Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Apr 30, 2001 (Vol. 6, #30 - Issue #265)
Sunbelt Introduces Security Consulting
This issue of W2Knews contains:
- EDITORS CORNER
- Anti-Hackers Helping You Out
- TECH BRIEFING
- Our Exchange Server Ran Out Of Space
- NT/2000 RELATED NEWS
- W2K Cracks On The Uptrend.
- Windows Product Activation also in W2K?
- NT/2000 THIRD PARTY NEWS
- NEW! Sunbelt Introduces Security Consulting
- Sysmon.zip Is A Really Useful Lil' Free Tool
- Survey Reveals: WQuinn is World Leader in Quota Market
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- EARLY ANNOUNCEMENT: Windows 2000 Power Toolkit
Migrating to Windows 2000? Do you have a complete plan yet? The Altiris
eXpress Migration Toolkit (AXMT) is the only complete migration solution
that addresses all 6 steps of the W2K migration process. Complete pre-
migration inventory assessment, PC cloning/network configuration, software
installation, personality restoration, and post-migration status report
in a single tool. 5-star rating in PC Magazine! 30-day FREE trial:
Visit Altiris for more information.
Anti-Hackers Helping You Out
We're announcing our On-site Security Consulting that will help you batten down the hatches against hackers. The people that will do this for you are very hard-to-find security experts. We made a strategic alliance with a company called Sytex, who are an advanced Security Consulting firm. Why them? Very good reasons, which we explained on the new page we created for you. There is a more complete article further down, but if you want to find out now go to:
In a nutshell, if you would like to know how vulnerable your networks -really- are, and what will be needed to fix it, get one of our experts on-site for your "Three-Day Security Assessment". They will do a very thorough scan and report on your security posture. I'm pretty sure that for the most of you, this will be a revealing experience.
Now, we have the fortunate situation of having a several dozen of these experts available to us, but since there is a massive shortage of true anti-hackers, you have to move fast. We will be booked full in no time flat for the coming months, so if you want to be scheduled in I suggest you lose no time. Step up to management and tell them this is something that should have been done long ago. (And really, it -should- have!) Read more further down at the Third Party News section.
(email me with feedback: [email protected])
SPONSOR: Regain 30% Of Your Server Space...
And save hundreds of hours in file cleanup. Maximizing uptime is a top
priority. But without control of the data on your servers, achieving
this priority can be nearly impossible. Servers crammed with obsolete
and non-business related files can jeopardize uptime, drag down backups
and slow down real-time access to what's really important. Adding more
disk space only compounds the problem - soon you'll have twice as many
junk files. That's why Microsoft and 80 of the Fortune 100 insist on
StorageCeNTral. Download your free 30 day evaluation copy, and you'll be
surprised at what StorageCeNTral finds wasting space on -your- servers.
Visit Regain 30% Of Your Server Space... for more information.
Our Exchange Server Ran Out Of Space
Not disk space, mind you! We have Exchange 5.5 Standard Edition sitting on a Dell 6400 server with tons of RAID in it. No, the Exchange message store ran into its internal 16Gig database limit. Suddenly last Thursday, everyone's Outlook could not hook up to the Exchange server anymore. The people that started at 8am were sitting on their hands and called our Chief Tech.
He immediately logged in from home using Terminal Server and checked the Exchange Server itself. Machine was doing fine. Lots of space on the disks, memory and CPU were fine. So, what the heck?? Then we went to the MS website and queried TechNet. Ah HAH! Exchange 5.5 Standard Edition has a 16G internal message store limit and believe it or not, with only 60 staff we had hit that limit.
It was sitting at 16.7GB. We started looking at the mailboxes and sure enough one person had more than 2 Gig, while more than five had between 500 and 900 Meg, and many others were well over 300 Mb. Nobody had any quotas set on their mailboxes. We were not monitoring the message store space either, thinking we had "space enough" for everyone.
We also found in TechNet that Exchange Enterprise Edition goes to a theoretical 16 Terabytes, but that did not help us right then and there. You also have to know, that Exchange has a soft-delete function built-in. Meaning it keeps deleted files for as long as you have set that parameter. We had it sitting at 7 days. So, anything we would quickly delete would not free up space after all.
How did we fix it? We first shut down incoming and outgoing email. Then fired up the Exchange service itself that had gone down. Luckily enough it stayed up now. Then we went into some mailboxes that had a lot of large attachments and blew those away. And we archived one really large mailbox of some one who just left the company.
Next, we found the registry setting that allowed us to change the 7-day soft-delete option, and made it 5 minutes. Then we sent a pop-up to everyone to first clean out their Sent Items mailbox, and then to empty their Deleted Items mailbox. But the message store indicated still 16.7Gig. Now what?
