Operating System Upgrade 2003.1.5a (win-OS-Upgrade-K9.2003-1-5a.exe)
Release date: 13-Jan-2010
Readme last updated: 15-Jan-2010
Information about This Service Release
The upgrade supports the following Cisco IP Telephony Applications that run on Windows 2003 Server.
Cisco CallManager and all compatible versions of Cisco IP Interactive Voice Response (IP IVR), Cisco IP Call Center Express (IPCC Express), Cisco IP Queue Manager (IP QM), Cisco Personal Assistant (PA), Cisco Emergency Responder (CER), Cisco Conference Connection (CCC), Cisco MeetingPlace, and Cisco Customer Voice Portal (CVP).
Minimum OS Requirements: (Fresh Install or Upgrade Versions of) – 2003.1.1a, 2003.1.1b, 2003.1.1c 2003.1.2a, 2003.1.3a, 2003.1.3b, 2003.1.4, 2003.1.4a, 2003.1.5
Supported Servers: All of the following Cisco Media Convergence Servers (MCS) and Cisco-approved, customer-provided Compaq/HP and IBM servers:
Cisco MCS 7825-I2 (2.8GHz CPU and 3.4 GHz CPU)
Cisco MCS 7825-H2 (2.8GHz CPU and 3.4 GHz CPU)
Cisco MCS 7835H-3000 (2.4GHz CPU and 3.0 GHz CPU)
Cisco MCS 7835I-3000 (2.4GHz CPU and 3.0 GHz CPU)
Cisco MCS 7845H-3000 (2.4GHz CPU and 3.0 GHz CPU)
Cisco MCS 7845I-3000 (2.4GHz CPU and 3.0 GHz CPU)
See the End-of-Life Policy for more details.
Contents
This document contains the following sections. Click the hyperlink to go directly to the section.
Locating Related Documentation
Cisco strongly recommends that you review the following documents before you perform the installation:
Cisco IP Telephony Operating System, SQL Server, and Security Updates
This document provides information for tracking operating system (OS) and BIOS upgrades and patches. To obtain this document, click the following URL:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/win_os/os_srv_sec/osbios.htm
Installing the Operating System on the Cisco IP Telephony Applications Server
This document provides descriptive information and procedures for the operating system. To obtain this document, click the following URL: http://www.cisco.com/en/US/products/hw/voiceapp/ps378/prod_installation_guides_list.html
Cisco IP telephony application documentation
Click the following URL to obtain documentation for your application:
http://www.cisco.com/web/psa/products/tsd_products_support_install_and_upgrade.html?c=278875240
Cisco CallManager Notification Tool: Cisco has replaced the current Cisco CallManager notification tool with a new, more robust notification tool that is based on your Cisco.com profiles. This new tool delivers e-mail notifications for individual Cisco voice products that you select . Use the following steps to sign up for the Cisco Voice Technology Group Subscription Tool:
Log in with your Cisco.com account information at this link: http://www.cisco.com/cgi-bin/Software/Newsbuilder/Builder/VOICE.cgi
Select "CallManager Cryptographic Software including OS updates" to receive notification when new operating system updates are posted.
Select any other products updates that you want to receive.
Click update at the bottom of the page.
Confirm your selections.
You may see this message at the bottom of the page: "Your Profile Currently Indicates that you do not wish to receive e-mail from Cisco."
To be able to receive information updates, you must update your e-mail preferences. Click the link to update your e-mail preferences (located in the Other Information section). Click submit when you are done.
If you have enabled e-mail notification, you may exit now. If you have not enabled e-mail notification, you will need to repeat the preceding steps.
This new software notification tool requires a valid Cisco.com log in. If you do not currently have a Cisco.com password, register with Cisco.com at: http://tools.cisco.com/RPF/register/register.do
Cisco PSIRT Advisory Notification Tool: This e-mail service provides automatic notification of all Cisco Security Advisories that the Cisco Product Security Incident Response Team (PSIRT) releases. Security Advisories, which describe security issues that directly impact Cisco products, provide a set of required actions to repair these products. To subscribe, click the following URL and perform the tasks as directed on the web page: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html - SecurityInfo
Upgrading the Operating System via the Web
If you are installing the operating system for the first time, you must use the Cisco IP Telephony Operating System disks that ship with your Cisco IP telephony application and the corresponding documentation.
Pre-Upgrade Considerations Before performing an upgrade, be aware of the following considerations:
Upgrading from 2003.1.5 to 2003.1.5a is allowed, but 2003.1.5aSR3a (or higher) is the recommended upgrade path as it has the same changes, takes less time for installation and can have important Security Updates.
The minimum supported Cisco MCS OS version (Fresh Install or Upgrade) to install this upgrade is 2003.1.1a, 2003.1.1b, 2003.1.1c, 2003.1.2a, 2003.1.3a, 2003.1.3b, 2003.1.4, 2003.1.4a, or 2003.1.5. Any server that has another Cisco MCS OS version will not be supported in this upgrade.
Depending on the current operating system version that runs on the server, the operating system upgrade performs either an Express (2 phases) or a Regular (3 phases) Installation. If the server is running OS version 2003.1.3a, 2003.1.3b, 2003.1.4, 2003.1.4a, or 2003.1.5 including with if any Service Releases that goes with those releases an Express Installation is performed. This includes two phases and two reboots. The Express Installation skips the installation of Windows 2003 Service Pack 2 because it is already installed. If the server is running an OS version 2003.1.1a, 2003.1.1b, 2003.1.1c or 2003.1.2a, a Regular Installation is performed. This includes three phases and three reboots.
This version of MCS OS Upgrade, 2003.1.5a, does not support an upgrade from a Fresh Install version of MCS operating system version 2003.1.5a
Before you upgrade, run Start > Cisco OS Version, C:\Utils\MCSver.exe to identify the OS Image and OS upgrade version on your server.
You must log in as same User with Administrative Privileges after each reboot.
Before starting this upgrade, you must disable (from Windows Service Control Manager) or uninstall all Cisco-approved antivirus/intrusion detection services (HIDS); for example, Entercept, McAfee, Norton, Cisco Security Agent, Prognosis, and so on. You must enable all services after you complete the upgrade.
Apply this upgrade to all supported servers in your IP telephony solution.
Cisco recommends that you upgrade the Cisco CallManager publisher database server first and then the subscriber servers. Installing the operating system upgrade on all subscriber servers at the same time is supported only if call processing is not required while you are performing the upgrade task.
This installation causes Cisco IP telephony application interruptions.
Close all programs before proceeding.
Cisco installs Terminal Services for Cisco Technical Assistance Center (TAC) remote administration and troubleshooting. Cisco does not support upgrades through Terminal Services. This upgrade stops if it detects that you are using Terminal Services. The OS Upgrade disables Terminal Services at the beginning of the upgrade and resets it to the configured setting at the end of the upgrade.
Cisco supports remote upgrades with Virtual Network Computing (VNC). Although VNC is optional and is not installed by this upgrade, the installation files are copied to the c:\utils\VNC folder. For more information on using VNC, click the following URL: http://www.cisco.com/en/US/products/hw/voiceapp/ps378/prod_installation_guides_list.html.
Perform a backup of your data before starting your upgrade. Refer to the backup documentation for your Cisco IP telephony application. Make sure that you back up the data to a network directory or tape device, so that the upgrade does not erase the data.
Make sure that you have about 3 GB of free disk space before you copy the upgrade executable to the server. Delete any unnecessary files; for example, remove old log files, CDP records, old installation files, and so on.
Before you run this upgrade, review the “Known Caveats” section below.
Note: When you log in after each reboot, make sure that you see the next phase of the OS upgrade start. After the final phase of the upgrade, a batch file runs to clean up the folders. If you do not see the final phase start (Phase 2 of 2) see the “Troubleshooting Tips” section.
Perform the following steps to upgrade OS:
1. Download the executable to a location that you will remember or insert the CD-ROM into the CD-ROM drive.
2. If you are upgrading via the web, double-click the executable.
3. Files extract to your server, and the process guides you through the upgrade.
4. Log in to the server by using your Administrator account and password.
5. Click Yes to acknowledge that you disabled antivirus and intrusion detection services.
6. Click OK.
7. Click OK.
8. Phase 1 runs, and the server automatically reboots. Log in to the server by using the Administrator account and password.
9. Phase 2 runs, and the server automatically reboots. After the system reboots, log in to the server using the administrator account and password. If this is an Express Installation, Phase 2 is the final phase and the next login will display a DOS dialog box running a batch file to clean the working directory.
10. For a Regular Installation, Phase 3 runs, and the server automatically reboots. On the next log in, a CMD dialog box displays briefly as the working directory of the OS Upgrade is deleted.
11. The first time that you log in after the upgrade is complete, you may see a message that new hardware was detected and a reboot is needed. Firmware upgrades to the RAID controller can cause problem. If you see such a message, click No to reboot the server.
12. Customers who are using Cisco CallManager can install the Cisco CallManager OS Optional Security settings. Find installation instructions in the C:\Utils\SecurityTemplates\CCM-OS-OptionalSecurity-Readme.htm document.
13. An optional IP Security filter can be installed to block fixed Windows 2003 and SQL ports. Find installation instructions in the C:\Utils\IPSec-W2K3SQL-Readme.htm document.
Notes:
If you see any New Hardware found messages, click Finish.
If you see any messages to restart the server, click No.
IBM x346 series servers may have an extra reboot into DOS to upgrade the ISMP Processor firmware. After this update is finished, the server will boot back into Windows 2003.
If you see either of the following messages near the start of the OS Upgrade, click OK to terminate the program. A couple of services have a known problem when stopping.
1. The Instruction at "0X0xxxxxxxx" referenced memory at "0X0xxxxxxxx ". The memory could not be read. Click OK to terminate the program (CSCeb31088). Where 0x0xxxxxxxx can be any memory address.
