- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Feb 5, 2001 (Vol. 6, #7 - Issue #241)
Tell Your Friends!
  This issue of W2Knews™ contains:
    • More On the W2Knews HTML Version / New SunPoll
    • Tell Your Friends! Stat Scanner For Free
    • Securing Credit Cards
    • What's The New SMS Version All About?
    • 'Read The Fine Manual'
    • Special Feb-2001 Storage Management Offer
    • Tired of Stupid Questions From Users?
    • Push Change Permissions Down A Tree!
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • A+ Certification Concepts and Practice
  SPONSOR: SurfControl
If you're not managing Internet access, you're asking for
trouble. SurfControl, the #1 market leader in Internet
filtering improves employee productivity, frees up network
traffic and reduces legal threats. Find out exactly WHO is
doing WHAT, WHEN, and WHERE on the Internet. SurfControl
monitors, records and controls all TCP/IP protocols.
*FREE* 30-day trial.
Visit SurfControl for more information.

More On the W2Knews HTML Version / New SunPoll

Hi NT/W2K-ers!

First of all, thanks VERY MUCH for the many hundreds of responses we got on the new HTML version. The vast majority of you loves it! But about 25% of you does not like HTML, and told me why. Good reasons too I might add. But first, I think I may not have been completely clear about how we are going to implement TXT vs. HTML for W2Knews.

I talked about it since December, and already got a lot of feedback from you, so this is the way we are going to proceed. The normal TXT based issue will continue to appear on Monday. No change there. On Thursdays you will get an HTML version, and since you wanted the choice, this is a fully separate list called W2Knews-html. So, you can choose to receive just TXT, or both TXT and HTML (or neither of course if you are getting tired of me :-)

Since 75% of you wants HTML, I chose for the 'most efficient & least resources' approach. Next week, I'll send a TXT-based message to everyone, that allows you to UNSUB from the W2Knews-html list. It's a 'one-click' unsubscribe. But you will still get this normal TXT based newsletter on Mondays! If you would unsub like this, it'd be great. Thanks very much in advance.

And you can always go to the new www.w2knews.com to read the Thursday html issues via the website there. Oh, and your privacy is just as protected with our HTML newsletter as with the existing TXT one. I'm looking forward to being able to get you the latest NT and W2K news in both formats.

And talking about that, how is everyone thinking about MCSE for W2K? The result of the most recent SunPoll is revealing. The question was "Which one of these W2K MCSE core exams will you be doing first?"

  1. Windows 2000 Professional 42.48% - 421 votes
  2. Windows 2000 Server 10.89% - 108 votes
  3. Windows 2000 Network Infrastructure - 4.13% - 41 votes
  4. Windows 2000 Directory Services Infrastructure - 3.93% - 39 votes
  5. None, I am too upset with Microsoft that they will nix my NT MCSE end of this year. 38.54% - 382 votes

This proves first and foremost, about 60% of you are looking to get certified for W2K. Option #5 (forget it Microsoft!) came out a close second. Many of these will pursue other certifications like Cisco and Linux I'm sure. Our sponsor just below this Editor's Corner has an interesting offer for you if you want to go the Cisco route. Getting a bigger paycheck is what certification has been all about in the past. And it will remain the case in the future. In a few years I think most of the MCSE's will choose to get W2K certified after all, and the fact that the next version of W2K (which I nicknamed W2K2) will grandfather in your W2K cert may help make that decision.

Next, here is our NEW SUNPOLL:

"The media are rife with bad economic news. How is this influencing your budgets for system management tools?"

  1. Not at all. Budgets have been set and I can spend the approved dollars.
  2. Management told us to watch our cost a bit more, nothing drastic though.
  3. We are reducing our headcount and actually need more tools.
  4. All my tools budgets have been put on ice.
  5. I'm looking for a new job, my resume is on-line!

Please vote here, it's the first thing you see on the left side.

And after voting, you can pick up your free copy of the STAT Discovery. Read all about it in the Tech Briefing of this week.

Warm regards,

Stu Sjouwerman
(email me with feedback: [email protected])

Want to earn $15,000 to $20,000 more per year? Looking for a Hot
Commodity in computer networking? Prepare for the Cisco Certified
Network Associate exam with Teknowlogy Professionals' innovative
course! Teknowlogy Professionals has helped students all over the
country prepare for challenging and exciting careers through their
proprietary courseware. No one else does it like us, with our
specially-developed combination of lecture and hands-on training!

