Monthly Archives: November 2011

MCITP, mcitp certification, MCITP Training, MCSE, MCSE Certification, MCSE Training, MCTS, MCTS Certification, MCTS Training, Microsoft, Tech

Microsoft 70-291 Study Guide

 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

TABLE OF CONTENTS

LIST OF TABLES

Topic 1: Installing and Deploying Windows Server 2003
Section 1.1: System Requirements
Section 1.2: Installing Windows Server 2003 from the CD-Rom
Section 1.3: Installing Windows Server 2003 from a Network Share
Section 1.4: Performing an Unattended Installation
1.4.1: Using an Unattended Answer File
1.4.2: Using the System Preparation Tool
1.4.3: Using Remote Installation Services (RIS)
Section 1.5: Windows Server 2003 Licensing
Section 1.6: Deploying Software Applications
1.6.1: Software Installation and Maintenance Technology
1.6.1.1: Acquiring and Modifying Software Packages
1.6.1.2: Deploying Software Packages
1.6.1.3: Assigning Software Packages
1.6.1.4: Publishing Software Packages
1.6.1.5: Deploying .zap Files
1.6.2: Upgrading Software
1.6.2.1: Mandatory Upgrades
1.6.2.2: Optional Upgrades
1.6.2.3: Redeploying Software
1.6.2.4: Removing or Disabling Software
1.6.3: Deploying Service Packs and Hotfixes
1.6.3.1: Installing Service Packs and Hotfixes
1.6.3.2: Removing a Service Pack or Hotfix
1.6.3.3: Slipstreaming Service Packs and Hotfixes
1.6.3.4: Adding Service Packs and Hotfixes to a Network Installation Share
1.6.3.5: Installing Multiple Hotfixes
1.6.4: Microsoft Software Update Services
1.6.4.1: Windows Update
1.6.4.2: Windows Update Catalog
1.6.4.3: Automatic Updates
1.6.4.4: Software Update Services
Section 1.7: The Windows Server 2003 Boot Process
1.7.1 Files Used in the Boot Process
1.7.2 The Boot.ini File
1.7.3: Advanced Boot Options
Section 1.8: The Recovery Console
1.8.1: Installing and Starting the Recovery Console
1.8.2: Using the Recovery Console

Topic 2: Configuring the Windows Server 2003 Network
Section 2.1: Creating Network Connections
Section 2.2: Configuring Automatic IP Addressing
2.2.1: DHCP Addressing
2.2.2: Automatic Private IP Addressing
2.2.3: The DHCP Lease Process
2.2.3.1: Automatic Lease Renewal
2.2.3.2: Manual Lease Renewal
2.2.4: DHCP and BOOTP Relay Agents
2.2.5: DHCP Backup and Fault Tolerance
Section 2.3: Testing IP Connections
2.3.1: Using the IPConfig Utility
2.3.2: Using the ping Utility
2.3.3: Using the tracert Utility
2.3.4: Using the net and nbtstat Utilities

Topic 3: Name Resolution
Section 3.1: NetBIOS Name Resolution
Section 3.2: Host Name Resolution
Section 3.3: Domain Name Space
3.3.1: DNS Zones
3.3.1.1: Zone Files
3.3.1.2: Resource Records
3.3.1.3: File Types
3.3.1.4: Zone Types
Section 3.4: Name Servers
3.4.1: Name Server Roles
3.4.2: Zone Transfers
3.4.3: Zone Transfer Security
3.4.4: Active Directory Integrated Zones
Section 3.5: Resolving Names
3.5.1 Forward Lookup Query
3.5.2 Reverse Lookup Query
3.5.3 DNS Recursion
Section 3.6: Installing the DNS Service
3.6.1: Configuring the DNS Service
3.6.2 Configuring a DNS Name Server
3.6.3 Creating Forward Lookup Zones and Reverse Lookup Zones
3.6.4 Configuring Clients for DNS
3.6.5: Configuring Dynamic DNS
3.6.5.1: Dynamic Updates
3.6.5.2: Secure Dynamic Updates
3.6.5.3 SRV Resource Records and A Resource Records
3.6.5.4 Creating Resource Records
3.6.5.5: Configuring Scavenging
Section 3.7: Troubleshooting DNS
3.7.1 Disabling DNS on an Interface

Topic 4: The Windows Server 2003 Network Infrastructure
Section 4.1: Directory Service Functionality
4.1.1: Simplified Administration
4.1.2: Scalability and Extensibility
Section 4.2: Active Directory Support for Client Computers
Section 4.3: Active Directory Structure
4.3.1: Logical Structure
4.3.1.1: Domains
4.3.1.2: Organizational Units (OUs)
4.3.1.3: Schema
4.3.2: Physical Structure
4.3.2.1: Sites
4.3.2.2: Domain Controllers
4.3.3: Domain Controller Roles
4.3.3.1: The Global Catalog
4.3.3.2: Master Operation Roles
4.3.3.3: PDC Emulator
4.3.3.4: RID Master
4.3.3.5: Infrastructure Master
4.3.3.6: Domain Naming Master
4.3.3.7: Schema Master
4.3.3.8: Seizing a Role Master
4.3.4: Renaming Domain Controllers
Section 4.4: Installing Active Directory Directory Services
4.4.1: The Database and Shared System Volume
4.4.2: Domain Functional Levels
4.4.2.1: Windows 2000 Mixed Domain Functional Level
4.4.2.2: Windows 2000 Native Domain Functional Level
4.4.2.3: Windows Server 2003 Domain Functional Level
4.4.3: Forest Functional Levels
Section 4.5: Active Directory Replication
4.5.1: Replication Within Sites
4.5.2: Replication Between Sites
4.5.2.1: Site Link Attributes
4.5.2.2: Site Link Bridges
4.5.3: Replication Latency
4.5.4: Resolving Replication Conflicts
4.5.5: Single Master Operations
Section 4.6: Active Directory Objects
4.6.1: Active Directory Naming Contexts
4.6.1.1: Application Naming Contexts
4.6.1.2: Configuration Naming Context
4.6.2: Moving Active Directory Objects
4.6.2.1: The MoveTree Utility
4.6.2.2: The ClonePrincipal
4.6.2.3: The Active Directory Migration Tool
4.6.3: Controlling Access to Active Directory Objects
4.6.4: Delegating Administrative Control
Section 4.7: Publishing Resources
4.7.1: Setting Up and Managing Published Printers
4.7.2: Setting Up and Managing Published Shared Folders
Section 4.8: Auditing Access to Active Directory Objects
4.8.1: Monitoring User Access to Shared Folders
4.8.1.1: Monitoring User Sessions
4.8.1.2: Sending Administrative Messages to Users

