Blog du Tristank

So terrific that 3 of 4 readers rated it "soporific"

Website Security Suggestion: Get rid of cruft! (script included)

Right: One of my pet hates is cruft on a production website. Cruft is stuff – files – which has accumulated because nobody’s paying attention. Cruft includes sampleware. Developer experiments. Readmes. Sample configs. Backups of files which never get cleaned up. Just general accumulated stuff. It’s website navel lint. Hypertext hairballs. Cruft. Has. No. Place…. Read more

Sunsetting TMG 2010 with some (free!) Best Practices

Long and boring post ahead. So: KITTENS! There. Fluffy now. As one of the Premier Field Engineers performing ISA Server Health Checks and then Threat Management Gateway (TMG) configuration reviews (by default, from my long association with Proxy 2.0 and then ISA), I was reviewing a document I put together for a customer just before… Read more

TMG Rollup 3 out now; so’s Mod_Security for IIS

TMG SP2 Update Rollup 3 As the ISA Blog mentions, Rollup 3 for TMG Service Pack 2 is now available: We are happy to announce the availability of Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 (SP2). TMG SP2 Rollup 3 is available for download here: Rollup 3 for Forefront Threat… Read more

Is it time for you to reset your online identity?

Lots of account hacking activity in the news recently. The Blizzard hack (via RPS) caught my eye because of some of the wording used to describe it: “Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players… Read more

IUSR vs Application Pool Identity – Why use either?

(pasted from my email clippings. I’m on holiday right now, catching up on paperwork!) The TLDR version is: using AppPoolIdentity as both the App Pool Account and Anonymous user account lets you have multiple isolated anonymous websites on one box. IIS 7.x and upwards (as of Win2008 R2 and Windows 2008 SP2, also in IIS 8.x in Windows Server… Read more

Configuring Kerberos for SharePoint farms – a generic gotchas list

Recently, I worked on a Kerberos configuration issue with a customer; these are my notes from the visit. You’ll see some common themes with Kerbie Goes Bananas, and it puts much of that into practice. Speaking of, I must redo Kerbie with SetSPN -S  (shameface)   1. DNS should use an A record to refer… Read more

(The catchily-titled) TMG 2010 SP1 SU1 UR4 is out now!

That’s Forefront Threat Management Gateway 2010 + Service Pack 1 + Software Update 1 + Update Rollup 4 to its friends. This is the latest 2011 update for TMG – see the fix list at the KB article. http://support.microsoft.com/kb/2517957   The larger list of ISA Server build numbers is still here – wonder if there’s… Read more

ISA 2000: The End Draws Near

While updating some documentation today and noticing it’s 2011 (when, exactly, did that happen?), I dug up the ISA Server 2000 Lifecycle information. Paraphrasing the table here:   Availability Mainstream Support Ends Extended Support Ends Internet Security and Acceleration Server 2000 Enterprise Edition 18/03/2001 11/04/2006 12/04/2011 That’s right, kids, it expires on April 12 this… Read more

TMG 2010 Service Pack 1!

Missed this completely while working onsite for the last {forever}! TMG SP1 is here. There’s an X64 version for the Server and/or EMS, and a 32-bit version for just the MMC bits on computers you use to remotely manage the boxes. Installation Instructions Downloads: http://www.microsoft.com/downloads/details.aspx?FamilyID=f0fd5770-7360-4916-a5be-a88a0fd76c7c&displaylang=en… Read more