Chris Mosby at myITforum.com

I went to two awesome sessions on the OSD feature pack yesterday.  One was by Wally Mead, and another by Johan Arwidmark, a Microsoft MVP in Setup/Deployment.

While my partner-in-crime, Jeremy, and I learned essential information in the use of the OSD Feature Pack that will make us super-heroes back at the office, I did want to make one comment about what we learned.

I was really surprised to learn that a lot of the little problems (some bigger than others) that we have been experiencing were actually issues and\or intentional(?) behavior in the OSD Feature Pack. 

Now I admit that we pushed through our issues without seeking out to much outside help from Microsoft or the community, mainly out of a deep seeded need to figure things out on my own. However, I feel that some of the things that some the issues that we were having should have been disclosed to the community and with emphasis, especially since Microsoft now says that the OSD is the PREFERED way to deploy Vista.  If this was done and I missed it, then that is my fault. Meanwhile we thought we were doing something wrong,

Two of the issues that I can remember this early in the morning are the following:

1. If you have a server image that requires specific storage drivers that have to be required on your Image Install CD, then you will have problems using that install CD if you try to use it to install an image on a workstation install that does not need those same drivers.  This is because the image install process will try to force the use of the storage drivers if you include them on the CD. In our case, that means having a seperate CDs for workstations and server installs. This might not sound like a big deal, but it is if you are in the middle of trying to get OSD running for a major deployment.
2. This is the biggest one to me.  Apparently while loading up the image capture or install process, network access functionality doesn't always load up before the wizard to start off the process is loaded. To make sure that this does happen, you have to do some hacking in the background.  You have no idea how many hours we wasted on that issue!!

OK now that I have vented about this, you should all know that documentation on some of the sessions will be available here soon.  Be on the look out for anything that has been written by Johan Arwidmark, the Jedi Master of OSD and ZTI as far as I am concerned.

 UPDATE: Looks like the guide that I saw has already been published on MyITforum.com, download it here: http://myitforum.com/articles/8/view.asp?id=8856

Here are some pictures from when I made it into San Diego on Sunday.

MMS 2006 Day 0

This is one to pay attention to, a re-release that fixes issues of the previous patch.

**************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: April 25, 2006
**************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

  * MS06-015

Bulletin Information:
=====================

* MS06-015

- http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx
- Reason for Revision: This bulletin has been re-released to advise customers that revised versions of the security update are available for all products listed in the "Affected Software"
    section. Customers who have already applied the MS06-015 update who are not experiencing the problem need take no action. For additional information, see "Why did Microsoft reissue this bulletin on April 25, 2006." in "Frequently asked questions
    (FAQ) related to this security update" section.
- Originally posted: April 11, 2006
- Updated: April 25, 2006
- Bulletin Severity Rating: Critical
- Version: 2.0

This will probably be my last post for a few days at least, my co-worker Jeremy and  I will be heading off to MMS on Sunday. 

Hope to see the ones that can make it at the "Meet and Greet" events that Rod mentioned on his blog.

Just a reminder to everyone, I am terrible with names.  If you come up an talk to me and I act like I'm not sure if I know who you are, please introduce yourself.  That will save us both an embarrasing moment.

Hope that all of you that are going to MMS have a safe trip.  For the ones that can't make it, I will have a moment of silence in your honor.

Take care,
Chris

More information on the MS06-015 issue

Hi everyone, Stephen Toulouse here.  We've been continually examining the best way to assist the customers who may have been impacted by the interaction of MS06-015 with the software Mike mentioned before.  We wanted to check in and let you know the current plan.  Up until now there have been several solutions: Upgrade to the newest version of the affected software, a manual registry key fix, uninstall the third party software (NVIDIA Drivers versions 61.94 and prior or the Hewlett Packard Share-to-web software) or uninstall the update.  All of these require the user to take some sort of action.  

So what we have done is re-engineered the MS06-015 update to avoid the conflict altogether with the older Hewlett Packard and NVIDIA software. We're going to run a test pass on it and we will release this new update on Tuesday, April 25th.  What the new update essentially does is simply add the affected third party software to an "exception list" so that the problem does not occur.  The revised update automates the manual registry key fix.   

So what should you do? 

Well if you are experiencing the problem right now, you can use the currently available reg key fix documented in 918165, go to the newest versions of the affected software, or uninstall the third party software.  On Tuesday April 25th, if you have not taken those actions but are having the problem, the update MS06-015 will be delivered to the machine through AU if configured, or through Microsoft Update or the Download Center if you want to install it manually. 

I want to be real clear about that.  When the update is re-released, it's going to be very much targeted to people who are having the problem, or people who have not installed MS06-015 yet.  That means if you have already installed MS06-015 and are not having the problem, there's no action here for you.  Windows Update, Microsoft Update, and Automatic Update will have detection logic built into them to only offer the revised update (which essentially includes the reg key fix) to those customers who either don't have MS06-015 or are having the problem.

We've updated the bulletin to reflect this information as well.

S.

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Published Friday, April 21, 2006 2:16 AM by stepto

Welcome to the Microsoft Security Response Center Blog! : More information on the MS06-015 issue.

Microsoft patch problems (NEW)

Published: 2006-04-21,
Last Updated: 2006-04-21 15:55:13 UTC by Adrien de Beaupre (Version: 1)

There have been reports of problems with Microsoft patch MS06-013 Cumulative Security Update for Internet Explorer (912812). MS06-016 where the Outlook Express address book disappears. In this case removal of the patch and the address book re-appears, however the other vulnerabilities the patch address come back.