Topic 5: Creating and Managing User and Computer Accounts
Section 5.1: User Accounts
5.1.1: Local User Accounts
5.1.2: Domain User Accounts
5.1.2.1: Creating DomainUser Accounts
5.1.2.2: Copying Domain User Accounts
5.1.3: Built-In User Accounts
5.1.3.1: Administrator
5.1.3.2: Guest
5.1.3.3: HelpAssistant
5.1.3.4: Support_388945a0
Section 5.2: Computer Accounts
Section 5.3: Modifying User Accounts and Computer Accounts
Section 5.4: Group Accounts
5.4.1: Group Scope
5.4.2: Group Nesting
5.4.3: Creating Groups
5.4.4: Adding a User to a Group
Section 5.5: Managing The User Environment
5.5.1: User Profiles
5.5.1.1: Roaming User Profiles
5.5.1.2: Mandatory User Profiles
5.5.2: Administrative Templates
5.5.3: Desktop Security Settings
5.5.4: Group Policy Script Settings
5.5.5: Folder Redirection

Topic 6: Routing and Remote Access Service (RRAS)
Section 6.1: Routing and Remote Access Service Features
Section 6.2: Installation and Configuration
Section 6.3: Connecting to RRAS
6.3.1: Remote Access Protocols
6.3.2: The PPP Authentication Process
Section 6.4: Remote Access Security
6.4.1: Secure User Authentication
6.4.1.1: Mutual Authentication
6.4.1.2: Data Encryption
6.4.1.3: Callback
6.4.1.4: Caller ID
6.4.2: Managing Authentication
6.4.2.1: Windows Authentication
6.4.2.2: RADIUS Authentication and IAS
Section 6.5: Securing RRAS Clients
6.5.1: Remote Access Policies
6.5.2 The Connection Manager Administration Kit
Section 6.6: Virtual Private Networks (VNP)
6.6.1: VPN Protocols
6.6.2: Configuring VPN Protocols
6.6.3: IPSec and NAT Transversal
6.6.4: Integrating VPN in a Routed Network
6.6.5: Integrating VPN Servers with the Internet
6.6.6: Configuring Client VPN Settings
Section 6.7: RRAS Tools
Section 6.8: Routing
6.8.1: Routing Tables
6.8.1.1: Static Routing
6.8.1.2: Dynamic Routing
6.8.2: Routing Protocols
6.8.2.1: Routing Information Protocol (RIP)
6.8.2.2: Open Shortest Path First (OSPF)

Topic 7: Controlling Network Security
Section 7.1: Access Control List
Section 7.2: NTFS Permissions
7.2.1: NTFS Folder Permissions
7.2.2: NTFS File Permissions
7.2.3: Multiple NTFS Permissions
7.2.3.1: Cumulative Permissions
7.2.3.2: The Deny Permission
7.2.4: Setting NTFS Permissions
7.2.5: NTFS Permissions Inheritance
7.2.6: Assigning Special Access Permissions
7.2.6.1: Changing Permissions
7.2.6.2: Taking Ownership
Section 7.3: Copying and Moving Files and Folders
Section 7.4: Troubleshooting NTFS Permission Problems

Topic 8: Shared Files and Folders
Section 8.1: Shared Folder Permissions
Section 8.2: Shared Application Folders
Section 8.3: Data Folders
Section 8.4: Administrative Shared Folders
Section 8.5: Offline Files
8.5.1: Enabling Offline Files
8.5.2: Offline File Synchronization
Section 8.6: Combining Shared Folder Permissions and NTFS Permissions

Topic 9: Monitoring Network Resources
Section 9.1: Monitoring Access to Shared Folders
9.1.1: Monitoring Shared Folders
9.1.2: Modifying Shared Folder Properties
9.1.3: Monitoring Open Files
9.1.4: Disconnecting Users from Open Files
9.1.5: Monitoring Network Users
9.1.6: Monitoring User Sessions
9.1.7: Disconnecting Users
Section 9.2: Auditing
9.2.1: Using an Audit Policy
9.2.2: Using Event Viewer to View Security Logs
9.2.3: Setting Up Auditing
9.2.4: Auditing Object Access
9.2.4.1: Auditing Access to Files and Folders
9.2.4.2: Auditing Access to Printers
Section 9.3: Using Event Viewer
9.3.1: Viewing Security Logs
9.3.2: Locating Events
9.3.3: Managing Audit Logs
Section 9.4: Using Group Policy
Section 9.5: The Shutdown Event Tracker

Topic 10: Monitoring System Performance
Section 10.1: The System Monitor
Section 10.2: Adding Performance Counters
Section 10.3: Performance Logs and Alerts
10.3.1 Counter Logs and Tracer Logs
10.3.2 Alerts

INDEX

LIST OF TABLES
Table 1.1: Windows Server 2003 Minimum System Requirements
Table 1.2: Files Used in the Windows Server 2003 Boot Process
Table 1.3: ARC Path Naming Conventions
Table 1.4: Some Recovery Console Commands
Table 2.1: IPConfig Switches
Table 2.2: Ping Errors
Table 2.3: Nbstat Commands
Table 3.1: Top-Level Domains
Table 3.2: Zone Types
Table 4.1: Schema Active Directory Service Interface Objects
Table 4.2: Common Active Directory Objects
Table 4.3: Find Dialog Box Options
Table 4.4: Standard Active Directory Object Permissions
Table 5.1: The Dsadd Command-line Parameters
Table 5.2: The User Account Properties
Table 5.3: The Computer Account Properties
Table 5.4: The Dsmod Command-line Parameters
Table 5.5: The Dsadd Command-line Parameters
Table 5.6: Administrative Templates
Table 5.7: Desktop Security Settings
Table 5.8: Group Policy Settings to control the Network Environment
Table 5.9: Group Policy Settings to Control Access to the Administrative Tools
Table 6.1: Remote Access Policy Conditions
Table 6.2: Additional RADIUS Remote Access Policy Conditions
Table 6.3: Netsh Command-line Options
Table 6.4: Netsh global Commands
Table 6.5: Route Command Parameters
Table 7.1: Permission Inheritance Options
Table 7.2: Troubleshooting Permission problems
Table 8.1: Shared Folder Permissions
Table 9.1: Options for Filtering and Finding Events
Table 10.1: Some Useful Performance Counters