Tell Your Friends! Stat Scanner For Free

Jeez, these software vendors nowadays! How are they going to make any money when they give their stuff away for free? Now another one (Harris) has decided to donate a large chunk of their previously "for sale only" code for you to download and run without cost.

You all remember STAT (at least I hope :-). It's a market leader in NT/W2K vulnerability scanning. In its earlier incarnations, the demo was only something like the 20 most common holes. But NOW... they are giving away the whole kit and kaboodle: all the around 1,000 known NT/W2K holes are in the FREE STAT DISCOVERY KIT.

It's really unbelievable. I just downloaded this puppy and ran it on my brand new Dell Dual 933 box, with W2K SP1 installed. I'm embarrassed to say it found 2 High Risk holes, 20 medium Risk, and 53 low risk vulnerabilities. Dang! But the good thing is that I did not pay anything for it.

This free Discovery Scanner has a 'nag' screen at the start, and after the scan it comes back with a little report that said: "It will take approximately 58 hours to fix 75 Vulnerabilities manually. STAT AutoFix (tm) can fix many of them automatically in a fraction of the time". The numbers will change with the amount of holes it found. This is what it said after the scan on my box. And there is the angle of course. They want you to buy the full version of STAT which works network-wide and has the auto-fix feature.

But still, with the free Discovery, you can click on each hole, and it brings you to the statonline website where it explains what this vulnerability means. So, they will surely get some web-traffic next week! Now remember: Download from the Sunbelt site, check the vulnerabilities on the Harris site but when you decide to buy this tool, come back to Sunbelt to buy it?

That's the least you can do in exchange for me telling you about this unbelievably cool opportunity [grin]. So, this is why I gave this item the title "Tell Your Friends!". Cut and Paste this little article and distribute it to everyone you know with either an NT or a W2K Box. They will owe you a ~B I G~ favor. But Enough talk. GO GET THIS PUPPY NOW! The only thing you need to do is fill out the download form at the very end of the STAT product page.


Securing Credit Cards

In the article on Egghead in issue 238, January 22-nd I commented that any online shops or e-commerce sites should "age off" cards of people after 3 months. Nigel Ball suggested this advice doesn't go far enough. He said that online shops in an NT/2000 environment should consider either:

- removing from their databases critical card data (e.g., the last few digits of the card number) as soon as the payment is confirmed;

- encrypting customer's personal details using a key that is _not_ held in the same database as the customer's record;

- moving customer's personal details to a separate database that is not accessible from the web server as soon as possible;

or some combination of the above. Keeping customer's credit card details for up to 3 months may limit the online shop's exposure but it still provides an unnecessary "window of opportunity" for criminal hackers.

What's The New SMS Version All About?

ZDNet recently reported about the latest SMS version code-named Topaz. SMS is not dead, as many people expected it to be folded into W2K, but it looks like that 'aint gonna happen'. There is going to be a new beefed-up version.

Microsoft looks like it definitely wants to stay into Windows plumbing. They built its management technologies team to 500 staff and are putting more pieces of the puzzle in place. These coders are working on stuff like SMS, Terminal Services, Intellimirror and Windows Management Instrumentation interfaces.

As you know, one of MS's BackOffice Servers is called Systems Management Server (SMS for short.) This is the module for admins in large environments. SMS gets you hardware and software inventory, software license metering, distribution and installation of software, and remote control.

Looks like Topaz will arrive in Beta form somewhere this summer, and at roughly the same time Service Pack 3 for SMS version 2.0 will be released. The main new feature in SP3 is that it will allow you to roll out Whistler (W2K2) Professional to all the workstations in your domain.

Topaz will have closer integration with the Active Directory, better cluster server support, improved remote-user support, and improved reporting which certainly was needed seen the immense amount of raw data that SMS generates. It looks like MS will try to get rid of overlap between SMS and Windows, by separating functions into either one or the other. Obviously this has something to do with the .Net architecture they are working toward. SMS will support XML and SOAP.

'Read The Fine Manual'

Knowing that MS has had 4 name servers on the same subnet and got punished for it, this came out of one of their own manuals:

    "Generally, plan to install the primary and secondary servers on different subnets to provide continual support for DNS name queries if one subnet should go down.

    The minimum number of DNS servers needed to serve each zone is two -- a primary and a secondary -- to provide database redundancy. As with any fault tolerant system, the computers should be as independent as possible, for example, by placing the primary and secondary servers on different subnets".

