Skip to main content
Sign In
San Diego Computer & Network Consulting Experts 
Go Search
 
Home
Our Microsoft Expertise
Our Services
Microsoft Solutions Blog
About Gilham Consulting
Contact Us
Support Portal
  

 

z
Home > Gilham Consulting Microsoft Notepad
Windows Firewall with Advanced Security: Step-by-Step Guide to Deploying Windows Firewall and IPsec Policies

 

This step-by-step guide illustrates how to deploy Active Directory® Group Policy objects (GPOs) to configure Windows Firewall with Advanced Security in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008. Although you can configure a single server locally by using Group Policy Management tools directly on the server, that method is not consistent or efficient when you have many computers to configure. When you have multiple computers to manage, create and edit GPOs, and then apply those GPOs to the computers in your organization. Common scenarios, including firewall rule deployment, server and domain isolation, and IPsec tunnel mode configuration are discussed.

Read the rest @> Download details: Windows Firewall with Advanced Security: Step-by-Step Guide: Deploying Windows Firewall and IPsec Policies

Automatically Test Application Compatibility for New Apps on Terminal Server/RDS Farm using the RDS Application Compatibility Analyzer

 

The Remote Desktop Services (RDS) Application Compatibility Analyzer is a runtime program analysis tool that enables administrators and users to determine the compatibility of an application with a Remote Desktop Session Host (RD Session Host) server before deploying it. The tool provides a summary of incompatible behaviour between the RD Session Host server and an application, and provides recommendations for deploying the application on an RD Session Host server. The RDS Application Compatibility Analyzer uses the LUA (Least Privileged User Account) Predictor technology, which is part of Microsoft Application Verifier.

This blog post describes how to:

  1. Install the RDS Application Compatibility Analyzer
  2. Run an application in the RDS Application Compatibility Analyzer
  3. Test an application for RDS compliance
  4. Debug info and blog feeds
  5. Filter noise, detailed stack trace, and logging
  6. Interpret RDS Application Compatibility Analyzer logs
1. Installing the RDS Application Compatibility Analyzer

The RDS Application Compatibility Analyzer installer can be found at https://connect.microsoft.com/tsappcompat/Downloads.

The Application Verifier must be installed before the RDS Application Compatibility Analyzer is launched. The recommended version (3.5) of Application Verifier can be found at [X64] [X86]. On 64-bit operating systems, the RDS Application Compatibility Analyzer needs both 32-bit and 64-bit versions of Application Verifier. If Application Verifier is not installed, or the installed Application Verifier version is less than 3.5, the RDS Application Compatibility Analyzer will point to the Application Verifier 3.5 download location. If the installed Application Verifier version is greater than 3.5, the tool does not prompt for Application Verifier. However, we recommend that you uninstall the latest version of Application Verifier and install Application Verifier 3.5. Microsoft .NET Framework 3.5 is also required to run the tool. The tool can be run on a client or server operating system. It does not require that the RD Session Host role service be installed.

2.Running an application in the RDS Application Compatibility Analyzer

A. From the UI:

1. Click Start, point to All Programs, and then click RDS Application Compatibility Analyzer.

image001

2. On the App Info tab, in the Target Application box, enter the directory location of the target application’s executable file or use the Browse function.

3. On the App Info tab, in the Parameters box, enter parameters for the application, if applicable.

4. Ensure that the RDSAnalyzerService is up and running. Select or clear the Launch Elevate check box as appropriate.

5. Click Launch.

B. From the command-line (batch mode and no UI):

<snip>

Read the rest @> Remote Desktop Services (Terminal Services) Team Blog : How to detect RDS-specific application compatibility issues by using the RDS Application Compatibility Analyzer

Hyper-V Live Migration Network Configuration Best Practices

 

Its quite hectic these days in Virtualization world as i am actively involved in planning Practice Accelerator for Virtualization. In addition to that I’ve been engaged in lots of Virtualization opportunities and whenever i speak to customers and partners, I tend to get lot of questions about setting up preferred network for Live Migration on Hyper V based clusters.

Its highly recommended to use Cluster Shared Volume (CSV) while setting up the storage for Live Migration, CSV has following advantages:

  1. All the nodes in the cluster has concurrent access to the shared storage.
  2. Multiple VHDs can be stored on a single shared Volume.
  3. No Drive letter problems
  4. Faster failovers

It looks like something like the diagram below, You can see in this diagram, that all the three nodes has simultaneous access to the same share running their respective VHD files. In the event of one node failure there is no drive ownership change and hence faster failover.

image

By default, Cluster Shared Volumes (CSV) and Clustering use a private network with the lowest value for Metric property.  To prevent CSV and Clustering from sharing the same network with live migration, the default network order used for live migration is changed so that a network with the lowest value for Metric property is at the bottom of the list of networks for live migration.  This will reduce the possibility of CSV, clustering, and live migration using the same network.

This helps ensure live migration speeds by placing live migration traffic in a separate network path.

In the Failover Cluster Manager, right-click on the virtual machine and select Properties:

clip_image001

By selecting the “Network for Live Migration” tab, you can specify what network is used for Live Migration. You can specify multiple networks in order of preference. For me, I normally have my 10 Gb/E network set as the first network.

<snip>

Read the rest @> Virtually Yours.. : Microsoft Virtualization: Hyper V Live Migration Network configuration.