Implementing, Managing and Maintaining a
Microsoft Windows Server 2003
Network Infrastructure

Exam Code: 70-291
Certifications:

Microsoft Certified (MCP)
Microsoft Certified Systems Administrator (MCSA 2003) Core
Microsoft Certified Systems Engineer (MCSE 2003) Core

Prerequisites:
None

About This Study Guide
This Study Guide provides all the information required to pass the Microsoft 70-291 exam – Implementing,
Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure. It however, does not
represent a complete reference work but is organized around the specific skills that are tested in the exam.
Thus, the information contained in this Study Guide is specific to the 70-291 exam and not only to
Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure. It
includes the information required to answer questions related to the maintaining Windows Server 2003
environment, Windows 2000, Windows XP Professional, Windows NT, and Windows 98 that may be asked
during the exam. Topics covered in this Study Guide include: Installing Windows Server 2003,
Implementing, Managing, and Maintaining IP Addressing; Configuring TCP/IP Addressing on a Server
Computer; Managing DHCP; Managing DHCP Clients and Leases; Managing DHCP Relay Agent;
Managing DHCP Databases; Managing DHCP Scope Options; Managing Reservations and Reserved
Clients; Troubleshooting TCP/IP Addressing; Diagnosing and Resolve Issues Related To Automatic Private
IP Addressing (APIPA); Diagnosing and Resolve Issues Related To Incorrect TCP/IP Configuration;
Troubleshoot DHCP; Diagnosing and Resolving Issues Related to DHCP Authorization; Verifying DHCP
Reservation Configuration; Examining the System Event Log and DHCP Server Audit Log Files to Find
Related Events; Diagnosing and Resolve Issues Related To Configuration of DHCP Server and Scope
Options; Verifying the DHCP Relay Agent; Verifying Database Integrity; Implementing, Managing, and
Maintaining Name Resolution; Installing and Configuring the DNS Server Service; Configuring DNS
Server Options; Configuring DNS Zone Options; Configuring DNS Forwarding; Managing DNS; Manage
DNS Zone Settings; Manage DNS Record Settings; Manage DNS Server Options; Monitor DNS;
Implementing, Managing, and Maintaining Network Security; Implementing Secure Network
Administration Procedures; Using Security Templates; Monitoring Network Protocol Security;
Implementing, Managing, and Maintaining Routing and Remote Access; Configuring Routing and Remote
Access User Authentication; Configuring Remote Access Authentication Protocols; Configuring Internet
Authentication Service (IAS) To Provide Authentication for Routing and Remote Access Clients;
Configuring Routing and Remote Access Policies to Permit or Deny Access; Managing Remote Access;
Managing Packet Filters; Managing Routing and Remote Access Routing Interfaces; Managing Devices and
Ports; Managing Routing Protocols; Managing Routing and Remote Access Clients; Managing TCP/IP
Routing; Managing Routing Protocols; Managing Routing Tables; Managing Routing Ports; Implementing
Secure Access between Private Networks; Troubleshooting User Access to Remote Access Services;
Diagnosing and Resolving Issues Related To Remote Access VPNs; Diagnosing and Resolving Issues
Related To Establishing a Remote Access Connection; Diagnosing and Resolving User Access to Resources
beyond the Remote Access Server; Troubleshooting Routing and Remote Access Routing; Troubleshooting
Demand-Dial Routing; Troubleshooting Router-To-Router VPNs; Maintaining a Network Infrastructure;
Monitoring Network Traffic; Troubleshooting Connectivity to the Internet;

Intended Audience
This Study Guide is targeted specifically at people who wish to take the Microsoft MCSA / MCSE exam 70-
291 exam – Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network
Infrastructure. This information in this Study Guide is specific to the exam. It is not a complete reference
work. Although our Study Guides are aimed at new comers to the world of IT, the concepts dealt with in this
Study Guide are complex and require an understanding of material provided for the CompTIA A+,
Network+ and Server+ exams.

Note: There is a fair amount of overlap between the 70-291 and the 70-290
exams. Don’t skim over the information that seems familiar. Read over it
again to refresh your memory.

How To Use This Study Guide
To benefit from this Study Guide we recommend that you:

• Study each chapter carefully until you fully understand the information. This will require regular and
disciplined work.

• If possible, perform all the walk-throughs that are included in this Study Guide to gain practical
experience, referring back to the text so that you understand the information better. Remember, it is
easier to understand how tasks are performed by practicing those tasks rather than trying to memorize
each step.

• Be sure that you have studied and understand the entire Study Guide before you take the exam.

Note: Remember to pay special attention to these note boxes as they contain
important additional information that is specific to the exam.

Good luck!

Topic 1: Installing and Deploying Windows Server 2003
You can install Windows Server 2003 directly from the CD-Rom or from a network share. The Windows
Server 2003 installation process consists of five stages

Stage 1: Hard Drive Preparation: In text mode Setup checks the hard drive for consistency and errors. It
allows you to format and create the Windows Server 2003 partition if you need to and copies setup files to
the hard drive. Setup then reboots the computer.

Stage 2: Setup Wizard: The graphical user interface Setup Wizard gathers information from you; such as
regional settings, your name and organization, the Windows Server 2003 CD-key, and computer name. The
Windows Server 2003 Setup Program then creates the local Administrator user account and requests a
password for it.

Stage 3: Installing Network Components: After the Setup Wizard has gathered the necessary information
from you in Stage 2, it begins the network components installation. It detects your network adapter card;
allows you to choose which network components, such as the network client, file and printer sharing and
protocols, to install; allows you to join a workgroup or domain; and installs the components you have
chosen.

Stage 4: Completing the Installation: The Setup Wizard completes the installation by installing the startmenu
items and applying and saving the configuration settings you chose in the previous stages. It then
deletes the temporary setup files and reboots the computer.

Stage 5: Post Installation: After the installation is complete, you must perform the “Product Activation”
and configure your server. You should also check your device manager for undetected or nonfunctioning
hardware components.

Section 1.1: System Requirements
Before installing Windows Server 2003, you must ensure that the computer meets the minimum system
requirements for Windows Server 2003.

Table 1.1: Windows Server 2003 Minimum System Requirements

Component

Minimum Requirement
Processor Pentium 133 MHz (Pentium III 550 MHz recommended for Standard
Edition and Pentium III 733 MHz for Enterprise Edition)
Memory 128 MB Ram (256 MB Ram recommended)
Hard Disk Space 1.5 GB hard disk free space
Networking Standard network adapter card
Display Monitor and adapter with minimum resolution of the VGA standard
I/O devices CD-ROM, keyboard, mouse, or other pointing devices.