2. The Instruction at "0X000000000" referenced memory at "0X000000000". The memory could not be read. Click OK to terminate the program (CSCed45218)
Third party Director software is not reporting all environment variables. |
|
CSCse81234 |
Verify NIC duplex/speed settings during MCS OS install or upgrade |
CSCsh42797 |
CM 4.3: better video driver in OS 2003 install |
CSCsh53477 |
Change deployment sequence for BMC/BIOS/DIAG on IBM servers |
CSCsh67054 |
Mysql 4.1 does not run on 7825I, possibly related to RAID driver |
CSCsh71340 |
Update BIOS for x3650 |
CSCsh90410 |
iBMPSGFanStatus does not respond on OS version 2000.4.4 |
CSCsh91439 |
MCS-OS - MBSA Upgrade to 2.0.1 required |
CSCsh91735 |
MCS-OS Pick up KB931836: February 2007 cumulative TZ Update |
CSCsh93237 |
Default Microsoft Video Driver Selected for MCS-7825-I2-IPC2 |
CSCsi19073 |
MBSA 2.0.1 indicates missing packages |
CSCsi31628 |
PegasusProvider.exe part of IBM Director 5.10.3 crashes on x3250 server |
CSCsi31698 |
IBM ASR for IPMI application fails to start error |
CSCsh38281 |
HP Storage Manager freezes (high CPU) server |
CSCsi23088 |
PegasusProvider.exe crashes during installing 2000.4.4sr5 |
CSCsh90410 |
iBMPSGFanStatus does not respond on OS version 2000.4.4 |
CSCsg26832 |
IBM Director Agent SLP Attributes Server Crash on IBM 7825 Server |
CSCsh68151 |
port number 8080 conflict with ServeRAID Manager |
CSCsh42390 |
IBM ASR Service Terminated with error %%3758161922 |
CSCsh87812 |
Missing MIBs folders on IBM servers |
CSCs049135 |
Anonymous access to names pipes includes extra names |
CSCsq56170 |
Turn on PAE switch in boot.ini file for Windows 2003 release train |
CSCsu42231 |
MCS OS upgrade from 2003.1.2a SR13 to 2003.1.3a failed |
CSCsr61460 |
MCS-7825-H2 server BIOS upgrade required for USB boot. |
CSCsu25410 |
Can't retrive asp pages on the Web on Windows OS 2003.1.3 |
CSCsr61830 |
SQL 2000 Hotfix KB948110 may fail to install intermittently |
CSCsr67874 |
CCM Windows OS update requires more recent IBM RAID firmware on x3650 |
CSCsj03582 |
CRS/BARS web pages hang on MCS-7816/25-I3 |
CSCsu69844 |
OS2003.1.3a on RockportSvr(7845H2_146GB)-Cannot find path displayed |
CSCsv29208 |
Adding Jtapi call control group doesn't displays the pop-up windows |
CScsr71064 |
CCM Does Not Generate UserDump when Crashing |
CSCtd90916 |
Available PTE on HP 7845 Servers is only 12K |
CSCtd34931 |
7835/45-H2 - NIC driver partially upgraded |
CSCsw35630 |
High non-paged pool memory usage with OS 2003.1.3b |
CSCsy40419 |
Previous installation errors reported in current installation |
CSCsw90778 |
TZ: Venezuelan time with Java 1.4.2 reflects GMT instead of GMT-04:30 |
CSCsx95208 |
Update BIOS for DL320-G5p to 2009.02.02 for Automatic Power On issue |
CSCsy04861 |
MCS-OS: Upgrade to RealVNC 4.1.3 |
CSCsy04870 |
MCS-OS: VNC Upg with blank password fails without proper error thrown |
CSCsy04896 |
MCS-OS: MBSA update to 2.1 version |
CSCsv55641 |
"Do not save encrypted pages to disk" option is not enabled |
CSCsz83928 |
Update BIOS and Firmware on 7825I4 |
CSCsy82788 |
2003.1.4aSR4 upgrade reports false-positive error |
CSCsv92671 |
Multiple IPv6 addresses on interface causes Black Screen after reboot |
CSCsz70835 |
COM+ event errors with 1000+ IPv6 addresses. |
CSCta40816 |
Update x206m/x306m BIOS to v 1.45 |
CSCta74170 |
7835/45I2 - IBM ServeRAID-8i BIOS update v5.2.0-15429 |
CSCsz07540 |
IBM ServeRAID 5i Controller Drive is out of date |
CSCta43488 |
Update Firmware and drivers on IBM Servers |
CSCta28873 |
Update ATI ES1000 drivers for certain HP Servers |
CSCsz53316 |
MCS: HP - Update HP FW, drivers, MIB's |
CSCtb02531 |
MCS: HP - Update Sys Mgt Homepage |
CSCtb02479 |
MCS-OS: 2850 Video Driver not updating during upgrade |
CSCsw35630 |
High non-paged pool memory usage with OS 2003.1.3b |
CSCsy63116 |
Include KB967715 in Cisco MCS OS 2003.1.5 |
CSCta94450 |
Update remove OSS inf file for CSCsy63116 |
CSCsz83947 |
Update Broadcom Driver and FW packages for 3650m2 and other IBM |
MBSA Scan returns 2 service packs or updates missing from Windows 2003 |
|
CSCsf12976 |
IE Setting for Automatic Detect Setting for the LAN is not default to on |
Note: During the final phase of the OS upgrade, the status bar may indicate that the OS upgrade is either complete or is close to completion. In some cases, it may take an additional 5-10 minutes for the final phase of OS upgrade to complete
Note: During the OS upgrade process, you must log in after each reboot to continue the upgrade process. Log in as same user with Administrative Privileges each time.
Note: In some instances, the final phase of the OS upgrade may not run automatically. If this occurs, follow the Troubleshooting Tips to manually run Phase 2 or Phase 3.
Enable Cisco-approved antivirus and intrusion detection services.
Run Start > Cisco OS Version (c:\utils\MCSver.exe) and verify that the OS Upgrade = 2003.1.5a
Note: If you do not see the correct OS Upgrade version, Phase 2 of 2 or Phase 3 of 3 did not finish as expected. See the Troubleshooting Tips section for corrective action.
The OS Upgrade extracts to C:\Mcsosupg and starts Mcsosupg.exe to run the upgrade. The reboot after the final phase should run C:\utils\clean.cmd to remove this directory and old directories from OS Service Releases. If this directory still exists, the OS Upgrade may not have finished. If the OS Upgrade version is 2003.1.5a, you can manually delete this directory or run C:\Utils\clean.cmd. If the OS Upgrade version is not 2003.1.5a, see the Troubleshooting Tips section for corrective action.
If you think that the services should have started but did not, you can check the OS Upgrade log file for the original setting. See Troubleshooting Tips for the details.
Run the latest OS Service Release that is available on the web. This service release provides security hotfixes.
If you want to do so, you can install or upgrade Virtual Network Computing (VNC) to version 4.1.3. Find the installation files in c:\Utils\VNC. Documentation is posted on CCO at http://www.cisco.com/en/US/products/hw/voiceapp/ps378/prod_installation_guides_list.html . Cisco recommends that you open the Windows Task Manager open while using VNC to monitor CPU utilization.
If your server runs Cisco CallManager, verify that you have the latest SQL service pack installed on the server; if necessary, apply the latest pack from the web. Verify that you have the latest SQL hotfixes on the server. If necessary, apply the latest hotfixes from the web.
To review the log file for a Regular Installation, browse to C:\Program Files\Common Files\Cisco\Logs\MCSOsUpg.log on the server where the upgrade occurred. The last lines of the log file should read:
{time}-MCSOSUP| Phase 3 of 3 upgrade complete. Attempting shutdown..
{time}-MCSOSUP| Upgrade complete. Shutting down..
{time}-MCSOSUP| Closing MCSOsUpg.log on {date}
{time}-MCSOSUP| __________________________________________
................................................................................................
Starting the clean.cmd file {date} {time}
{time}- Clean up for old hotfix and Support Patch working folders log for OS Upgrade
{time}- Delete Startup shortcut for clean.cmd
{time}- Delete MCSOSUpg folder
{time}- delete the DualNIC folder from IBM servers only since its a HP util
{time}- Run Qfecheck.exe to find the latest Service Pack and the Hotfixes
Windows Server 2003 Hotfix Validation Report for {Computer Name}
Report Date: {date} {time}
Current Service Pack Level: Service Pack 2
A list of hotfixes followed by……………
{time}- Finished running Qfecheck.exe {date}
{time}- Finished running checkNICDuplex.exe on {date}
{time}- Finished running clean.cmd on {date}
============================================================================================
END OF OS UPGRADE
============================================================================================
· To review the log file for an Express Installation, browse to C:\Program Files\Common Files\Cisco\Logs\MCSOsUpg.log on the server where the upgrade occurred. The last lines of the log file should read:
{time}-MCSOSUP| Phase 2 of 2 upgrade complete. Attempting shutdown..
{time}-MCSOSUP| Upgrade complete. Shutting down..
{time}-MCSOSUP| Closing MCSOsUpg.log on {date}
{time}-MCSOSUP| __________________________________________
................................................................................................
Starting the clean.cmd file {date} {time}
{time}- Clean up for old hotfix and Support Patch working folders log for OS Upgrade
{time}- Delete Startup shortcut for clean.cmd
{time}- Delete MCSOSUpg folder
{time}- delete the DualNIC folder from IBM servers only since its a HP util
{time}- Run Qfecheck.exe to find the latest Service Pack and the Hotfixes
Windows Server 2003 Hotfix Validation Report for {Computer Name}
Report Date: {date} {time}
Current Service Pack Level: Service Pack 2
A list of hotfixes followed by……………
{time}- Finished running Qfecheck.exe {date}
{time}- Finished running checkNICDuplex.exe on {date}
{time}- Finished running clean.cmd on {date}
============================================================================================
END OF OS UPGRADE
============================================================================================
Note: If the last lines of the log file are substantially different, the final phase, did not complete as expected. Look for Troubleshooting Tips section for more information.
To verify the Hotfix installed on the server besides C:\utils\Qfecheck.exe you can also use Microsoft Baseline Security Analyzer Utility (run c:\utils\mbsa_scan.cmd) from Microsoft.
