- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 4, 2000 (Vol. 5, #40 - Issue #214)
Making Logon Script Creation Easy
  This issue of W2Knews™ contains:
    • A Brand New Security Scanning Concept
    • Large Environment Security Configuration Management
    • Did You Know About All The Stuff In The MS Reskit For W2K?
    • Windows 2000 HotFix: Local Security Policy Corruption
    • Need to do your MCSE NT upgrade to W2K cheaply?
    • Tuning Boosts W2K IIS With 30%
    • Making Logon Script Creation Easy with New ScriptLogic 3.0
    • The "Chat with Stu" Script Is Now Online
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  SPONSOR: SurfControl
If you're not managing Internet access, you're asking for trouble.
SurfControl, the #1 market leader in Internet filtering improves
employee productivity, frees network traffic and reduces legal
threats. Find out WHO's doing WHAT, WHEN and WHERE on the Internet.
Monitor all TCP/IP protocols. *FREE* 30-day trial.

Visit SurfControl for more information.

A Brand New Security Scanning Concept

Hi NT/2000 Pros,

Perhaps you remember that last week I talked about how you told us that Security was your headache #1. Well, I can lift some more of the veil of this new solution we will announce September 11!

A good part of security breaches are from the outside. Different figures are mentioned in current studies, but this percentage varies between 20% and 40%. This means that more and more you need to defend yourself from attacks by outsiders as well as doing internal scans for vulnerabilities. Wouldn't it be great to be able to scan your own domains from the outside, and see what intruders would see when they try to hack your networks?

The problem is, you would need to do a few years of study on how to penetrate sites, how to find holes, how to exploit them, and how to stay undetected, apart from the fact that you would run the risk of being nabbed by the FBI while you were doing your 'hacking internship' .

Well, in a week we will have a revolutionary new solution for you. Keep an eye out for the next W2Knews issue. But for the moment, let's look at what the news is for this week!

Warm regards,

Stu Sjouwerman
(email me with feedback: [email protected])

  SPONSOR: Microsoft Press
MAXIMIZE UPTIME! Get Microsoft(r) Resource Kits for the Windows(r)
2000 operating system. These kits pack essential technical drilldown
plus hundreds of timesaving tools and utilities on CD, straight from
the Windows 2000 team. You get everything you need for a faster, smoother
deployment. Everything it takes to maximize your company's uptime.

Visit Microsoft Press for more information.

Large Environment Security Configuration Management

This is a short but important tech briefing if you have a LARGE environment and are looking for tools that will help you manage it. We define 'large' as 50+ servers. If you are going to have 50 servers in the next 12 months, you should have a look at this one too.

Maintaining a strong, consistent Security Configuration Policy can be your insurance policy in the digital world that you are trying to keep up & running.

    Let me paint you a picture of how this could be achieved:
  1. Enforce strong security policies and effortlessly maintain your security standards from a central console.
  2. Automate routine security configuration tasks, giving you the power to change local Administrator and Service Account passwords across your entire enterprise with a single mouse-click.
  3. Make sure the proper security properties are applied to Shares, local Guest accounts are disabled, and security-related Registry settings are properly configured.
  4. Get notified of changes to Domain Policy, Domain Trusts, and attempts to access assets with unauthorized accounts.
  5. Make sure that you have all of the security patches and hot fixes you want installed in the right places.
  6. Ensure that you identify and delete certain viruses and worms.

    If the above points ring a bell or identify a need, check out ECM:

    For an independent review by a Network Manager in Internet Week:


Did You Know About All The Stuff In The MS Reskit For W2K?

I got my hands on one of these puppies and I was very pleasantly surprised. A boatload of extremely useful info and tools straight from the Windows 2000 Server team. With the W2K reskit you can deploy, manage, and optimize W2K. It packs seven powerhouse refe- rences with more than 7000 pages of detailed technical 'drill-down', and over 200 tools and utilities on CD. There is a whole lot of cool stuff in there to help maximize the productivity of your W2K servers and simply save you time.

These are the seven volumes you get with the ResKit, and it has a large poster inside with W2K deployment scenarios from the MS resource kit Deployment Lab.


