The February 24, 2009 cumulative update for Outlook 2007 includes changes related to the general reading and writing characteristics of the .pst/.ost file so that less is demanded from your hard drive to perform the same general operations in Outlook. For instance, the file flushing process was optimized so that it interacts more efficiently with operating system and disk-write caches. There is also a change in the way new data is written to the .pst/.ost so that the data is saved much closer together on the physical disk. As a result, there is less physical work required from the drive, thereby speeding up the time it takes to write the same amount of data to the drive. However, a side-effect of this data writing algorithm is that .pst/.ost files will be about 20% larger than before the February 24, 2009 cumulative update.

Most people will not have noticed the difference as many corporate clients use Exchange & Outlook so never see the OST files but those with PST files may have. For what it’s worth with the cost of storage being so low I would put up with the storage increase for the performance gain.

This may seem like a bold move but it is not the first time they have done this. In 2005 they paid $250,000 to two individuals who helped identify the creator of the Sasser worm.  Rewards were also offered of $250,000 for the creators of the other three major computer worms Blaster, MyDoom and Sobig however the authors of these were never caught.

In reality this amount of money is a small drop in the ocean for a company like Microsoft but in doing so they are trying to send out a strong message to the authors of such worms.  They are simply saying that they will not sit idly by while the creators wreak havoc on their clients systems.  In reality the fact of the matter is that regardless of what Microsoft or Microsoft Trustworth Computing Group offer it seems that it will offer very little in the way of a deterrent for such authors as it is a challenge that they enjoy rising to.  What it does do is help their clients to feel that they are doing all they can to try an prevent such hassles returning in the future.

The worm itself infects a computer that is not fully up to date with the latest updates from the Microsoft Update website. If you are in any doubt then the best action is to visit the Microsoft Update website and apply all the latest critical updates.  Once this is complete continue to revisit the site until you are told there are no further critical updates. You should also ensure that your Anti-Virus software is fully up-to-date, if you don’t already have one then visit either AVG or aVast who both provide free versions for home use.

Once of the reasons has been due to the dismal failure of Windows Vista, that is not to say that the product is bad because to be quite honest it isn’t, but initially it received a lot of bad press due delayed deliveries as well as, once launched, poor compatibility with hardware as well as some software.  Now what we have to understand with this is when any new product is released there will always be teething problems, this is not unique to technology this applies  to cars, motorbikes just about anything really.  This is because not matter how much you test something there is always going to be someone that will do something in a way that was never imagined or it will become visible through simple length of use.  Windows Vista itself has been a very solid stable product for a great deal of time now, I have been using it myself for over a year now and it really just works, that’s all there is to say on the matter.  But it never won the hearts of the IT community which resulted in poor uptake, this then left a poor legacy for Microsoft which is going to be hard to shake.  One of the biggest challenges it had to overcome is that Windows XP is just so good, it had been a solid operating system that is highly compatible which has left it with an almost “cult-like” following.

So what does this mean for Windows 7?  Well simply put it has a very hard path to find in life, it must first overcome that love and passion that is held by the Windows XP followers.  Then, if it overcomes XP, it must then work its way through the minefield of the Windows Vista naysayers which in itself is going to be a challenge of its own and I believe that in itself will be more difficult.

So what of Windows 7 itself, well I have not yet had chance to install it myself however I picked up a twitter from Scott Ullrich (the developer behind pfSense) overnight which said

Upgraded windows Vista -> Windows 7 and holy <beepers>, it’s fantastic! No, seriously… Not kidding!!

 

Still in the meantime take a look at these videos courtesy of BBC news and see for yourself:  BBC News

Client: Hi Rob, I’m probably going to regret asking this but I have been asked and I don’t quite know how to fix it.

Me: Go on

Client: I have been asked to look at the time on the server as it’s wrong so it’s making all the PC’s the wrong time.

Me: Oh right, I thought we had the network timesyncing externally

Client: I’m on the Grenwich Mean Time website and our server is 20 seconds fast and I’ve been told to see if it can be sorted.

Me: (thud as I hit the floor, wait a further 10 second to stop laughing) Right ok, you are joking right?

Client: NO

Me: Oh right, you sure you’re not joking?