Microsoft Baseline Security Analyzer (MBSA)
Make sure that you review the Reason column of the MBSA report to identify whether the Hotfix should be installed. The following table shows expected results from MBSA on a fully patched system.
Security update catalog: Microsoft Update (offline)
Catalog synchronization date: 2009-07-13T23:27:59Z
Security assessment: Potential Risk
Security Updates Scan Results
Issue: SDK Components Security Updates
Score: Check passed
Result: No security updates are missing.
Current Update Compliance
| MS07-028 | Installed | Security Update for CAPICOM (KB931906) | Critical |
Issue: SQL Server Security Updates
Score: Check passed
Result: No security updates are missing.
Current Update Compliance
| MS06-061 | Installed | MSXML 6.0 RTM Security Update (925673) | Critical |
| MS09-004 | Installed | Security Update for SQL Server 2000 Service Pack 4 (KB960082) | Important |
Issue: Windows Security Updates
Score: Check failed (non-critical)
Result: 4 service packs or update rollups are missing.
Update Rollups and Service Packs
| 940767 | Missing | Windows Internet Explorer 7 for Windows Server 2003 | |
| 955839 | Missing | Update for Windows Server 2003 (KB955839) | |
| 951847 | Missing | Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) x86 | |
| 890830 | Missing | Windows Malicious Software Removal Tool - July 2009 (KB890830) | |
Current Update Compliance
| MS07-021 | Installed | Security Update for Windows Server 2003 (KB930178) | Critical |
| MS07-020 | Installed | Security Update for Windows Server 2003 (KB932168) | Moderate |
| MS07-012 | Installed | Security Update for Windows Server 2003 (KB924667) | Important |
| MS07-034 | Installed | Cumulative Security Update for Outlook Express for Windows Server 2003 (KB929123) | Low |
| MS06-078 | Installed | Security Update for Windows Media Player 6.4 (KB925398) | Critical |
| MS07-047 | Installed | Security Update for Windows Server 2003 (KB936782) | Important |
| MS07-050 | Installed | Security Update for Windows Server 2003 (KB938127) | Critical |
| MS07-040 | Installed | Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB933854) | Critical |
| MS07-061 | Installed | Security Update for Windows Server 2003 (KB943460) | Critical |
| MS07-067 | Installed | Security Update for Windows Server 2003 (KB944653) | Important |
| MS07-068 | Installed | Security Update for Windows Server 2003 (KB941569) | Critical |
| MS08-006 | Installed | Security Update for Windows Server 2003 (KB942830) | Important |
| MS08-005 | Installed | Security Update for Windows Server 2003 (KB942831) | Important |
| MS08-007 | Installed | Security Update for Windows Server 2003 (KB946026) | Important |
| MS08-008 | Installed | Security Update for Windows Server 2003 (KB943055) | Moderate |
| MS08-020 | Installed | Security Update for Windows Server 2003 (KB945553) | Important |
| 914961 | Installed | Windows Server 2003 Service Pack 2 (32-bit x86) | |
| MS08-036 | Installed | Security Update for Windows Server 2003 (KB950762) | Important |
| MS08-037 | Installed | Security Update for Windows Server 2003 (KB951748) | Important |
| MS08-048 | Installed | Security Update for Outlook Express for Windows Server 2003 (KB951066) | Low |
| MS08-046 | Installed | Security Update for Windows Server 2003 (KB952954) | Critical |
| MS08-049 | Installed | Security Update for Windows Server 2003 (KB950974) | Important |
| 951072 | Installed | Update for Windows Server 2003 (KB951072) | |
| MS08-022 | Installed | Security Update for Windows Server 2003 (KB944338) | Critical |
| MS08-067 | Installed | Security Update for Windows Server 2003 (KB958644) | Critical |
| MS08-069 | Installed | Security Update for Windows Server 2003 (KB955069) | Critical |
| MS08-069 | Installed | Security Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB954459) | Important |
| MS08-068 | Installed | Security Update for Windows Server 2003 (KB957097) | Important |
| MS08-076 | Installed | Security Update for Windows Server 2003 (KB952069) | Important |
| MS08-076 | Installed | Security Update for Windows Server 2003 (KB954600) | Important |
| MS08-071 | Installed | Security Update for Windows Server 2003 (KB956802) | Critical |
| MS07-017 | Installed | Security Update for Windows Server 2003 (KB925902) | Critical |
| MS08-066 | Installed | Security Update for Windows Server 2003 (KB956803) | Important |
| MS09-001 | Installed | Security Update for Windows Server 2003 (KB958687) | Critical |
| MS09-007 | Installed | Security Update for Windows Server 2003 (KB960225) | Important |
| MS08-052 | Installed | Security Update for Windows Server 2003 (KB938464) | Critical |
| MS09-012 | Installed | Security Update for Windows Server 2003 (KB956572) | Important |
| MS09-012 | Installed | Security Update for Windows Server 2003 (KB952004) | Important |
| MS09-013 | Installed | Security Update for Windows Server 2003 (KB960803) | Critical |
| MS09-015 | Installed | Security Update for Windows Server 2003 (KB959426) | Moderate |
| MS09-010 | Installed | Security Update for Windows Server 2003 (KB923561) | Important |
| MS08-069 | Installed | Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430) | Important |
| MS09-008 | Installed | Security Update for Windows Server 2003 (KB961063) | Important |
| MS09-022 | Installed | Security Update for Windows Server 2003 (KB961501) | Moderate |
| MS09-025 | Installed | Security Update for Windows Server 2003 (KB968537) | Important |
| MS09-026 | Installed | Security Update for Windows Server 2003 (KB970238) | Important |
| MS09-018 | Installed | Security Update for Windows Server 2003 (KB969805) | Important |
| MS09-019 | Installed | Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB969897) | Moderate |
| MS09-020 | Installed | Security Update for Windows Server 2003 (KB970483) | Important |
| MS09-028 | Installed | Security Update for Windows Server 2003 (KB971633) | Critical |
| MS09-029 | Installed | Security Update for Windows Server 2003 (KB961371) | Critical |
| MS09-032 | Installed | Cumulative Security Update for ActiveX Killbits for Windows Server 2003 (KB973346) | Critical |
If you had a problem during the upgrade, consider the following information:
Disable or Uninstall Cisco-approved Antivirus, HIDS/HIPS software; for example, Entercept, MacAfee, Cisco Security Agent, Prognosis, and so on. Make sure that all antivirus, HIDS/HIPS software are disabled in the Microsoft Services window, so that they do not start after each reboot. Running antivirus software slows the upgrade down so much that it may not be able to successfully install. HIDS/HIPS software can lock security services and dll’s and not allow service packs and hotfixes to install correctly.
Disable all Cisco-approved, third-party applications.
If you had a problem with the upgrade and have any third-party software installed, disable the software and run the upgrade again.
Verify that you have Administrative privileges on the server.
Make sure that you logged in to the server each time by using the same administrator account and password.
Verify that the server has enough disk space. Cisco recommends that you have 1.5 GB free disk space before you copy the upgrade file to the server.
win-OS-Upgrade-K9.2003-1-5a.exe is about 1.27 GB.
The working directory c:\mcsosupg is about 1.40 GB.
If the Local Security Policy MMC that is located in the Administrative Tools folder does not show the new settings applied by the OS Upgrade, change a setting, change it back, and close and open the Local Security Policy (CSCeb80799).
If you see the Found New Hardware Wizard dialog box, just click Finish.
The OS Upgrade automatically disables a list of services at the start and then returns them to the original Startup Type during the final Phase. If a problem occurs during the upgrade that prevents these services Startup Type from being returned to the original settings, you can manually change them with the follow steps.
Open the OS Upgrade log file by choosing Start > Cisco Install Logs > MCSOsUpg.log (or browse to C:\Program Files\Common Files\Cisco\Logs\MCSOsUpg.log)
Locate Startup Type.
The list of services displays below Startup Type in the log file.
Open the Services MMC by choosing Start > Programs > Administrative Tools > Services.
Confirm that Automatic displays as the Startup Type for all “SERVICE_AUTO_START” services that are listed in MCSOsUpg.log. Change the Startup Type to Automatic for any services that do not match.
Manually run the second phase, Phase 2, in a Regular Installation
If the second phase did not automatically start or did not successfully complete as expected, review the following information.
1. Review the items listed in “Troubleshooting Tips” to see if one of them might have caused the problem with Phase 2 or Phase 3.
2. Start the OS upgrade again by executing the following file:
C:\Mcsosupg\Mcsosupg.exe. This action restarts the OS Upgrade from Phase 1. It should proceed as described under the Upgrade Procedures.
3. If the second phase, Phase 2, did not run after running the OS Upgrade twice, look at the log file that is listed above under Post-Upgrade Considerations. Review the log file for the following information:
11:48:00-MCSOSUP|Adding new registry entries
11:48:00-MCSOSUP|Finished adding new registry entries
11:48:00-MCSOSUP|Phase 1 of 3 upgrade complete. Attempting shutdown
If you see the preceding information, you may manually start Phase 2 by executing the following command: C:\Mcsosupg\Mcsosupg.exe /SPBoot
Manually run the Final Phase, Phase 2 in Express Installation or Phase 3 in Regular Installation.
If the final phase did not automatically start or did not successfully complete as expected, review the following information:
1. Review the items listed in “Troubleshooting Tips” to see if one of them might have caused the problem with Phase 2 or Phase 3.
2. Start the OS Upgrade again by executing the following file: C:\Mcsosupg\Mcsosupg.exe. This action restarts the OS Upgrade from Phase 1. It should proceed as described under the Upgrade Procedures.
3. If the final phase, phase 2 in an Express and Phase 3 in Regular Installation, did not run after running the OS Upgrade twice, look at the log file that is listed above under Post-Upgrade Considerations. Review the log file for the following information:
{time}-MCSOSUP| Phase 2 of 3 upgrade complete. Attempting shutdown
{time}-MCSOSUP| Upgrade complete. Shutting down..
