Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 4, 2000 (Vol. 5, #40 - Issue #214)
Making Logon Script Creation Easy
This issue of W2Knews contains:
- EDITORS CORNER
- A Brand New Security Scanning Concept
- TECH BRIEFING
- Large Environment Security Configuration Management
- NT/2000 RELATED NEWS
- Did You Know About All The Stuff In The MS Reskit For W2K?
- Windows 2000 HotFix: Local Security Policy Corruption
- Need to do your MCSE NT upgrade to W2K cheaply?
- Tuning Boosts W2K IIS With 30%
- NT/2000 THIRD PARTY NEWS
- Making Logon Script Creation Easy with New ScriptLogic 3.0
- The "Chat with Stu" Script Is Now Online
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
If you're not managing Internet access, you're asking for trouble.
SurfControl, the #1 market leader in Internet filtering improves
employee productivity, frees network traffic and reduces legal
threats. Find out WHO's doing WHAT, WHEN and WHERE on the Internet.
Monitor all TCP/IP protocols. *FREE* 30-day trial.
Visit SurfControl for more information.
A Brand New Security Scanning Concept
Hi NT/2000 Pros,
Perhaps you remember that last week I talked about how you told
us that Security was your headache #1. Well, I can lift some more
of the veil of this new solution we will announce September 11!
A good part of security breaches are from the outside. Different
figures are mentioned in current studies, but this percentage
varies between 20% and 40%. This means that more and more you
need to defend yourself from attacks by outsiders as well as
doing internal scans for vulnerabilities. Wouldn't it be great
to be able to scan your own domains from the outside, and see
what intruders would see when they try to hack your networks?
The problem is, you would need to do a few years of study on
how to penetrate sites, how to find holes, how to exploit them,
and how to stay undetected, apart from the fact that you would
run the risk of being nabbed by the FBI while you were doing
your 'hacking internship' .
Well, in a week we will have a revolutionary new solution for
you. Keep an eye out for the next W2Knews issue. But for the
moment, let's look at what the news is for this week!
(email me with feedback: [email protected])
SPONSOR: Microsoft Press
MAXIMIZE UPTIME! Get Microsoft(r) Resource Kits for the Windows(r)
2000 operating system. These kits pack essential technical drilldown
plus hundreds of timesaving tools and utilities on CD, straight from
the Windows 2000 team. You get everything you need for a faster, smoother
deployment. Everything it takes to maximize your company's uptime.
Visit Microsoft Press for more information.
Large Environment Security Configuration Management
This is a short but important tech briefing if you have a LARGE
environment and are looking for tools that will help you manage it.
We define 'large' as 50+ servers. If you are going to have 50 servers
in the next 12 months, you should have a look at this one too.
Maintaining a strong, consistent Security Configuration Policy
can be your insurance policy in the digital world that you are
trying to keep up & running.
Let me paint you a picture of how this could be achieved:
- Enforce strong security policies and effortlessly maintain
your security standards from a central console.
- Automate routine security configuration tasks, giving you
the power to change local Administrator and Service Account
passwords across your entire enterprise with a single mouse-click.
- Make sure the proper security properties are applied to Shares,
local Guest accounts are disabled, and security-related Registry
settings are properly configured.
- Get notified of changes to Domain Policy, Domain Trusts, and
attempts to access assets with unauthorized accounts.
- Make sure that you have all of the security patches and hot
fixes you want installed in the right places.
- Ensure that you identify and delete certain viruses and worms.
If the above points ring a bell or identify a need, check out ECM:
For an independent review by a Network Manager in Internet Week:
NT/2000 RELATED NEWS
Did You Know About All The Stuff In The MS Reskit For W2K?
I got my hands on one of these puppies and I was very pleasantly
surprised. A boatload of extremely useful info and tools straight
from the Windows 2000 Server team. With the W2K reskit you can
deploy, manage, and optimize W2K. It packs seven powerhouse refe-
rences with more than 7000 pages of detailed technical 'drill-down',
and over 200 tools and utilities on CD. There is a whole lot of
cool stuff in there to help maximize the productivity of your W2K
servers and simply save you time.
These are the seven volumes you get with the ResKit, and it
has a large poster inside with W2K deployment scenarios from
the MS resource kit Deployment Lab.