Section 1.2: Installing Windows Server 2003 from the CD-Rom
When installing Windows Server 2003 on a new computer from the CD-Rom you must boot directly from
the CD-Rom. Unlike Windows 2000, Windows Server 2003 does not support booting from boot disks.
Therefore, if your computer does not support booting from the CD-Rom, you must install Windows Server
2003 from a network share or from within an existing operating system.
Place the Windows Server 2003 installation disk in the CD-Rom and reboot the computer. During the boot
process you will be prompted to “press any key to boot from CD-Rom”. Once you have pressed a key
the installation of Windows Server 2003 will begin.

Section 1.3: Installing Windows Server 2003 from a Network Share
To install Windows Server 2003 over the network you must copy the i386 folder from the Windows Server
2003 Installation CD to a shared network folder. You must also ensure that the computer has a can connect
to the network share when it has booted.

Section 1.4: Performing an Unattended Installation
Microsoft allows for the automated installation of Windows Server 2003 through unattended installations.
There are three mechanisms through which an unattended installation can be performed. These are through:

• unattended answer files;
• disk imaging using the System Preparation Tool; and
• Remote Installation Services

1.4.1: Using an Unattended Answer File
The first mechanism you can use to perform an unattended installation of Windows Server 2003 is to use an
answer file. An answer file is an automated script that supply’s the Windows Server 2003 Setup program
with all the information it would require during the installation.

• You can use Setup Manager located in the deploy.cab file in the /support/tools folder of the Windows
Server 2003 Installation CD to create and modify an answer file or you can manually create the Answer
file. You can use Setup Manager to create an answer file for an unattended installation, a sysprep install,
and for a Remote Installation Services.

1.4.2: Using the System Preparation Tool
With disk imaging it is possible to install and configure Windows Server 2003 and all the applications and
application update packs on a test computer and then create an exact image of the hard drive that can then be
used to install Windows Server 2003 and the applications on other client computers. However, all the target
computers to which the image is to be applied must have the same hardware configuration as the test
computer. You will also have to change the computer name of all the target computers as each computer on
the network must have a unique name.

You should use the Sysprep, after installing and configuring Windows Server 2003, the applications and
application update packages on a test computer, to prepare the computer of disk imaging. You should then
run the disk imaging program after Sysprep has completed. Sysprep adds a mini-Setup Wizard to the disk
image that will request the user-specific information such as productID, user name, network configuration,
etc, on the first reboot of the target computer. This information can either be supplied by the user or by an
answer file.

1.4.3: Using Remote Installation Services (RIS)
Unlike Windows 2000 Server, Windows Server 2003 can be deployed using Remote Installation Services
(RIS). Remote installation is the process of connecting to Remote Installation Services (RIS) server from a
target computer and then performing an automated installation of Windows Server 2003 on the target
computer. This is the most effective method of deploying Windows Server 2003. Remote Installation allows
administrators to use a centrally located computer to install Windows Server 2003 on a target computer, i.e.
the computer on which the Windows Server 2003 operating system is to be installed, anywhere on a
network. It however requires that your network already has a Windows Server 2003 server infrastructure in
place and that the target computers support remote booting.

Section 1.5: Windows Server 2003 Licensing
The use of Windows Server 2003 requires two distinct types of licensing: a product license, i.e., the CDkey,
which allows you to install the Windows Server 2003 operating system on a computer; and a Client
Access License (CAL), which allows clients to connect to the Windows Server 2003 computer.
Windows Server 2003 provides three CAL modes: a per server mode, which sets the number of concurrent
users or clients that can log on to a specific Windows Server 2003 computer; a per user mode, which permits
an unlimited number of concurrent users to connect to the Windows Server 2003 computer, providing each
has a CAL; and a per device mode, which permits an unlimited number of concurrent client computers, or
devices, to connect to the Windows Server 2003 computer, providing that each device has a CAL.

Section 1.6: Deploying Software Applications
1.6.1: Software Installation and Maintenance Technology
The software installation and maintenance technology in Windows Server 2003 uses Group Policy in
conjunction with Windows Installer to automate and manage software installations, updates and removal
from a centralized location. Group Policy can be used to assign the software application to a group of users
that are members of an OU, and allows you to manage the various phases of software deployment.
There are four phases of software life cycle:

• Preparation: preparing the files that allows you to use Group Policy to deploy the application software.
This involves copying the Windows Installer package files to a software distribution point. The
Windows Installer application files can be obtained from the application’s vendor or can be created
through the use of third-party utilities.

• Deployment: the administrator creates a Group Policy Object (GPO) that installs the software on the
target computers and links the GPO to the appropriate Organizational Unit. During this phase the
software is installed.

• Maintenance: the software is upgraded with a new version or redeployed with a patch or a service pack.
MCSE 70-291

• Removal: to remove software that is no longer required, you must remove the Windows installer
package from the GPO that was used to deploy the software. The software is then automatically removed
when a user log on or when the computer restarts.

Windows Installer consists of Windows Installer service, which is a client-side service, and Windows
Installer package. Windows Installer package uses the .msi file extension that replaces the Setup.exe file and
contains all the information that Windows Installer services requires to install the software. The software
developer provides the Windows Installer package with the application. If a Windows Installer package does
not come with an application, you can create a Windows Installer package or repackage the application,
using a third-party utility. Alternatively you could create an application file (.zap) that uses the application’s
existing setup program. A .zap file is not a native Windows Installer package.

Advantages of using Native Windows Installer packages:
• Automatic File Repair when a critical application file becomes corrupt. The application automatically
returns to the installation source to retrieve a new copy of the file.

• Clean Removal without leaving orphaned files and without deleting shared files used by another
application.

• Transformable. You can customize a Windows Installer package to meet the requirements set by your
company by using authoring and repackaging tools. Transformed Windows Installer packages are
identified by the .mst file extension.

• Patches. Patches and upgrades can be applied to the installed applications. These patches use the .msp
file extension.

Note: A .zap file is not a native Windows Installer package and does not offer
the same benefits as Windows Installer packages. It therefore does not
support automatic repairing and cannot be transformed.

