Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Jul 19, 2001 (Vol. 6, #53 - Issue #288)
New MS Certs
This issue of W2Knews contains:
- EDITORS CORNER
- TECH BRIEFING
- New Web Attacks May Be New Malicious IIS Worm
- Rebuilding WXP Machines and WPA
- NT/2000 RELATED NEWS
- MS Drops Java Support for WXP
- New MS Certs for Admin's and Developers in 2002
- Price Changes for MS Operating Systems
- NT/2000 THIRD PARTY NEWS
- Can't Login? Lost The Administrator Password?!
- Need To Plan, Monitor and Report On Active Directory Change?
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
SPONSOR: Marathon Technologies
Achieving Success with Exchange
Email has rapidly moved up the list of business critical applications.
Even a stutter in email flow can cost thousands of dollars in lost
revenue, reduce staff productivity, and damage customer satisfaction.
Exchange success is about investing in technology that works 24x7,
keeps your end-users productive, and lets you go home at a night.
Marathon developed the "Seven Secrets to Exchange Success", a guide
to help you get Exchange up and running quickly, and keep it up and
running. Get a free copy of the "Seven Secrets to Exchange Success" at:
Visit Marathon Technologies for more information.
NT 5.1 Workstation
I just received Mark Minasi's newsletter, and he started one article
with: "As you probably know, on October 25 Microsoft will ship "NT 5.1
Workstation" under the name "Windows XP Professional" and "Windows XP
Home." I had a good chuckle, because that's a funny but very accurate
positioning. Just the next version of NT, but again rebranded. We
started commercially with NT 3.51, then NT4.0, then W2K and now it's
WXP. But the kernel is still Dave Cutler's good 'ol NT core. Oh well,
I guess the marketing guys need to make a living too.
Reminder! The 2001 Target Awards are here. Again, as in 1999 and 2000,
we have (now even more) categories where you can vote for your fave
tools. This time we included Best and Worst Tech Support. This is
going to be interesting, and just like last year you can see the
current results right after voting. Here is the link. VOTE NOW!
(email me with feedback: [email protected])
SPONSOR: WIN NT/2000 = HACKER TARGET #1
Tired of being vulnerable to hackers? Don't have enough time to keep
up with the latest security vulnerabilities? Behind on installing the
latest patches on your Web server? Or just tired of dealing with
network security in general? Let Retina do the work for you. It helps
you hunt down and kill security holes in NT/2000, Unix, network devices
and common MS-apps. Download an eval copy before you become a statistic.
Visit WIN NT/2000 = HACKER TARGET #1 for more information.
New Web Attacks May Be New Malicious IIS Worm
This is an advisory about a new Internet worm. It looks like this
critter is in the wild, and potentially already has infected thousands
IIS sites. Since last week, this "nasty" has been roaming the Net and
with an evil grin been compromising unpatched Internet Information
Server (IIS) boxes.
Some of the security experts that did an autopsy on one of these worms
said it exploits the very buffer overflow in IIS that was discovered by
eEye Digital Security that I told you about in issue #281, June 25-th.
In that same issue I told you about the fix that MS has provided.
Marc Maiffret, chief hacking officer for eEye visited the Sunbelt office
last week, and told me it's a self-propagating worm designed to scan the
Net for IIS machines vulnerable to the ".ida attack". Then it automatically
defaces the site's homepage. You'll see this in red letters: "Welcome to
http://www.worm.com! Hacked By Chinese!" And after infecting your system, it scans the Net randomly for other IIS boxes that are unpatched.
Some event logs on these machines also show that the worm may be trying
to create a backdoor on your webserver, and tries to contact www.worm.com,
but what it does there is still uncertain. It may just be a smokescreen
the worm throws up. The owner of worm.com has nothing to do with it he
said. Microsoft's bulletin on the ida vulnerability is here:
Here is the link to the full NewsBytes article:
And if you want to protect your IIS-boxes against all these kinds of
attacks in one fell swoop, I suggest you check out this new category
"application firewall" tool. It's called SecureIIS and just $500 a pop.
Rebuilding WXP Machines and WPA
"If you have students that practice WXP installations on their training
machines, they will have to call or connect to the internet to get WXP
reactivated every time they reinstall and reformat (as is usually
recommended for a clean installation). Could be quite a painful
experience. I suppose going over the internet might be palatable once
you get everything configured and are still within the 30 day grace
period, but I see snags in these kinds of environments".
-- Contributed by Rich Orchard.
And here are some quotes from MS Faqs to illustrate the issue, that I
believe is a fait accompli. MS is not going to budge on the Windows
Product Activation (WPA) issue.
If your company has some kind of Microsoft volume license agreement,
and I would think that a lot of you are indeed in this category, then
the copies of WXP you will get from MS will not have this 'potential
headache' feature. But the new licensing models are mind numbing. More
about that in a coming issue. Here is MS's site on why/how they want
to combat "casual piracy".
