- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Sun, Apr 19, 1998
Sunbelt Windows NTools E-News[tm] April 19, 1998
  This issue of W2Knews™ contains:
Sunbelt Windows NTools[tm] Electronic Newsletter
Vol. 3, #8 - April 19, 1998
--- http://www.sunbelt-software.com ---

***************************************************************
Sunbelt Windows NTools E-News is the World's first and largest 
E-Newsletter designed for NT System Managers that have the job of 
getting and keeping NT up & running in a production environment.
Sunbelt launched this electronic newsletter early 1996 so we 
could keep the Windows NT community informed and aware of what 
is happening with 3-rd party NT System Management Tools, and to
provide hints and tips that will enable you to better understand
and utilize Windows NT. You'll find general Windows NT related
and third party news, technical information, and 3-rd party beta
and release information. By subscribing to NTools E-News[tm], you 
are also a charter member of the Sunbelt Field Test Bonus Program.
Sunbelt Software is the first and largest distributor worldwide
of Third Party System Management Tools for Windows NT with
subsidiaries in the USA, UK, France, Germany, Holland and Italy.
**********************70,000 subscribers!************************

This issue of Windows NTools E-News contains:

1. "EDITORS CORNER" 

2. "TECH BRIEFING"
* PLAN AHEAD ON DOMAIN DESIGN
* REDUCING NETWORK USER ADMINISTRATION TIME WITH 50%

3. "NT RELATED NEWS"
* 500 APPLICATIONS GET BACKOFFICE CERTIFIED
* BATTLING THE DREADED BSOD

4. "THIRD PARTY NEWS"
* TEM V3.0 SOON TO ARRIVE
* BETA TESTER ALERT - DATA REPLICATOR 3.0
* MAILSHIELD ANTI-SPAM SOFTWARE RELEASED
* IMAGECAST LETS YOU CLONE AND DISTRIBUTE HARD DRIVES
* LAN LICENSER SERVICE PACK 1 RELEASED

5. "HINTS AND TIPS - TIME SAVERS AND OTHER GOODIES...

6. "THE NT STOCK WATCH"

7. "HOW TO USE THE MAILING LIST"
NEW Instructions on how to subscribe, sign off
and change your address.

***************************SPONSOR*********************************
HOW CAN I LINK UP MY DIFFERENT DATABASES? Ever since you started 
adopting SQL Server, making your different databases talk to each 
other has become a BIG nightmare, right? Relax. There is a solution: 
Data Replicator. It links up all your databases, whether Oracle, 
Access, SQL Server, Informix, Sybase, DB2, you name it, across 
multiple platforms. And it manages fast, complex replication! As an 
NTOOLS reader, you qualify for the closed beta of Data Replicator 
V3.0, slated for release in this Quarter. Numbers are limited, so 
apply now! Simply click on http://www.netversant.com/dr.html.
*******************************************************************


1. "Editor's Corner" 


With NT doubling in size per year, one thing you will see is more
users hooked up to more NT Servers. More users means more user admin
tasks and you will run into a nasty problem. This time, in our
Tech Briefing we look at Domain planning and User administration.
There are some headaches and solutions you should be aware of.

Let's get to work, there is a lot of news!

Warm regards,

Stu Sjouwerman


***************************************************************** 

2. "TECH BRIEFING"

* PLAN AHEAD ON DOMAIN DESIGN

In the latest issue of NTSystems magazine, Kenton Gardiner wrote
a very clear and comprehensive article about designing domains.
I'm quoting two paragraphs but the full article is online over at
http://www.ntsystems.com. You should go over there and read it,
they have just redesigned their website and it's worth a look.

"Although Microsoft states that a master domain can support 40,000 
users with no group or machine accounts or 26,000 users with group 
and machine accounts, domains of this size are not recommended. 
A master domain should support no more than 10,000 users, and an 
additional backup domain controller (BDC) should be available for 
every 1,000 users.

