±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 35980
New Yesterday: 5 Visitors: 382

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Microsoft Exchange Server

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 
  

jaclaz
Senior Member
 

Re: Microsoft Exchange Server

Post Posted: Aug 30, 12 23:29

From the mouth of the wolf:
technet.microsoft.com/...37979.aspx
Several improvements have been made in servicing for Exchange 2010, including:
  • An integrated automated test product that is built together with the shipping product. Therefore, we can perform better integrated, end-to-end system testing than was possible with previous versions of Microsoft Exchange.
  • Windows Installer is used instead of the Update.exe installation program.
  • Update rollup packages are cumulative. For example, if you apply Update Rollup 4 on a computer that is running Exchange 2010, you receive all the fixes in that specific update package together with all the fixes that were released in all earlier update rollup packages. That is, in Update Rollup 4, you receive all the updates that were released in the previous Update Rollup 1 through Update Rollup 3 packages plus the updates in Update Rollup 4.
Note:
This approach to updating doesn't replace service packs for the product. Additional product fixes and features are released in separately available service packs for Exchange 2010.

(bolding is mine)


technet.microsoft.com/...37981.aspx

After you install an update rollup for Exchange 2010, the version of Exchange Server isn't updated to show that the update rollup is installed. This issue occurs because the version number that is displayed by the Exchange Management Console or by other administrative mechanisms is obtained from the Exchange Server Object in Active Directory.


technet.microsoft.com/...32170.aspx
Exchange 2010 Versions
Service Pack 2 (SP2) for Exchange Server 2010 is available and is the most recent version of the product.

Service Pack 1 (SP1) for Exchange Server 2010 and the release to manufacturing (RTM) version of Exchange Server 2010 are also available.

Exchange 2010 Build Versioning
The SP1 version of Exchange 2010 is 14.01.0218.015. The RTM version of Exchange 2010 is 14.00.0639.021. This version information is consistently displayed in the Exchange Management Console, the Exchange Management Shell, and in the About Exchange Server 2010 Help dialog box.

You can also use the Get-ExchangeServer cmdlet and examine the AdminDisplayVersion property for the Exchange 2010 build version. For more information about deploying fixes and update rollups for Exchange 2010, see Exchange 2010 Servicing.


It seems like this latter Get-ExchangeServer cmdlet is needed to get the stupid version number:
technet.microsoft.com/...23873.aspx

As seen from the outside it still resembles a bunch of headless chickens running around in circles.....

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

BitHead
Senior Member
 

Re: Microsoft Exchange Server

Post Posted: Aug 30, 12 23:42

- jaclaz
As seen from the outside it still resembles a bunch of headless chickens running around in circles.....
It has always been a case of the right hand not knowing what the left is doing at MS. Makes me glad that I am not doing patch management day to day.  
 
  

BitHead
Senior Member
 

Re: Microsoft Exchange Server

Post Posted: Aug 31, 12 00:45

And for anyone that is interested, Exchange 2010 SP2, with supposedly all the patches, rollups, etc. returns the following:
Exchange Management Console: Version 14.02.0318.001
Exchange Management Shell: Version 14.2 <Build 247.5>  
 
  

sgreene2991
Senior Member
 

Re: Microsoft Exchange Server

Post Posted: Aug 31, 12 09:43

- jaclaz


On the other hand, if you just google for "14.02.5004.000" you will find any number of .ics files with content



That is exactly what I have found, yet I also am finding them in email headers from a case I am working on. It is baffling me to say the least. I'm not sure what to do, it doesn't have a lot of relevance to this project, but it would be nice to be able to explain it if it comes up.  
 
  

jaclaz
Senior Member
 

Re: Microsoft Exchange Server

Post Posted: Aug 31, 12 15:16

- sgreene2991
- jaclaz


On the other hand, if you just google for "14.02.5004.000" you will find any number of .ics files with content



That is exactly what I have found, yet I also am finding them in email headers from a case I am working on. It is baffling me to say the least. I'm not sure what to do, it doesn't have a lot of relevance to this project, but it would be nice to be able to explain it if it comes up.

Well, if you check one of the results, this one as an example:
answers.microsoft.com/...8b4ffff39d
it seems like the "generating app" is actually Microsoft Outlook (14.0):
BEGIN:VCALENDAR
PRODID:-//Microsoft Corporation//Outlook 14.0 MIMEDIR//EN

and the "14.02.5004.000" is just in the "x-ALT-DESC":
X-ALT-DESC;FMTTYPE=text/html:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//E
N">\n<HTML>\n<HEAD>\n<META NAME="Generator" CONTENT="MS Exchange Server ve
rsion 14.02.5004.000">\n<TITLE></TITLE>\n</HEAD>\n<BODY>\n<!-- Converted f
rom text/rtf format -->\n\n<P DIR=LTR><SPAN LANG="en-gb"></SPAN></P>\n\n</
BODY>\n</HTML>

It sounds like (since I doubt that "all the world" has an Exchange Server installed, that the whole thingy is generated by Outlook only and -somehow- uses that queer MS Exchange ID.

You should be able to reproduce the behaviour on a machine running OUTLOOK not connected to *any* Exchange Server.....
Outlook "14.0 should be "Office 2010" ...

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 

Page 2 of 2
Page Previous  1, 2