1. EDITORS CORNER
   • Anti-Hackers Helping You Out
2. TECH BRIEFING
   • Our Exchange Server Ran Out Of Space
3. NT/2000 RELATED NEWS
   • W2K Cracks On The Uptrend.
   • Windows Product Activation also in W2K?
4. NT/2000 THIRD PARTY NEWS
   • NEW! Sunbelt Introduces Security Consulting
   • Sysmon.zip Is A Really Useful Lil' Free Tool
   • Survey Reveals: WQuinn is World Leader in Quota Market
5. W2Knews 'FAVE' LINKS
   • This Week's Links We Like. Tips, Hints And Fun Stuff
6. PRODUCT OF THE WEEK
   • EARLY ANNOUNCEMENT: Windows 2000 Power Toolkit

Anti-Hackers Helping You Out

We're announcing our On-site Security Consulting that will help you batten down the hatches against hackers. The people that will do this for you are very hard-to-find security experts. We made a strategic alliance with a company called Sytex, who are an advanced Security Consulting firm. Why them? Very good reasons, which we explained on the new page we created for you. There is a more complete article further down, but if you want to find out now go to: http://www.sunbelt-software.com/product.cfm?id=810

In a nutshell, if you would like to know how vulnerable your networks -really- are, and what will be needed to fix it, get one of our experts on-site for your "Three-Day Security Assessment". They will do a very thorough scan and report on your security posture. I'm pretty sure that for the most of you, this will be a revealing experience.

Now, we have the fortunate situation of having a several dozen of these experts available to us, but since there is a massive shortage of true anti-hackers, you have to move fast. We will be booked full in no time flat for the coming months, so if you want to be scheduled in I suggest you lose no time. Step up to management and tell them this is something that should have been done long ago. (And really, it -should- have!) Read more further down at the Third Party News section.

Warm regards,

Our Exchange Server Ran Out Of Space

Not disk space, mind you! We have Exchange 5.5 Standard Edition sitting on a Dell 6400 server with tons of RAID in it. No, the Exchange message store ran into its internal 16Gig database limit. Suddenly last Thursday, everyone's Outlook could not hook up to the Exchange server anymore. The people that started at 8am were sitting on their hands and called our Chief Tech.

He immediately logged in from home using Terminal Server and checked the Exchange Server itself. Machine was doing fine. Lots of space on the disks, memory and CPU were fine. So, what the heck?? Then we went to the MS website and queried TechNet. Ah HAH! Exchange 5.5 Standard Edition has a 16G internal message store limit and believe it or not, with only 60 staff we had hit that limit.

It was sitting at 16.7GB. We started looking at the mailboxes and sure enough one person had more than 2 Gig, while more than five had between 500 and 900 Meg, and many others were well over 300 Mb. Nobody had any quotas set on their mailboxes. We were not monitoring the message store space either, thinking we had "space enough" for everyone.

We also found in TechNet that Exchange Enterprise Edition goes to a theoretical 16 Terabytes, but that did not help us right then and there. You also have to know, that Exchange has a soft-delete function built-in. Meaning it keeps deleted files for as long as you have set that parameter. We had it sitting at 7 days. So, anything we would quickly delete would not free up space after all.

How did we fix it? We first shut down incoming and outgoing email. Then fired up the Exchange service itself that had gone down. Luckily enough it stayed up now. Then we went into some mailboxes that had a lot of large attachments and blew those away. And we archived one really large mailbox of some one who just left the company.

Next, we found the registry setting that allowed us to change the 7-day soft-delete option, and made it 5 minutes. Then we sent a pop-up to everyone to first clean out their Sent Items mailbox, and then to empty their Deleted Items mailbox. But the message store indicated still 16.7Gig. Now what?