Single domains are best for a company with fewer than 5,000 
employees, even if the workforce is expected to increase greatly, 
because master or resource domains can be added to compensate for 
growth. Single domains also offer good security and centralized 
administration. Companies with more than 5,000 employees should 
consider using only the master domain model because it segments 
user accounts and resources. For example, a company with 10,000 
users in one geographic location can use the master domain model 
to split the accounts in half to increase performance and 
manageability." (Copyright NTSystems Magazine)
--------------------------

* REDUCING NETWORK USER ADMINISTRATION TIME WITH 50%

When you have a few hundred users hooked up to NT, you will soon
find one major drawback of the User Administration in NT. It's
'all or nothing'. No way to delegate simple tasks. Let me paint a 
real life picture of the problem, which multiplies rapidly with 
more users. From 500 to 1000 users this becomes a real pain. Over 
1000 users the problem starts to cost a _lot_ of money and already
scarce resources. Here is the situation:

Chevron had over 10 NT User domains with 25,000 users distributed
worldwide and 90 BDC's. The Network Admin's were overloaded with
simple user administration tasks. Over 119 employees had Domain
Admin accounts. They required a secure and granular administration
of their NT Servers.

How come this situation came into being? NT does not allow any
delegation (or distribution if you will) of user administration.
NT provides predefined global and local groups that determine your
administrative level over the entire domain. NT does not report who
controls which groups of users. NT's smallest administrative unit
is a Domain, and domains typically grow out fast to include many
thousands of users. 

Large companies often have distributed networks. Generally, each
site has local administrators, each of which is responsible for
some (small) group of users. Individual business units of groups
have their own administrators in many cases on top of this. Getting
the administrative authority in the hands of the people who need
it gets complicated if you want to keep things secure and at the
same time do not want to give the keys to the kingdom away.

Some NT Fundamentals:

NT's unit of administration is the Domain. Domains may contain two
primary types of objects: User Objects and Resource Objects. These
last ones are files, folders, printers etc. Resource Objects are
protected by Access Control Lists (ACL's). User Objects are Users
and Groups. An administrator has control over which user can access
which file, folder, printer or share. The User Objects play a 
critical role in the security of your systems. 

Controlling who can access user objects and their properties is at 
least as important as controlling access to Resource Objects. 
Unauthorized modification of a User or a Group can easily result in 
a total breach of system security. User Objects are NOT controlled 
by ACL's. Access to Users and Groups is controlled at the level of 
the domain. That is where the problem sticks up its ugly head, it
cannot be delegated and there is no native NT solution.

That is why Trusted Enterprise Manager (TEM) was developed.

TEM allows you to delegate NT user administration. In a nutshell,
it puts the power in the hands of the people who need it. Local
administrators are given the appropriate authority over the users
they support. TEM provides you the ability to assign granular rights
down to the level of each users individual attributes (passwords,
logon scripts, logon hours, etc).

TEM securely delegates NT administration with over 20 individual
permissions, and it allows you to create templates of who is allowed
to do what. It minimizes admin tasks, you can create, delete and 
modify multiple NT groups simultaneously. It has a "quick password
reset" feature, click one button and the user can create a new
password by themselves.

The results of deployment of TEM at Chevron were:
- Reduced 119 Domain Admin accounts to ONE.
- Reduced network user admin time by over 50%

Any NT site with hundreds of users needs to have a look at this
product: http://www.sunbelt-software.com/tem.htm
----------------------------

********************************************************************
3. "NT RELATED NEWS"

* 500 APPLICATIONS GET BACKOFFICE CERTIFIED

Last year 500 new applications earned the 'Designed for BackOffice 
logo designation' The growing numbers point to even greater server-
side application development.

"Those are all products that are tested for quality by outside 
vendors and Microsoft on the NT platform," said Jonathan Pererra, 
Microsoft product manager for Windows NT Server. In the past 12 
months, the 500 new applications have brought the total number of 
BackOffice logo designations to 615 through last month, compared with 
130 through March 1997-an increase of 380 percent, Pererra said. 

With NT expanding, licensing growth and market-share gains by NT are
obvious key factors. The NT 5.0 logo certification program begins 
in June 1998. Products displaying the Designed for BackOffice logo 
have been tested in the Microsoft BackOffice and Windows NT envi-
ronments and offer enhanced quality and consistency.