 

 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

MCITP, mcitp certification, MCITP Training, MCSE, MCSE Certification, MCSE Training, MCTS

Scoring Forrester’s 2011 cloud predictions

Forrester hit more often than it missed in its predictions for the cloud computing market in 2011, writes James Staten – but the market still moved slower than predicted.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Around this time last year, Forrester published its predictions for what we expected to happen in the cloud computing market in 2011. While some of those prognostications were on the mark, in general we learned once again that markets move much slower than any of us would like.

It might be best to think of last year’s predictions as less about what would happen in a twelve month period and more about trends we identified that we felt would have lasting impact on the infrastructure & operations (I&O) professional and the market in general. Thus we felt progress was made along most of these lines. Here’s a quick look at what we predicted and where we went astray:

1.       And The Empowered Shall Lead Us. Correct. ForrSight surveys and discussions with clients continue to show that the early adopters of cloud services are not I&O and this gap rose in 2011. And the trend of Empowered employees and developers not telling I&O about their use of cloud continued in 2011. Thankfully we saw more I&O leaders begin to proactively engage these leaders by demonstrating how I&O can make their use of these services more predictable and productive. Far more of this type of engagement is still needed as the pressure on business to move more quickly and autonomously grows as the risk of a double-dip recession rises.

2.       You will build a private cloud, and it will fail. Incomplete. While tough for many I&O leaders to hear, the rush to private cloud led in 2011 to far less cloud implementations than we would liked to have seen. Which means that little progress was made toward private clouds last year. What took its place, sadly was a lot of cloudwashing of virtualization environments. ForrSight surveys showed an increase in pressure from executives for I&O to get to yes on cloud, but as we’ve pointed out in our research, the administrative maturity required to build and operate a private cloud is daunting for most IT teams. The vendor community made good strides in 2011 in providing cloud solutions for you to deploy but it seems this learning for most enterprises was pushed out until next year.

3.       Hosted private clouds will outnumber internal clouds 3:1. Wrong. Having a managed service provider (MSP) set up and operate an Infrastructure as a Service (IaaS) cloud for you remains the fastest path to private cloud yet fewer enterprises went for this value proposition than we thought. The psychology of I&O explains this. For most I&O professionals the desire to do it yourself was behind most of this, as outsourcing an important innovation, for many, seemed to indicate an internal failure. “If we can’t get this built in our own environment, we’ll explore that option but I want to give my team a chance first,” said one I&O leader from a large manufacturer. A second factor is the continuing mistrust of third parties by both I&O and security & risk managers (SRM). While hosted private clouds from most MSPs are dedicated implementations, IT continues to show mistrust of multitenancy. Look for a Forrester report on the truth about this risk this winter.

4.       Community clouds will arrive, thanks to compliance. Incomplete. While some progress was made here by the financial services market, education and public sectors, community clouds are still a work in progress. A key issue holding back this market is ownership and responsibility. In nearly any community one member must ultimately take responsibility for the cloud provided. It has to reside somewhere and someone has to administer the cloud. That party has the burden of operational transparency to the rest of the community and bears the ultimate cost of the cloud. Thus the business justification for this effort falls unevenly upon this member. As a result, so far, community clouds have been built mostly as commercial enterprises benefitting the lead member or extensions of private clouds built for the benefit of the administering leader. NYSE Euronext’s community cloud is a poster child for this reality. While the solution clearly serves the financial services market it’s ultimately a business for NYSE’s I&O team.

5.       Workstation applications will bring high-performance computing (HPC) to the masses. Incomplete. It took nearly all of 2011 for this trend to reach the market but Adobe and early leader Autodesk made this a reality last quarter with the announcement of cloud solutions that now power their leading workstation applications. New Zealand-based App-Internet pioneer Green Button added a raft of workstation and desktop ISVs including Pixar, Blender, AON, Deep Exploration, SymScape and RiskMetrics. While this progress is great, mass adoption remains a bit off.

6.       Cloud economics gets switched on. Being cheap is good. Incomplete. In 2010 we were just learning about the economic differences cloud platforms brought to the I&O market. In 2011, Netflix very publically showed their deep understanding of this new model and how they were capitalizing on it. The Associated Press, NVoicePay, Heroku and many others have latched onto this new economics and driven innovative new business models to the market. But some of the innovations we expected to see such as a real spot market for cloud resources, simple cross cloud deployment and hybrid architectures built on financial justifications are still a work in progress. Much of this change was held up by cloud standards (prediction #9), so we should have known better.

7.       The BI gap will widen. Correct. It’s hard to argue with the growth and power of big data and the role cloud computing is playing in this trend. Real-time analytics, social media analysis and gleaning business value from unstructured data are big advantages for first movers. Hadoop and the other tools for making this happen are clearly far from mainstream but those investing in these technologies are already reaping the benefits.

8.       Information is power and a new profit center. Incomplete. Amazon, Microsoft, Google and innovative ISVs like Xignite are laying the foundation for commercializing your corporate data, and social media, web services and traditional information providers are all over this trend. But the traditional enterprise has been slow to move into this business. Partly a lack of standards is to blame but more of an issue has been data security concerns. Your precious corporate data about inventory flows, retail purchases, buyer categorizations and other data that may be of immense value to partners and potential partners but remains stuck in the bowels of your ERP system hidden far behind the firewall. Securely sharing this remains a challenge as the market debates the best practices. Snapshotting and obfuscating is one approach but designing an API to this data may be ultimately more secure and flexible. The e-commerce of commercial data looks to be a multi-year problem. Hopefully the revenue realities will push corporate IT forward in 2012.

9.       Cloud standards still won’t be here — get over it. Correct.  Anyone who studies standards efforts can tell you this prediction was a layup but the latter half of this prediction required a shift in IT thinking. Let’s face it, I&O professionals are not natural risk takers. And lack of standards held many an IT team back from investing in cloud in 2011. ForrSight surveys showed that little progress was made by I&O in cloud services in 2011. But it was the developers who pushed us forward – our software surveys showed a doubling in developer adoption of cloud in the past year. As for the standards, I wouldn’t hold my breath for 2012 either. For a look at where we are towards this aim, see Lauren Nelson’s forthcoming report on cloud standards.

10.   Cloud security will be proven but not by providers alone. Correct. Now get going. Sure we can’t ensure every application or data set in the cloud but 2011 gave us real proof that at least the providers are doing their part. The leading cloud providers earned key certifications (ISO 27001, 20001, PCI-DSS and FISMA) and nearly all provided strong transparency to their operational practices. We also saw the leading clouds land local data centers in Europe and Asia and validate the proper handling of in-country data. And for the most part we saw enterprise customers awaken to their responsibilities for securing their use of clouds. There’s much progress to be made for sure but the excuses for not leaving the starting gate are no more.