One other Microsoft patch MS06-015 will be updated due to compatibility issues. This was announced in their blog.  http://blogs.technet.com/msrc/archive/2006/04/21/425838.aspx

If you have any issues with a Microsoft patch impacting your system contact them directly, the call is free. In the US or Canada dial: 1-866 - 727 - 2389 ( 866 PC SAFETY ) In other countries/regions, contact your local Microsoft office.

Cheers,
Adrien

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System.

"Star Trek" franchise set for 2008 revival: report
Fri Apr 21, 2006 3:12 AM ET

LOS ANGELES (Reuters) - More than three years after the last "Star Trek" movie crashed at the box office, the venerable sci-fi franchise is being revived by the director of the upcoming "Mission: Impossible" sequel, Daily Variety reported in its Friday edition.

The as-yet-untitled "Star Trek" feature, the 11th since 1979, is aiming for a fall 2008 release through Paramount Pictures, the Viacom Inc. unit looking to restore its box-office luster under new management, the trade paper said.

The project will be directed by J.J. Abrams, whose Tom Cruise vehicle "Mission: Impossible III" will be released by Paramount on May 5. Abrams, famed for producing the TV shows "Alias" and "Lost," will also help write and produce.

Daily Variety said the action would center on the early days of "Star Trek" characters James T. Kirk and Mr. Spock, including their first meeting at Starfleet Academy and first outer-space mission.

The paper described "Star Trek" as Hollywood's most durable performer after James Bond, spawning 10 features that have grossed more than $1 billion and 726 TV episodes from six series.

The 10th film, "Star Trek: Nemesis," bombed at the box office on its December 2002 release, earning just $43 million in North America. Last year, Viacom-owned broadcast network UPN pulled the plug on the low-rated series "Star Trek: Enterprise"

- http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx

Security Response has published a removal tool to clean infections of  W32.Mytob.PI@mm.

 Version 1.36.0 of the tool, which adds support for removal of W32.Mytob.PI@mm, can be obtained by visiting:
 http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob@mm.removal.tool.html

To date, this tool will clean the following:

• W32.Mytob@mm
• W32.Mytob.B@mm
• W32.Mytob.L@mm
• W32.Mytob.M@mm
• W32.Mytob.R@mm
• W32.Mytob.U@mm
• W32.Mytob.V@mm
• W32.Mytob.AG@mm
• W32.Mytob.AH@mm
• W32.Mytob.AS@mm
• W32.Mytob.BE@mm
• W32.Mytob.BV@mm
• W32.Mytob.CF@mm
• W32.Mytob.CH@mm
• W32.Mytob.CU@mm
• W32.Mytob.CY@mm
• W32.Mytob.DA@mm
• W32.Mytob.DB@mm
• W32.Mytob.DF@mm
• W32.Mytob.DJ@mm
• W32.Mytob.DL@mm
• W32.Mytob.DP@mm
• W32.Mytob.DV@mm
• W32.Mytob.EB@mm
• W32.Mytob.EC@mm
• W32.Mytob.ED@mm
• W32.Mytob.EE@mm
• W32.Mytob.EG@mm
• W32.Mytob.IE@mm
• W32.Mytob.KE@mm
• W32.Mytob.KP@mm
• W32.Mytob.KU@mm
• W32.Mytob.LE@mm
• W32.Mytob.LO@mm
• W32.Mytob.MC@mm
• W32.Mytob.PI@mm

Patch Tuesday Fallout (NEW)

Published: 2006-04-16,
Last Updated: 2006-04-16 00:56:49 UTC by Johannes Ullrich (Version: 1)

Microsoft published a knowledge base article about issues with MS06-015. The two main culprits appear to be HP's "Share-to-Web" software and Kerio Personal Firewall.

In order to implement the MS06-015 fix, Microsoft created a special binary (VERCLSID.EXE) which will validate extensions before the windows shell or explorer is able to instantiate them. If VERCLSID.EXE fails to run, many functions are disructed (e.g. open files in applications using the 'File'->'Open' menu).

More stories about patch MS06-013 can be found in a recent Inforworld article. This patch was expected to cause issues due to the changes in ActiveX functionality. Again, see the respective Microsoft statement. Let us know if you experience any issues. So far, everything appears to center around 'Siebel 7'. Given the lack of outcries so far, I don't expect a lot of problems with other applications.

(Thanks to Susan and Juha-Matti for their contributions!)

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System.

********************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: April 15, 2006
********************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS06-015

Bulletin Information:
=====================

* MS06-015

- http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx
- Reason for Revision: "Caveats" section updated due to new issues discovered with the security update. Users may experience issues in Windows Explorer or the Windows shell after installing the
update. Security Update Information revised to reflect correct file version information for Microsoft Windows XP and Microsoft Windows 2000.
- Originally posted: April 11, 2006
- Updated: April 15, 2006
- Bulletin Severity Rating: Critical
- Version: 1.1

.

http://www.microsoft.com/technet/security/bulletin/ms06-apr.mspx

At the time of this writing, all the bulletin links aren’t live, but here is what we have this month.  NOTE: Three of these patches require the Extended Security Update Inventory Tool