Search Stanford:
 

About this Service

• Overview
• News
• Service Summary
• Administrative Guide
• Migration
• Client List

Documentation

• Decision Maker
• IT Implementer
• End User

Service List

• Authentication
• Authorization
• Directory
• Exchange
• DFS
• BitLocker Key Escrow

Contacts

• Administrator List
• Email Lists
• Windows Systems Group

Related Services

• Managed Server Hosting
• BigFix Patch Management
• ITSS Contract Support
• Essential Stanford Software

Tools

• Password Reset Tool
• StanfordYou
• Workgroup Manager

• IT Services
• Stanford Windows Infrastructure
• News & Links

News & Links

Infrastructure News

Updated: July 8, 2008
The Windows Infrastructure update to Windows server 2008 has been postponed to August, 2008.

---

Updated: May 10, 2008
The Windows Infrastructure group policies have been updated. The policies have been restructured to support our planned business continuity site and have been updated to better support Windows Vista clients. We have also made changes to allow for local departments to assign DRAs for EFS encryption on clients they control
See the new GPOS at: Infrastructure GPOs
Check out the EFS service pages at: EFS service

---

Updated: April 26, 2008
The pre-production Active Directory forest (MS) has been upgraded to Windows Server 2008 AD-DS. All clients are encouraged to test their existing IT applications and processes in preparation for production rollout.

---

Updated: March 27, 2008
The Active Directory schema has been upgraded to version 31 (Windows Server 2003 R2) to support Print Management Console and posixAccount

---

Updated: February 4, 2008
Windows Server 2008 has released to manufacturing. Final development for upgrade for Stanford Windows Infrastructure has commenced.

---

Updated: January 18, 2007
Bi-directional trust between the Stanford Windows Infrastructure and the stanford.edu Kerberos 5 realm has been established. Any authentication issues experienced are most likely due to missing servicePrincipalName values. These are most often found when the DNS suffix for a computer is not entered correctly in the computer name properties ("stanford.edu") or MS SQL server is being run under an alternate account (that account needs MSSQLSvc SPNs applied)

---

Updated: November 30, 2006
Microsoft Windows Vista Business and Enterprise Editions are now available through CWA. The guidance for adding a computer to the domain has been updated to reflect instructions for adding a Windows Vista machine to the infrastructure. LINK. Vista Home and Home Premium Editions cannot join the Stanford Windows Infrastructure.

---

Windows News

Product life cycles announced by Microsoft. Windows XP to be supported mainstream for 2 years after release of next OS version. Extended support for 5 years after mainstream support ends.

Product	Support end date
Windows NT Workstation 4.0	June 30, 2004
Windows NT Server 4.0 (Security support only)	January 1, 2005
Windows ME (Paid support only)	June 30, 2006
Windows 2000 Professional and Server (Extended Support)	June 30, 2010
Windows XP Home (Mainstream Support)	~January 30, 2009
Windows XP Professional (Mainstream Support)	~January 30, 2009

Microsoft Security Bulletins RSS Feed

Copyright Microsoft Corporation 2005

---

Updated: Tue, 14 Oct 2008 08:00:00 GMT
MS08-066 – Important: Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Microsoft Ancillary Function Driver. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

---

Updated: Tue, 14 Oct 2008 08:00:00 GMT
MS08-065 – Important: Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Message Queuing Service (MSMQ) on Microsoft Windows 2000 systems. The vulnerability could allow remote code execution on Microsoft Windows 2000 systems with the MSMQ service enabled.

---

Updated: Tue, 14 Oct 2008 08:00:00 GMT
MS08-064 – Important: Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Virtual Address Descriptor. The vulnerability could allow elevation of privilege if a user runs a specially crafted application. An authenticated attacker who successfully exploited this vulnerability could gain elevation of privilege on an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

---

Updated: Tue, 14 Oct 2008 08:00:00 GMT
MS08-063 – Important: Vulnerability in SMB Could Allow Remote Code Execution (957095)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on a server that is sharing files or folders. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

---

Updated: Tue, 14 Oct 2008 08:00:00 GMT
MS08-062 - Important: Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
Bulletin Severity Rating:Important - This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

---

Updated: Tue, 14 Oct 2008 08:00:00 GMT
MS08-061 – Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
Bulletin Severity Rating:Important - This security update resolves one publicly disclosed and two privately reported vulnerabilities in the Windows kernel. A local attacker who successfully exploited these vulnerabilities could take complete control of an affected system. The vulnerabilities could not be exploited remotely or by anonymous users.

Links

Windows Infrastructure in Hi-ed:

• MIT's win.mit.edu Project
• CMU's Project Orpheus
• Univ. of Colorado--Boulder Project
• University of Illinois at Urbana-Champaign AD project
• University of California at Davis W2K project
• University of Leicester in England W2K project
• Oxford University in England W2K project
• Windows 2000 project at the University of Houston

Microsoft:

• Windows Update/Microsoft Update
• Windows Catalog Search by OS
• Microsoft's "NT Resources" Page
• Microsoft's Tested Products List
• Developing using the "Principle of Least Privilege"
• Windows Vista:
  • Microsoft Windows Vista Home Page
  • Microsoft Windows Vista Developer Page
• Windows Server 2003:
  • Microsoft Windows 2003 Server Home Page
  • Windows Server 2003 Security Center
  • Windows Server 2003 Developer Center
• Windows XP:
  • Microsoft Windows XP Page
  • Windows XP Security Center
  • Windows XP Developer Center
• Windows 2000 Server:
  • Microsoft's Windows 2000 Server Home Page
  • Microsoft Windows 2000 Server Security Center
  • Windows 2000 Server Developer Center

Stanford Links:

• Techport Training for the Stanford Community
• Stanford Security Office's Secure Computing page

Windows Information around the net:

• Windows Tips, Registry Hacks, and More
• Windows NT Security FAQ
• John Savill's FAQ for Windows
• Windows IT Pro