Forrester Research Posts on Legal Implications of Cloud Computing

 

Cloud computing is the availability of standard IT resources over the internet in a pay-per use model. Initially this is an attractive proposition. However there are many challenges which CIOs will face when running firm critical applications and data over the internet. The most successful CIOs have built an IT governance strategy to avoid the uncontrolled variety of technologies, meta data and business process evolution in their IT landscape. A good governance strategy ultimately makes the implementation of legal compliance requirements from Basel II or SOX much easier. Without searching first for critical data, an orderly approach is much simpler and the CIO won’t be the only one sleeping better.

So long as everything is in your own company or at local infrastructure, IT governance and compliance should be governed centrally from the CIO office. But what happens when a firm’s cloud computing is effectively deployed? This technology paradigm has its largest cost savings when applications and business processes have extremely high and uneven resource requirements. In most cases these are automatically firm critical applications and confidential data. The responsibility of a CIO then moves from pursuing operational excellence in the datacenter, to the greater responsibility of developing and managing intelligent sourcing concepts in the cloud and bringing its consequences under control. The large cloud computing vendors are nearly without exception international firms and a core basis for their cost-effective deployment lies in their global sourcing strategies. IT governance and legal compliance must also be developed to cloud governance and global provider governance.

<snip>

Read the rest @> The Forrester Blog For Vendor Strategy Professionals

Planning for an Automated Windows 7 Upgrade from Windows XP

In this article, Jeremy Chapman, a senior product manager at Microsoft, In this article, Jeremy Chapman, a senior product manager at Microsoft, documents the high-level steps for IT professionals to perform an enterprise-scale desktop deployment project—starting with Windows XP and moving to Windows 7.

Documents how to perform an enterprise-scale desktop deployment project—starting with Windows XP and moving to Windows 7.

Get the Word Document @> Microsoft Download details: Deploying Windows 7 from A to Z

A CIO Check List for eDiscovery and Litigation

 

Today’s CIO encounters many challenges handling security and regulatory mandates that extend far beyond the once-simple duties of maintaining firewalls. CIOs are today’s corporate first responders to spot insider theft or illegal activity, recover lost or deleted data, and to ameliorate poor document retention.

Even before 2008's financial meltdown, courts realized that the amount of electronic data in litigation was growing exponentially. As a result, new Federal guidelines were introduced in 2006 http://www.cioupdate.com/article.php/3646801 to address this growing problem. At the core of any litigation today is the concept of understanding electronic data―where it is located, how it is managed, and how it can be accessed.

In the past, the litigation team consisted of inside and outside counsel, the business unit manager and outside suppliers. The legal responsibility for the management of a company’s data in most businesses falls squarely on the shoulders of the CIO. Thus, if a company is ever entrenched in a legal battle, the CIO needs to be part of the team and must be prepared to take the stand. Because of this person’s unique ability to discuss the internal systems that generate the data in question, a CIO will almost inevitably make any trial attorney’s short list.

In preparing to testify, a CIO must create a plan of action to address the data involved in the litigation. The CIO must be able to speak to the company’s internal IT functions as well as the complexity of the company’s data architecture. A CIO must also be prepared to defend the company’s work practices and policies in anticipation of, not just in response to, litigation. Creating a litigation response team that prepares these responses and policies ahead of time is critical.

The following are sample issues and questions that a CIO may need to address on the stand and, as part of the litigation response team, should be prepared to tackle:

<Snip>

Read the rest @> CIOs on Trial: A Check List for eDiscovery and Litigation — CIOUpdate.com

Microsoft Announces New SharePoint 2010 Certifications

Ian posts the latest SharePoint certification news on his blog.

The following certifications (According to the MS Partner web site https://partner.microsoft.com/global/40121316) should be available in June.

IT Pro

  • 70-667 TS: Microsoft SharePoint 2010, Configuring
    Microsoft Official Curriculum: Will cover configuration of SharePoint 2010 including deployment, upgrade, management, and operation on a server farm.
  • 70-668 PRO: SharePoint 2010, Administrator
    Microsoft Official Curriculum: Will cover advanced SharePoint 2010 topics including capacity planning, topology designing, and performance tuning.

Developer

  • 70-573 TS: Microsoft SharePoint 2010, Application Development
    Microsoft Official Curriculum: Five-day instructor-led course designed for developers with six months or more of .NET development experience. Course covers what you need to know to be an effective member of a SharePoint development team using Visual Studio 2010.
  • 70-576 PRO: Designing and Developing Microsoft SharePoint 2010 Applications
    Microsoft Official Curriculum: Five-day instructor-led training course designed for development team leads who have already passed the Developing on SharePoint 2010 technical specialist exam. The course covers choosing technologies for and scoping a SharePoint project, best practices for SharePoint development, configuring a SharePoint development environment, advanced use of SharePoint developer features, and debugging of code in a SharePoint project.

Read the source @> SharePoint 2010 Certifications - Ian's SharePoint Blog

Transitioning Client Access Servers (CAS, OWA and ActiveSync) to Exchange Server 2010

 

By now most of you have heard about the release of Exchange 2010.  Those of you that are upgrading from Exchange 2003, Exchange 2007 or a mixture of the two, are probably curious about the client access upgrade strategy.  To satisfy your curiosity, we are releasing a series of blog articles on the subject.  The first in this series provides a summary of the steps that are required to introduce Exchange 2010 within your environment from a client access perspective.  More detailed information about the upgrade process is discussed in TechNet and within the Deployment Assistant.  The second and third parts in this series will discuss the end user experience for OWA and ActiveSync, respectively.  Look for those in upcoming weeks.

