- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Sun, Jul 26, 1998
Sunbelt NTools E-NewsFlash - July 26, 1998
  This issue of W2Knews™ contains:
*********************************************************************
Sunbelt NTools E-NewsFlash - July 26, 1998 
*********************************************************************

Hi All,

Three quick points of iNTerest!

1) THE CURRENT STATE OF NT DISK SPACE QUOTA MANAGEMENT
2) NEW SERVICE PACK FOR MS SMALL BUSINESS SERVER DOWNLOADABLE
3) HOTFIXES FOR NEW DENIAL OF SERVICE ATTACK FOR MS EXCHANGE

(and a small notification, our on-line shop provider has found a
hole in their pipe to the fulfillment house. Looks like about 25 of 
the total 2,000 orders for MCSE have fallen in a cyber-hole but they 
found it and plugged it. If you are one of these unlucky 25, it will 
get shipped Monday July 27 by 2-Day Air!)

Let's have a look at the news :-)

*********************************************************************

------------------------------------------------------
1) THE CURRENT STATE OF NT DISK SPACE QUOTA MANAGEMENT
------------------------------------------------------

We get daily questions about NT Disk Quota's and decided to do a write-
up for all of you. This is a Tech Briefing for new and existing users 
of Windows NT Server in a production environment. We will explain which 
disk space utilities are available, what generation they are in, and 
how NT 5.0 quota's will work.

You are probably aware of the fact NT does not come with built-in
disk quota management until NT 5.0 appears late 1999. This causes a 
series of problems for sites that are running NT 3.51 and 4.0. The 
fact that NT 5.0 is continuously slipping in the future makes solving 
NT Disk Quotas definitely a here-and-now issue, not in the least to
stop runaway storage costs.

NT actually has a very high chance of crashing if the disk gets full.
Data loss and upset users are the result. Having a solution that
prevents this is as important as backing up your data. A disk space
quota management solution is often the second utility (after backup)
that NT sites buy when they are in production. There are different 
ways to solve this problem, and there are now two generations of 
products in the market that prevent users from taking all the disk 
space. Furthermore, there is the difference between hard- and soft 
quotas.

Let's look at First Generation products that saw the light in 1996-97,
when NT 3.51 was introduced. There are three utilities in the market
that are all First Generation: Quota Manager, Quota Server and Space-
guard. Simplified, these monitor disk space per object (file, directory 
or share) and lock out a user via the NT security model. The user then
gets notified to delete files from their personal directory on the 
server. You as a system administrator can be warned as well. Thresholds 
can be set to warn in advance that space is running out. 

All three of the above utilities are hard quota tools. Hard quota's are
defined as being able to actually prevent a user to write data until 
their allocated space is 'cleaned up'. 

There are two drawbacks with these First Generation utilities. They 
use the NT security model to lock out users which we have seen can 
cause some problems all by itself, and because they use native NT
security they only thing that can be 'locked' is a disk object. This 
excludes being able to attach a disk quota to a USER, the way Unix, 
Netware and VMS do it.

Many System Administrators in larger organizations are used to simply
give a USER a quota and be over and done with it. This is not possible
with First Generation tools. So let's have a look at the Second Gene-
ration. This next batch has the advantage of hindsight and these two 
new products have taken a very different approach. Quota Advisor (QA) 
and Storage Resource Manager (SRM) have more advanced ways to do disk
quota's. 

Here is where the split occurs between hard- and soft quotas. Soft 
quota based tools monitor disk space usage and alert the user and 
system administrator that space is getting short so that action can 
be taken, but do not lock users out of their disk space. Disks are
scanned regularly to see what the status is and alerts can be fired
off. 

The benefit of this is that it CAN be done on a user level, and also 
cross-domain to catch users that shuttle large amounts of data between
servers in an attempt to escape their disk quotas. If your organization 
is flush with disk capacity, soft quotas are the solution. SRM is the 
only tool that does this: http://www.sunbelt-software.com/highsrm.htm
SRM does a lot more than quotas, it is a strategic browser-based 
storage management solution with a wealth of options.

The other Second Generation utility is Quota Advisor (QA). This product
has an advanced, low overhead system filter driver that monitors every
I/O in real time and checks how much data is written by which user and 
knows instantly if the quota is exceeded or not. QA can then take 
immediate action and stop the user from writing data, or allow the 
write operation to complete and then lock the user out. QA can also 
assign quotas to disk objects so includes all the first generation 
functionality. Furthermore, it has the option to not enforce quotas
so can be used for soft quotas per server. For large organizations 
that have taken the hard quota road, QA is the better choice and can 
be found at: http://www.sunbelt-software.com/qa21.htm

NT 5.0's disk quota's are not released until V5.0, late 1999. A utility
will be added to 5.0 that will allow the system admin to set a user 
quota at disk level. A default quota setting is set up that will be
automatically placed on a new user when they start copying items
onto a disk. There will not be any multiple quota's per user, for
instance User A cannot get a quota of 20MB for one directory and 
also a 25MB quota for another directory.

The user must own the file in order to be charged against the quota,
this means NT 5.0 quotas are set up against actual file usage and not
by allocation. Quota's can only be set on NTFS 5.0 volumes, meaning
you cannot set quota's on NTFS 4.0 or 3.51 volumes. In the 5.0 beta 1
we looked at, there was just one warning threshold. The warnings go
to the server event log, not to the user! There are no win-popups
or email notifications to the user. The only notification the user
gets is that they "have run out of disk space". The 5.0 disk quotas
do not allow you to set up a shared directory for a department and
charge a group quota against them. A normal user without admin rights
cannot see what their quota is.