Client: NO

Me: Ok let’s see if we can sort it out

So the conversation went on, now the above wasn’t being rude as it may seem as we often make a point taking pot shots for a laugh but it did raise an interesting point which I tend to perform as second nature on servers that we manage but not everyone does.  The point is that now with the advent of PC integrated clocking in systems they often take their time source from the network so if the time is wrong (usually tends to be a problem when its out by minutes rather than seconds but hey not for me to judge) then staff could be clocking out at the wrong times so these systems become flawed.  So if anyone wants to get their Windows Domain controller synced with a reliable time source then read on.

Important The following information contains details of changes to be made to the Windows Registry.  If you are unsure of what you are doing then please do not attempt it as serious damage can occur if you modify it incorrectly.  For extra protection read the following KB article from Microsoft on how to backup and restore the registry KB322756

To configure the server with an external time source then do the following:

1. Click on Start, click Run, type Regedit then click OK
2. Change the type to NTP Server
1. Locate the registry key
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
2. In the right pane double click on Type
3. Change the value to read NTP, the click OK
3. Set AnnounceFlags to 5
1. Locate the registry key
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
2. In the right pane double click on AnnounceFlags
3. Change the value to read 5, then click OK
4. Enable NTPServer
1. Locate the registry key
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
2. In the right pane double click NTPServer
3. Change the value to read 0.pool.ntp.org,0×1, then click OK
   Other time servers can be specified however I have found that this one is the most accurate
5. Quit the registry editor
6. Open the command prompt an enter:
   net stop w32time && net start w32time

There are a number of other values that can be changed with regard to acceptable time differences and time shift however the standard setting is sufficient for most small business however details can be found in article KB816042.  With regard to my friend, this is the process that I ran on his server now he’s a happy man as his server is now accurate to within half a second of GMT……go figure!

By adding in the ADM template at the bottom of this article you will be able to restrict access to USB storage devices as well as CD/DVD Drives.  Once you have the downloaded file then on your server go to the %SYSTEMROOT% folder this is typically "C:\WINDOWS" and copy the ADM file into the "INF" folder.  Once you have done this go into the "Group Policy Management" tool.  Once there if you create a new group policy or edit an existing policy then navigate to "Administrative Templates" under "Computer Management".

Right click on "Administrative Templates" and select "Add/Remove Templates"

Click on "Add" and from the list of files select "ext_storage.adm" and click on "OK", now click on "Close"

Now from the "View" menu select "Filtering" and unselect the "Only show policy settings that can be fully managed" option and click "OK"

Now from the main group policy window under "Administrative Templates" you will see "Custom Policy Settings" and below this you will see "Restrict Drives".  Once selected on the right hand pane you will see the options to disable USB, CD Rom, Floppy and High Capacity Floppy.

Once these are enabled the users which have this policy applied to will no longer be able to use these facilities.  This gives small businesses a means of securing their data without spending the earth.

Attachments: ext_storage.adm

One of the key thing, from Microsoft’s perspective, that is addressed in Service Pack 1 is the activation hacks that have been found. The latest one which was publicised here exploits the actual activation process my emulating the Bios of certain manufacturers that have special versions of Vista that do not require activation. That said there are performance issues which have been addressed such as the time it takes to copy files from folder-to-folder on the said drive is said to be 25 percent faster and 45 percent faster when copying files from a remote computer not running Vista.

Personally I had stayed away from Vista as the experience I’d had previously had not been good however as Windows XP will no longer be available after this summer (although this could change as it has previously) I felt it was time to take the plunge and just get stuck in. Now having run it for almost 3 weeks and using it on a daily basis I have to say this it has been absolutely fine, I did install Service Pack 1 as soon as Vista was installed and it has been absolutely fine. I have not had one crash or problem to date that can be related to the Vista operating system. Now, I personally feel that this can be largely attributed to Service Pack 1 and while I only ran Vista for 1 day without Service Pack 1 being installed I did not a difference after installing it.

All in all it looks to be a good update to the system and having run it now for a couple of weeks I would recommend it to anyone, it is scheduled for release later this month with it initially being made available to enterprise customers but being made available to the main stream shortly after. For more information visit: http://technet.microsoft.com/en-us/windowsvista/bb738089.aspx