Many of you have been asking how you can transition your existing Exchange environment to Exchange 2010 from a client access perspective. For most of you, this will also mean coexisting with legacy Exchange and Exchange 2010 for a period of time. This post will hopefully answer these questions by breaking down your transition into two scenarios:

  1. Transitioning an Exchange 2003 environment to Exchange 2010.
  2. Transitioning an Exchange 2007 (that may or may not contain Exchange 2003 mailbox servers) environment to Exchange 2010.

The underlying goal here is to move your primary namespace, mail.contoso.com and autodiscover.contoso.com, over to Exchange 2010 and introduce a new namespace for legacy access, legacy.contoso.com and associate it with your legacy Exchange client access infrastructure. Users will continue to use mail.contoso.com as their access point into the organization for messaging services. While Exchange 2003/2007 end users will see the legacy.contoso.com namespace in their browser address bar, ActiveSync settings, and Test Auto-Configuration output within Outlook, they only need to use the mail.contoso.com namespace as their primary entry point into the organization; in addition, IT should continue directing customers to utilize the mail.contoso.com namespace for all external connectivity mechanisms.

Note: The host names, mail.contoso.com or legacy.contoso.com, that are referenced in this document are not hard-coded or required. You can utilize whichever names make the most sense for your environment (e.g. owa.contoso.com and legacyowa.contoso.com). From a documentation perspective, we are going to utilize mail.contoso.com and legacy.contoso.com so that we are consistent in our transition story. For more information on Autodiscover namespaces, please see http://technet.microsoft.com/en-us/library/bb332063.aspx.

Transitioning an Exchange 2003 Environment to Exchange 2010

When you are ready to begin transitioning your organization to Exchange 2010, you must transition the "Internet Facing AD Site(s)" first, and then transition your internal Active Directory sites. It is not supported to transition an internal Active Directory site before all your Internet-accessible sites have been transitioned.

The steps for introducing Exchange 2010 into the environment are:

Note: These steps do not discuss how to set up your CAS2010 servers in a load balancing array. Please review your load balancing solution's instructions for how to properly create and join your CAS2010 servers in a load balancing array.

1. In order to support external client coexistence with CAS2010 and legacy Exchange in your "Internet Facing AD Site", you will (potentially) need to acquire a new commercial certificate.  As a best practice, Microsoft recommends utilizing a certificate that supports Subject Alternative Names; however, you can utilize a wildcard certificate as well.

This commercial certificate that will be leveraged by external clients will contain at a minimum three SAN values (note that other scenarios may require you to add additional values):

  1. mail.contoso.com (your primary OWA/EAS/OA access URL)
  2. autodiscover.contoso.com
  3. legacy.contoso.com (your OWA/EAS namespace for legacy mailbox access)

Prior to Windows Vista SP1, the Windows RPC/HTTP client-side component required that the Subject Name (aka Common Name) on the certificate match the "Certificate Principal Name" configured for the Outlook Anywhere connection in the Outlook profile. Therefore, as a best practice, you should ensure that mail.contoso.com is listed as the Subject Name in your certificate unless you plan on changing the configuration which can be achieved by using the Set-OutlookProvider cmdlet with the EXPR parameter as described in http://msexchangeteam.com/archive/2008/09/29/449921.aspx.

2. Ensure all Exchange 2003 servers are at Service Pack 2 and that you meet all forest/domain pre-requisites.

3. Install CAS2010 and configure it accordingly:

  • During the installation of CAS2010 you have the option to enter the external namespace that will be used for the virtual directories. You can enter this value in both the graphical user interface or the command-line setup:
    • For the graphical user interface setup experience of CAS2010 you are asked to configure a Client Access external domain. At this point you canter the domain name of mail.contoso.com.
    • If installing via the command line, you can utilize the setup property /ExternalCASServerDomain and specify mail.contoso.com
  • If you haven't already done so, install the RPC over HTTP proxy component.  You can do this utilizing the ServerManagerCmd tool: ServerManagerCmd.exe -i RPC-over-HTTP-proxy
  • Configure your OWA settings appropriately (e.g. forms based authentication vs. basic authentication). For the purpose of this document, the default OWA settings are assumed.
  • Configure your EAS authentication settings appropriately (e.g. Basic vs. certificate authentication). For the purposes of this document, the default authentication mechanism, basic authentication, is assumed.
  • Enable Outlook Anywhere (for the purposes of this document, the default authentication settings are assumed): Enable-OutlookAnywhere -Server:<CAS2010> -ExternalHostName:mail.contoso.com - SSLOffloading $false

4. If you chose to not specify the external domain name for CAS during setup, you will need to enable the following ExternalURLs to ensure that clients that leverage Autodiscover function correctly:

5. To ensure that Outlook Web Access functions correctly, you will need to enable the following URLs:

6. For your Outlook clients, you can configure CAS2010 to participate in an RPC Client Access Service array:

  • Create a load balancing array for CAS2010, if one has not already been created.
  • Create a DNS entry in your internal DNS infrastructure that resolves to the Virtual IP Address (VIP) of the CAS load balancing array. The DNS entry, for example, could be outlook.contoso.com.
  • Configure your load balancing array to load balance the MAPI RPC ports:
    • TCP 135
    • UDP/TCP 1024-65535
  • Run the following cmdlet to create the Client Access Service array: New-ClientAccessArray -Name outlook.contoso.com -FQDN outlook.contoso.com -Site "Internet Facing AD Site"

7. Install the HT2010 and MBX2010 server roles into the "Internet Facing AD Site" and configure accordingly.

  • You can change the Offline Address Book generation server and enable web distribution on CAS2010 by performing the following steps:
    • To move the Offline Address Book: Move-OfflineAddressBook "Default Offline Address List" -Server <MBX2010>
    • To add CAS2010 as a web distribution point:
      • $OABVDir=Get-OABVirtualDirectory -Server <CAS2010>
      • $OAB=Get-OfflineAddressBook "Default Offline Address List"
      • $OAB.VirtualDirectories += $OABVdir.DistinguishedName
      • Set-OfflineAddressBook "Default Offline Address List" -VirtualDirectories $OAB.VirtualDirectories

8. Create the legacy host record (legacy.contoso.com) in your external DNS infrastructure and associate it either with the FE2003 infrastructure (less likely) or your proxy infrastructure (more likely).

9. You will configure External DNS and/or your reverse proxy infrastructure's publishing rules to have the autodiscover.contoso.com namespace point to CAS2010.

10. If utilizing a reverse proxy infrastructure, you will publish the legacy namespace to the FE2003 infrastructure so that at this point the FE2003 infrastructure can be accessed either via mail.contoso.com or legacy.contoso.com namespaces.

11. You will then schedule Internet protocol client downtime (please note that this downtime window should be relatively small - enough time for you to make the change and validate that everything works as desired) and perform the following steps:

  • You will reconfigure External DNS and/or your reverse proxy infrastructure's publishing rules to have the mail.contoso.com namespaces point to CAS2010. 
  • Users with mailboxes on an Exchange 2003 server who try to use Exchange ActiveSync through an Exchange 2010 Client Access server will receive an error and be unable to synchronize unless Integrated Windows authentication is enabled on the Microsoft-Server-ActiveSync virtual directory on the Exchange 2003 server. This allows the Exchange 2010 Client Access Server and the Exchange 2003 back end server to communicate using Kerberos authentication.

To enable this authentication change on Exchange 2003 you need to either:

    • Install http://support.microsoft.com/?kbid=937031 and then use the Exchange System Manager to adjust the authentication settings of the ActiveSync virtual directory. Repeat this for each Exchange 2003 mailbox server in your organization.
    • Or, set the msExchAuthenticationFlags attribute to a value of 6 on the Microsoft-Server-ActiveSync object within the configuration container on each Exchange 2003 mailbox server.  An example script is provided at http://technet.microsoft.com/en-us/library/cc785437.aspx.

Note: It is important that you do not use IIS Manager to change the authentication setting on the Microsoft-Server-ActiveSync virtual directory as the DS2MB process within the System Attendant will overwrite the settings that are stored in Active Directory.

  • Disable Outlook Anywhere by utilizing the Exchange System Manager and selecting the "Not part of an Exchange managed RPC-HTTP topology" radial button on the RPC-HTTP tab of the Front-End server's properties. Optionally, you can also remove the RPC over HTTP proxy component (refer to your Windows Server documentation for more information).

Important: This requires an up-front investment in CAS2010 architecture as all Outlook Anywhere clients will utilize CAS2010 once you transition the Outlook Anywhere endpoint. Be sure to follow all proper scalability planning documentation when deploying CAS2010 to ensure that you do not create a bottleneck in your CAS infrastructure due to Outlook Anywhere clients.

  • Test all client scenarios and ensure they function correctly.

12. Complete downtime and enable Internet protocol client usage.

As a result of following these steps, the environment would look similar to this diagram:

Transitioning an Exchange 2007 environment to Exchange 2010

Read the original article @> You Had Me At EHLO... : Transitioning Client Access to Exchange Server 2010

Exchange 2010 Transport Architecture Diagrams Available for Download

Bharat Suneja posts:

The Exchange 2010 transport server role architecture diagrams are now available for download. The Hub Transport Role Architecture diagram can help you understand the different transport components involved in processing and routing messages, the different transport agents that act upon messages and the events on which they are triggered, and visualize the mail flow.

The Hub Transport Extensibility diagram can help you understand how different transport agents process a message in the Exchange 2010 transport pipeline.

Both diagrams can be downloaded from Microsoft Exchange Server 2010 Transport Server Role Architecture Diagrams.

Note that Exchange 2010 includes internal or built-in transport agents which are not visible when you use the Get-TransportAgent or Get-TransportPipeline cmdlets. The list includes transport agents that implement Information Rights Management (IRM) functionality- the RMS Protocol Decryption agent, Journal Report Decryption agent, RMS Encryption agent, and Prelicensing agent, as well as the Journaling agent. To learn more about transport agents, see Understanding Transport Agents in Exchange 2010 documentation.