More research showed that the Exchange message store gets fragmented and needs to be defragged once every so often to free up its internal space. We had -never- done that. So, we continued to send pop-ups to the space hogs to clean out their mail boxes as much as possible. When we saw that a lot of internal space became available we turned on the internal and external email again and things went live again, although a bit sluggish. Exchange really gets upset when its message store gets full. We got it working again at about 11am, but it was grumbling and sputtering all day.
At 7pm, with users all gone home, we ran the message store defrag utility that comes with Exchange. Lo and behold, the 16.7 size went down to 5Gig! Lesson learned: upgrade to Exchange Enterprise Edition, (or 2000). But if for whatever reasons you cannot do that yet, it makes sense to use mailbox quotas for most users except perhaps a few (like the CEO). It's also a good idea to instruct people that "live in Outlook" to save attachments separate from their emails.
(Plug those big Powerpoint presentations, spreadsheets and .zip files in their user share on the file server, NOT in Exchange!)
Last but not least, we -were- monitoring for diskspace, but that turned out to be not enough. IF we would have set up a system monitoring tool like either RealView, ELM or OpalisRobot, we would have been notified that the Exchange service itself had gone down many hours earlier.
That would have caused some of our Techs to work late into the evening to fix it, but that would have been better than 3 hours of email downtime from 8 to 11am at the end of the month. Oh well, you live and learn. This was really a kind of a beginner's error [blush]. Hope you will take advantage of it. The tools I talked about are all here:
NT/2000 RELATED NEWS
W2K Cracks On The Uptrend.
Every OS goes through its own "trial by fire". W2K is no exception. The OS in itself is pretty secure, and has a lot of the security features already built in that MS learned with NT. But new vulnerabilities are still found every day, and more and more W2K machines are installed. That means looking at normal statistical rules, the amount of W2K cracks will increase.
In issue #237 I already mentioned the Attrition.org site. It's very interesting to see how the stats move from NT to W2K. The moving average of NT cracks is actually decreasing now. Encouraging to see. But W2K cracks are about 10% now, as opposed to a much lower number last year. You need to stay vigilant, keep track of the hotfixes that come out and apply them. If you run Linux servers, the same is true. That number of cracks is way up too. Here are the raw numbers per OS.
Windows Product Activation also in W2K?
Well, you have been vocal about your views about the copy protection in Windows XP. The current SunPoll shows some pretty clear results. (you can see them and vote at www.sunbelt-software.com, left column) But I found a tidbit of info on the The Register site that made me think. I'm quoting a small section of the article here:
"Installation of the Internet Explorer 6 preview on a Win2k machine resulted in the addition of a new, suspicious-sounding registry key. The item appears as \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing, and there are two sub keys - HardwareID and Store. Under the HardwareID key is a ClientHWID binary value entry, containing what I'll assume is a hash key generated off my system's hardware. Under the Store key is another key named LICENSE000, which contains four binary values named the following: ClientLicense, CompanyName, LicenseScope, and ProductID. This certainly sounds like it contains the kind of info Microsoft is using for XP product activation, but it also seems to be a different way of doing it from the one used in XP beta 2."
It looks like MS is experimenting with different schemes to protect its software. But it also looks like your existing OS-es might be made ready for product activation. Of course it is important to protect Intellectual Property and Copyrights, but pissing off your existing customer base is a bad idea. The fact they are 'locked in' should not be abused. I think MS needs to rethink this whole thing. Why?
MS are very well aware that about a week after WXP comes out, a crack will become available that does away with the whole WPA scheme. Lots of people will download the crack and bypass WPA all together. But that violates the license and thus also the law. The WPA crack is now a thing they need to keep secret from MS. That fact in turn will cause two things: increased criticism of MS, and a much stronger movement toward Linux.
Software developers and MS in specific are really trying hard in any way they can to move away from selling to renting software. I have mentioned this in many earlier issues. What do you think will happen with OS-es that are no longer supported after a few years like NT will be in 2003? Having a copy protection scheme in place will allow MS to rent the OS (with support) to people who choose not to play the forced upgrade game.
They make you pay either way, whether you stay with the existing version or upgrade to the new one. No escape except to Linux. Microsoft, don't do it. DON'T do it. Don't DO it. Pleasing your shareholders at the detriment of your existing customers is not a smart move on the long term.
MS are really trying to crack down on piracy every way they can. Client Server News 2000 reported an MS pilot that offers prizes to small systems integrators if they 'turn in' corporate customers who try to buy PCs without Windows installed. Some companies try to buy PC's without the OS with the claim their volume licenses already covers Windows. But these licenses only cover Windows upgrades, meaning they would be cheating. (Or, they want to install Linux
and try to get out of paying 'Microsoft-tax').