More research showed that the Exchange message store gets fragmented and needs to be defragged once every so often to free up its internal space. We had -never- done that. So, we continued to send pop-ups to the space hogs to clean out their mail boxes as much as possible. When we saw that a lot of internal space became available we turned on the internal and external email again and things went live again, although a bit sluggish. Exchange really gets upset when its message store gets full. We got it working again at about 11am, but it was grumbling and sputtering all day.

At 7pm, with users all gone home, we ran the message store defrag utility that comes with Exchange. Lo and behold, the 16.7 size went down to 5Gig! Lesson learned: upgrade to Exchange Enterprise Edition, (or 2000). But if for whatever reasons you cannot do that yet, it makes sense to use mailbox quotas for most users except perhaps a few (like the CEO). It's also a good idea to instruct people that "live in Outlook" to save attachments separate from their emails. (Plug those big Powerpoint presentations, spreadsheets and .zip files in their user share on the file server, NOT in Exchange!)

Last but not least, we -were- monitoring for diskspace, but that turned out to be not enough. IF we would have set up a system monitoring tool like either RealView, ELM or OpalisRobot, we would have been notified that the Exchange service itself had gone down many hours earlier.

W2K Cracks On The Uptrend.

Every OS goes through its own "trial by fire". W2K is no exception. The OS in itself is pretty secure, and has a lot of the security features already built in that MS learned with NT. But new vulnerabilities are still found every day, and more and more W2K machines are installed. That means looking at normal statistical rules, the amount of W2K cracks will increase.

In issue #237 I already mentioned the Attrition.org site. It's very interesting to see how the stats move from NT to W2K. The moving average of NT cracks is actually decreasing now. Encouraging to see. But W2K cracks are about 10% now, as opposed to a much lower number last year. You need to stay vigilant, keep track of the hotfixes that come out and apply them. If you run Linux servers, the same is true. That number of cracks is way up too. Here are the raw numbers per OS.
http://www.w2knews.com/rd/rd.cfm?id=043001-AttritionOrg

Windows Product Activation also in W2K?

Well, you have been vocal about your views about the copy protection in Windows XP. The current SunPoll shows some pretty clear results. (you can see them and vote at www.sunbelt-software.com, left column) But I found a tidbit of info on the The Register site that made me think. I'm quoting a small section of the article here:

"Installation of the Internet Explorer 6 preview on a Win2k machine resulted in the addition of a new, suspicious-sounding registry key. The item appears as \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing, and there are two sub keys - HardwareID and Store. Under the HardwareID key is a ClientHWID binary value entry, containing what I'll assume is a hash key generated off my system's hardware. Under the Store key is another key named LICENSE000, which contains four binary values named the following: ClientLicense, CompanyName, LicenseScope, and ProductID. This certainly sounds like it contains the kind of info Microsoft is using for XP product activation, but it also seems to be a different way of doing it from the one used in XP beta 2."

It looks like MS is experimenting with different schemes to protect its software. But it also looks like your existing OS-es might be made ready for product activation. Of course it is important to protect Intellectual Property and Copyrights, but pissing off your existing customer base is a bad idea. The fact they are 'locked in' should not be abused. I think MS needs to rethink this whole thing. Why?

MS are very well aware that about a week after WXP comes out, a crack will become available that does away with the whole WPA scheme. Lots of people will download the crack and bypass WPA all together. But that violates the license and thus also the law. The WPA crack is now a thing they need to keep secret from MS. That fact in turn will cause two things: increased criticism of MS, and a much stronger movement toward Linux.

Software developers and MS in specific are really trying hard in any way they can to move away from selling to renting software. I have mentioned this in many earlier issues. What do you think will happen with OS-es that are no longer supported after a few years like NT will be in 2003? Having a copy protection scheme in place will allow MS to rent the OS (with support) to people who choose not to play the forced upgrade game.

They make you pay either way, whether you stay with the existing version or upgrade to the new one. No escape except to Linux. Microsoft, don't do it. DON'T do it. Don't DO it. Pleasing your shareholders at the detriment of your existing customers is not a smart move on the long term.