Lesson: RTFM [grin]


Special Feb-2001 Storage Management Offer

Storage is exploding. NAS, SAN's, RAID, 80Gig drives, you name it. How the heck are you going to keep all that stuff under control? Automate this disk babysitting chore! For every $1,000 dollars ordered for Quinn Products (Storage Central, Quota Advisor, Disk Advisor), Sunbelt will give you a value of $500 of either Autopilot or the brand new security tool Fortress NT/2000. Offer valid only for the month of Feb-2001 so better hurry.

Here are the links. Check it out:

StorageCeNTral: http://www.sunbelt-software.com/product.cfm?id=423
QuotaAdvisor: http://www.sunbelt-software.com/product.cfm?id=421
DiskAdvisor: http://www.sunbelt-software.com/product.cfm?id=420
AutoPilot: http://www.sunbelt-software.com/product.cfm?id=222
Fortress NT/2000: http://www.sunbelt-software.com/product.cfm?id=677

Tired of Stupid Questions From Users?

One of the most complained about perpetual problems is end-users endlessly calling you with questions that normally can be answered like: "Did you check if the power is on?". Things like asking for the 'any-key' they cannot find, and other complete wastes of time. They always call at the wrong moment, are disruptive, a pain, and unfortunately a necessary evil. Who else do we maintain these systems for otherwise? The ideal scene would of course be to simply have no end users at all. Wouldn't that be heaven?

Well, the next best thing is to at least have them trained on a level they can understand, and get rid of those stupid questions. It may even help to make them more productive. We found a very useful brand new little web-based course that gets completely PC illiterate end-users grooved into what a PC and a Network is, how it works, and how to solve simple problems. It's also really fun to do. Two cartoon characters take you through the course and explain the internals.

We decided to offer this course as a means to help offload some of the "Stupid Question Syndrome" we all suffer from at regular times. There is a little example section on our website you can look at which explains what RAM is. (You need macromedia flash to see it). We hope it will help wearing the 'helpdesk-hat' a little more bearable. And who is the developer?

Competence Software Corporation, one of the most effective online learning companies in the world, created this new course. Their courses have been given top ratings by http://www.lguide.com with ratings above Harvard University online courses. I think this new online course will be the first and only course you will ever need to give PC users a thorough understanding of computer basics from Pascal's adding machine in the 1700s to today's PC's and networks.

There are 35 lessons in the course covering subjects from the GUI down to how a computer uses binary numbers (and clearly showing the simplicity of what binary counting really is) to calculate, process data, display graphics, play sound, etc. Students completing the course will gain a thorough understanding the basics of hardware, operating systems, application software and networking.

General Electric says of Competence Software's earlier released course, "... an ideal tool for our staff who need a basic, easy to use package for self-study training." Rid yourself of timewasters:

Push Change Permissions Down A Tree!

Security Explorer is a powerful and intuitive utility to search for and modify Windows NT security on NTFS drives, the Registry, and Shares. You can search across subdirectories for permissions, grant, revoke, and clone permissions across subdirectories without affecting any other user's permissions.

Select 50 shares on a server, and grant permissions to multiple users and groups at one time. Export permissions to a database for further analysis and reporting. Back up your file permissions and restore them if necessary. Set ownership on files and directories. Seamless integration with the Windows NT 4.0 Desktop (right-click just about anywhere).

Security Explorer makes finding security holes and fixing them a snap!

New Product Features:

New: Fully supports the new NTFS inheritance model found in W2K.
New: Auto-detect the operating system when making permissions changes on remote servers, so you can use Security Explorer safely in a mixed (NT/W2K) environment.
New: Allows you to override protected objects, and allow the permissions modifications to propagate down to all subdirectories, files, and folders, including protected objects.
New: Fully supports Windows 2000's set of extended permissions

Security Explorer in Single Copies is available through the Sunbelt Online Shop with instant online delivery. For multiple copies, talk to one of our Reps or Resellers. Here's the product specs.


This Week's Links We Like. Tips, Hints And Fun Stuff

FREE Group Policy eBook by industry gurus Darren Mar-Elia and Sean Daily!

Reboot Remote Equipment. Register to WIN a new APC Masterswitch!

#Money Talk$. The BrainBuzz Salary Wizard is a pretty useful tool:


A+ Certification Concepts and Practice

The new A+ Certification Test by Comp TIA will be one of the toughest ever to pass. There are tons of new areas and topics that you'll need to master. Experts stress that you need to do everything possible to prepare for this new test. If you want to improve your chances of passing and want to see more job offers from getting certified, you need the one total learning package available to pass the new exam! Normally $86.04. Now in the Sunbelt bookclub for only: $39.95