See Fave Links below for WPA-Crack info. The Register Article:
THIRD PARTY NEWS
NEW! Sunbelt Introduces Security Consulting
Sunbelt now provides cutting-edge professional security consulting and technologies to take your systems out of harms way. Sunbelt is a computer security source that System Administrators trust and use when their systems fall victim to computer attacks. Why wait for your networks to become a target? Identify system weaknesses now and prevent the substantial financial losses and systems downtime associated with network attacks.
You told us in many surveys that Security is your #1 Headache. One of the biggest challenges facing you as a system- or network administrator and security auditor is protecting your companies' networks against intrusions from both inside and outside hackers. It is simply impossible to stay up-to-date with the latest exploits, apply all the fixes, and monitor your networks as well. This is more than a full time job, and who has the time to do that?
Sunbelt has formed a strategic alliance with the nation's most advanced security consulting firm (Sytex) and together we will provide you with top class Security Consultants trained to do very comprehensive security audits and services. Why did we choose Sytex to partner with?
So, to check out to see when you want to plan your 3-day on-site Security
Assessment, check out the brand new webpage we just created for this:
- Sytex are the people that trained a 1,000 FBI specialists in Cybercrime
- Sytex are the anti-hackers working for the DOD, NSA, CIA and the Secret Service
- Sytex created and runs the Information Warfare Center
- Sytex is a recognized leader in electronic warfare and cyber-terrorism consulting
- If the Sunbelt/Sytex alliance cannot protect your networks, nobody else can...
Sysmon.zip Is A Really Useful Lil' Free Tool
I was sent a 15K file called Sysmon.zip that extracts to sysmon.exe which is a little perfmon-like tool that is transparent and disappears when you hover the cursor above it. Cute, useful and could help with debugging a machine. It also creates a small icon in the systray that you can click on to set the % transparency, some other settings and to exit.
I had to plug it somewhere for you to download so I chose the ELM page. It sits in the 'White Papers, Documents and Other Files section, one before last. You'll like this cutie that Ron Bradley sent to me. Every Tech in Sunbelt I forwarded it to, had it sitting on their desktop right away [grin]. Here goes:
Survey Reveals: WQuinn is World Leader in Quota Market
WQuinn announced today that it is the hands-down leader in the quota management software market, according to the recently-published results of an independent survey held among Windows 2000 Magazine Storage Update subscribers worldwide. Part of WQuinn's award-winning StorageCeNTral SRM suite, QuotaAdvisor also recently received Windows 2000 Magazine's "Editor's Choice" award in a five-way quota product comparison.
QuotaAdvisor is the only real-time quota monitoring software product with a patented I/O filter driver, helping thousands of system admins control storage growth, without significantly taxing system performance.
The independent storage research firm The Sosinsky Group, did the survey. It revealed that the QuotaAdvisor component of WQuinn's StorageCeNTral suite is used by an overwhelming majority of subscribers, with a whopping 52% share of the quota market.
Paling in comparison, the number two and three market share positions are held by EMC and HP, with 8% and 7%, respectively. Among all of the other quota products, including Highground SRM, and Northern's Quota Server, none had greater than a 6% market share. The question was posed in multiple-choice format, listing eight different Quota products from which respondents were to choose.
"Quota monitoring and administration is a critical piece of any well-managed enterprise storage environment," said Barrie Sosinsky, chief analyst and founder of The Sosinsky Group. "The Windows 2000 Magazine readers have identified the clear leader in the quota segment of the SRM space, and without a doubt, it's WQuinn's QuotaAdvisor."
Disk Quotas cut the cost of managing storage across their WinNT/2000 networks. For example, GM's OnStar Division turned to StorageCeNTral after 500 employees filled up one server's 35-gigabyte disk space in less than nine months. Product specs here:
This Week's Links We Like. Tips, Hints And Fun Stuff
Some details on the WXP copy protection scheme, and the crack for it
Long Distance Computer Problems. Resetting a box on the Space Station?
The FBI turned the tables on some Russian Hackers. Nice story!
PRODUCT OF THE WEEK
EARLY ANNOUNCEMENT: Windows 2000 Power Toolkit
Not yet available, but will be published May 11-th. The book will assist you in the analysis, tuning, optimization, automation, enhancement, maintenance, and troubleshooting of Windows 2000. Barry and I show you how to use operating system utilities, Resource Kit applications, and third-party tools to help you accomplish everyday and advanced W2K system tasks. COMING SOON. And with it,
comes a free permanent full function copy of a very popular performance booster tool. You'll find a coupon in the back of the book that allows a free download of this tool. Just a few more days. I'll let you know!