With so much progress, it’s getting increasingly difficult to argue for holding back from cloud investments. Even highly regulated industries are showing clear cases for cloud use in the areas of training, marketing, social outreach, support and product or service design. For sure, its still an early market but as our forthcoming updated Tech Radar for the cloud market shows, 2011 was a year of tremendous progress. The best practices for cloud adoption are out there if you look for them. Forrester is proud to be a leading resource for this. It’s time to take your adoption plans and put them into practice in 2012.

Android, Google, HTC, IBM, Microsoft, Nokia, Tech

Android IceCream Sandwich 4.0 Features

Android IceCream Sandwich 4.0 aka ICS is finally announced and its packed with features. Galaxy Nexus is the flagship device that would run ICS.
ICS basically brings Android 3.x Honeycomb features to phones. Lets go through the features quickly:

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

30minutes Video demo of IceCream Sandwich

Android 4.0 ICS Features:

Updated Settings:  Revamped Settings screen organization. Items are arranged much better now.
Disabling Apps:  ICS adds the ability to disable an app outright. Don’t like an app that came preinstalled? Disable it! Its resources never run and its launcher icon is gone until you re-enable it.
Improved Download Manager.
Support for Encryption for Phones:  Honeycomb added full-device encryption, but ICS brings it to phones.
Audio Effects:  There’s a new audio effects API. Better media players coming!
New Font, Roboto: Droid Sans font is now gone for good.

OnScreen buttons, no hardware buttons: You dont need any hardware buttons for running ICS device, all the buttons: back, home are on-screen. Like Honeycomb, the buttons go invisible, smartly, to let you enjoy full screen video.
Resizable Widgets, Folders, Favorites: Dragging apps and contacts on top of each other create re-arrangeable folders. Users can stow their favorite apps, links, and folders into a new Favorites tray for quick and easy access
Screenshots: Hold down the power button and the volume down button to take a screenshot.
Notifications Revamped: Music controls have been integrated, and notifications can be dismissed by swiping
Improved Copy & Paste
Face Unlock
Enhanced Talk-to-Text: It’s more accurate.
Browser Tabs, offline: Upto 16 browser tabs. You can also save web pages offline
Gmail: Gmail now supports two-line previews, and sports a new context-sensitive action bar at the bottom of the screen. Gesture support allows you to swipe left and right between emails.
Contacts – People App: Contacts get re-vamped by showing contacts from Google+, Facebook, Twitter, etc.
Data Usage: You can now look at the details of what app is doing what with your data usage. Best part: The ability to limit data usage to a certain threshold.
Camera: Image stabilization, improved autofocus, and integration with other apps for sending photos or instant upload to Google+, built-in face detection, panorama and time lapse modes, and on-the-fly photo retouching and enhancements.
Android Beam: An secure NFC-powered sharing platform that lets users share nearly any kind of content, save for applications (in that case, a link to the Market is sent instead)

Uncategorized

LG may be looking to switch on Google TV

Logitech jumped off the Google TV train earlier this week, but now it looks like another consumer-electronics maker, LG, may be hopping on.

Citing unnamed sources, Bloomberg Businessweek reports that Seoul, South Korea-based LG plans to unveil a television based on Google software at CES in January. LG is the world’s second-largest manufacturer of TV sets.

Representatives for both LG and Google have declined to comment. But the report, if true, could signal welcome good news for Google TV. In the past two weeks, the Google product has not only been dismissed by Logitech, but also dogged by reviewers, including CNET’s Matthew Moskovciak, who said a recently released major update aimed at simplifying the user interface is frustratingly unready for prime time.

Samsung and Vizio are said to be working on Google TV-based devices, as well.

Google TV, which lets users view Web sites and Internet video on their home TVs, launched last year with Sony, Dish Network, and Logitech. The product, of course, has one less partner as of this week as Logitech said it will let existing inventory of its Revue with Google TV set-top box run out this quarter and won’t make another set-top box in its place.

At an Analyst and Investor Day hosted by Logitech on Wednesday, CEO Guerrino De Luca told investors that Logitech lost more than $100 million in operating profits on the Revue after bringing it to market almost a year ago. He went so far as to call production of the Revue a “mistake of implementation of a gigantic nature.”

Logitech’s move didn’t come as a giant surprise. The company earlier this year revealed seriously disappointing sales numbers for the product and accompanying gear.

Uncategorized

Microsoft’s ‘Linux Threat Level’: Down to Green or Redder Than Ever?

“Those tablets and smartphones and web-based apps and ChromeOS laptops with their Google DNA and Linux underpinnings are all direct threats to the Windows OS, so I wouldn’t say this is a downgrading of Linux, but an acceptance that Google is going to be the primary way that most people will adopt Linux without realizing it,” said Slashdot blogger Barbara Hudson.

From Laid-Off to Entrepreneur: Launching a Web Biz on a Shoestring. “That day” has arrived. For whatever reason, the job you’ve been working for years is no longer there for you. Times are tough; people are facing unemployment in droves. In today’s economic age, however unfair, it’s a reality. What do you do now? [Download PDF: 10 pgs | 558k]

Now that Microsoft (Nasdaq: MSFT) wants to be Linux’s new best friend, there’s bound to be no end of sweet nothings and touching gestures emanating out of Redmond.

After all, we’re pals now, right?

Lo and behold! For all you skeptics who doubted the software behemoth’s amorous words, consider a few phrasing changes it recently made in its last two annual financial filings.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

‘So Much for All Those Predictions’

Whereas said documents used to include Linux as a primary threat to Windows — alongside Apple (Nasdaq: AAPL) and Google (Nasdaq: GOOG) — Redmond’s documents now reportedly don’t mention any competitive threat from desktop Linux at all, according to a recent article on Business Insider, which cites a tweet by Directions on Microsoft’s Wes Miller.

Rather, the documents list only Apple and Google as Windows’ primary threats on the desktop.

Of course, embedded Linux is still acknowledged as a problem in that arena — not to mention servers, of course — but author Matt Rosoff (formerly with Directions on Microsoft as well, it most certainly should be noted) comes to a very happy conclusion anyway: “So much for all those predictions that Linux would kill Windows,” he writes.

Awww, isn’t that nice? We really *are* friends now!

‘MS Is Very Afraid of Linux’

Then again, maybe not.