 

You Had Me At EHLO... : Exchange 2010 Transport Architecture Diagrams Available for Download

Microsoft Forefront TMG Categories for Web URL Filtering/Blocking

 

URL Filtering allows you to control end-user access to Web sites, protecting the organization by denying access to known malicious sites and to sites displaying inappropriate or pornographic materials, based on predefined URL categories. Visit TechNet to read about Planning for URL Filtering and Managing URL Filtering.

The table below summarizes the URL categories available. Those marked with an asterisk are blocked by Forefront TMG when in the Web Access Policy Wizard you choose to create a rule blocking the minimum recommended URL categories.

URL Filtering allows you to control end-user access to Web sites, protecting the organization by denying access to known malicious sites and to sites displaying inappropriate or pornographic materials, based on predefined URL categories. Visit TechNet to read about Planning for URL Filtering and Managing URL Filtering.

The table below summarizes the URL categories available. Those marked with an asterisk are blocked by Forefront TMG when in the Web Access Policy Wizard you choose to create a rule blocking the minimum recommended URL categories.

Category

Description
Liability Aggregation of sites that may be in conflict with applicable legal and/or policy compliance obligations.
     Alcohol Alcohol Web sites promote or offer for sale alcoholic beverages or the means to create them; supplies, recipes or paraphernalia; glorifies, touts, or otherwise encourages alcohol consumption or intoxication.
     Gambling* Gambling Web sites are sites where a user can place a bet or participate in a betting pool (including lotteries) online; obtain information, assistance or recommendations for placing a bet; receive instructions, assistance or training on participating in games of chance
     Tobacco Tobacco Web sites glorify, promote, offer for sale or otherwise encourage the consumption of tobacco.
     Obscene/Tasteless* Obscene/Tasteless Web sites provide vulgar, crude, disgusting or otherwise offensive material, e.g., mutilation, murder, and defecation.
     Profanity Profanity Web sites are sites that advocate or convey what may be interpreted as insulting, rude or vulgar behavior (through words, gestures, or other behavior); or otherwise show disrespect towards, or desecration of, something held sacred.
     Violence* Violence Web sites are sites which advocate or provide instructions for causing physical harm to people or property through use of weapons, explosives, pranks, or other types of violence.
     Weapons Weapons sites are sites which sell, review, or describe legal weapons such as: guns, knives, or martial arts devices; provide information on their use, accessories, or other modifications.
     Nudity Nudity Web sites are sites containing images of human nudity, e.g., nude art, incidental nudity
     Pornography* Pornographic Web sites are sites containing sexually explicit material for the purpose of arousing a sexual or prurient interest.
     Provocative Attire Provocative attire Web sites are sites which sell, review, or describe alluring attire but do not involve nudity.
     Mature Content Mature sexual content sites contain sexually explicit information that is not of a medical or scientific nature.
     Criminal Activities* Criminal activities Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate illegal activities, or describe how to commit criminal activity.
     Dubious Dubious Web sites are sites with questionable, suspicious, or ethically ambiguous content.
     Hacking/Computer Crime Computer hacking/crime Web sites are sites which advocate or provide instructions for causing harm to people or property through use of unauthorized computer activity.
     Hate/Discrimination* Hate Web sites are sites which advocate hostility or aggression toward an individual or group on the basis of race, religion, gender, nationality, ethnic origin, or other involuntary characteristics; a site which denigrates others on the basis of those characteristics or justifies inequality on the basis of those characteristics; a site which purports to use scientific or other commonly accredited methods to justify said aggression, hostility or denigration.
     Illegal Drugs* Drug Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate the recreational or illegal use, cultivation, manufacture, or distribution of drugs, pharmaceuticals, intoxicating plants or chemicals and their related paraphernalia.
     Illegal Software Illegal Software Web sites are sites which promote, offer, sells, supply, encourage or otherwise advocate the use, cultivation, manufacture, or distribution of software that is illegal in one or more major jurisdictions.
     School Cheating Information School Cheating Information Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate information used to cheat in school.
Bandwidth Bandwidth Web sites are sites which may result in large amounts of data being uploaded or downloaded, e.g., video download, file download, etc.
     Media Sharing Media sharing Web sites are sites which promote, sell, offer, supply or allow sharing between users of media, e.g., video download, file download, etc.
     Streaming Media Streaming media sites provide media for streaming consumption, e.g., on demand video, internet radio.
Business Business Web sites are sites which promote, sell, offer, or supply business information, e.g., employment services, financial institutions, online trading and brokerages.
     General Business Business Web sites are sites which promote, sell, offer, or supply business information, e.g., corporate Web site, business to business sites.
     Employment Employment Web sites are sites which promote, sell, offer, or supply employment information including providing job seeking information.
     Financial Financial Web sites are sites which promote, sell, offer, or supply financial information including financial account access.
     Online Trading/Brokerage Online Trading/Brokerage Web sites are sites which promote, sell, offer, or supply trading information including online trading and brokerage account access.
Communication Communication Web sites are sites which provide a means for digital communications. These sites may include access for adding, removing, and updating personal content, e.g., chat, forums, and blogs.
     Blogs/Wiki Blog/Wiki Web sites are sites which provide dynamic content where users frequently add, remove, and update content.
     Chat Web chat Web sites are sites which provide Web-based chat as the main feature or function of the site.
     Digital Postcards Digital postcard Web sites are sites which enable users to send and receive digital postcards and greeting postcards.
     Forum/Bulletin Boards Forum/Bulletin Board Web sites are sites which provide dynamic content where users frequently add content.
     Instant Messaging Instant Messaging Web sites are sites which provide Web-based or downloadable chat-related applications as the main feature or function of the site.
     Online Communities Online Community Web sites are sites which provide dynamic content for the purpose of social networking. These sites may include access for adding, removing, and updating personal content.
     Portal Sites Portal Web sites are sites where the main purpose is to route users to Web content.
     Usenet News Usenet news Web sites provide access to Usenet archives.
     Web E-mail Web E-mail Web sites are sites that enable users to send and receive email.
     Web Meeting Web Meeting Web sites are sites which provide online meeting services.
     Web Phone Web Phone sites are site which provide online phone services.
     Web-based Productivity Applications Web-based productivity application Web sites are sites which provide Web browser-based productivity application services, e.g., Web browser-based word processing.
Entertainment Entertainment Web sites are sites that distributes, displays, discusses or promotes entertainment related content - e.g., games, humor, recreation or hobbies.
     Art/Culture/Heritage An art/culture/heritage site is a site that distributes, displays, discusses or promotes art, culture, or heritage related content - e.g., books, literature, theater.