- If a reinstallation of the software is needed, is reactivation required?
Not always. If the same version of the software is reinstalled on the same
machine and the hard disk is not reformatted prior to reinstalling, the
software will remain activated. Reactivation will be required if the hard
disk is reformatted and the software is reinstalled. This is because the
software's activation status is stored on the hard drive and reformatting
the hard drive erases that status.
- If I reformat my hard disk, is reactivation required?
If the hard disk is reformatted and the software is reinstalled,
reactivation will be required. The same grace periods for activation apply
in this situation. Reactivation on the same PC can be completed as many
times as required. The activation can be completed via telephone or
NT/2000 RELATED NEWS
MS Drops Java Support for WXP
It was all over the news today, even in the Wall Street Journal.
MS will drop Java support in WXP. They say it's in order not to
violate a legal settlement agreement. And they also mentioned that
this move was not aiming to get rid of Java support in its apps.
If you are browsing the Net, with your new WXP and run into a site
that runs Java, it will be dead. But you can then download a plug-in
from the MS-site so your browser supports Java again.
Hmmm, sounds like they have to comply with the law, but it also
plays in their cards, as Java has always been seen as a major
threat to the Windows platform. But from an admin's perspective,
this is another attack on already scarce helpdesk resources. You
are warned! More at SilliconValley.com:
New MS Certs for Admin's and Developers in 2002
MS is in the process of preparing two new tracks for admins
and developers. It is expected Q1, 2002. They were announced
last Friday at Microsoft Fusion, which is its annual
worldwide sales and partner conference. At the same time
they announced the first WXP and .NET Server exams.
They have a very limited webpage up, where they basically
just announce the thing is coming. I'm quoting the paragraph
for Systems Administrators:
"One certification will be for network administrators, technical
support specialists and Web administrators who implement, manage,
monitor, and troubleshoot the network and system environment for
the Microsoft Windows 2000 and Microsoft Windows® .NET Server
operating systems. The certification is intended for individuals
such as network administrators, network engineers, systems admin,
IT engineers, information systems administrators, network operations
analysts, network technicians, and technical support specialists.
"Demand for the network administration job function has seen
significant growth in 2001, and candidates as well as the
industry have indicated that a certification is needed. The new
system administrator certification will meet this need. This
certification will include some exams from the Microsoft Certified
Systems Engineer (MCSE) requirements. However, it is different
from the MCSE credential because it will not require design skills.
It's got no official name yet, but I'm predicting the word "engineer"
is not coming back in this cert. It's kind of an undercut to the
MCSE cert, but a cut above the MCP title. Less exams than MCSE will
be required. MS is still tinkering with it before they will make
their official announcement. At the same time, they make the W2K
MCSE more difficult, so they have three tiers instead of two.
Here's the MS release:
Price Changes for MS Operating Systems
ZDNet came out with an article that revealed MS is planning to swiftly
respond to the recent appeals court ruling on its antitrust case.
It looks like significant changes to its pricing models for OEM's
(hardware vendors) and large corporate customers.
They reported that MS plans to make OEM partners pay more for the
Windows operating systems they ship with their new hardware, but at
the same time lowering the cost for large "named accounts" who buy
licenses directly from Microsoft. A source at one PC maker told eWEEK
that Microsoft was currently working on adjusting additional areas
of its pricing and licensing model.
"The latest figures we have show that named accounts will see prices
fall from $76.50 to $70 a license," the source said. "But operating
system prices for the major PC makers will be raised to varying
levels depending on their MDA [market development agreement]"
The whole article is here:
THIRD PARTY NEWS
Can't Login? Lost The Administrator Password?!
Sunbelt Software announces a new "emergency break-in" utility that
fixes this kind of problem. Why? If you are locked out of a system
you need a quick way to get back in without having to rebuild that
box from bare metal. Sunbelt will provide you with the kind of
commercial support you need in these cases. Available 24/7 via the
online shop for just 70 bucks. You want this puppy in your toolkit
for the moment these kinds of things happen. Better to get one right
away. You'll be a hero when you can whip this thing out and fix the
problem. Note that will take up to one business day for us to ship out
NTAccess with your key.
NTAccess can replace the administrator password of a Windows NT or
W2K system by rebooting the computer with a special set of boot disks.
This is useful if you forgot the administrator password and cannot
access the Windows NT/2000 system.
With NTAccess, you can reset the admin password so you can login.
Here's a breakdown of the process:
You'll need a set of Windows NT/2000 Setup boot disk. You can create
the disks using your Windows NT/2000 CD-ROM. Copy a few special files
on the disks and optionally modify one text file. Now you can boot
with these disks and replace the password of the administrator
account of any Windows NT/2000 System on the machine.