If you see the preceding information, you may manually start Phase 3 by executing the following command: C:\Mcsosupg\Mcsosupg.exe /Postboot
The following information pertains to this upgrade:
Highlights - [New in 2003.1.5a]
Roll up of post-Windows 2003 Service Pack 2 security updates. The security hotfixes in 2003.1.5a are current through July 2009, http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx . When available, also install OS Service Release 2003-1-5aSR3a (or later) to get the latest security updates.
HP Drivers upgrades based on SmartStart 8.20A and higher versions.
HP BIOS/Firmware upgrades based on SmartStart 8.20A and higher versions.
HP Insight Management Agents based on version 8.20A.
HP Insight Management MIB’s upgraded to version SmartStart 8.20A.
IBM Driver/BIOS/Firmware upgrades based on UpdateXpress System Pack version 4.05 and higher versions.
Microsoft Service Packs
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Internet Explorer 6.0 Service Pack 2
Microsoft XML Parser 3.0 Service Pack 9 (Version 8.90.1101)
Microsoft XML Parser 4.0 Service Pack 2
Microsoft XML Parser 6.0 Service Pack 2
Microsoft MDAC 2.8sp2
Windows Components
This upgrade adjusts the Windows Components and Subcomponents to match the following list.
Components |
Subcomponents |
Accessories and Utilities |
Accessibility Wizard Accessories Paint Accessories WordPad Communicator Hyper Terminal |
Application Server |
Application Server Console Enable network COM+ access Enable network DTC access Internet Information Services (IIS) Common Files IIS World Wide Web Service Active Server Pages IIS World Wide Web Service Internet Data Connector IIS World Wide Web Service Server Side Includes IIS World Wide Web Service World Wide Web Service |
Internet Explorer Enhanced Security Configuration |
All |
Management and Monitoring Tools |
Network Monitor Tools Simple Network Management Protocol WMI SNMP Provider |
Networking Services |
Domain Name System (DNS) RPC over HTTP Proxy |
Services
Microsoft recommends disabling any services that the server does not use. The following list provides the service “Startup Type” after this upgrade. Cisco changed the security on the services to Administrators and System Full Control.
Service Name |
Startup Type |
Alerter |
Disabled |
Application Experience Lookup Service |
Automatic |
Application Layer Gateway Service |
Disabled |
Application Management |
Disabled |
Application Quiesce Agent [IBM only] |
Automatic |
ASF Agent [IBM only] |
Automatic |
ASP.NET State Service |
Manual |
Automatic Updates |
Disabled |
Background Intelligent Transfer Service |
Disabled |
Computer Browser |
Automatic |
ClipBook |
Disabled |
COM+ Event System |
Automatic |
COM+ System Application |
Automatic |
Cryptographic Services |
Automatic |
DCOM Server Process Launcher |
Automatic |
DHCP Client |
Automatic |
DHCP Server |
Disabled |
Distributed File System |
Disabled |
Distributed Link Tracking Client |
Disabled |
Distributed Link Tracking Server |
Disabled |
Distributed Transaction Coordinator |
Automatic |
DNS Client |
Automatic |
DNS Server |
Disabled |
Error Reporting Service |
Disabled |
Event Log |
Automatic |
File Replication |
Disabled |
Help and Support |
Disabled |
HID Input Service |
Automatic |
HP Insight Event Notifier [HP only] |
Disabled |
HP Insight Foundation Agents [HP only] |
Automatic |
HP Insight NIC Agent [HP only] |
Automatic |
HP Insight Server Agents [HP only] |
Automatic |
HP Insight Storage Agents [HP only] |
Automatic |
HP ProLiant System Shutdown Service [HP only] |
Automatic |
HP Storage Manager [HP only] |
Disabled |
HP System Management Homepage [HP only] |
Manual |
HP Version Control Agent [HP only] |
Automatic |
HTTP SSL |
Manual |
IBM Automatic Server Restart Executable [IBM only] |
Automatic |
IBM Automatic Server Restart Service for IPMI [IBM only] |
Automatic |
IBM Director Agent SLP Attributes [IBM only] |
Automatic |
IBM Director Agent WMI CIM Server [IBM only] |
Disabled |
IBM Director CIM Listener [IBM only] |
Disabled |
IBM Director Support Program [IBM only] |
Automatic |
IBM Remote Supervisor Adapter II [IBM only] |
Automatic |
IBM ServeRAID Manager Agent [IBM only] |
Automatic |
IBM SLP SA [IBM only] |
Automatic |
IIS Admin Service |
Automatic |
IMAPI CD-Burning COM Service |
Disabled |
Indexing Service |
Disabled |
Install Driver Table Manager [IBM only] |
[unregistered service] |
Intersite Messaging |
Disabled |
IPSEC Services |
Automatic |
Kerberos Key Distribution Center |
Disabled |
License Logging |
Disabled |
Logical Disk Manager |
Automatic |
Logical Disk Manager Administrative Service |
Manual |
Messenger |
Disabled |
Microsoft Software Shadow Copy Provider |
Manual |
MyStorage Remote HBA [IBM only] |
Automatic |
Net Logon |
Manual |
NetMeeting Remote Desktop Sharing |
Disabled |
Network DDE |
Disabled |
Network DDE DSDM |
Disabled |
Network Connections |
Manual |
Network Location Awareness (NLA) |
Manual |
Network Provisioning Service |
Manual |
NTLM Security Support Provider |
Disabled |
Performance Logs and Alerts |
Manual |
Plug and Play |
Automatic |
Portable Media Serial Number Service |
Disabled |
PowerQuest Virtual Disk Installer Service [IBM only] |
Manual |
Print Spooler |
Disabled |
Protected Storage |
Automatic |
Remote Access Auto Connection Manager |
Disabled |
Remote Access Connection Manager |
Manual |
Remote Desktop Help Session Manager |
Disabled |
Remote Procedure Call (RPC) |
Automatic |
Remote Procedure Call (RPC) Locator |
Disabled |
Remote Registry |
Automatic |
Removable Storage |
Disabled |
Resultant Set of Policy Provider |
Disabled |
Routing and Remote Access |
Disabled |
Secondary Logon |
Automatic |
Security Accounts Manager |
Automatic |
Server |
Automatic |
ServeRAID FlashCopy Agent [IBM only] |
[unregistered service] |
Shell Hardware Detection |
Disabled |
Smart Card |
Disabled |
SNMP Service |
Automatic |
SNMP Trap Service |
Manual |
Special Administration Console Helper |
Disabled |
System Event Notification |
Automatic |
Task Scheduler |
Disabled |
TCP/IP NetBIOS Helper |
Automatic |
Telephony |
Manual |
Terminal Services |
Disabled |
Terminal Service Session Directory |
Disabled |
Themes |
Disabled |
Uninterruptible Power Supply |
Disabled |
Virtual Disk Service |
Disabled |
Volume Shadow Copy |
Manual |
WebClient |
Disabled |
Windows Audio |
Automatic |
Windows Firewall/Internet Connection Sharing (ICS) |
Disabled |
Windows Image Acquisition (WIA) |
Disabled |
Windows Installer |
Manual |
Windows Management Instrumentation |
Automatic |
Windows Management Instrumentation Driver Extensions |
Manual |
Windows Time |
Disabled |
Windows User Mode Driver Framework |
Manual |
WinHTTP Web Proxy Auto-Discovery Service |
Disabled |
Wireless Configuration |
Disabled |
WMI Performance Adapter |
Automatic |
Workstation |
Automatic |
World Wide Web Publishing Service |
Automatic |
Microsoft Windows Server 2003 Hotfixes
This OS upgrade includes the following hotfixes. Download and install win-OS-Upgrade-K9.2003-1-5aSR3a.exe or later to obtain the latest Security hotfixes.
