- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Sun, May 10, 1998
NTools E-NewsFlash[tm] - May 10, 1998
  This issue of W2Knews™ contains:
<<< NTools E-NewsFlash >>>[tm] May 10, 1998

Hi All,

Again there is a lot of 3-rd party NT-stuff happening 
that will not fit in the NTools E-News next weekend, so 
here are some hot items right away!

Warm regards,

Stu Sjouwerman



Many of our subscribers that are running IIS for their corporate 
intranet or perhaps on their Internet web servers looked at ways 
to scale their systems easily and at an affordable price level.

Convoy Cluster Software is a software-only solution that clusters 
NT4.0 systems and creates a virtual IP address that can consist of 
up to 32 nodes that service web requests transparently. We have it
up & running at Sunbelt and it works great. Free 30-day eval 
downloads here: http://www.sunbelt-software.com/convoy.htm

Two megasites have recently decided to implement Convoy: Microsoft
and Titanicproducts. Here is some news about the Microsoft: Convoy 
is currently installed on a limited basis at Microsoft Corporation 
and is operational on Microsoft?s flagship web site. As one of the 
largest and fastest growing web sites in the world, it handles 192 
million hits per day and has grown 90% in the past 6 months. This 
is where it sits: http://www.microsoft.com !

To meet this heavy demand, Microsoft turned to the highest performing 
TCP/IP load balancing product on the market, Convoy Cluster Software. 
With a demonstrated throughput of over 250 Mbits per second on 
gigabit Ethernet, Convoy is the only solution capable of handle 
the extreme traffic loads that are common on the world?s largest web 
sites. Convoy dramatically speeds up TCP/IP services and improves 
their ability to avoid outages. Convoy is ideally suited for mission-
critical Internet/Intranet servers, such as web, firewall, FTP, and 
proxy servers. 

The other recent giant site with a projected 60 million hits per day
is http://www.titanicproducts.com/main.htm . Sunbelt has sponsored 
this site with three of our performance tools: Convoy, AutoPilot and 
Superdisk. If you go have a look you will find the logo's at the
bottom of the main page. They will probably implement some fault-
tolerance tools from us as well, and are running on three super fast
InterGraph servers similar to the one we have the Sunbelt Website
running on. 

They got cool gear that you can buy on-line with a credit card. You 
might want to check it out. Guess what the Sunbelt team soon
will be walking around in! 


EEC Systems released SuperDisk-NT/SLM V4.0-1. The SLM feature stands 
for Super Large Memory. This new release offers users the ability to
create Ram Disks and Ram Disks backed by magnetic storage of immense 
size. On Intel Systems the maximum size has been raised from 1.4GB 
to 8GB. Alpha systems now support 28GB up from the previous 2GB 
supported by V3.0-2 of the software. Version 4.0-1 of SuperDisk-NT 
is supported on both NT Workstation & NT Server. Only version 4.0 of 
Windows NT is supported. We recommend you use Service Pack 3.

Windows NT is currently a 32-bit operating system with a 4GB 
maximum memory size, and people can use the extra memory available
on 64-bit Alpha systems for real speed. Lab tests show disk speeds of
over 50 times that of regular cached magnetic disks with SLM. Your
data is 100% safe, even in a system crash or power failure.

What can you use this huge high speed disk device for, you may be 
asking yourself? Here are a few examples some of our customers have 
found very useful:

- Placing entire databases in high performance SuperDisk-NT memory.
- Running all of Windows NT from a SuperDisk-NT unit which is backed 
to a magnetic disk partition.
- Place the Page File on your RAM-disk

Many people have found that it's possible to improve overall NT 
performance by placing the page file on a lazy write backed 
SuperDisk-NT partition. It appears that since the Working Set 
Size is set automatically by NT, paging may start, even when the 
physical memory has not been completely used up. This premature 
paging to disk slows everything down. If you're lucky enough to 
have a large memory configuration, this method of improving 
performance works really well.

Several sites have placed the heavily used parts of their web 
sites on a SuperDisk-NT volume. It prevents slow downs during 
peak use.

Many application developers place their compilers and development 
tools on SuperDisk. Having to wait for compiles is boring. Doing 
the job in one 20th of the time brings a lot of smiles :-)) 
30-day eval copies here: http://www.sunbelt-software.com/sdnt.htm


Since the beginning of this year we see a very strong interest in
getting user administration delegated. That is not so surprising
of course. Last year the average amount of servers was 11. Now it
is 24, with many hundreds of users. This causes a nasty problem
that many of you have come to run into. I decided to send you a
Technology Overview of Trusted Enterprise Manager that you should
read through at your leisure. Print this out and take it home 
where you can spend a bit of time and actually examine the problem
and how TEM is a great solution.