WINDOWS 2000 SERVER DEPLOYMENT PLANNING GUIDE
WINDOWS 2000 SERVER DISTRIBUTED SYSTEMS GUIDE
WINDOWS 2000 SERVER TCP/IP CORE NETWORKING GUIDE
WINDOWS 2000 SERVER INTERNETWORKING GUIDE
WINDOWS 2000 SERVER OPERATIONS GUIDE
INTERNET INFORMATION SERVICES 5.0 RESOURCE GUIDE
INTERNET EXPLORER 5 RESOURCE KIT
On the CD are more than 200 tools that help you to deploy, manage,
and support the Windows 2000 operating system, including some
stuff I found to be particularly useful:
DEPLOYMENT:Setup Manager: create unattended files and distribution shares
to simplify the deployment of W2K throughout your organization
Microsoft Internet Information Server (IIS) Migration Wizard:
simplify the process of migrating Web servers to IIS 5.0 Web servers,
including those from IIS 4.0.
Group Policy Migration Utility: migrate settings from earlier
version policy files to the Windows 2000 group policy object structure.
ACTIVE DIRECTORY SERVICESMicrosoft VB Scripts: use these rich script examples to manage
users, groups, and organizational units.
INTERNET INFORMATION SERVICES 5.0Web Application Stress Tool: test your application's performance
and stability by simulating multiple browsers requesting pages from
Supportability Tool Kit: automate the data-gathering process for
analyzing and diagnosing IIS-based servers.
GROUP POLICYGroup Policy Object Utility: check the consistency and replication
of the Group Policy objects on domain controllers.
Group Policy Results: see how Group Policy works on a particular
computer and its logged-on users.
INTRNET EXPLORER 5Microsoft Internet Explorer Administration Kit (IEAK): samples
and tools, including the IEAK Profile Manager, to help you customize
IE browser software for automated deployment.
And with the W2K Reskit, you get additional online resources:
Online Books: searchable electronic versions of all seven resource
guides help you find what you need fast.
Help References: Error and Event Messages Help, Technical Reference
to the Registry, Performance Counter Reference, and Group Policy
Tools Help: documentation for the 200+ tools on the CD-ROM.
Conclusion: Even if you do not run W2K yet, it's a MUST HAVE reskit.
Windows 2000 HotFix: Local Security Policy Corruption
Microsoft has released a patch that eliminates a security
vulnerability in W2K. The vulnerability could allow a
malicious user to disrupt normal operation of an affected
machine, and potentially of an entire network. Customers
who have applied Windows 2000 Service Pack 1 are already
protected against the vulnerability and do not need to take
any further action. You can get it over here:
And if you want to automate this whole hotfix headache, check:
Need to do your MCSE NT upgrade to W2K cheaply?
Brainbuzz has a good article about that, and I thought you'd
be interested in reading it. The URL is longer than this note!
[link is wrapped]
There is also a Microsoft FAQ with a bunch of questions relating
to the W2K certification track that is worth going through:
[link is wrapped]
Tuning Boosts W2K IIS With 30%
Computer Reseller News Magazine (CRN) has an article on their site
that shows with a bit of tweaking you can boost the performance
of IIS under W2K up to 30%. You would need to turn some knobs in
the admin console to get the required results. It's a couple of
simple things like increasing buffers and connections. Check out:
THIRD PARTY NEWS
Making Logon Script Creation Easy with New ScriptLogic 3.0
Many, many, many of you were waiting impatiently for version
3.0 of ScriptLogic, but it's now finally here! This is a great
new version if you are sick and tired of logon script coding.
If you have never looked at something to make Logon Scripts
easier, this is the time to do it.
ScriptLogic V3.0 takes centralized client administration to a
new plateau. The new Professional Edition adds a great many
A more granular 3-part validation logic system that now allows
you to validate each function (drive map, printer deployment,
security policy, Internet, MS Office setting, registry change,
etc.) based on:
A new Service Manager applet, that allows you to:
- Group membership.
- Domain membership.
- Active Directory Site membership.
- A specific user's logon ID.
- A specific workstation name or subset of workstations based
on a partial name match.
- A TCP/IP host address or subnet.
- A distinguished TCP/IP host name.
- A NIC's MAC address.
- A specific client OS type, including W95/98, NT/2000 WS, SV
or Terminal Server client.