Bulletin |
Knowledge Base Article or Cisco Defect |
Description |
||
|
KB889101 |
Windows Server 2003 Service Pack 1 |
||
MS05-032 |
KB890046 |
Vulnerability in Microsoft Agent Could Allow Spoofing |
||
MS05-033 |
KB896428 |
Vulnerability in Telnet client could allow information disclosure |
||
MS05-036 |
KB901214 |
Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution |
||
MS05-039 |
KB899588 |
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege Note: This is replace with MS05-047 |
||
MS05-040 |
KB893756 |
Vulnerability in Telephony Service Could Allow Remote Code Execution
|
||
MS05-041 |
KB899591 |
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service
|
||
MS05-042 |
KB899587 |
Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing |
||
MS05-045 |
KB905414 |
Vulnerability in Network Connection Manager Could Allow Denial Of Service |
||
MS05-046 |
KB899589 |
Vulnerability in Client Services for Netware Could Allow Remote Code Execution |
||
MS05-048 |
KB901017 |
Vulnerability in Microsoft Collaboration Objects Could Allow Remote Code Execution |
||
MS05-049 |
KB900725 |
Vulnerability in Windows Shell Could Allow Remote Control Execution |
||
MS05-050 |
KB904706 |
Vulnerability in DirectShow Could Allow Remote Code Execution |
||
MS05-051 |
KB902400 |
Vulnerability in MSDTC and COM+ Could Allow Remote Code Execution |
||
MS05-053 |
KB896424
|
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution |
||
MS06-001 |
KB912919
|
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution |
||
MS06-002 |
KB908519
|
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution |
||
MS06-006 |
KB911564
|
Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution |
||
MS06-008 |
KB911927 |
Vulnerability in WebClient could allow remote code execution |
||
MS06-009 |
KB901190 |
Vulnerability in the Korean Input Method Editor (IME) could allow elevation of privilege |
||
MS06-014 |
KB911562 |
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562) |
||
MS06-015 |
KB908531 |
Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) |
||
MS06-016 |
KB911567 |
Cumulative Security Update for Outlook Express (911567) (Replaces MS05-030) |
||
MS06-021 |
KB916281 |
Cumulative Security Update for Internet Explorer (replaces MS06-013) |
||
MS06-022 |
KB918439 |
Vulnerability in ART image rendering could allow remote code execution |
||
MS06-023 |
KB917344 |
Vulnerability in Microsoft JScript Could Allow Remote Code Execution |
||
MS06-024 |
KB917344 |
Vulnerability in Windows Media Player Could Allow Remote Code Execution |
||
MS06-025 |
KB911280 |
Vulnerability in Routing and Remote Access Could Allow Remote Code Execution |
||
MS06-030 |
KB914389 |
Vulnerability in Server Message Block Could Allow Elevation of Privilege |
||
MS06-032 |
KB917953 |
Vulnerability in TCP/IP Could Allow Remote Code Execution |
||
MS06-034 |
KB917537 |
Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537) |
||
MS06-035 |
KB917159 |
Vulnerability in Server Service Could Allow Remote Code
Execution (917159) |
||
MS06-036 |
KB914388 |
Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388) |
||
MS06-040 |
KB921883 |
Vulnerability in server service could allow remote code execution(921883) |
||
MS06-041 |
KB920683 |
Vulnerability in DNS resolution could allow remote code execution.(920683) |
||
MS06-042 |
KB918899 |
Cumulative Security Update for Internet Explorer (918899) |
||
MS06-043 |
KB920214 |
Vulnerability in Microsoft Windows could allow remote code execution |
||
MS06-045 |
KB921398 |
Vulnerability in Windows Explorer could allow remote code execution |
||
MS06-046 |
KB922616 |
Vulnerability in HTML Help Could Allow Remote Code Execution (922616) |
||
MS06-050 |
KB920670 |
Vulnerabilities in Microsoft Windows Hyperlink Object Library could allow remote code execution |
||
MS06-051 |
KB917422 |
Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422) |
||
MS06-053 |
KB920685 |
Vulnerability in Indexing Service Could Allow Cross-Site Scripting |
||
MS06-055 |
KB925486 |
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486) |
||
MS06-057 |
KB923191 |
Vulnerability in Windows Explorer Could Allow Remote Execution (923191) |
||
MS06-061 |
KB924191 |
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191) |
||
MS06-063 |
KB923414 |
Vulnerability in Server Service Could Allow Denial of Service (923414) |
||
MS06-064 |
KB922819 |
Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service |
||
MS06-065 |
KB924496 |
Vulnerability in Windows Object Packager Could Allow Remote Execution |
||
MS06-066 |
KB923980 |
Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution |
||
MS06-067 |
KB922760 |
Cumulative Security Update for Internet Explorer |
||
MS06-068 |
KB920213 |
Vulnerability in Microsoft Agent Could Allow Remote Code Execution |
||
MS07-008 |
KB928843
|
Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) |
||
MS07-016 |
KB928090 |
Cumulative Security Update for Internet Explorer (928090) Replaces: the above KB922760 and KB925454 |
||
MS07-006 |
KB928255 |
Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) |
||
MS07-011 |
KB926436 |
Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) |
||
MS07-012 |
KB924667 |
Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) |
||
MS07-013 |
KB918118 |
Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118) |
||
|
CSCsh91439 |
MBSA Upgrade to 2.0.1 required |
||
|
CSCsh91735 (KB931836) |
February 2007 cumulative time zone update for Microsoft Windows operating sytems (this is the replacement for CSCsh20360, CSCse15694, CSCsd57985, CSCsf07541) |
||
MS07-017 |
KB925902 |
Vulnerabilities in GDI Could Allow Remote Code Execution (925902) |
||
MS07-020 |
KB932168 |
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168) |
||
MS07-021 |
KB930178 |
Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) |
||
MS07-022 |
KB931784 |
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784) |
||
MS07-027 |
KB931768 |
Cumulative Security Update for Internet Explorer (931768) |
||
MS07-029 |
KB935966 |
Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) |
||
CSCsj00318 |
KB898708 |
FIX: IIS 6.0 may send an "HTTP 100 Continue" response in the middle of the response stream when you send a POST request |
||
|
|
Note: the list above included 2000.4.4a SR7 and 2003.1.1 SR4 |
||
MS07-031 |
KB935840 |
Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution |
||
MS07-033 |
KB933566 |
Cumulative Security Update for Internet Explorer |
||
MS07-034 |
KB929123 |
Cumulative Security Update for Outlook Express and Windows Mail |
||
MS07-035 |
KB935839 |
Vulnerability in Win 32 API Could Allow Remote Code Execution |
||
MS07-039 |
KB926122 |
Vulnerability in Windows Active Directory Could Allow Remote Code Execution |
||
MS07-040 |
KB933854 |
Vulnerabilities in .NET Framework Could Allow Remote Code Execution |
||
MS07-042 |
KB936021 |
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution |
||
MS07-043 |
KB921503 |
Vulnerability in OLE Automation Could Allow Remote Code Execution |
||
MS07-045 |
KB937143 |
Cumulative Security Update for Internet Explorer Note: This replaces KB933566 |
||
MS07-046 |
KB938829 |
Vulnerability in GDI Could Allow Remote Code Execution |
||
MS07-047 |
KB936782 |
Vulnerabilities in Windows Media Player Could Allow Remote Code Execution |
||
MS07-050 |
KB938127 |
Vulnerability in Vector Markup Language Could Allow Remote Code Execution |
||
|
CSCsj56317 (KB933360) |
August 2007 cumulative time zone update for Microsoft Windows operating systems MCS-OS Update needed for New Zealand DST changes in 2007 Note: This replaces KB931836 |
||
|
CSCsk67094 (KB931633) |
Error message when Reg.exe tool is used to query a registry subkey |
||
|
CSCsl17246 (KB925336) |
FIX: Error message when you try to install a large Windows Installer package or a large Windows Installer patch package in Windows Server 2003 |
||
MS07-057 |
KB939653 |
Cumulative Security Update for Internet Explorer 6 |
||
MS07-056 |
KB941202 |
Security Update for Outlook Express |
||
|
KB938977 |
Venezuela (GMT-4:30) Time Zone Update |
||
MS07-058 |
KB933729 |
Vulnerability in RPC Could Allow Denial of Service |
||
|
CSCsl18866 (KB943000) |
MCS-OS update needed for 2008 Brazil Summertime change |
||
MS07-061 |
KB943460 |
Vulnerability in Windows URI Handling Could Allow Remote Code Execution |
||
MS07-062 |
KB941672 |
Vulnerability in DNS Could Allow Spoofing |
||
MS07-028 |
KB931906 |
Vulnerability in CAPICOM Could Allow Remote Code Execution (931906) |
||
|
KB942763 |
December 2007 cumulative time zone update for Microsoft Windows operating systems |
||
MS07-064 |
KB941568 |
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) |
||
MS07-067 |
KB944653 |
Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653) |
||
MS07-068 |
KB941569 |
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275) |
||
MS07-069 |
KB942615 |
Cumulative Security Update for Internet Explorer (942615) |
||
MS07-065 |
KB937894 |
Vulnerability in Message Queuing Could Allow Remote Code Execution (937894) |
||
|
CSCsl17246 KB925336 |
Error 1718: <file> was rejected by digital signature policy |
||
MS08-002 |
943485 |
Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485) |
||
MS08-007 |
946026 |
Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026) |
||
MS08-008 |
947890 |
Vulnerability in OLE Automation Could Allow Remote Code Execution (947890) |
||
MS08-010 |
944533 |
Cumulative Security Update for Internet Explorer (944533) |
||
MS08-003 |
946538 |
Vulnerability in Active Directory Could Allow Denial of Service (946538) |
||
MS08-005 |
942831 |
Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831) |
||
MS08-006 |
942830 |
Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830) |
||
|
CSCsm74155 |
MCS-OS: c:\utils\kill.exe out of date on 2003.1.2a |
||
MS08-020 |
945553 |
Vulnerability in DNS Client Could Allow Spoofing (945553) |
||
MS08-021 |
948590 |
Vulnerabilities in GDI Could Allow Remote Code Execution (948590) |
||
MS08-022 |
944338 |
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338) |
||
MS08-023 |
948881 |
Security Update of ActiveX Kill Bits (948881) |
||
MS08-024 |
947864 |
Cumulative Security Update for Internet Explorer (947864) |
||
MS08-025 |
941693 |
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693) |
||
|
CSCso26082 |
Add tzupdate.exe to OS fresh installs and upgrades |
||
|
CSCso13134 |
DST: MCS OS update needed for 2008 Iraq Daylight Time removal (replaces CSCsl16516/KB942673) |
||
|
CSCso63866 |
MCS OS2000 for Australian DST does not update timezone information |
