I easily passed the 70-299 exam today!  :)  That makes me a MCSA.  Next month I'm gonna try the "ISA 2004" exam for my MCSA+Security.

Got my GPS yesterday, but had to wait a whole day to play because I HAD to study for my 070-299 MCSE exam (Windows 2003 Security).

Check out this nice map of my first GPS track, my location is not visible.

http://ydns.no-ip.com/blog/track.html

As I prepare to take my 70-299 MCSE exam, I have started geocaching.  Its a nice way to get outside, or something to do inbetween more intensive outdoor activities.  ;)  As many other newer outdoor activities, its eco-light and unlimited in scope.

I encourage everyone to have a fun activity like this that can be played anywhere on the cheap.  So if you travel for work, you can geocache there.  The only cost is a basic GPS device like the Garmin geko 201 ($~120).  That device can be used for any basic GPS needs, such as fishing, hiking, sailing, etc.

I must admit, it is possible to geocache without a GPS device, albeit harder and slower.  (As I can attest to these past 2 days)

I was a little worried about this one, but I thought I did great on the test.  Not exactly  ;)  Next up 070-299!  This next one will give me my MCSA.  Then I'll step thru certifications until I reach my goal of MCSE: Security.

I just passed my 070-290 exam - "Managing and Maintaining a Microsoft Windows Server 2003 Environment"

I'm looking to schedule 070-291 for later next month but I hope to be able and move it up.

When I got Paint.NET (which rocks by the way), I went crazy making stuff.  Here is a wallpaper that I use. Click to download.

I'm halfway through my core exams!  I rocked the XP exam.  I'm gonna start moving quicker on my exams.  I can do one a month.  So I get to brag and put this logo up again.  :)

I made this a couple of years ago.  I rather like it for its simplicity.  The topic is evident, but not blatent.

So what about IPSec is hot, other then the fact you can script it?  Well in a enterprise environment you can deploy it in Group Policy.  Now that is a pretty cool way to protect your network.  So you can use IPSec to protect traffic between trusted hosts.  The easiest scenario is to setup IPSec between domain computers.  Once Group Policy refreshes on a client computer they implement whatever IPSec policy is deployed to it.  In a workgroup environment you can still use IPSec for protecting your network, but it is more manual effort.

Not only can you deploy IPSec policies to computers using Group Policy, you can also deploy dynamic IPSec policies to the same computer at the same time.  Now dynamic IPSec policies are the same thing only they don't stick after a reboot or IPSec is restarted.  This makes them handy for testing a setting, you can just reboot (or restart IPSec) to undo it. 

So deploy a baseline IPSec policy to everyone, then use script to deploy dynamic IPSec policies at startup.  That way you can quickly deploy IPSec protection without a way to back out.

The key thing to remember about applying an IPSec policy using Group Policy is that you can only have one policy - the last one that applies.  Similiar to a specific Group Policy setting.  The IPSec Policies don't merge into one big policy as Group Policy is enforced onto a computer.

Microsoft IPSec FAQ

Important things to consider regarding IPSec and tradeoffs.

Microsoft article on how to assign Domain based IPSec policy

Microsoft article providing an outline of reasons to use IPSec.

Example scripts and reasons to use IPSec to protect your systems

Example scripts for protecting against a specific security concern (WINS exploit)

Go read my other article on IPSec (sample scripts and IPSec policy files)