MS Officials said products receiving logo approval went through a 
series of tests to ensure technologies are used to the fullest and 
that the products are fully compatible with Microsoft's technology.
Here is the full list of certified products:
http://www.microsoft.com/isapi/hwtest/backoffice/soft.idc
----------------------------

* BATTLING THE DREADED BSOD

The Windows NT Blue Screen Of Death (BSOD) still appears too often.
Some people say the BSOD is an indication of a hardware problems, so
fix the hardware. Not entirely correct!

A BSOD can occur for a quite varied set of reasons other than hardware 
configuration conflicts, flaky hardware, or simply bad RAM. A BSOD 
can be caused by kernel bugs, memory resource depletion, a corrupted 
registry, driver bugs, or the OS is unable to handle an unexpected 
condition. There is a very interesting list of bug codes at MS website 
that will show you a lot of situations that can cause a BSOD:
http://support.microsoft.com/support/kb/articles/Q103/0/59.asp

Errors that cause a BSOD often occur in hardware drivers, that is
maybe a reason some people assume a BSOD is hardware-related. This is
one of the reasons why NT 4.0 BSOD's more often than NT 3.51. NT 4.0
has a bunch of drivers included that 3.51 did not have. MS did this
to speed up performance but the reliability suffered, as for example
display drivers have unrestricted access to critical parts of the 
system.

When a hardware driver gets its fingers into a section of the system 
it isn't supposed to touch, the damage to the system is done before 
NT can isolate the error, prevent it, or correct it. So NT figures it 
is safer to crash with a BSOD than to continue running. This is not so
strange, it is typical behavior for a large operating system. Quite a
few O/S'es are better than NT in protecting themselves from flaky
hardware drivers, but all are designed to react the same way when 
dangerous situations occur. The fact that NT is not so strong in this
area is mainly caused by the forced backward compatibility with older
Windows versions.

Have a look at the list I mentioned above. You'll be surprised.
-----------------------------

********************************************************************
4. "THIRD PARTY NEWS"

* TEM V3.0 SOON TO ARRIVE

I have seen a Beta of TEM Version 3.0 and I was impressed. It has
been rewritten from the ground up to be modular instead of the current
architecture which is 'monolithic'. This means you can pick and choose
which functions you want, and only pay for those. TEM V3.0 is NT5.0
ready and already runs on it. Despite what you may have heard, the
NT 5.0 user management still leaves a lot to wish for and TEM already
provides much more time saving features, like Drag-and-Drop User
management which was definitely very cool. I'm under non-disclosure
so I cannot go in depth about some other interesting stuff I saw,
but TEM 3.0 was definitely worth the wait and is for free for all
current TEM 2.0 users that are under maintenance.
-----------------------------

* BETA TESTER ALERT - DATA REPLICATOR 3.0

In our recent survey, it showed that 42% of you are moving to MS
SQL server in your company. Cross-database replication has become a 
big issue as a result of this. It simply impossible to standardize
on one RDBMS throughout your company. Fortunately, there is a solution.

Data Replicator is a true cross-database linking agent, supporting 
full replication, migration and transparent copy functions between 
many databases on multiple platforms. This is the ONLY mature product 
I know that can handle this.

The product has a European installed base and is entering the US 
market, starting with its Beta program for version 3.0, which offers 
many usability enhancements. I suggest you sign up as a beta tester 
today, or forward this issue to your DataBase Administrator and point
them to this URL: http://www.netversant.com/dr.html. They will owe
you a big one for this hint!
-------------------------------

* MAILSHIELD ANTI-SPAM SOFTWARE RELEASED

Shelby Group has released MailShield, a software plug-in for your mail
server, adding powerful filtering, rejection and programmability 
features to your existing email setup.

With MailShield, your mail server can reject spam, prevent 
unauthorized mail relaying and halt email bombs. 

MailShield gives you control over every step of the mail receiving
process. Built into MailShield are more than 50 different mail
protection techniques, that you can selectively turn on, off, or
configure to your specific criteria. What sets MailShield apart from
other anti-spam packages is its configurability: everything
MailShield does is documented, configurable, changeable and
accessible. 