MS are really trying to crack down on piracy every way they can. Client Server News 2000 reported an MS pilot that offers prizes to small systems integrators if they 'turn in' corporate customers who try to buy PCs without Windows installed. Some companies try to buy PC's without the OS with the claim their volume licenses already covers Windows. But these licenses only cover Windows upgrades, meaning they would be cheating. (Or, they want to install Linux and try to get out of paying 'Microsoft-tax').

NEW! Sunbelt Introduces Security Consulting

Sunbelt now provides cutting-edge professional security consulting and technologies to take your systems out of harms way. Sunbelt is a computer security source that System Administrators trust and use when their systems fall victim to computer attacks. Why wait for your networks to become a target? Identify system weaknesses now and prevent the substantial financial losses and systems downtime associated with network attacks.

You told us in many surveys that Security is your #1 Headache. One of the biggest challenges facing you as a system- or network administrator and security auditor is protecting your companies' networks against intrusions from both inside and outside hackers. It is simply impossible to stay up-to-date with the latest exploits, apply all the fixes, and monitor your networks as well. This is more than a full time job, and who has the time to do that?

Sunbelt has formed a strategic alliance with the nation's most advanced security consulting firm (Sytex) and together we will provide you with top class Security Consultants trained to do very comprehensive security audits and services. Why did we choose Sytex to partner with?

• Sytex are the people that trained a 1,000 FBI specialists in Cybercrime
• Sytex are the anti-hackers working for the DOD, NSA, CIA and the Secret Service
• Sytex created and runs the Information Warfare Center
• Sytex is a recognized leader in electronic warfare and cyber-terrorism consulting
• If the Sunbelt/Sytex alliance cannot protect your networks, nobody else can...

Sysmon.zip Is A Really Useful Lil' Free Tool

I was sent a 15K file called Sysmon.zip that extracts to sysmon.exe which is a little perfmon-like tool that is transparent and disappears when you hover the cursor above it. Cute, useful and could help with debugging a machine. It also creates a small icon in the systray that you can click on to set the % transparency, some other settings and to exit.

I had to plug it somewhere for you to download so I chose the ELM page. It sits in the 'White Papers, Documents and Other Files section, one before last. You'll like this cutie that Ron Bradley sent to me. Every Tech in Sunbelt I forwarded it to, had it sitting on their desktop right away [grin]. Here goes:
http://www.sunbelt-software.com/product.cfm?id=533

Survey Reveals: WQuinn is World Leader in Quota Market

WQuinn announced today that it is the hands-down leader in the quota management software market, according to the recently-published results of an independent survey held among Windows 2000 Magazine Storage Update subscribers worldwide. Part of WQuinn's award-winning StorageCeNTral SRM suite, QuotaAdvisor also recently received Windows 2000 Magazine's "Editor's Choice" award in a five-way quota product comparison.

QuotaAdvisor is the only real-time quota monitoring software product with a patented I/O filter driver, helping thousands of system admins control storage growth, without significantly taxing system performance.

The independent storage research firm The Sosinsky Group, did the survey. It revealed that the QuotaAdvisor component of WQuinn's StorageCeNTral suite is used by an overwhelming majority of subscribers, with a whopping 52% share of the quota market.

Paling in comparison, the number two and three market share positions are held by EMC and HP, with 8% and 7%, respectively. Among all of the other quota products, including Highground SRM, and Northern's Quota Server, none had greater than a 6% market share. The question was posed in multiple-choice format, listing eight different Quota products from which respondents were to choose.

"Quota monitoring and administration is a critical piece of any well-managed enterprise storage environment," said Barrie Sosinsky, chief analyst and founder of The Sosinsky Group. "The Windows 2000 Magazine readers have identified the clear leader in the quota segment of the SRM space, and without a doubt, it's WQuinn's QuotaAdvisor."

This Week's Links We Like. Tips, Hints And Fun Stuff

EARLY ANNOUNCEMENT: Windows 2000 Power Toolkit