||
|
CSCso13145 |
DST: MCS IBM Director update needed for 2008 Iraq Daylight Time removal |
||
MS08-031 |
950759 |
Cumulative Security Update for Internet Explorer (950759) |
||
MS08-033 |
951698 |
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) |
||
MS08-034 |
948745 |
Vulnerability in WINS Could Allow Elevation of Privilege (948745)
|
||
MS08-035 |
953235 |
Vulnerability in Active Directory Could Allow Denial of Service (953235)
|
||
MS08-036 |
950762 |
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) |
||
MS08-032 |
950760 |
Cumulative Security Update of ActiveX Kill Bits (950760) |
||
MS08-037 |
951746 951748 |
Vulnerabilities in DNS Could Allow Spoofing (953230) |
||
MS08-040 |
948110 |
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (948110) |
||
MS08-046 |
952954 |
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954) |
||
MS08-045 |
953838 |
Cumulative Security Update for Internet Explorer (953838) |
||
MS08-048 |
951066 |
Security Update for Outlook Express and Windows Mail (951066) |
||
MS08-049 |
950974 |
Vulnerabilities in Event System Could Allow Remote Code Execution (950974) |
||
|
953839 |
Cumulative Security Update of ActiveX Kill Bits |
||
MS07-042 |
KB933579 |
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) |
||
MS08-052 |
954593 |
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) |
||
MS08-053 |
954156
|
Vulnerability in Windows Media Encoder 9 could allow remote code execution |
||
|
951702 CSCsq23169 |
August 2008 cumulative time zone update for Microsoft Windows operating systems |
||
MS08-058 |
956390 |
Cumulative Security Update for Internet Explorer (956390) |
||
MS08-061 |
954211 |
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211) |
||
MS08-062 |
953155 |
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155) |
||
MS08-063 |
957095 |
Vulnerability in SMB Could Allow Remote Code Execution (957095) |
||
MS08-064 |
956841 |
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841) |
||
MS08-066 |
956803 |
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803) |
||
|
956391 |
Cumulative Security Update of ActiveX Kill Bits (replaces KB953839 and MS08-032/KB950760) |
||
MS08-067 |
958644 |
Vulnerability in Server Service Could Allow Remote Code Execution (958644) |
||
MS08-068 |
957097 |
Vulnerability in SMB Could Allow Remote Code Execution (957097) |
||
MS08-069 |
955218 |
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) |
||
MS08-071 |
956802 |
Vulnerabilities in GDI Could Allow Remote Code Execution (956802) |
||
MS08-073 |
958215 |
Cumulative Security Update for Internet Explorer (958215) |
||
MS08-076 |
959807 |
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) |
||
|
CSCsw35630 948496 |
High non-paged pool memory usage with OS 2003.1.3b |
||
MS08-078 |
960714 |
Security Update for Internet Explorer (960714) |
||
MS09-001 |
958687 |
Vulnerabilities in SMB Could Allow Remote Code Execution (958687) |
||
|
CSCsw90778 |
TZ: Venezuelan time with Java 1.4.2 reflects GMT instead of GMT-04:30 |
||
MS09-004 |
959420 960082 960083 |
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) |
||
|
960715 |
Update Rollup for ActiveX Kill Bits |
||
|
CSCsx24324 |
Add check for CSCsv52867 applicable systems to OS SR |
||
MS08-052 |
954593 938464-v2 |
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) (Microsoft reissued KB) |
||
MS09-006 |
958690 |
Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) |
||
MS09-007 |
960225 |
Vulnerability in SChannel Could Allow Spoofing (960225) |
||
MS09-008 |
962238 |
Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) |
||
MS09-011 |
960477 923561 |
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) |
||
MS09-013 |
960803 |
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) |
||
MS09-014 |
963027 |
Cumulative Security Update for Internet Explorer (963027) |
||
MS09-010 |
960477 |
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) |
||
MS09-012 |
959454 952004 956572 |
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) |
||
MS09-015 |
959426 |
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) |
||
|
969898 |
Update Rollup for ActiveX Killbits for Windows Server 2003 (KB969898) |
||
MS09-018 |
971055 |
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) |
||
MS09-022 |
961501 |
Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501) |
||
MS09-019 |
969897 |
Cumulative Security Update for Internet Explorer (969897) |
||
MS09-026 |
970238 |
Vulnerability in RPC Could Allow Elevation of Privilege (970238) |
||
MS09-025 |
968537 |
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537) |
||
MS09-020 |
970483 |
Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) |
||
|
CSCsy40419 |
Previous installation errors reported in current installation |
||
MS09-029 |
961371 |
Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) |
||
MS09-028 |
971633 |
Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) |
||
MS09-032 |
973346 |
Cumulative Security Update of ActiveX Kill Bits (973346) |
||
|
970659 CSCsv92671 |
Multiple IPv6 addresses on interface causes Black Screen after reboot |
||
|
973252 CSCsz70835 |
COM+ event errors with 1000+ IPv6 addresses |
||
|
Other Windows software upgrades
· Microsoft Windows Installer 3.1 version 2
· Virtual Network Computing (VNC) 4.1.3 (copies install files and upgrades if already installed)
· HP SmartStart 8.20 and higher Driver Updates.
· HP SmartStart 8.20 and higher BIOS/Firmware Updates
· IBM UpdateXpress System Pack 4.05 and higher Updates.
Compaq/HP Drivers
During the upgrade, the following Compaq/HP drivers automatically install on the appropriate servers.
Version |
Description |
5.42.0.0 D |
HP ProLiant iLO Advanced and Enhanced System Management Controller Driver for Windows Server 2003 |
1.11.1.0 |
HP ProLiant iLO 2 Management Controller Driver for Windows Server 2003 |
5.37.0.0 E |
HP ProLiant Advanced System Management Controller Driver for Windows 2000/Server 2003 |
5.80.0.32 |
HP ProLiant Smart Array 5x and 6x Controller Driver for Windows 2000/Server 2003 |
6.12.4.32 (B) |
HP ProLiant Smart Array SAS/SATA Controller Driver for Windows Server 2003 |
2.5.2003.613 B |
HP ProLiant Integrated Ultra ATA-100 Dual Channel Driver for Windows 2000/Server 2003 |
Package: 5.2.3790.1433 File: 6.0.82 |
HP Embedded SATA RAID Controller Driver for Windows 2000/Windows Server 2003 |
1.2.5567 |
HP Embedded SATA RAID Controller Driver for Windows 2000/Windows Server 2003 |
1.0.0.0 F |
HP NULL IPMI Controller Driver for Windows 2000/Windows Server 2003 |
1.14.0.0 |
HP ProLiant Integrated Lights-Out Management Interface Driver for Windows |
5.10.2600.6024 B |
HP ProLiant ATI RAGE XL Video Controller Driver for Windows Server 2003 |
Package: 6.14.10.6746
|
ATI ES1000 and Radeon 7000 Video Controller Driver for Windows 2000/Windows Server 2003 |
12.0.0.5 |
HP NC-Series Broadcom driver for Windows 2003 |
4.6.112.0 |
HP NC-Series Multifunction Driver for Windows 2003 |
2.0.0.0 |
HP StorageWorks Tape Drivers |
7.1.0.0 |
Intel Chipset Support for ProLiant Servers for Windows 2000/Windows Server 2003 |
6.3.2.1 D |
HP ProLiant PCI Hot Plug Controller Driver for Windows 2000/Server 2003 |
9.60.0.0 |
HP Network Configuration Utility |
6.6.0.32 |
HP Proliant Smart Array Device Manager Extension for Windows server 2003 |
HP Network Configuration Utility (Teaming driver) is installed by default on applicable servers. Use this utility to provide fault-tolerant network connectivity only. You can set the speed and duplex to 1000/Full through the standard Windows Server 2003 Network Connections or with the HP Network Configuration Utility.
· Find instructions to configure fault-tolerant network connectivity on CCO at this location: http://www.cisco.com/en/US/products/hw/voiceapp/ps378/prod_installation_guides_list.html
· If the HP Network Configuration Utility is uninstalled, you can reinstall it by using the installation file are located in this folder: C:\Utils\DualNIC\.
Compaq/HP Software
The HP Diagnostics for Windows software provides a detailed list of all hardware installed on the server. It can also run diagnostic tests on the hardware. This processor-intensive intensive software should be used during a maintenance cycle.
Version |
Description |
6.14.0.32 |
HP ProLiant Smart Array SAS/SATA Event Notification Service for Windows 2000/Windows Server 2003 |
8.28.13.0 |
HP ProLiant Array Configuration Utility for Windows |
8.26.1.0 |
HP ProLiant Array Diagnostics Utility for Window |
6.6.0.32 |
HP ProLiant Smart Array Device Manager Extension for Windows 2000/Server 2003 (works for only 5i and 6i controllers) |
5.01 |
HP Embedded SATA RAID Controller Manager for Windows 2000/Server 2003 |
1.8.0.1 |
HP Lights-Out Online Configuration Utility for Windows 2000/Windows Server 2003 |
8.26.0.0 |
HP Insight Management Agents for Windows Server 2003 |
2.2.0.820 |
HP Version Control Agent for Windows |
3.0.1.73 |
HP System Management Homepage for Windows |
8.2.5.3157 |
HP Insight Diagnostics Online Edition |
9.60.0.0 |
HP Network Configuration Utility for Windows 2003 |
8.25 |
Insight Management MIB Update Kit for HP Systems Insight Manager for Windows |
Compaq/HP BIOS and Firmware
This upgrade updates the following BIOS and firmware. These upgrades occur within Windows and do not require booting from a CD-ROM or Diskette. If you recently purchased a new server, the BIOS on the server may be newer than the version that is listed in the table. The upgrade will not change (downgrade) newer versions.
Date/Version |
Firmware Type |
Server |
D13 – 2004.09.15 |
BIOS |
MCS-7825H-2266/3000 |
D18 – 2007.07.16 |
BIOS |
MCS-7825-H1 |
D20 – 2008.08.18 |
BIOS |
MCS-7825-H2 |
W04 – 2008.10.06 |
BIOS |
MCS-7825-H3/MCS-7816-H3 |
W05 – 02/02/2009 |
BIOS |
MCS-7825-H4 |
P24 – 2004.05.01 |
BIOS |
MCS-7835H-1266 |
P29 – 2004.09.15 |
BIOS |
MCS-7835H-2400/3000 MCS-7845H-2400/3000 |
P51 – 2007.07.19 |
BIOS |
MCS-7835-H1 MCS-7845-H1 |
P56 – 2009.05.18 |
BIOS |
MCS-7835-H2 MCS-7845-H2 |
2.76 |
RAID |
MCS-7835H-1266/2400/3000 MCS-7845H-2400/3000 |
2.84A |
RAID |
MCS-7835-H1 MCS-7845-H1 |
5.26 |
RAID |
MCS-7835-H2 MCS-7845-H2 |
1.82 |
RAID |
MCS-7825-H4 |
1.94 |
iLO |
MCS-7825-H1 MCS-7835H-2400/3000 MCS-7835-H1 MCS-7845H-2400/3000 MCS-7845-H1 |
1.78 |
iLOII |
MCS-7825-H2 MCS-7835-H2 MCS-7845-H2 |
2.1.4.8 |
NIC |
MCS-7825H-2266/3000 MCS-7825-H1 MCS-7825-H2 MCS-7835H-2400/3000 MCS-7835-H1 MCS-7835-H2 MCS-7845H-2400/3000 MCS-7845-H1 MCS-7845-H2 |
IBM Drivers/Software
During the upgrade, the following IBM drivers/software automatically install on the appropriate servers.