“The actions ‘speak’ louder than the words,” wrote SAL-e in the comments on Business Insider.

“Microsoft is acting like patent troll and filing law-suits left and right,” SAL-e explained. “MS is very afraid of Linux, especially in the mobile arena.”

Similar sentiments could be heard down at the blogosphere’s Broken Windows Lounge.

“They only downgraded Linux as a threat on the desktop, so the underhanded FUD and legal attacks are likely to continue,” consultant and Slashdot blogger Gerhard Mack told Linux Girl.
‘The Reality Distortion Field’

Indeed, “the last time I looked, the threats Google represents to both Microsoft and Apple all carried ‘Powered by Linux’ stickers,” noted Barbara Hudson, a blogger on Slashdot who goes by “Tom” on the site.

“Those tablets and smartphones and web-based apps and ChromeOS laptops with their Google DNA and Linux underpinnings are all direct threats to the Windows OS, so I wouldn’t say this is a downgrading of Linux, but an acceptance that Google is going to be the primary way that most people will adopt Linux without realizing it,” Hudson explained.

“Of course, it would take a Microsoftie to tweet that this means ‘Linux isn’t a threat to the Windows desktop any longer,’ she added, quoting Miller’s words. “This proves two things: Apple and Steve Jobs don’t have a monopoly on the Reality Distortion Field, and Twitter — with its 140-character limit — is never going to be the source of any serious analysis.”
‘Threat Level Is Red’

Linux is “not an operating system but a component of many operating systems, all of which are taking a slice of M$’s pie: GNU/Linux, Android/Linux, Meego and WebOS,” agreed blogger Robert Pogson. “Whereas M$ used to have weak competition from GNU/Linux and MacOS, they are now surrounded and holed at the water-line.”

Microsoft is “still dishonest,” Pogson added. “A ‘PC’ is a personal computer and not necessarily one with M$’s OS. There is not much indication that demand for PCs will reduce, but PCs running M$’s OS certainly are being replaced with more functional units at lower prices.

“M$, after decades, is now having to compete on price/performance,” he concluded.

Bottom line? “Threat level is Red,” Pogson added.
‘The Year the Desktop All But Goes Away’

Hyperlogos blogger Martin Espinoza took a similar view.

“It looks like there won’t be any year of the Linux desktop, mostly because it’s going to be the year the desktop all but goes away,” Espinoza told Linux Girl.

“Pundits have long predicted the virtual disappearance of the computer as we know it, and the broad acceptance of powerful smartphones seems to be putting the truth to that once seemingly ridiculous proclamation,” he added.
‘Filled to the Brim with Zealots’

Slashdot blogger and Windows fan hairyfeet saw it differently.

In fact, Linux really isn’t a threat to Microsoft, hairyfeet told Linux Girl.

“For little shops like mine it would be really nice if it was, but it really isn’t,” hairyfeet said.

Linux also hasn’t improved in the past two years, he added: “Drivers are just as buggy, upgrades still kill hardware, waaaay too many things are tied to what kernel version you have, and the whole thing is filled to the brim with zealots that act like you kicked a puppy if you dare to point out what is wrong.

“It has been 20 years since Linus released the Linux kernel, and it still hasn’t gotten above the margin of error,” he concluded. “Why? Simple — Linux is BY geeks and FOR geeks, and not a single one with any power will listen to the users.”
‘Linux Will Continue to Make Inroads’

Chris Travers, a Slashdot blogger who works on the LedgerSMB project, wasn’t convinced that Microsoft’s changed wording had much significance.

“It does represent a developing understanding that Windows is deeply entrenched in some markets and Linux as a general operating system is not really able to unseat it at the present moment,” Travers said. “I think that Linux will continue to make inroads into these areas slowly, however.”

In the long run, though, the real threats to Microsoft and Windows may have nothing to do with operating systems, Hudson suggested.
‘The Tech Elephant Graveyard’

“It’s become an ingrained truth that Microsoft cannot take the initiative; its actions are knee-jerk responses to products and services from Apple and Google,” she explained.

“Nobody believes that Microsoft is capable of planning and executing anything really new and innovative, or even buying successful technology and integrating it,” Hudson added. “Rather, it is the tech Elephant Graveyard, the place where other companies (Danger, Nokia (NYSE: NOK), etc.) go to die.

“Of course, a more up-front appraisal would have listed Microsoft CEO Steve Ballmer as the biggest threat to Microsoft,” she added. “But that’s a whole other story.”

Microsoft, Oracle, Tech

Salesforce.com hires ex-Oracle, SAP software executive Wookey

Salesforce.com has hired former Oracle and SAP executive John Wookey, adding a seasoned software-development executive to its ranks at a time of rapid growth in both revenue and its breadth of offerings.

Cisco CCNA Training, Cisco CCNA Certification

Best Oracle Certification Training and Oracle Exams Training  and more Cisco exams log in to Certkingdom.com

“We’re thrilled to have John join Salesforce.com,” the company said in a statement Friday. “He will be focused on special projects that will help us accelerate social enterprise success for customers.”

Wookey was not available for interviews, according to the company.

He left SAP earlier this year after an approximately two-and-a-half year stint, during which he managed the vendor’s on-demand software strategy for large enterprises. His hiring in November 2008 was seen as a coup for SAP at the time, and his departure sparked no shortage of speculation about why he decided to leave. In announcing his pending departure in April, SAP and Wookey said he wanted to spend more time with his family.

He has kept a low profile since then, perhaps due to a noncompete agreement with SAP.

Prior to SAP, Wookey was a key executive in charge of Oracle’s Fusion Applications, a next-generation suite that came to market this year after a protracted development process. He left Oracle in October 2007.

Wookey is a “good pickup” for Salesforce.com and not one made randomly, said Forrester Research analyst Paul Hamerman. “They’re a very innovative company. If they’re bringing him in, it means they probably have a ton of strategy behind it.”

Salesforce.com may want to build some new products, especially in areas such as accounting or human resources, Hamerman speculated.

Wookey will bring solid product-management skills to the Salesforce.com development organization, said analyst Ray Wang, CEO of Constellation Research. “Wookey is one of the best in enterprise software at building effective teams.”

All told, Wookey should have plenty to do. In recent years, Salesforce.com has moved far beyond its roots as a CRM (customer relationship management) vendor, venturing into areas such as social networking and adding new cloud development platforms for Java and other programming languages.

It has also eyed the ERP (enterprise resource planning) market through efforts like FinancialForce.com, its joint venture with Unit 4 Agresso, as well as partnerships with vendors like Workday and Infor.