The complete process takes about 10 minutes to create the boot disks
and another 10 minutes to boot with them and replace the old admin
password. However you only need to create the boot disks once and
can use them as long as the floppy disks last.
NTAccess looks for the built-in administrator account. This account
cannot be disabled, it can only be renamed. NTAccess always displays
the name of this account so you know how to log in. NTAccess only
changes the password of the built-in administrator account, it does
not affect any other accounts or any registry settings and does not
destroy any information on the system.
NTAccess can also set the password for Windows 2000 Servers running
Active Directory. This is a definite advantage of NTAccess.
NOTE: NTAccess can not turn off the optional SYSKEY protection for
Windows 2000 which may requires a password or a floppy disk with an
encryption key to start up before you can log in. NTAccess can still
set a new administrator password, but you need to know the startup
password or have the floppy disk with the encryption key. NTAccess
can remove the SYSKEY protection for NT 4.0. The FAQ, specs and
Sunbelt Online Shop are here:
Need To Plan, Monitor and Report On Active Directory Change?
Sunbelt introduces a second new tool in this issue. DirectoryInsight
is the only solution designed to help you plan, monitor and report
on Active Directory change and growth automatically. DirectoryInsight
tracks the population of directory objects over time and records key
infrastructure change data, allowing you to keep Active Directory
change under control throughout deployment and beyond. Here is a
DirectoryInsight Feature Tour:
With DirectoryInsight, you can look up a critical security change
with the touch of a button, and take the necessary steps to fix
the issues in record time. Check the Sunbelt website for the FAQ
- Manage Change in Active Directory
With DirectoryInsight, you can plan, monitor and report on the
deployment and growth of Active Directory. Through browser-based
change reporting, you'll gather valuable insight to manage and plan
for object population growth and key infrastructure modifications.
Whether you're deploying for the first time or accommodating new
operational needs as a result of a merger or acquisition,
DirectoryInsight helps you manage Active Directory.
- Track and Report on Object Population Growth
Measuring fluctuations in object counts is necessary for deployment.
As you add sites, domain controllers, global catalogs, and other
objects to Active Directory, you'll need an easy way to track and
monitor your progress. DirectoryInsight automatically captures and
stores this information in a central database, eliminating the need
for manual counts. Current and historical reports will help you monitor
AD changes over time. And, if you use directory objects counts
as a metric for capacity planning, DirectoryInsight's reports will
provide guidance as you plan for future IT purchases.
- Eliminate Manual Infrastructure Change Logs
DirectoryInsight is the first solution to automatically record all
changes to Active Directory configuration and infrastructure in a
central repository. As you deploy Active Directory, changes will
be necessary to fine-tune the directory for performance and to
accommodate growth. You'll make replication, structure, security,
and schema changes that are critical to network performance. And,
DirectoryInsight is the only solution that automatically records
all infrastructure and configuration changes in a secure repository,
eliminating the need for hand-written or typed change logs.
- Troubleshoot Active Directory security changes quickly
When a security change happens, you need to know about it. And you
need to be able to trace the history of changes in order to
effectively troubleshoot them. DirectoryInsight enables you to
troubleshoot security issues quickly by monitoring and reporting
on key security elements such as group policy objects, trust
relationships, and security group memberships.
This Week's Links We Like. Tips, Hints And Fun Stuff
BMW unveils a brand new rocket-fueled car line. Environmentally clean!
MS came out with a new security tool to encrypt your file system:
MS changes its sales force into account teams. 1 person to scream at!
Bonus Link: Cool WRIST MP3player with 64MB RAM. Sweet. approx. $400.
PRODUCT OF THE WEEK
The W2Knews BookClub has a whopping 25 (!) books that are all JUST
about getting your Cisco Certification. Here's a list of some of
them. And because you are a W2Knews subscriber, you can find them
all with BIG discounts in our BookClub:
Check it out over here:
- Advanced IP Network Design
- Building Cisco Multilayer Switched Networks
- Building Cisco Remote Access Networks
- CCDA Exam Certification Guide
- CCIE Fundamentals: Network Design and Case Studies, Second Edition
- CCIE Professional Development: Routing TCP/IP Volume I
- CCNP Remote Access Exam Certification Guide
- CCNP Routing Exam Certification Guide
- CCNP Support Exam Certification Guide
- CCNP Switching Exam Certification Guide
- Cisco ATM Solutions
- Cisco CCDA Preparation Library
- Cisco CCDA Training Kit
- Cisco CCNA #640-507 Preparation Library
- Cisco CCNA Exam #640-507 Certification Guide
- Cisco CCNA Training Kit Exam #640-507
- Cisco CCNP Certification Library
- Cisco CCNP Training Kit
- Cisco Internetwork Troubleshooting
- Cisco WAN Quick Start
- Designing Cisco Networks
- Large-Scale IP Network Solutions (CCIE Professional Development series)