Version |
Description |
5.20.2
|
IBM Director Agents 5.20.2 SU2 (software update 2) |
Package: 12.4
|
IBM Intel-based Gigabit and Fast Ethernet Adapter Drivers – Servers and IntelliStation; x206, x306, x345 Servers |
Package: 10.86.1.0
|
Broadcom NetXtreme Gigabit Ethernet Drivers Software Release – Servers and IntelliStation; x206m, x306m, x346 Servers |
Package: 4.6.15 |
Broadcom NetXtreme II GbE Drivers Software Release; x3650 Servers |
Package: 10.7b.3 |
Broadcom NetXtreme Gigabit Ethernet Drivers Software CD (Windows Update Package) – Broadcom Advanced Control Suite; x346, x3250, x3250-M2 Servers |
Package: T3.4.6b |
Broadcom NetXtreme Gigabit Ethernet Drivers Software CD (Windows Update Package) – Broadcom Advanced Control Suite; x3650 Servers |
5.10.2600.6014 |
Video Driver for x345 Servers |
6.14.10.6422 |
Video Driver for x206, x306 Servers |
8.24.3.0 |
ATI Video Driver for x206m, x306m, x346, x3650, x3250, x3250-M2 Servers |
5.1.2600.0 |
USB2 Drivers for x205, x206, x306, x346 Servers |
Package: 2.0.0 File: 1.1.0 |
ASF Table for x205, x206 Servers |
5.1.0.1008 |
Motherboard Chipset Drivers for x206, x306 Servers |
7.2.0.1006 |
Motherboard Chipset Drivers for x206m, x306m Servers |
6.0.1.1002 |
Motherboard Chipset Drivers for x346 Servers |
8.1.1.1001 |
Intel Chipset Utility/Drivers for x3650, x3250, x3250-M2 Servers |
9.1.0.1014 |
Intel Chipset Utility/Drivers for x3250-M2 and 3650m2 Servers |
Package: 7.12.11 |
ServeRAID Controller Driver for x340, x342, x345, x346 |
Package: 1.15 File: 4.0.36.2 |
IBM ServeRAID-7e SCSI (Adaptec HostRAID) Driver |
1.2.0.5561 |
IBM ServeRAID-8e (Adaptec HostRAID) Windows 32-bit Update |
5.2.0.12913 |
IBM ServeRAID-8k SAS Controller Driver |
1.27.3.0 |
LSI SAS HBA 1064E Controller driver - ibm_dd_mptsas_1.27.03.00_windows_32-64 |
9.00 |
ServeRAID Manager |
3.00.12 |
MPT SAS MyStorage RAID Manager, x3650, x3250, x3250-m2 servers |
5.27.01C |
ASM/ASR Driver for x206, x306 Servers |
5.27B |
ASM/ASR Driver for x306 Servers |
5.27.02B |
ASM/ASR Driver for x345 Servers |
1.10 |
ASR for IPMI Application |
Package: 1.15 File: 2.2.1.2 |
OSA IPMI Device Driver for Microsoft Windows |
1.18 |
IBM Mapping Layer Software for OSA IPMI on Microsoft Windows |
5.45 |
Remote Supervisor Adapter II Server Software for Microsoft Windows |
IBM BIOS and Firmware
This upgrade updates the following BIOS and Firmware. These upgrades occur at the end of the OS Upgrade process and require an additional reboot into DOS. When the BIOS and firmware upgrades are finished, the server reboots back into Windows Server 2003. If you recently purchased a new server, the BIOS on the server may be newer than the version that is listed in the table. The upgrade will not change (downgrade) newer BIOS versions.
Version |
Firmware Type |
Server |
1.41 |
BIOS |
MCS-7815I-3.0-IPC1 MCS-7825I-3.0-IPC1 MCS-7825-I1-IPC1/CC1 |
1.45A |
BIOS |
MCS-7815-I2 MCS-7825-I2 |
1.21 (GEJT63A) |
BIOS |
MCS-7835I-2.4-EVV1 MCS-7835I-3.0-IPC1 X345 3.06 GHz Dual CPU |
1.17 |
BIOS |
MCS-7835-I1-IPC1/CC1/ECS1/RC1 MCS-7845-I1-IPC1/CC1/ECS2/RC1 |
1.15 |
BIOS |
MCS-7835-I2 MCS-7845-I2 |
1.42 |
BIOS |
MCS-7816-I3 |
1.44 |
BIOS |
MCS-7816-I4 |
Package: 7.12.13 File: 7.12.13 |
RAID |
MCS-7825-I1-IPC1/CC1 X345 3.06 GHz Dual CPU MCS-7835-I1-IPC1/CC1/ECS1/RC1 MCS-7845-I1-IPC1/CC1/ECS2/RC1 |
5.2-0 Build 15429 |
RAID |
MCS-7835-I2 MCS-7845-I2 |
RAID
Firmware: 1.18.86.00 |
RAID |
MCS-7825-I3 |
RAID
Firmware: 1.27.86.00 |
RAID |
MCS-7825-I4 |
1.20.24 |
NIC |
MCS-7815-I2 MCS-7825-I2 MCS-7835-I1-IPC1/CC1/ECS1/RC1 MCS-7845-I1-IPC1/CC1/ECS2/RC1 |
2.1.0 |
NIC |
MCS-7835-I2 MCS-7845-I2 |
1.06 |
Flash Diagnostics |
MCS-7835I-2.4-EVV1 MCS-7835-3.0-IPC1 X345 3.06 GHz Dual CPU |
1.08 (KPYT26A) |
Flash Diagnostics |
MCS-7835-I1-IPC1/CC1/ECS1/RC1 MCS-7845-I1-IPC1/CC1/ECS2/RC1 |
1.10 |
Flash Diagnostics |
MCS-7835-I2 MCS-7845-I2 |
1.16 |
ASM/BMC |
MCS-7815-I2 |
2.16 |
ASM/BMC |
MCS-7825-I2 |
1.10 |
ASM/BMC |
MCS-7816-I3 |
1.07 |
ASM/BMC |
MCS-7816-I4 |
1.09 |
ASM/BMC |
MCS-7835I-2.4-EVV1 MCS-7835-3.0-IPC1 X345 3.06 GHz Dual CPU |
1.20 |
ASM/BMC |
MCS-7835-I1-IPC1/CC1/ECS1/RC1 MCS-7845-I1-IPC1/CC1/ECS2/RC1 |
1.47 |
ASM/BMC |
MCS-7835-I2 MCS-7845-I2 |
1.08 |
RSA II |
MCS-7835-I2 MCS-7845-I2 |
1.00 |
RSA II |
MCS-7816-I4 |
This fairly complete list gives the security settings in OS version 2003.1.5a. The list of file/folder permissions that are included from the ocfiless.inf are not included. The list includes settings that have been in place for several OS versions as well as the new settings in 2003.1.5a. This list does not include the changes as part of the Optional Security Settings. Refer Optional Security settings readme in C:\Utils Folder for the list of changes in Optional Security Settings Script.
Description |
Setting |
User / Group Changes |
|
Remove all users from Guest group. |
|
Deselect Password never expires on Guest account |
|
Rename IUSR_Computername and IWAM_Computername to IUSR_Guest and IWAM_Guest |
|
Remove user SUPPORT_xxxxxxxx |
|
Run iisuser.cmd during base OS creation |
Guest, IUSR_Guest, and IWAM_Guest require passwords in compliance with STIG PDI ID 1744: No password required |
|
|
Password Policy |
|
Password Policies are not changed from default values. |
|
|
|
Kerberos Policy |
|
Kerberos Policies are not changed from default values. |
|
|
|
Account Lockout Policy |
|
Account Lockout Policies are not changed from default values. |
|
|
|
Audit Policy |
|
Audit system events |
Success Failure |
|
|
User Rights Assignment |
|
Access this computer from the network (SeNetworkLogonRight) |
IWAM_Guest Authenticated Users Administrators IUSR_Guest Enterprise Domain Controllers |
Act as part of the operating system (SeTcbPrivilege) |
Administrators |
Allow logon locally (SeInteractiveLogonRight) |
Administrator Authenticated Users IUSR_Guest |
Bypass traverse checking (SeChangeNotifyPrivilege) |
Users |
Debug programs (SeDebugPrivilege) |
Administrators |
Log on as a batch job (SeBatchLogonRight) |
IWAM_Guest IUSR_Guest IIS_WPG |
|
|
Security Options |
|
Audit: Shut down system immediately if unable to log security audits |
Disabled |
Devices: Restrict CD-ROM access to locally logged-on user only |
Disabled |
Devices: Restrict floppy access to locally logged-on user only [STIG PDI ID 1715] |
Enabled |
Microsoft network client: Digitally sign communications (always) [Ref: KB281648, KB823659] |
Disabled |
Microsoft network server: Digitally sign communications (always) [Ref: KB281648, KB823659] |
Disabled |
Network access: Named Pips that can be accessed anonymously [STIG PDI ID 6786] |
COMNAP, COMNODE, SQL\QUERY, SPOOLSS, LLSRPC, BROWSER, NETLOGON, LSARPC, SAMR |
Network security: Force logoff when logon hours expire [STIG PDI ID 6838] |
Enabled |
Network security: LAN Manager Authentication level [Ref: KB281648, KB823659] |
Send LM & NTLM – use NTLMv2 session security if negotiated (value: 1) |
|
|
Event Log Settings |
|
Maximum application log size |
81920 KB |
Maximum system log size |
81920 KB |
|
|
Restricted Groups |
|
As a part of the SSLF-Member Server Baseline template, the following groups are restricted. |
Backup Operators Power Users |
|
|
IIS Security Changes |
|
Enable W3C Extended Logging Format (LogExtFilesFlags) – Contains a flag that determines which categories of information are written to either the log file or ODBC data source during logging events. |
LogExtFileReferer = True Log the referrer field sent by the client LogExtFileWin32Status = True Log the current Microsoft Win32 error status |
IIS Connection (MaxConnections) – Specifies the maximum number of simultaneous connections to a server. |
MaxConnections = 50000 (default 0) |
Files Access Configuration (AccessFlags) – Contains flags for configuring file access permissions. |
AccessExecute = False AccessNoRemoteExecute = False AccessNoRemoteRead = False AccessNoRemoteScript = False AccessNoRemoteWrite = False AccessRead = True AccessScript = False AccessSource = False AccessWrite = False |
URLScan version 2.5, a security tool, restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the URLScan security tool helps prevent potentially harmful requests from reaching the server. ·
Logs:
URLScan logs to this folder:
c:\winnt\system32\inetsrv\urlscan\logs. · Filter settings: The URLScan filters settings are in this text file: c:\winnt\system32\inetsrv\urlscan\urlscan.ini. Cisco has customized this filter to work correctly with the Cisco applications that this OS supports. Cisco does not recommend changing the settings in the file. If changes are made to this file, they do not take effect until the IISAdmin service is re-started. · Uninstall: You can uninstall URLScan from the Add/Remove Programs applet in the Windows Control Panel (Choose Start > Settings > Control Panel > Add/Remove Programs). · Additional Information about URLScan: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/urlscan.asp |
|
Remote unused virtual directories |
IISAMPWD IISHELP |
