ISACertTool & ISA Server Enterprise Edition in a Workgroup

Posted on by wooway

Here are some links and ideas, the final solution has yet found.
 
ISA Server 2004 Enterprise Edition in a Workgroup
http://technet.microsoft.com/en-ca/library/cc302483.aspx
Install a computer running ISA Server services (2004 Enterprise Edition)
http://www.microsoft.com/technet/isa/2004/help/SREE_H_InstISASvcs.mspx?mfr=true
Install the ISA Configuration Storage Server and Configure the Firewall Array
http://technet.microsoft.com/en-us/library/cc539144(TechNet.10).aspx
Specify credentials for communication with the Configuration Storage server (2004 Enterprise Edition)
http://www.microsoft.com/technet/isa/2004/help/SREE_H_CSSAuthen.mspx?mfr=true
Specify credentials for communication with the Configuration Storage server (2006 Enterprise Edition)
http://technet.microsoft.com/en-us/library/bb838856(TechNet.10).aspx
ISACertTool for Internet Security and Acceleration (ISA) Server 2006 Enterprise Edition
http://www.microsoft.com/downloads/details.aspx?familyid=655f22ba-2424-4269-94d3-cb07308afc46&displaylang=en
 
ISACertTool for ISA Server 2006 Enterprise Edition
 
DescriptionISA Server 2006 Enterprise Edition uses a Configuration Storage server as a storage mechanism for enterprise and array settings. ISA Server array members must be able to connect to a Configuration Storage server, and certificates are required to authenticate this connection in the following scenarios:
• When ISA Server computers are not installed in a domain (workgroup mode).
• When ISA Server array members are part of a domain that does not have a trust relationship with the domain in which the Configuration Storage server is located.
Certificate configuration is done during ISA Server Setup, but if you want to change configuration settings after installation, ISACertTool.exe helps you do the following:
• Install a server certificate on the Configuration Storage server.
• Install a root certificate on each array member to indicate that it trusts the Certification Authority that issued the server certificate.
To download and install this tool, follow the below steps:
– Click the Download button on this page to start the download.
– Do one of the following:
• To start the installation immediately, click Run.
• To save the download to your computer for installation at a later time, click Save.
• To cancel the installation, click Cancel.

Microsoft’s most recent update for Windows caused many people using Check Point’s ZoneAlarm firewall to lose their Internet connection

Posted on by wooway

Put a leash on Windows’ automatic updates

Microsoft’s most recent update for Windows caused many people using Check Point’s ZoneAlarm firewall to lose their Internet connection. The patch fixes a potential DNS-related security breach that affects servers and clients alike, so I’m sure Microsoft was compelled to release it as quickly as possible.

That’s little consolation for the many ZoneAlarm users who struggled to regain their network connection. Read more about the problem, and find a link to Check Point’s solution, at Robert Vamosi’s Defense in Depth blog.

The fact is, even with potentially serious security holes such as this appears to be, you can usually wait a day or two before installing the update to make sure the fix doesn’t cause some problems of its own. Simply set Windows Update to download updates automatically but prompt you before installing them, or to alert you when an update is available for download so you can decide when to fetch it and implement it.

In Windows XP, click Start > Run, type sysdm.cpl, and press Enter. Click the Automatic Updates tab and choose either "Download updates for me, but let me choose when to install them," or "Notify me but don’t automatically download or install them." You can also choose "Turn off automatic updates," but I recommend either of the semi-automatic methods. When you’re done, click OK.

Choose either option that prevents Windows updates from being installed automatically.(Credit: Microsoft)

To change your Windows Update settings in Vista, press the Windows key, type windows update, and press Enter. Click Change settings in the left pane, and choose either "Download updates but let me choose whether to install them" or "Check for updates but let me choose whether to download or install them." As with XP, I caution against selecting "Never check for updates (Not recommended)." This is one of the few points on which Microsoft and I agree.

Now get into the habit of watching the tech news wires each Wednesday after Microsoft’s Patch Tuesdays to determine whether an update is going smoothly before applying it manually. Sometimes being first isn’t such a good idea.

Source: http://news.cnet.com/8301-13880_3-9988581-68.html?hhTest=1

Links:
http://news.cnet.com/8301-10789_3-9986625-57.html?hhTest=1
http://news.cnet.com/8301-10789_3-9987632-57.html?hhTest=1