It is interesting to note that Microsoft has chosen to implement their 
quota is the same way as Quota Advisor. The MS quota tool uses the same 
architecture: a system filter driver to monitor quotas in real time.

Looking at the current state of NT 5.0 quotas they are like the NT 
backup: both are needed but are bare-bones type tools. There is much 
more needed in a true production environment. More over, the NT 5.0
quota tool is a Beta 1 utility so in essence still vaporware for a
production environment.

That is why the new third-party Second Generation tools are the best 
solution at the moment. You have an option for a strategic storage 
management solution with soft quotas built-in like Storage Resource 
Manager http://www.sunbelt-software.com/highsrm.htm, or choose for
hard quota's with Quota Advisor. For all of you that already run a 
first generation utility, the developer of Quota Advisor offers a 
competitive upgrade that costs a tiny bit more than the yearly cost 
of the maintenance contract of your existing tool, making the upgrade
to Second Generation a smooth ride. Check out Quota Advisor at
http://www.sunbelt-software.com/qa21.htm

*********************************************************************

2) NEW SERVICE PACK FOR MS SMALL BUSINESS SERVER DOWNLOADABLE

There is a new Service Pack For Microsoft Small Business Server now
downloadable. This latest upgrade to SBS offers a few interesting 
enhancements, including many that were requested by customers. These 
include updates to IE, client memory clients, and much more. For more 
details: http://www.microsoft.com/directaccess/download/sbssp1.htm


*********************************************************************

3) HOTFIXES FOR NEW DENIAL OF SERVICE ATTACK FOR MS EXCHANGE

I got this from Microsoft and decided to send you a summary so that
you are aware of the issue. There is a rather serious buffer overflow 
problem revealed with Exchange Server 5.x SMTP and NNTP services that 
can easily lead to a denial of service attack. I'm quoting Microsoft:

"Summary
=======

Microsoft was recently alerted by Internet Security Systems, Inc.'s 
X-Force team (http://www.iss.net) of an issue with the way Microsoft(R) 
Exchange Server 5.5 and 5.0 process certain SMTP and NNTP protocol 
commands. By exploiting this vulnerability, a malicious attacker could 
cause specific Exchange services to stop responding. This issue does 
not affect Exchange Server 4.0.

This issue involves a denial of service vulnerability that can poten- 
tially be used by someone with malicious intent to unexpectedly cause 
multiple components of the Microsoft Exchange Server to stop. It cannot 
be used to crash the underlying operating system, or affect other 
non-Exchange components on the system.

The purpose of this bulletin is to inform Microsoft customers of this 
issue, its applicability to Microsoft products, and the availability of
countermeasures Microsoft has developed to further secure its customers.

Affected Software Versions
==========================
- Microsoft Exchange Server, version 5.5
- Microsoft Exchange Server, version 5.0 (including 5.0 Service
Pack 1 and 2)

What Microsoft is Doing
=======================
The Microsoft Exchange team has produced hotfixes for Microsoft 
Exchange Server versions 5.5 and 5.0.

What customers should do
========================
Microsoft strongly recommends that customers running Microsoft Exchange
Server version 5.5 or 5.0 should install the appropriate hotfixes. 
These hotfixes are currently available at the following locations. 
Please note that the URLs have been wrapped for readability.

Exchange Server 5.0 ALL LANGUAGES:
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/
Eng/Exchg5.0/Post-SP2-STORE/
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/
Eng/Exchg5.0/Post-SP2-IMS/

Exchange Server 5.5 ENGLISH:
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/
Eng/Exchg5.5/PostRTM/STORE-FIX
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/
Eng/Exchg5.5/PostRTM/IMS-FIX

Exchange Server 5.5 FRENCH:
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/
Frn/Exchg5.5/PostRTM/STORE-FIX
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/
Frn/Exchg5.5/PostRTM/IMS-FIX

Exchange Server 5.5 GERMAN:
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/
Ger/Exchg5.5/PostRTM/STORE-FIX
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/
Ger/Exchg5.5/PostRTM/IMS-FIX

Exchange Server 5.5 JAPANESE:
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/
Jpn/Exchg5.5/PostRTM/STORE-FIX
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/
Jpn/Exchg5.5/PostRTM/IMS-FIX

Microsoft Exchange 4.0 is not affected.


That's all for this NewsFlash!

Warm regards,

Stu Sjouwerman


*********************************************************************
7. "HOW TO USE THE MAILING LIST"
Instructions on how to subscribe, sign off
or change your email address

TO SUBSCRIBE TO THE LIST

US: http://www.sunbelt-software.com/scripts/lyris.exe?join=nt-list
and fill out the form, simple & easy: 1 minute work.
(PS, if you get an error message, press the refresh button on
your browser once or twice, this is a bug we are getting rid of)
_____________________________________________________

TO QUIT THE LIST

Two ways to do it: 

1) Go to:
http://www.sunbelt-software.com/scripts/lyris.exe 
choose the NT-List, use your email address that is at 
the bottom of each newsletter and leave the list via 
the web interface.
(PS, if you get an error message, press the refresh button on
your browser once or twice, this is a bug we are getting rid of)

2) THE EASY WAY: Simply forward any newsletter you get to this 
email address: [email protected]
(we tag the email address this message gets sent to at the
very end, so you can see what address we are using, and this
is used to unsub you automatically if you choose to do so).
_____________________________________________________

TO CHANGE YOUR ADDRESS

First unsubscribe and then resubscribe as per the
procedure above.

(email me with feedback: [email protected])