    On the CD are more than 200 tools that help you to deploy, manage, and support the Windows 2000 operating system, including some stuff I found to be particularly useful:


  • Setup Manager: create unattended files and distribution shares to simplify the deployment of W2K throughout your organization
  • Microsoft Internet Information Server (IIS) Migration Wizard: simplify the process of migrating Web servers to IIS 5.0 Web servers, including those from IIS 4.0.
  • Group Policy Migration Utility: migrate settings from earlier version policy files to the Windows 2000 group policy object structure.


  • Microsoft VB Scripts: use these rich script examples to manage users, groups, and organizational units.


  • Web Application Stress Tool: test your application's performance and stability by simulating multiple browsers requesting pages from your site.
  • Supportability Tool Kit: automate the data-gathering process for analyzing and diagnosing IIS-based servers.


  • Group Policy Object Utility: check the consistency and replication of the Group Policy objects on domain controllers.
  • Group Policy Results: see how Group Policy works on a particular computer and its logged-on users.


  • Microsoft Internet Explorer Administration Kit (IEAK): samples and tools, including the IEAK Profile Manager, to help you customize IE browser software for automated deployment.

    And with the W2K Reskit, you get additional online resources:

  • Online Books: searchable electronic versions of all seven resource guides help you find what you need fast.
  • Help References: Error and Event Messages Help, Technical Reference to the Registry, Performance Counter Reference, and Group Policy Reference.
  • Tools Help: documentation for the 200+ tools on the CD-ROM.

    Conclusion: Even if you do not run W2K yet, it's a MUST HAVE reskit.

    Windows 2000 HotFix: Local Security Policy Corruption

    Microsoft has released a patch that eliminates a security vulnerability in W2K. The vulnerability could allow a malicious user to disrupt normal operation of an affected machine, and potentially of an entire network. Customers who have applied Windows 2000 Service Pack 1 are already protected against the vulnerability and do not need to take any further action. You can get it over here:
    And if you want to automate this whole hotfix headache, check:

    Need to do your MCSE NT upgrade to W2K cheaply?

    Brainbuzz has a good article about that, and I thought you'd be interested in reading it. The URL is longer than this note!
    [link is wrapped]
    http://networking.brainbuzz.com/resources/tutorials/tutorial.asp? t=S1TU847&tn=Upgrading+Your+MCSE+On+The+Cheap&pi=S1C23&pn= Windows+2000

    There is also a Microsoft FAQ with a bunch of questions relating to the W2K certification track that is worth going through:
    [link is wrapped]
    http://www.microsoft.com/trainingandservices/default.asp? PageID=mcp&PageCall=faq&SubSite=cert/mcse&AnnMenu=mcse

    Tuning Boosts W2K IIS With 30%

    Computer Reseller News Magazine (CRN) has an article on their site that shows with a bit of tweaking you can boost the performance of IIS under W2K up to 30%. You would need to turn some knobs in the admin console to get the required results. It's a couple of simple things like increasing buffers and connections. Check out:
    http://www.crn.com/sections/TestCenter/TCInside.asp? SectionID=16&ArticleID=18533


    Making Logon Script Creation Easy with New ScriptLogic 3.0

    Many, many, many of you were waiting impatiently for version 3.0 of ScriptLogic, but it's now finally here! This is a great new version if you are sick and tired of logon script coding. If you have never looked at something to make Logon Scripts easier, this is the time to do it.

    ScriptLogic V3.0 takes centralized client administration to a new plateau. The new Professional Edition adds a great many features, including:

    A more granular 3-part validation logic system that now allows you to validate each function (drive map, printer deployment, security policy, Internet, MS Office setting, registry change, etc.) based on:

    • Group membership.
    • Domain membership.
    • Active Directory Site membership.
    • A specific user's logon ID.
    • A specific workstation name or subset of workstations based on a partial name match.
    • A TCP/IP host address or subnet.
    • A distinguished TCP/IP host name.
    • A NIC's MAC address.
    • A specific client OS type, including W95/98, NT/2000 WS, SV or Terminal Server client.
    • Whether the client connected over the local area network or via dial-up networking.

    A new Service Manager applet, that allows you to:
    • Globally monitor the status of the RPC services on all your servers.
    • Start, stop and configure the startup parameters of the RPC services.
    • Remotely install and uninstall the RPC services on all the Domain controllers throughout your enterprise from a single location.
    • Monitor the replication status of any changes made to the ScriptLogic configuration through the ScriptLogic Manager.