     General Entertainment Entertainment Web sites are sites that distribute, display, discuss or promote entertainment related content, e.g., movies, television, and music.
     Games Games Web sites are sites that distribute, display, discuss or promote game related content, e.g., board games, video games, etc.
     Humor/Comics Humor/Comics Web sites are sites that distribute, display, discuss,. or promote humor related content, e.g., comics, cartoons, etc.
     Recreation/Hobbies Recreation/Hobby Web sites are sites that distribute, display, discuss or promote recreation and hobby related content, e.g., model airplane building, knitting, sewing, etc.
General Productivity General productivity Web sites are an aggregation of sites believed to engage users in time or resource-intensive activities that may be in conflict with expected use of computer and network resources.
     Education/Reference Education/reference Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate educational or reference information.
     Child Friendly Materials Child friendly materials Web sites are sites which promote, offer, sell, supplies, encourage or otherwise advocate child-friendly materials.
     Government/Military Government/Military Web sites are sites created and maintained by an official government or military organization
     Health Health Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate health information.
     History History Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate historical information.
     Legal Services & Reference Legal services and reference Web sites are sites which provide, promote, offer, sell, supply, encourage or otherwise advocate legal services and reference information.
     Non-Profit/Advocacy/NGO Non-profit/Advocacy/NGO Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate non-profit, advocacy, or NGO information.
     Politics/Opinion Politics/Opinion Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate politics or opinion information.
     Public Information Public information Web sites are sites which provide general reference information for public consumption, e.g., listings, maps, weather, etc.
     Religion/Ideology Religion/Ideology Web sites are site which promote, offer, sell, supply, encourage or otherwise advocate religion or ideology.
     Search Engines Search engine Web sites are sites where the main purpose is to provide search Web content based on user-defined queries.
Information Technology Information technology Web site are sites which promote, offer, sell, supply, encourage or otherwise advocate technology information, e.g., free hosting, Internet services, Web ads.
     Technical Information Technical Information Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate technical information, e.g., tutorials for computer programming, reviews of computer software or hardware, technical forums, information security.
     Edge Content Servers/Infrastructure Edge content servers/infrastructure Web sites are sites which hosts files for other Web sites usually for high-volume consumption.
     Free Hosting Free hosting Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate free Web hosting information, e.g., Web sites that allow users to create personal homepages.
     Internet Services Internet services Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate Internet services information, e.g., domain registration, ISPs.
     Web Ads Web ads Web sites are sites from which advertising content originates. Advertising content includes but is not limited to banners, marketing trackers, and text ads.
Lifestyles Lifestyle Web sites are sites that cater to or discuss personal or social interests and activities with content intended for a specific audience.
     Dating/Personals Dating/Personals Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate dating or personal information.
     Special Interests Sites that reflect a group or collection of persons that have a common interest or issue that is representative of who they are, their life situation, or is of closely held significance to them. This includes without limitation, cultural or ethnic identity, organization/club affiliations, or sexual orientation/identity.
     Restaurants/Dining Restaurants/Dining sites are sites which promote, encourage or otherwise advocate information about restaurants or dining choices.
     Social Opinion Social Opinion Web sites are sites that provide information related to variety of social topics, e.g., movie reviews, actor critiques.
     Self Defense Self defense Web sites are site which promote, encourage or otherwise advocate information about self defense - e.g., karate, mace, stun guns.
     Travel Travel web sites are sites which promote, encourage or otherwise advocate traveling.
News/Reports News/Reports Web sites are sites that provide news or report information.
     News News Web sites provide news media such as local weather, and other relevant regional, national and international information.
    Sports Sports Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate professional athletics, e.g., professional or recreational baseball leagues.
Purchasing Purchasing Web sites are sites which promote, offer, sell, supply, and encourage purchasing of products.
     Fashion/Beauty Fashion/Beauty Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate the use, or distribution of fashion or beauty related products.
     Motor Vehicles Motor Vehicles Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate the use, distribution or discussion of motor vehicle related products.
     Shopping Shopping Web sites are sites which promote, offer or sell products or services online.
     Pharmacy Pharmacy Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate the use, distribution or discussion of prescription drugs.
     Real Estate Real estate Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate the buying, selling, managing or maintenance of real estate.
Security Aggregation of sites which may either directly constitute a risk to IT resources, or are associated with activities suspected to increase risk of exposure to these dangers.
     Anonymizers* Anonymizer Web sites are sites used to anonymize a user's originating IP address
     Anonymizing Utilities Anonymizing utilities Web sites are sites which promote, offer, sell, supply, encourage or otherwise advocate the use, manufacture, or distribution of anonymizing utilities.
     P2P/File Sharing P2P/File sharing Web sites are sites which offer, sell, supply, encourage or otherwise advocate the use, manufacture, or distribution of P2P/File sharing software.
     Parked Domain Parked domain Web sites are sites that no longer contain content or are no longer registered.
     Personal Network Storage Personal network storage Web sites provide Web-based storage for personal files, e.g., pictures, documents, etc.
     Remote Access Remote access Web sites are sites which provide Web-based or downloadable remote access related applications as the main feature or function of the site, e.g., a Web site that allows a user to access a computer from a remote location.
     Resource Sharing Resource sharing Web sites are sites that provide information about applications that utilize otherwise unused system resources, e.g., SETI@home.
     Shareware/Freeware Shareware/Freeware Web sites are sites which provide Web-based or downloadable applications as the main feature or function of the site.
     Botnet* Botnet sites are sites which covertly install applications onto targeted systems allowing unauthorized remote control for malicious activity.
     Malicious* Malicious Web sites covertly install applications onto targeted systems with the intent of causing harm to people or property through use of unauthorized computer activity.
     Phishing* Phishing sites are sites that masquerade as a trustworthy entity for the purpose of tricking users into disclosing personal information.
     Spam URLs Spam Web sites are sites that contain unsolicited information from spam e-mails.
     Spyware/Adware* Spyware/adware Web sites are sites which covertly install applications onto targeted systems with the intent of performing unsolicited activity, namely, transmitting personal information or providing unsolicited advertisements.

