Paul's Down-Home Page

I’m not making this up. From this morning’s email, an announcement from SANS of an upcoming Exchange security webcast. Here’s an excerpt from the announcement:

A Microsoft Exchange Server is often found as one of the most important collaborative assets to current organizations of all sizes. With so much dependency on a reliable e-mail and collaboration
system, many organizations are faced with the problem of how to secure those communications. This webcast will introduce listeners to Exchange messaging protocols and discuss strategies to secure those communications. This webcast will focus on Microsoft Exchange Server 2003. Miles Stevenson has spent the last five years working as a Linux network administrator. He worked in both commercial and
government sectors specializing in low-cost Linux solutions. He currently works as a full time network administrator for the SANS Institute and directs the SANS Assessment program.

Now, I don’t mean any personal disrespect to Mr. Stevenson. However, I don’t understand what in his background as a Linux admin qualifies him to talk about securing Exchange. Securing any enterprise messaging system requires a fair bit of specialized knowledge, including a good understanding of the underlying OS. I wouldn’t expect an Exchange administrator to be able to talk knowledgeably about Linux security, for example. I’m curious about what exactly will be covered in the webcast, but I’ll be on a flight when it’s being presented– if you monitor it, leave a comment here and let me know what you thought about it.

See, I told you the Entourage blog was about to spring back to life. Today’s entry: the details on the Exchange hotfixes suggested (but not required) for using Entourage 2004 SP2 with Exchange 2000 and Exchange Server 2003.

Today Microsoft announced that it was releasing Service Pack 2 (SP2) for the Macintosh version of Microsoft Office. Apart from the usual bug fixes to all of the Office apps, the big news here is that SP2 makes some major– and welcome– changes to Entourage’s Exchange support.

There’s a long list of tasty new Exchange goodness in the SP2 release, including:

• A new model for calendaring and address books. Previous versions couldn’t support calendar or contact public folders; this release does. In order to enable that support, the dev team changed the way calendar data is stored and managed. Now you’ll have a calendar on your local machine, plus a calendar for each Exchange account, plus any calendar public folders you have. For most Exchange users, this will be a huge improvement. For the small number of users who’d defined multiple Exchange accounts in the same Entourage identity, you’ll notice that now Entourage doesn’t automatically sync events from every calendar to every other calendar.
• Much, much better sync performance with Exchange accounts. (They also fixed that annoying bug where the Progress window would pop up even when you’d previously closed it.) Public folder browse performance is greatly improved too.
• Support for setting permissions on Exchange items. That’s right– you can now grant permissions on any folders in your mailbox, just like you can in Outlook. You can also open other users’ shared folders, provided you have permission to do so.
• You can create private calendar and contact items.
• There’s much better support for delegation, including the ability to assign other users as delegates.

There are also some less obvious, but perhaps more welcome, changes. For example, Entourage now honors the Thread-Index and Thread-Topic headers that Outlook uses. That means that conversations with Outlook users will be properly threaded. Entourage also includes a new Conversation view type that properly threads mail messages– a feature that’s long overdue (though you could simulate it by creating your own custom view). You can also do a “get info” on any folder to see how much space it’s taking up on the Exchange server– something I use all the time, given the mailbox limits applied to some of my accounts.

SP2 is available for download from Microsoft’s Mac website; as far as I know, it will update either the RTM or SP1 versions of the Office suite, and you’ll need to install it separately on each machine unless you’re using a software distribution system. Microsoft has also promised to make it available through their automatic update mechanism for Mac Office, but it doesn’t seem to have shown up there yet.

Update: Gerod reminded me that you need an Exchange hotfix to enable sharing and delegation to work; I’d forgotten all about that. (Also updated the links to point to live content)

Update: John Welch has tons of screen shots in his article on SP2.

Did you know that there’s a blog maintained by the Entourage team at Microsoft’s Mac business unit? Me neither. But they do, and a little bird tells me that they’re going to start updating it much more regularly. Drop by and add it to your aggregator if you use or support Entourage.

Cool stuff from the PDC: the developer roadmap for E12 was unveiled at PDC today. Terry Myerson has a post on it at the Exchange team blog, or you can just go straight to the PowerPoint deck from the session. I’ve got a lot of catching up to do, since the Cookbook depends on WMI and CDOEXM.

Let’s say you wanted to set every calendar in your organization to grant all users “reviewer” rights. This makes it easy to see detailed calendar data instead of just pure free/busy information. There’s no direct way to do this through CDOEXM or WMI, but Glen Scales has come up with a solution that uses the Exchange 5.5 acl.dll. Check it out here.

I actually had real work to do this week, so I couldn’t attend the PDC. That’s too bad, because there’s a lot of interesting stuff happening there. For example, MS today took the wraps off Windows Workflow Services, their platform for workflow integration. There are some interesting touches that I think will help distinguish their offering from their competitors, including integration with Visual Studio and a marketplace for workflow actions (which MS is calling “activities”.) When I get some time, I’ll have to dig into this and see what’s what.

In related news, MS also started talking about changes to InfoPath (hint: no more requirement for a client-side application) and their new Office server platforms. It’s very interesting that they’re focusing on BI and content management as first-class tasks in the new release; we’ll have to wait and see what capabilities they’re able to get in for the 1.0 release.

There’s a fascinating article in the most recent issue of RISKS Digest about anomalies and Byzantine failures in flight control systems. I can’t explain it nearly as well as Peter Ladkin, who wrote it, so I won’t try. Although Exchange and Windows aren’t generally vulnerable to Byzantine faults, it’s a fascinating area of study in security-critical systems: how do you design systems that keep working when their inputs are lying?