    A new System Options screen that allows you to:
    • Specify the conditions which must be met prior to executing ScriptLogic (e.g. exclude all servers).
    • Control the client application files update behavior.
    • Easily import your own company graphic to display during the logon process.
    • Specify particular servers to locate the ScriptLogic and KiXtart RPC services on.
    • Edit the text of the warning message boxes that are seen by the clients logging on. (Internationalization).
    • The ability to install service packs to your Windows NT WS, even if the user logging on is NOT a local administrator of their machine!
    • The ability to synchronize the time on Windows NT/2000 clients, even if the user logging on does not have the "Change the system time" right on their local machine.

    Usability enhancements to the core ScriptLogic Manager:
    • A fully integrated "network browser" that allows you to browse hidden shares, and select groups on master-resource domain configurations.
    • New file paths option allows the ability to select an alternate custom script editor, and replication manager.
    • A new _Assign_Script_ tool that allows you to easily assign ScriptLogic to your users, or to groups of users, without the need to load UMD on your NT4 Server or the MMC on Windows 2000.
    • No more list limits on each tab. (In previous versions, you were limited to 80 entries on the drives, printers, policies, MS Office, Internet, policies, and registry tabs).
    • A new "shortcuts" tab, which allows the automatic creation or removal of shortcut files on the clients desktop, start menu, quick launch bar, or other folder.
    • A new Custom Script Manager that allows you to apply Validation Logic to smaller, individual custom scripts, making them easier to manage.
    • A new granular Time Synchronization list, incorporating ScriptLogic Pro's enhanced 3-part Validation Logic system.
    • Enhancements to the Security Policies and MS Office tabs, offering a more intuitive approach to selecting functions based on category.
    • Enhancements to the automatic creation of Outlook/Exchange mail profiles, including dynamic Outlook client updates and added support for auto-archive settings.
    • Improved Setup routine that fully supports installations on the Windows 2000 Server family. Setup will also detect and remotely install the RPC services to all domain controllers, eliminating the need to re-run Setup and install the RPC services on each and every server.
    • The ability to set any deployed printers to the user's default printer, including an option to not set any auto-added network printer as the default, if the client has a local printer defined on LPT1.
    • A new schedule option for Application Launcher and Pop-up Messages Boxes which allows the application or message box to execute during each logon or only once per day.
    • Greatly decreased logon time over dial-up networking, due to a new version-sensitive client update routine.
    • Main engine optimizations to decrease overall logon times by approx. 20-30% over the previous ScriptLogic v2.5 product versions.
    • Streamlined support for Windows 95 & 98 clients with enabled user profiles (local or server-based). You no longer need to choose between the SLogic.bat or SLogix9x.bat files.
    And check the brand new ScriptLogic V3.0 webpage for the features of the earlier upgrade from 2.0 to 2.5. You should really download this puppy and have a look at this great time saver.

    Eval copy at:

    The "Chat with Stu" Script Is Now Online

    Most of you have probably seen that I was invited for a live chat over at SearchWin2000 a few weeks ago. There were several hundred people online with us, but I'm sure some of you wanted to be there but could not. All Questions and Answers are now available online so you can go through the whole thing in less than 5 minutes:
    [link is wrapped]
    http://www.searchwin2000.com/Chat_Components/searchWin2000 _Stu_Sjouwerman_and_Andy_Milford_Transcript/0,282866,,00.html


    This Week's Links We Like. Tips, Hints And Fun Stuff

  • Questions on IIS? Brett Hill has a site full of answers. Check it out. Good resource:
  • Been looking for a DACL manager for Registry Keys? Here's one:
  • Recently in the NTSYSADMIN list there were questions about the potential benefits of defragging RAID drives. Here's one way to find out: BENCHMARKS!
  • Convert a BDC to standalone server: Now in Online Shop. How to convert my Backup Domain Controller to a standalone server? Sunbelt now has U-Promote for sale in the Sunbelt On-line Shop. You can download it and get a permanent key emailed to you after the purchase:
  • How can I quickly run a speedtest on my modem? Use this link and you will see the speed. Nifty!