Uncategorized

Microsoft wants a share of Huawei’s Android profits

As a reward for its growth and successful product launches, Huawei now finds itself on the grim radar of Redmond’s patent fee hunters, who claim that Android-based hardware impinges on their intellectual property.
MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com
“Microsoft has come to us,” said the Chinese manufacturer’s chief marketing officer at an event in London last night, confirming that “negotiations are in progress” and hinting that Huawei could soon be another head on Steve Ballmer’s wall — which is already crowded with trophies.

Uncategorized

Feds charge 7 in Internet ad-fraud case

NEW YORK (AP) — A crew of Internet bandits devised an international scheme to hijack more than 4 million computers worldwide, manipulating traffic on Netflix, the Internal Revenue Service and other popular websites to generate at least $14 million in fraudulent advertising revenue, federal prosecutors said Wednesday.

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 

About 500,000 computers in the United States were infected withmalware, including those used by ordinary users, educational institutions, nonprofits and government agencies like NASA, U.S. Attorney Preet Bharara said at a Manhattan news conference.
Bharara called the case “the first of its kind” because the suspects set up their own “rogue servers” to secretly reroute Internet traffic to sites where they had a cut of the advertising revenue.

Six of the seven people named in the indictment were Estonians who were in custody in that country, and extradition was being sought, prosecutors said; one Russian remained at large. As part of the takedown, the FBI disabled the rogue servers without interrupting Internet service, authorities said.

The problem was first discovered at NASA, where 130 computers were infected. Investigators followed a digital trail to Eastern Europe, where the defendants operated “companies that masqueraded as legitimate participants in the Internet advertising industry,” according to an indictment unsealed on Wednesday.

The defendants “engaged in a massive and sophisticated scheme that infected at least 4 million computers located in over 100 countries with malicious software or malware,” the indictment said. “Without the computer users’ knowledge or permission, the malware digitally hijacked the infected computers to facilitate the fraud.”

Once their computers were infected, people seeking to visit Netflix, the IRS, ESPN, Amazon and other legitimate sites were redirected to sites where the defendants collected income for each click on an ad, authorities said. The malware and corrupted servers also allowed the defendants to substitute legitimate ads on other websites with replacement ads that earned them more illicit income, they added.

“On a massive scale, the defendants gave new meaning to the term ‘false advertising,'” Bharara said.
The indictment estimated the defendants “reaped least $14 million in ill-gotten gains” over a five-year period.

MCITP, mcitp certification, MCITP Training, MCSE, MCSE Certification, MCSE Training, MCTS, MCTS Certification, MCTS Training, Microsoft

Microsoft patches critical Windows 7 bug, downplays exploit threat

Microsoft today delivered four security updates that patched four vulnerabilities in Windows, most of them affecting the newer editions of Vista and Windows 7.

MCTS Certification, MCITP Certification
Cisco CCNA Training, Cisco CCNA Certification 2000+ Exams at Examkingdom.com

Only one of the updates was marked “critical,” Microsoft’s most-serious threat ranking. Two of the remaining were labeled “important” and the fourth was tagged as “moderate.”

As expected, Microsoft did not patch the Windows kernel vulnerability exploited by the Duqu campaign.

Top on Microsoft’s chart today — and on outside researchers’ to-do lists as well — was the MS10-083 update that patches a bug in Windows Vista’s, Windows 7’s and Server 2008’s TCP/IP stack, which regulates Internet connections.

The vulnerability could be used by attackers in certain circumstances to hijack an unpatched PC, said Microsoft, which nevertheless downplayed the likelihood of successful attacks.

“This critical bug allows an attack via the network, and looks troublesome at first glance,” said Andrew Storms, director of security operations at nCircle Security. “But it doesn’t look very easy to pull off, so in this case, it’s not as big a concern as one would think.”

Storms pointed to a post by Microsoft engineers on the Security Research & Defense blog that spelled out the necessary conditions for an effective attack.

“We believe it is difficult to achieve [remote code execution] using this vulnerability considering that the type of network packets required are normally filtered at the perimeter and the small timing window … and [that] a large number of packets are required to pull off the attack,” wrote Ali Rahbar and Mark Wodrich of the Microsoft Security Response Center (MSRC).

Microsoft gave the vulnerability an exploitability index rating of “2,” meaning that it expects only unreliable exploit code to appear in the next 30 days.

Even so, some researchers warned that if criminals focused their attention on the bug, they may be able to craft a consistent exploit that could be used to launch worm-based attacks.

Microsoft also updated Windows Mail and Windows Meeting Space on Vista, Windows 7 and Server 2008 to fix yet another “DLL load hijacking” vulnerability.

DLL load hijacking, sometimes called “binary pre-loading,” describes a class of bugs first revealed in August 2010. Microsoft has been patching its software to fix the problem — which can be exploited by tricking an application into loading a malicious file with the same name as a required dynamic link library, or DLL — since last November.

Today’s MS11-085 update was the eighteenth Microsoft has issued to fix DLL load-hijacking vulnerabilities in its software.

“They’re a dime-a-dozen these days,” said Storms of the latest in the long-running series.

Researchers also noted that while Microsoft did not patch the Duqu-exploited bug, it did fix a different flaw in the TrueType font parsing engine, the component targeted by the Trojan’s attacks.

MS11-084 fixes a single vulnerability in the Windows kernel-mode driver “Win32k.sys” that can be exploited through a malformed TrueType font file.

“We’re see a pattern of kernel-level bugs and parsing of font files,” said Storms. “And they’re going to have to come back and patch this again for Duqu.”

Microsoft patched the TrueType engine within Win32k.sys just last month, fixing a flaw that let hackers conduct denial-of-service attacks to cripple Windows PCs. Today’s bug was also categorized as a denial-of-service flaw.

In lieu of a fix, Microsoft last week told customers that they could defend their systems by blocking access to “t2embed.dll,” the dynamic link library that handles embedded TrueType fonts.

An advisory offered command-prompt strings IT administrators can use to deny access to t2embed.dll, and links to one of Microsoft’s “Fix-it” tools that automate the process of blocking or unblocking access to the library.

Blocking t2embed.dll, however, has side effects: Applications, including Web browsers, applications in Microsoft’s Office suite and Adobe’s Reader, may not render text properly.

Microsoft also updated that advisory today with a link to a list of its antivirus partners that have issued signatures to detect the kernel-based Duqu attacks.

November’s security patches can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.