 

Read the complete article @> Forefront TMG (ISA Server) Product Team Blog : Categories for URL Filtering

1 - 10 Next

 Subscribe and Bookmark

 About John

John Gilham is the veteran Microsoft solutions consultant located in San Diego, CA.

Gilham Consulting customer's utilize his small firm for Microsoft technology integration including:

  • IT infrastructure design (Hyper-V, AD, DNS, automated platform deployments)
  • Microsoft security solutions (PKI, NAP, 802.1x, Forefront)
  • Unified Messaging & VOIP (Exchange 2007 & OCS 2007)
  • System Center Management Solutions (SCDPM, SCVMM, SCCM, and SCOM)
  • IT and Data Center Operations
  • IT project management

They choose Gilham Consulting due to their proven track record in delivering Microsoft centric solutions.  John's customers’ have ranged in size from Fortune 100 companies, non-profits, and well funded startups all across North America.

He believes that Microsoft products, when managed and architected properly, allow the best platform for organizations to automate and track their business processes to serve their customers more effectively.

This blog is a collection of the better references we've stumbled across on Microsoft infrastructure best practices relevant to our current or future projects.

Please enjoy, correct, and contribute!

 Latest Posts

Windows Firewall with Advanced Security: Step-by-Step Guide to Deploying Windows Firewall and IPsec Policies
Automatically Test Application Compatibility for New Apps on Terminal Server/RDS Farm using the RDS Application Compatibility Analyzer
Hyper-V Live Migration Network Configuration Best Practices
Forrester Research Posts on Legal Implications of Cloud Computing
Planning for an Automated Windows 7 Upgrade from Windows XP
A CIO Check List for eDiscovery and Litigation
Microsoft Announces New SharePoint 2010 Certifications
Transitioning Client Access Servers (CAS, OWA and ActiveSync) to Exchange Server 2010
Exchange 2010 Transport Architecture Diagrams Available for Download
Microsoft Forefront TMG Categories for Web URL Filtering/Blocking
Microsoft OCS 2010 New Features
Operation and Failover of Resource Hosting Subsystem (RHS) In Windows Server 2008 Failover Clusters
Migrating Exchange 2003 or 2007 ActiveSync to Exchange 2010
Problem Application Candidates for Virtualization with Microsoft App-V
BlackBerry Enterprise Server (BES) fully supported on Exchange 2010 RU1
How to setup an Exchange 2010 CAS Array to Load Balance MAPI
Getting started with BI in SharePoint Server 2010
Microsoft Infrastructure Planning and Design Guide Series
Simple Windows Server 2008 Core Configuration Tool
SCVMM 2008 R2 VM Processor Hardware Profile CPU Type
Windows Server 2008 R2 Feature Diagram Poster
Intelligent App & Infrastructure Monitoring with Service Level Dashboards using System Center Operations Manager
Microsoft Technet OCS Resources
Direct Access and Unified Access Gateway (UAG) -- Better Together
Guided Tour inside the Windows Azure Cloud Server Farm Containers
The IT Complexity Crisis: Danger and Opportunity
Unattended SharePoint 2010 Install with PowerShell
Video: Developing SharePoint Microsoft Online Sandbox Solutions
SharePoint 2010 Beta Install Error: Failed to create sample data
Introduction to Microsoft CRM/XRM for a .Net Developer
Microsoft Office 2010 Leverages Click-to-Run Delivering Office Over the Web
Screencast: SharePoint 2010 for Project Management
Windows Azure Platform Training Kit
Business Value Impact (ROI) of Windows Server 2008 R2 (by Forrester)
Business Value Impact (ROI) of Exchange 2010 (by Forrester)
Forefront Threat Management Gateway 2010 Released
Forefront Protection 2010 for Exchange Server RTM Capacity Planning Guide
Understanding Exchange 2010 High Availability (Clustering) and Site Resilience
SharePoint 2010 Central Administration “Blogthrough”
OCS 2007 R2 Edge Server Remote Access Configuration Guide
SharePoint 2010 Overview Training - New User Interface, Troubleshooting, and Development Planning
Hyper-V Storage & Disaster Recovery with Third Party Storage Vendors