MailShield will work with any mail server when two separate machines
are used. MailShield also works on the same machine with these
servers: Sendmail, Exchange, Netscape Mail Server, Post Office,
NTMail, Qmail, WinGate, Lotus Notes/Domino, and MailSite.

MailShield is now available for Windows NT, Windows 95, Sun
Solaris/Sparc, Sun Solaris/Intel, HP/UX and Irix. Complete information 
is available at: http://www.mailshield.com
---------------------------

* IMAGECAST LETS YOU CLONE AND DISTRIBUTE HARD DRIVES

Like I expected, since MS has said something about supporting cloning,
the third party vendors are now jockeying for a good position. Here is
some news regarding this hot issue:

"ImageCast, a drive imaging and multicasting utility from Micro House
International, lets users clone and distribute entire hard drive images
to multiple computers simultaneously. It has the unique capability to 
clone Microsoft Windows NT workstation systems safely and efficiently, 
without user intervention, through an integrated function that automa-
tically creates a unique security identifier (SID) on each Windows NT 
workstation as the image is transferred.

"ImageCast's integrated SID creation provides significant time savings
over the standalone utilities being offered by competing vendors. Other
vendors offer a utility for changing SIDs to avoid SID duplication 
among cloned systems, but their solution requires additional manual 
steps to be taken for each and every cloned system, wasting hours of 
valuable time," said Doug Anderson, vice president and CTO at Micro 
House. "With ImageCast, we've never required a separate SID creator 
program to be executed on each target machine to properly set up NT 
systems. However, our integrated SID creation feature can be disabled 
with a single mouse click, should users wish to use an SID creation 
utility that becomes available in the future from Microsoft or another 
vendor," said Anderson.

"Recently published misinformation on the topic of imaging Windows NT
workstations and servers has created confusion for members of the 
corporate IT community and integrator and reseller channels," says 
Danny Brand, vice president of marketing for Micro House.

"Some drive imaging software vendors have attempted to create the
perception of being endorsed by Microsoft and portray their product as
compatible with an unannounced Windows NT drive image preparation 
utility from Microsoft. Microsoft has been carefully unbiased in 
its briefings with us and other major cloning software vendors, and 
they've chosen not to make any official product announcements. 
Furthermore, they've asked vendors to not discuss details, so Micro 
House has honored that. The fact that Microsoft demonstrates some 
pre-release code to a group of engineers at a technical conference 
doesn't constitute a product announcement, nor does it imply any 
vendor endorsement," said Brand.

I'm sure we'll hear more of this in the future ;-)
--------------------------------

* LAN LICENSER SERVICE PACK 1 RELEASED

Lan Licenser is the only choice for License Metering if you want
to be able to migrate transparently to SMS V2.0. Lan Licenser 3.0
just came out with its Service Pack 1 that will help you apply it
to your existing installation, or reinstall from scratch. A series
of improvements were made that you definitely want to check out.
Here is the URL: http://www.sunbelt-software.com/lanlic.htm
-------------------------


********************************************************************* 
5. "HINTS AND TIPS - TIME SAVERS AND OTHER GOODIES...

* SUNBELT STELLAR NT-SITE AWARD GOES TO WWW.NTFAQ.COM
We have seen a lot of FAQ's but this one is the best. This site is a 
NT-MUST. Plug it in your favorites: http://www.ntfaq.com.
---
Although NTFS does not have a 4GB limit to partition sizes, the 
Windows NT setup program can not create partitions larger than 4GB. 
See Microsoft Knowledge Base articles Q138364, Q119497 and Q114841.
---
You might want to check this out - Olivetti are giving away remote 
control software for multi platform sites that have X-based systems.
NT support is limited at the moment (can't control login screens or 
screen savers) but it sounds like the next release will fix most of 
that. Still good as is for helpdesk type applications. 
http://www.orl.co.uk/software.html
---
Reminder, if you want to keep up with all the Service Packs and
fixes, this is the place to be: http://www.ntbugtraq.com/ntfixes.asp
Making sure you have all fixes applied if of paramount importance
for your NT security.
---


