
information to other companies that work on our behalf. These
companies are required to keep this information confidential and
are prohibited from using it for any other purpose.
Question - We asked in the WGA forum what other info was provided and
to whom this was provided to but didn't get a good answer. In
secured networks is this shared info more disclosed to the customer?
http://forums.microsoft.com/Genuine/ShowPost.aspx?PostID=593225&SiteID=25
--------------------
· *Secure zone: *In this scenario, the tool can activate
computers using MAK proxy activation. This assumes that the clients in
the secure zone do not have Internet access. The following two key
issues need to be addressed:
· The computers must be discoverable (through Active
Directory® directory service or Workgroups).
· The tool has to make a call to the WMI services on the
computer to get status and install MAKs and CIDs.
This requires the firewall to be configured to allow DCOM RPC traffic
through it. For more details on this, see "How to configure RPC
dynamic port allocation to work with firewalls" at the following URL:
http://support.microsoft.com/?kbid=154596
Question - Is this the same sort of connection that is needed to allow
for MBSA 2.0 to scan through firewalls? As at the present time with
XP sp2 and MBSA I cannot get a consistent scan.. the remedy is in the
MBSA FAQ http://www.microsoft.com/technet/security/tools/mbsa2/qa.mspx
which states that I need to use KB 902400...which is a security
patch. In order to install this with the proper flags (per my read) I
have to uninstall 05-051 and then redeploy it with the needed flags.
I don't remove security patches lightly... do you know if the same
"Dcom" issue will affect MAK proxy as I've seen with MBSA 2.0 through
XP sp2 firewalls?
*Step 1: Review system requirements*
MBSA cannot scan a remote computer protected by a firewall unless the
firewall is configured to open the ports that MBSA uses to communicate
with the computer. The Windows Update Agent implements a remote
scanning interface based on DCOM. The account being used to scan must
possess local administrator rights. The computer must also be
configured to meet the following conditions:
•
The Server service, Remote Registry service, and File and Print
Sharing service must be running on the remote computer.
•
The required ports must be open on the firewall.
•
The Windows Update Agent must be installed and the Automatic Updates
service must not be disabled.
Remote computer scans are performed using TCP port 135, a dynamic or
static DCOM port, and ports 139 and 445. Where a firewall or filtering
router separates two networks, TCP ports 135, 139, and 445 and UDP
ports 137 and 138 must be open in order for MBSA to connect and
authenticate to the remote computer being scanned. You must allow
these ports to be open on the remote firewall if a personal firewall
is being used.
*Note:* The use of DCOM for remote scanning through Windows Firewall
on all versions of Windows XP may require a post-SP2 hotfix as
described in Microsoft Knowledgebase article 895200, "Availability of
the Windows XP COM+ Hotfix Rollup Package 9". Customers may now obtain
this fix by installing the COM+ update (KB 902400) using these
procedures:
1.
Download the update from
http://www.microsoft.com/downloads/details.aspx?FamilyId=20F79CE7-D4DB-42D7-8E57-58656A3FB2F7
on the Microsoft Download Center.
2.
Copy the update to the computer you are updating and open a command
prompt on that computer.
3.
Run the update using the command line options described in KB article
824994 (specifically, the /B:SP2QFE command line option). Doing this
will install all of the Windows XP COM+ Hotfix Rollup Package 9 fixes,
in addition to the fixes released in the security bulletin MS05-051.
Question - Also are there specific ISA rules/configurations that need
to be addressed?
---------------
Fyi for those - this caused some concern that they had taken away
"full boot" VL images... you may need to request media if you want to
do a true clean install image with a qualifying XP license around.
They are still there.. you just have to request them:
Volume License Product Use Rights require that you have a previous
qualifying operating system license for each copy of Windows Vista you
deploy. The default 32-bit Volume License media are upgrade-only and
are not bootable[1] <#_ftn1>. You must first boot a previous version
of Windows and then run the setup to install Windows Vista. Bootable
media is also available on request through your Volume License portal.
------------------------------------------------------------------------
[1] <#_ftnref1> 64-bit Volume License media are not restricted in this
way, since there is no supported upgrade path.
-----------------
From the I did not know that...
The Windows Anytime Upgrade (WAU) program allows a Windows Vista
Business user to purchase an upgrade directly from Microsoft by
clicking the Windows Anytime Upgrade link in *All Programs* and/
/*Extras and Upgrades*. This link and the program are only provided in
Windows Vista Business editions because both volume-licensed and
retail versions of this product are available (unlike Windows Vista
Enterprise, which is only sold as a Volume License version).
-----------------------------
You need more screen shots :-) That has "build me a wizard written
all over it" for us lazy SBSers :-) Big server land... I'd be setting
up a Vista lab and testing this stuff out.
I know someone said there was a Vista beta activation newsgroup but is
it rolling over to RTM public newsgroup? Given that some of my key
business critical 'parts' for Vista are still not in place (ISA client
and my Cingular connection manager software is flakey) businesses that
do VLs need to look at this and set up labs for this. While it's a
good whitepaper (it would have been better with more screen shots ;-)
) there is still an administrative cost to Vista VLs that I would
argue XP sp2 never had that does need to be considered. WGA/OGA/VGA
-- while I totally and utterly understand the need, it's still a bit
of a change that needs to be communicated well (and us SBSers have
had product activation on our Servers for eons.. .so it's not new down
here to have product activation... in fact I had gotten so used to
SBS's setup that when I was setting up some "big server land" stuff
and they asked "so how many cals you got?" I think I fell out of my
chair, and said "Oh yeah, that's right, they trust you guys to be
honest? Wow! Amazing!") If you poke around the WGA forum...there's
a lot of VL keys that end up on the streets and shouldn't be out there.
.... oh and have I said it needs more screen shots? :-)
http://www.microsoft.com/downloads/details.aspx?FamilyID=9893f83e-c8a5-4475-b025-66c6b38b46e3&DisplayLang=en
Laura A. Robinson wrote:
You know, there's one thing I may have forgotten to mention- there's
a good whitepaper on this.
:-P
Laura
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *MikeM
*Sent:* Saturday, December 09, 2006 12:10 AM
*To:* [email protected]
*Subject:* Re: [ActiveDir] OT: Vista Activation and KMS
So Laura, correct me if I'm wrong, but are you suggesting we read
the white paper?
Seriously, thank you for all of the input on this matter.
-MM-
12/8/2006 12:53 PM
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/[email protected]/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/[email protected]/