Disabled WebDav – To disable Windows Based program to create, access, and modify Internet-based files. Make sure the startup type of “WebClient” service is disabled. |
|
|
|
Registry Settings |
|
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscovery |
0 |
HKLM\System\CurrentControlSet\Services\Spooler\Performance\Library |
xxwinspool.drv |
HKLM\System\CurrentControlSet\Control\Session Manager\HeapDecommitFreeBlockThreshold |
0x00040000 |
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort |
65534 (decimal) |
HKLM\System\CurrentControlSet\Services\Tcpip\Paramters\ReservedPorts
|
1024-49151 57606-57606 59000-59100 63432-63432 |
HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\srvcomment |
Cisco AVVID Server |
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate |
1 |
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer\PreventCodecDownload |
1 |
HKCU\.DEFAULT\Software\Policies\Microsoft\WindowsMediaPlayer\PreventCodecDownload |
1 |
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoUpdate |
|
HKLM\Software\Policies\Microsoft\Conferencing\NoRDS |
1 |
HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword |
1 |
HKLM\Software\Policies\Microsoft\Window NT\Terminal Services\MinEncryptionLevel |
3 |
HKLM\Software\Policies\Microsoft\Window NT\Terminal Services\PerSessionTempDir |
1 |
HKLM\Software\Policies\Microsoft\Window NT\Terminal Services\DeleteTempDirsOnExit |
1 |
HKLM\Software\Policies\Microsoft\Window NT\Terminal Services\MaxDisconnectionTime |
0x0000ea60 (60000) |
HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptedRPCTraffic |
1 |
HKLM\Software\Policies\Microsoft\Messenger\Client\PreventRun |
1 |
HKLM\Software\Policies\Microsoft\Messenger\Client\PreventAutoRun |
1 |
HKLM\Software\Policies\Microsoft\Window NT\Terminal Services\fAllowToGetHelp |
0 |
HKLM\Software\Policies\Microsoft\Window NT\Terminal Services\fAllowUnsolicited |
0 |
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DoReport |
0 |
HKLM\Software\Policies\Microsoft\Window NT\Printers\KMPrintersAreBlocked |
1 |
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\NukeOnDelete |
1 |
HKLM\Software\Policies\Microsoft\Messenger\Client\{9b017612-c9f1-11d2-8d9f-0000f875c541}\Disabled |
1 |
HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy |
0 |
HKLM\System\CurrentControlSet\Control\FileSystem\NtfsDiable8dot3NameCreation |
0 |
HKLM\System\CurentControlSet\Services\NetBT\Parameters |
0 |
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutorun |
0xDF |
|
|
Registry Settings Removed |
|
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems |
POSIX |
|
|
Registry ACLs |
|
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application |
Administrators: Full System: Full Users: Full |
|
|
File/Folder ACLs |
|
C:\ |
Administrators: Full System: Full Creator Owner: Full Users: Read & Execute |
D:\ |
Administrators: Full System: Full Creator Owner: Full Users: Read & Execute |
F:\ |
Administrators: Full System: Full Creator Owner: Full Users: Read & Execute |
%SystemRoot%\regedit.exe |
Administrators: Full System: Full |
|
|
File/Folder Removed |
|
\winnt\system32\tlntadmn.exe |
|
\winnt\system32\tlntsess.exe |
|
\winnt\system32\tlntsvr.exe |
|
\winnt\system32\tlntsvrp.dll |
|
C:\Program Files\NetMeeting\*.* |
|
|
|
Service ACLs |
|
ASF Agent |
Administrators: Full System: Full |
SMBus Upgrade Service for Windows |
Administrators: Full System: Full |
Alerter (Alerter) |
Administrators: Full System: Full Authenticated Users: Read |
Application Layer Gateway Service (ALG) |
Administrators: Full System: Full Authenticated Users: Read |
Application Management (AppMgmt) |
Administrators: Full System: Full Authenticated Users: Read |
ClipBook (ClipSrv) |
Administrators: Full System: Full Authenticated Users: Read |
DHCP Server (DHCPServer) |
Administrators: Full System: Full Authenticated Users: Read |
Distributed File System (Dfs) |
Administrators: Full System: Full Authenticated Users: Read |
DNS Server (DNS) |
Administrators: Full System: Full Authenticated Users: Read |
Error Reporting Service (ERSvc) |
Administrators: Full System: Full Authenticated Users: Read |
Help and Support (helpsvc) |
Administrators: Full System: Full Authenticated Users: Read |
Human Interface Device Access (HidServ) |
Administrators: Full System: Full Authenticated Users: Read |
IMAPI CD-Burning COM Service (ImapiService) |
Administrators: Full System: Full Authenticated Users: Read |
Indexing Service (CiSvc) |
Administrators: Full System: Full Authenticated Users: Read |
Intersite messaging (IsmServ) |
Administrators: Full System: Full Authenticated Users: Read |
Kerberos Key Distribution Center (kdc) |
Administrators: Full System: Full Authenticated Users: Read |
License Logging (LicenseService) |
Administrators: Full System: Full Authenticated Users: Read |
Messenger (Messenger) |
Administrators: Full System: Full Authenticated Users: Read |
NetMeeting Remote Desktop Sharing (Mnmsrvc) |
Administrators: Full System: Full Authenticated Users: Read |
Network DDE (NetDDE) |
Administrators: Full System: Full Authenticated Users: Read |
Network DDE DSDM (NetDDEdsdm) |
Administrators: Full System: Full Authenticated Users: Read |
File Replication (NtFrs) |
Administrators: Full System: Full Authenticated Users: Read |
NTLM Security Support Provider (NtLmSsp) |
Administrators: Full System: Full Authenticated Users: Read |
Removable Storage (NtmsSvc) |
Administrators: Full System: Full Authenticated Users: Read |
Remote Access Auto Connection manager (RasAuto) |
Administrators: Full System: Full Authenticated Users: Read |
Remote Desktop Help Session Manager (RDSessMgr) |
Administrators: Full System: Full Authenticated Users: Read |
Routing and Remote Access (RemoteAccess) |
Administrators: Full System: Full Authenticated Users: Read |
Remote Procedure Call (RPC) Locator (RpcLocator) |
Administrators: Full System: Full Authenticated Users: Read |
Resultant Set of Policy Provider (RSoPProv) |
Administrators: Full System: Full Authenticated Users: Read |
Special Administration Console Helper (Sacsvr) |
Administrators: Full System: Full Authenticated Users: Read |
Smart Card (SCardSvr) |
Administrators: Full System: Full Authenticated Users: Read |
Task Scheduler (Schedule) |
Administrators: Full System: Full Authenticated Users: Read |
Secondary Logon (Seclogon) |
Administrators: Full System: Full Authenticated Users: Read |
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) |
Administrators: Full System: Full Authenticated Users: Read |
Shell Hardware Detection (ShellHWDetection) |
Administrators: Full System: Full Authenticated Users: Read |
Print Spooler (Spooler) |
Administrators: Full System: Full Authenticated Users: Read |
Windows Image Acquisition (WIA) (Stisvc) |
Administrators: Full System: Full Authenticated Users: Read |
Performance Logs and Alerts (SysmonLog) |
Administrators: Full System: Full Authenticated Users: Read |
Terminal Services (TermService) |
Administrators: Full System: Full Authenticated Users: Read |
Themes (Themes) |
Administrators: Full System: Full Authenticated Users: Read |
Distributed Link Tracking Server (TrkSvr) |
Administrators: Full System: Full Authenticated Users: Read |
Distributed Link Tracking Client (TrkWks) |
Administrators: Full System: Full Authenticated Users: Read |
Terminal Services Session Directory (Tssdis) |
Administrators: Full System: Full Authenticated Users: Read |
Uninterruptible Power Supply (UPS) |
Administrators: Full System: Full Authenticated Users: Read |
Virtual Disk Service (Vds) |
Administrators: Full System: Full Authenticated Users: Read |
Windows Time (W32Time) |
Administrators: Full System: Full Authenticated Users: Read |
WebClient (WebClient) |
Administrators: Full System: Full Authenticated Users: Read |
WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) |
Administrators: Full System: Full Authenticated Users: Read |
Portable Media Serial Number Service (WmdmPmSN) |
Administrators: Full System: Full Authenticated Users: Read |
Automatic Updates (wuauserv) |
Administrators: Full System: Full Authenticated Users: Read |
Wireless Configuration (WZCSVC) |
Administrators: Full System: Full Authenticated Users: Read |
HP Insight Event Notifier (CIMnotify) |
Administrators: Full System: Full Authenticated Users: Read |
HP Insight Foundation Agents (CqMgHost) |
Administrators: Full System: Full Authenticated Users: Read |
HP Insight NIC Agents (CqNicMgmt) |
Administrators: Full System: Full Authenticated Users: Read |
HP Insight Server Agents (CqMgServ) |
Administrators: Full System: Full Authenticated Users: Read |
HP Insight Storage Agents (CqMgStor) |
Administrators: Full System: Full Authenticated Users: Read |
HP Storage Manager (HPStorageManagerAgent) |
Administrators: Full System: Full Authenticated Users: Read |
HP Proliant System Shutdown Service (Sysdown) |
Administrators: Full System: Full Authenticated Users: Read |
HP System Management Homepage (SysMgmtHp) |
Administrators: Full System: Full Authenticated Users: Read |