*****************************************************************
6. "THE NT STOCK WATCH"

52 WK 52 WK P/E WEEK
SECURITY CLOSE HIGH LOW RATIO CHNG
---------------------------------------------------------------------
BMC Software Inc......... 95 3/4 90 3/8 39 5/8 67 +15.9%
Citrix Systems Inc....... 54 1/2 57 5/16 7 25/64 58 +4.5%
Compaq Computer Corp..... 25 9/16 39 49/64 14 5/16 27 +4.0%
Dell Computer Corp....... 67 1/2 71 15/16 18 5/16 53 -0.2%
Digital Eqpmt. Corp...... 52 7/8 62 5/8 26 3/4 16 +1.9%
Hewlett Packard Company.. 63 7/16 72 15/16 48 1/8 22 +3.8%
IBM...................... 107 3/4 113 1/2 67 3/8 18 +1.2%
Intergraph Corporation... 8 11/16 14 3/16 6 1/4 +12.1%
Microsoft Corporation.... 92 1/8 93 1/16 51 1/2 63 +3.5%
Ncr Corporation.......... 33 38 1/2 25 5/8 143 +1.1%
Networks Associates Inc.. 64 78 1/2 41 1/8 -0.5%
Novell Inc............... 10 9/16 11 1/8 6 17/64 +6.9%
Oracle Corporation....... 27 1/4 42 1/8 17 5/8 36 +1.1%
Qualcomm Inc............. 55 11/16 71 15/16 41 1/4 34 +3.2%
Qualix Group Inc......... 3 9 1/8 2 1/8 +1.0%
Seagate Technologies Inc. 27 3/8 54 1/4 17 3/4 +12.8%
Silicon Graphics Inc..... 13 5/8 30 5/16 10 15/16 85 -13.1%
Sun Microsystems Inc..... 40 9/16 53 5/16 25 7/8 22 +2.8%
Sybase Inc............... 9 1/16 23 5/8 6 7/8 +2.1%
Symantec Corporation..... 28 11/16 29 1/2 12 25 +2.2%
Unisys Corporation....... 21 5/16 21 7/8 5 7/8 +14.0%
Dow Jones 30 Industrials. 9,167.50 +1.9%


**************************************************************
7. "HOW TO USE THE MAILING LIST"
Instructions on how to subscribe, sign off
and change addresses

TO SUBSCRIBE TO THE LIST

US: http://www.sunbelt-software.com/scripts/lyris.exe?join=nt-list
and fill out the form, simple & easy: 1 minute work.
_____________________________________________________

TO QUIT THE LIST

Two ways to do it: 

1) Go to:
http://www.sunbelt-software.com/scripts/lyris.exe 
choose the NT-List, use your email address that is at 
the bottom of each newsletter and leave the list via 
the web interface.

2) Simply forward any newsletter you get to this email address:
[email protected]
_____________________________________________________

TO CHANGE YOUR ADDRESS

First unsubscribe and then resubscribe as per the
procedure above.

*************************************************

FOR MORE INFORMATION

On the World Wide Web point your browser to:

For the newsletter and our website:
USA: http://www.sunbelt-software.com

Email for US sales information to:
[email protected]
Email for US Tech support to:
[email protected]
Email to the US Editor:
[email protected]

Email for European Sales to:
[email protected]
Email for European Tech support to:
[email protected]

**************************************************

Legal Stuff:
This document is provided for informational purposes only. 
The information contained in this document represents the
current view of Sunbelt Software Distribution on the issues
discussed as of the date of publication. Because Sunbelt
must respond to changes in market conditions, it should not
be interpreted to be a commitment on the part of Sunbelt
and Sunbelt cannot guarantee the accuracy of any informa-
tion presented after the date of publication.

INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
FREEDOM FROM INFRINGEMENT.

The user assumes the entire risk as to the accuracy and the
use of this document. This document may be copied and
distributed subject to the following conditions: 1) All text
must be copied without modification and all pages must be
included; 2) All copies must contain Sunbelt's copyright
notice and any other notices provided therein; and 3) This
document may not be distributed for profit. All trademarks
acknowledged. Copyright Sunbelt Software Distribution, Inc.
1998.

(email me with feedback: [email protected])