Product Summary

Trusted Enterprise Manager (TEM) allows enterprise system managers 
to partition (delegate) administrative activities securely and 
efficiently for Microsoft's Windows NT 3.51 and 4.0. TEM enables 
enterprise NT administration by providing the ability to delegate 
specific administrative permissions without comprising network 

Strategic network administrators are typically bestowed the role 
of an Enterprise Manager. Enterprise Managers assign junior 
administrators, called Trusted Managers, to supervise global groups 
of users. Each Trusted Manager can be assigned any combination of 
22 individual permissions over a global group. 

The TEM Service is a substitute NT Administrator that processes 
requests from the TEM Admin and TEM Client applications. After the 
client requests have been authorized, the TEM Service completes the 
requests on the behalf of the TEM Client or Administrator. 
Unauthorized requests are dismissed and logged in NT's native Event 

TEM relies on NT's internal communication and authentication schemes 
to validate user requests. Native Microsoft Windows NT network, 
security, and event logging APIs are used by TEM to provide a safe, 
dependable, and industry standard solution. TEM does not alter NT
in any way; thus ensuring a consistent and simple migration to the 
next generation of Microsoft's NT Server network operating system.

Adopting TEM reduces, if not eliminates, the need for NT Account 
Operator and Domain Administrator accounts by enabling ordinary NT 
user accounts to have measured administrative authority. This 
capability significantly scales Windows NT management by off-loading 
time-consuming administration tasks from essential NT Administrators 
to the appropriate support levels.

Delegated Administration using TEM

Trusted Enterprise Manager overcomes NT's limitations by giving you 
the ability to delegate individual permissions of administrative 
control across organizational groups. TEM permissions are 
categorized as USER functions, GROUP functions and TEM functions. 
A Trusted Manager can be delegated the following permissions in 
TEM 2.0:

User Functions:

- Enable or Disable the User Cannot Change Password option on 
user account(s).
- Set or modify expiration and account type (global or local) 
for user account(s). 
- Copy a user account in order to create new user account(s).
- Delete user account(s). 
- Enable or disable user account(s).
- Enable or disable remote access information for user account(s).
- Force a password change request on the next logon session of 
user account(s).
- Set or modify logon hour restrictions and machine restrictions 
for user account(s). 
- Modify user profile path, logon script name, and home directory 
path for user account(s).
- Enable or Disable the Password Never Expires option for 
user account(s).
- Reset passwords of user account(s).
- Modify the Account Name, Full Name, Description, and default 
global group of user account(s). 
- Unlock user account(s). 

Group Functions:

- Copy managed global group(s) to create Virtual Organizational 
Units with naming standards. 
- Delete global group(s).
- Select accounts from the Domain Users global group to add 
to designated group(s). 
- Add members to designated global group(s). 
- Remove members from designated global group(s).
- Rename global group(s).

TEM Functions:

- Release designated group(s) from TEM management.
- Delegate administrative rights to other user account(s).


Trusted Enterprise Manager Distinguishing Features

The following paragraphs describe many distinguishing features 
that have the shipping of over 1,000,000 licenses of TEM worldwide. 
These features have made TEM successful in many large organizations
like Chevron, NASA, USA Today, MTV, University of Houston, US Armed 
Forces, and many more.

Based on Microsoft Standards

Trusted Enterprise Manager uses existing NT network objects like 
global groups, local groups and users when delegating permissions. 
This strict adherence to standards leverages your corporate 
investment in NT training and your system administrator's existing 
knowledge of NT. By not introducing new terms and foreign 
concepts like territories, sectors, and others, your company is 
guaranteed a smooth migration to NT 5.0 and Active Directory 

Introduction of Active Collections[tm] Technology

Available only from MDD, Active Collections are "templates" that 
contain combinations of permissions. Enterprise Managers can define 
their own Active Collections to fit their organization's needs. 
As a result, TEM allows rapid enterprise-wide standardization of 
security controls.

Why Active, you might ask? As an Enterprise Manager modifies an 
Active Collection, that change is immediately proliferated to all 
Trusted Managers who have been assigned that Active Collection. 
This technology enables organizations to standardize on permissions 
throughout their enterprise.

Reporting Options

TEM 2.0 ships with Microsoft Access compatible reporting options 
that make auditing and information gathering much simpler for the 
TEM Enterprise Manager. TEM 2.0 also allows a TEM Enterprise Manager 
to report, filter, and sort on almost any NT user account property 
for auditing and troubleshooting purposes. For example, a TEM 
Enterprise Manager can quickly run a report to determine which user 
accounts have the Password Never Expires option invoked.