Complete Guide to SharePoint (MOSS) 2007 Content Deployment
Office Communicator SIP Registration Trace Analysis
Create Windows 7 System Image Backup
OCS 2007 R2 Cannot Start Office Communications Server Monitoring Agent (RtcQmsAgent)
OCS 2007 R2 Activation Failure
GUI Tool to Author Your Own PowerShell Cmdlets
Microsoft VDI Explained: Remote Desktop Services Virtualization (RDS-V) for Windows 2008 R2 & Windows 7
Application Compatibility Mitigation Best Practices for Remote Desktop Services
RemoteApp and Desktop Connection in Windows 2008 R2
Exchange 2007 Features Dropped in Exchange 2010
Manage Linux, Unix, and Solaris with System Center Operations Manager (SCOM) 2007 R2 Cross Platform Update
SQL Server 2008 Hardening, Security, Compliance & Auditing
New Features for Windows Server 2008 R2 Remote Desktop Services (RDS or Terminal Services)
The Hidden Trap in BI and Analytics
BranchCache Deployment Guide for Windows 2008 R2 and Windows 7
Exchange 2010 Server RTM’s
Microsoft Dynamics CRM Online Update Coming November 2009
Convert Physical Server or Workstation to VHD (Hyper-V, Xen, Virtual PC) – Microsoft Sysinternals Releases Free Disk2VHD Utility
Planning a DirectAccess Network Access Guide
Microsoft Forefront Identity Manager 2010 RC1 Released
Office Communications Server (OCS) 2007 R2 XMPP Gateway
End User Password Reset in Microsoft Forefront Identity Manager (FIM)
Office Communication Server (OCS) 2007 R2 SIP Trunk Providers
Move WSUS Content Updates and Database Files to a Different Volume on Small Business Server (SBS)
Configuring Exchange Server 2007 ActiveSync for iPhone OS 3.1 (and prior)
Exchange Server 2007 SP2 Will Support Windows Server 2008 R2
SharePoint in Plain English
Office Communications Server (OCS) 2007 R2, PreCallDiagnostic Resource Kit Tool
Why ERP Is Still So Hard - CIO.com - Business Technology Leadership
Utility to Install Windows Source Files from USB Flash Drive (Windows 7, Vista, WinPE and Windows Server 2008)
Microsoft Response to the Flawed VMware Cost-Per-Application Calculator (Comparing Hyper-V Price)
Danger! Do not implement SharePoint in your Organization!
Microsoft Deployment Toolkit 2010 Available for Download
BlackBerry Client Support for Office Communications Server (OCS) 2007 R2
Maximum VM’s in a Microsoft Windows Hyper-V Server 2008 R2 Cluster
System Center Configuration Manager (SCCM) 2007 R3 Announced
The Exchange 2007 Transport Dumpster Information
Malware Threats on the Rise. WPA Wireless Security Vulnerabilities
Why Microsoft Office VBA Still Makes Sense
Free Microsoft SharePoint Training: SharePoint Productivity Hub
Microsoft DPM 2007 Configuration Analyzer
Using SMTP Relay with Exchange Online
Forefront Client Security v1.0 (AntiVirus & AntiMalware) Supported on Windows 7 and Windows Server 2008 R2
Developing SharePoint Applications Best Practices
Free SharePoint Twitter Search Web Part
ADM Group Policy Settings in Excel for Windows 7 and Windows Server 2008 R2
Using TCP Port Monitors, Distributed Applications and Savision Live Maps to monitor redundant network links
OCS 2007 R2 Documentation
Office Communications Server 2007 R2 – Conference Call Web Scheduler
Microsoft Optimized Windows Desktop Deployment Architecture Demo
The Class of 2013 Work Expectations
Deploy Adobe Acrobat Reader and Acrobat 9 Pro Using System Center Configuration Manager (SCCM) 2007
Installing Windows 7 um2400 Broadband Drivers
Find System Center Operations Manager (SCOM) Overrides in Management Packs with Override Explorer
Office Communication Server (OCS) Remote Connectivity Test with AutoDiscover
In Depth Guide to Boot Windows 7 (or Windows 2008 R2) from VHD
Windows Azure : Confirming Commercial Availability and Announcing Business Model
How To: Deploy Windows (OSD) through System Center Configuration Manager (SCOM) 2007


Contact Us  |   San Diego, California

Copyright 2007-2009 Gilham Consulting - All rights reserved

San Diego Computer Consulting - San Diego IT Consulting - San Diego IT Support - San Diego Managed IT Services
San Diego Network Security Consulting - San Diego VOIP Phone System for Business