- Whether the client connected over the local area network or
via dial-up networking.
A new System Options screen that allows you to:
- Globally monitor the status of the RPC services on all your
- Start, stop and configure the startup parameters of the
- Remotely install and uninstall the RPC services on all the Domain
controllers throughout your enterprise from a single location.
- Monitor the replication status of any changes made to the
ScriptLogic configuration through the ScriptLogic Manager.
Usability enhancements to the core ScriptLogic Manager:
- Specify the conditions which must be met prior to executing
ScriptLogic (e.g. exclude all servers).
- Control the client application files update behavior.
- Easily import your own company graphic to display during
the logon process.
- Specify particular servers to locate the ScriptLogic and
KiXtart RPC services on.
- Edit the text of the warning message boxes that are seen by
the clients logging on. (Internationalization).
- The ability to install service packs to your Windows NT WS,
even if the user logging on is NOT a local administrator of
- The ability to synchronize the time on Windows NT/2000 clients,
even if the user logging on does not have the "Change the
system time" right on their local machine.
And check the brand new ScriptLogic V3.0 webpage for the features
of the earlier upgrade from 2.0 to 2.5. You should really download
this puppy and have a look at this great time saver.
- A fully integrated "network browser" that allows you to browse
hidden shares, and select groups on master-resource domain
- New file paths option allows the ability to select an alternate
custom script editor, and replication manager.
- A new _Assign_Script_ tool that allows you to easily assign
ScriptLogic to your users, or to groups of users, without the
need to load UMD on your NT4 Server or the MMC on Windows 2000.
- No more list limits on each tab. (In previous versions, you were
limited to 80 entries on the drives, printers, policies, MS
Office, Internet, policies, and registry tabs).
- A new "shortcuts" tab, which allows the automatic creation or
removal of shortcut files on the clients desktop, start menu,
quick launch bar, or other folder.
- A new Custom Script Manager that allows you to apply Validation
Logic to smaller, individual custom scripts, making them easier
- A new granular Time Synchronization list, incorporating ScriptLogic
Pro's enhanced 3-part Validation Logic system.
- Enhancements to the Security Policies and MS Office tabs, offering
a more intuitive approach to selecting functions based on category.
- Enhancements to the automatic creation of Outlook/Exchange mail
profiles, including dynamic Outlook client updates and added support
for auto-archive settings.
- Improved Setup routine that fully supports installations on the
Windows 2000 Server family. Setup will also detect and remotely
install the RPC services to all domain controllers, eliminating the
need to re-run Setup and install the RPC services on each and every
- The ability to set any deployed printers to the user's default printer,
including an option to not set any auto-added network printer as the
default, if the client has a local printer defined on LPT1.
- A new schedule option for Application Launcher and Pop-up Messages
Boxes which allows the application or message box to execute during
each logon or only once per day.
- Greatly decreased logon time over dial-up networking, due to a
new version-sensitive client update routine.
- Main engine optimizations to decrease overall logon times by approx.
20-30% over the previous ScriptLogic v2.5 product versions.
- Streamlined support for Windows 95 & 98 clients with enabled user
profiles (local or server-based). You no longer need to choose between
the SLogic.bat or SLogix9x.bat files.
Eval copy at:
The "Chat with Stu" Script Is Now Online
Most of you have probably seen that I was invited for a live chat
over at SearchWin2000 a few weeks ago. There were several hundred
people online with us, but I'm sure some of you wanted to be there
but could not. All Questions and Answers are now available online
so you can go through the whole thing in less than 5 minutes:
[link is wrapped]
This Week's Links We Like. Tips, Hints And Fun Stuff
Questions on IIS? Brett Hill has a site full of answers. Check
it out. Good resource:
Been looking for a DACL manager for Registry Keys? Here's one:
Recently in the NTSYSADMIN list there were questions about the
potential benefits of defragging RAID drives. Here's one way to
find out: BENCHMARKS!
Convert a BDC to standalone server: Now in Online Shop.
How to convert my Backup Domain Controller to a standalone server?
Sunbelt now has U-Promote for sale in the Sunbelt On-line Shop.
You can download it and get a permanent key emailed to you after
How can I quickly run a speedtest on my modem?
Use this link and you will see the speed. Nifty!