Virtual Organizational Units (Virtual OUs)

When Microsoft releases their X.500-like directory services product, 
(Active Directory Services will be available in NT 5.0), organiza-
tions will be compelled to define naming conventions and create 
hierarchical relationships for network objects like, groups and 
other resources. TEM 2.0 is the only product that allows you to get 
a head start on these key concepts by enforcing a hierarchical 
naming structure on an otherwise "flat" NT account database. 
Trusted Managers with the Copy Group (Cg) permission must use 
naming conventions determined by TEM Enterprise Managers when 
copying the parent global groups.

A Virtual Organizational Unit is a native NT global group that 
can be conceptually thought of as a "parent group." TEM Enterprise 
Managers, as well as some Trusted Managers, can create and establish 
these parent groups. A delegated Trusted Manager of that global 
group can only create and rename "child-groups" within that logical 
structure with pre-defined naming conventions. MDD refers to these 
"parent groups" and "child groups" as Virtual Organizational Units. 
Since MDD's Virtual OU's are nothing more than NT's native global 
groups with a naming structure applied, they can be easily migrated 
to native Organizational Unit objects when NT 5.0 arrives. 

Global & Local Group Renaming

A feature currently lacking from NT 3.51 and 4.0 is the ability to 
rename groups. With TEM Admin, the renaming of global and local 
groups is effortless. Additionally, the Rename Global Group (Rn) 
permission, including an enforced naming convention, can be 
delegated to Trusted Managers.

Real Time Fault-Tolerance and Contingency Recovery

Trusted Enterprise Manager's true client/server architecture 
enables the client portions of the product to communicate with and 
administer multiple TEM services. Both TEM Admin and TEM Client can 
communicate with multiple TEM services without having to stop and 
start the services each time. This design provides for real-time 
fault tolerance and configuration flexibility enabling your 
organization to support a "24 by 7" operation.

With proper contingency recovery planning, TEM users can easily 
switch to the next available active TEM service. This feature 
allows administration of the Domain to occur as long as the Primary 
Domain Controller (PDC) is operational. If the PDC does fail, a 
Backup Domain Controller (BDC) with TEM service and a recently 
replicated control file can be promoted to a PDC to resume 

Distributed Local Caching

Another advantage to TEM's client/server design is it inherently 
supports distributed server-side caching of user account information. 
User account properties are locally cached by running multiple TEM 
services to simultaneously manage the same domain. Furthermore, the 
TEM Client is faster than Microsoft's User Manager in large 
environments; as it manages only pertinent subsets of the users in 
a domain. Companies with satellite and slow terrestrial network 
links can take advantage of TEM's optimized client/server 


The TEM Service caches all NT Domain User account information. This 
allows the TEM Client to retrieve and display NT account information 
much quicker than Microsoft NT User Manager. In some corporate 
environments, performance improved 1200% over NT User Manager for 

Quick Password Reset (QPR)

More than 40% of all Helpdesk calls pertain to password 
troubleshooting. Helpdesk personnel can reset users' passwords 
quickly and easily by simply selecting an icon in TEM Client. 
This saves a tremendous amount of time for Helpdesk staff and LAN 
Administrators by eliminating the need to type and verify new 

With TEM Client's Quick Password Reset, a standard corporate 
password is defined that will be automatically be assigned to 
users who require their password to be reset. This feature is 
widely used when rolling out new workstations, or when converting 
current workstations to a "standardized desktop" or new operating 
system. This feature allows the TEM Enterprise Manager to 
configure the Force Password Reset as a default option when QPR 
feature is invoked.

Get Password Age

Common Problem: A user tells the Helpdesk that they just changed 
their password and now they cannot log on? Oftentimes, the user 
has changed a password for another system or application and has 
not actually changed their NT password. TEM's Get Password Age 
feature allows Helpdesk personnel to verify when a user's NT 
password was last changed, thereby saving hours of frustration 
testing invalid passwords.

Remote Access Service (RAS) Support

Tired of administering dial-in access? A Trusted Manager with the 
Enable RAS (Er) permission can assign dial-in permissions to 
specific users. Whether you are running NT 3.51 or NT 4.0, a 
Trusted Manager can enable NT's Remote Access Service (RAS) for 
user accounts via the User Properties dialog box.

TEM has a very agressive development schedule. Several requested
features are in development. If you are interested in knowing which
features will be released when, give us a call. 30-day evals and
this document in Word Format can be found over here:

That's all for this time.

Warm regards,

Stu Sjouwerman

(email me with feedback: [email protected])