1. EDITORS CORNER
   • NT 5.1 Workstation
2. TECH BRIEFING
   • New Web Attacks May Be New Malicious IIS Worm
   • Rebuilding WXP Machines and WPA
3. NT/2000 RELATED NEWS
   • MS Drops Java Support for WXP
   • New MS Certs for Admin's and Developers in 2002
   • Price Changes for MS Operating Systems
4. NT/2000 THIRD PARTY NEWS
   • Can't Login? Lost The Administrator Password?!
   • Need To Plan, Monitor and Report On Active Directory Change?
5. W2Knews 'FAVE' LINKS
   • This Week's Links We Like. Tips, Hints And Fun Stuff
6. PRODUCT OF THE WEEK
   • Cisco Certification

NT 5.1 Workstation

I just received Mark Minasi's newsletter, and he started one article with: "As you probably know, on October 25 Microsoft will ship "NT 5.1 Workstation" under the name "Windows XP Professional" and "Windows XP Home." I had a good chuckle, because that's a funny but very accurate positioning. Just the next version of NT, but again rebranded. We started commercially with NT 3.51, then NT4.0, then W2K and now it's WXP. But the kernel is still Dave Cutler's good 'ol NT core. Oh well, I guess the marketing guys need to make a living too.

Reminder! The 2001 Target Awards are here. Again, as in 1999 and 2000, we have (now even more) categories where you can vote for your fave tools. This time we included Best and Worst Tech Support. This is going to be interesting, and just like last year you can see the current results right after voting. Here is the link. VOTE NOW!
http://www.w2knews.com/rd/rd.cfm?id=071901-2001TargetAwardsVote

Warm regards,

New Web Attacks May Be New Malicious IIS Worm

This is an advisory about a new Internet worm. It looks like this critter is in the wild, and potentially already has infected thousands IIS sites. Since last week, this "nasty" has been roaming the Net and with an evil grin been compromising unpatched Internet Information Server (IIS) boxes.

Some of the security experts that did an autopsy on one of these worms said it exploits the very buffer overflow in IIS that was discovered by eEye Digital Security that I told you about in issue #281, June 25-th. In that same issue I told you about the fix that MS has provided.

Marc Maiffret, chief hacking officer for eEye visited the Sunbelt office last week, and told me it's a self-propagating worm designed to scan the Net for IIS machines vulnerable to the ".ida attack". Then it automatically defaces the site's homepage. You'll see this in red letters: "Welcome to http://www.worm.com! Hacked By Chinese!" And after infecting your system, it scans the Net randomly for other IIS boxes that are unpatched.

Some event logs on these machines also show that the worm may be trying to create a backdoor on your webserver, and tries to contact www.worm.com, but what it does there is still uncertain. It may just be a smokescreen the worm throws up. The owner of worm.com has nothing to do with it he said. Microsoft's bulletin on the ida vulnerability is here:
http://www.microsoft.com/technet/security/bulletin/MS01-033.asp

Here is the link to the full NewsBytes article:
http://www.w2knews.com/rd/rd.cfm?id=071901TB-NewsBytesArticle

And if you want to protect your IIS-boxes against all these kinds of attacks in one fell swoop, I suggest you check out this new category "application firewall" tool. It's called SecureIIS and just $500 a pop.
http://www.w2knews.com/rd/rd.cfm?id=071901-SecureIIS

Rebuilding WXP Machines and WPA

"If you have students that practice WXP installations on their training machines, they will have to call or connect to the internet to get WXP reactivated every time they reinstall and reformat (as is usually recommended for a clean installation). Could be quite a painful experience. I suppose going over the internet might be palatable once you get everything configured and are still within the 30 day grace period, but I see snags in these kinds of environments".
-- Contributed by Rich Orchard.

And here are some quotes from MS Faqs to illustrate the issue, that I believe is a fait accompli. MS is not going to budge on the Windows Product Activation (WPA) issue.

• If a reinstallation of the software is needed, is reactivation required?
  Not always. If the same version of the software is reinstalled on the same machine and the hard disk is not reformatted prior to reinstalling, the software will remain activated. Reactivation will be required if the hard disk is reformatted and the software is reinstalled. This is because the software's activation status is stored on the hard drive and reformatting the hard drive erases that status.
• If I reformat my hard disk, is reactivation required?
  If the hard disk is reformatted and the software is reinstalled, reactivation will be required. The same grace periods for activation apply in this situation. Reactivation on the same PC can be completed as many times as required. The activation can be completed via telephone or Internet.

MS Drops Java Support for WXP

It was all over the news today, even in the Wall Street Journal. MS will drop Java support in WXP. They say it's in order not to violate a legal settlement agreement. And they also mentioned that this move was not aiming to get rid of Java support in its apps. If you are browsing the Net, with your new WXP and run into a site that runs Java, it will be dead. But you can then download a plug-in from the MS-site so your browser supports Java again.

Hmmm, sounds like they have to comply with the law, but it also plays in their cards, as Java has always been seen as a major threat to the Windows platform. But from an admin's perspective, this is another attack on already scarce helpdesk resources. You are warned! More at SilliconValley.com:
http://www.w2knews.com/rd/rd.cfm?id=071901-WXPNoJavaSupport

New MS Certs for Admin's and Developers in 2002

MS is in the process of preparing two new tracks for admins and developers. It is expected Q1, 2002. They were announced last Friday at Microsoft Fusion, which is its annual worldwide sales and partner conference. At the same time they announced the first WXP and .NET Server exams.

They have a very limited webpage up, where they basically just announce the thing is coming. I'm quoting the paragraph for Systems Administrators:

"One certification will be for network administrators, technical support specialists and Web administrators who implement, manage, monitor, and troubleshoot the network and system environment for the Microsoft Windows 2000 and Microsoft Windows® .NET Server operating systems. The certification is intended for individuals such as network administrators, network engineers, systems admin, IT engineers, information systems administrators, network operations analysts, network technicians, and technical support specialists.

"Demand for the network administration job function has seen significant growth in 2001, and candidates as well as the industry have indicated that a certification is needed. The new system administrator certification will meet this need. This certification will include some exams from the Microsoft Certified Systems Engineer (MCSE) requirements. However, it is different from the MCSE credential because it will not require design skills.

It's got no official name yet, but I'm predicting the word "engineer" is not coming back in this cert. It's kind of an undercut to the MCSE cert, but a cut above the MCP title. Less exams than MCSE will be required. MS is still tinkering with it before they will make their official announcement. At the same time, they make the W2K MCSE more difficult, so they have three tiers instead of two. Here's the MS release:
http://www.w2knews.com/rd/rd.cfm?id=071901-NewMSCerts

Price Changes for MS Operating Systems

ZDNet came out with an article that revealed MS is planning to swiftly respond to the recent appeals court ruling on its antitrust case. It looks like significant changes to its pricing models for OEM's (hardware vendors) and large corporate customers.

They reported that MS plans to make OEM partners pay more for the Windows operating systems they ship with their new hardware, but at the same time lowering the cost for large "named accounts" who buy licenses directly from Microsoft. A source at one PC maker told eWEEK that Microsoft was currently working on adjusting additional areas of its pricing and licensing model.

Can't Login? Lost The Administrator Password?!

Sunbelt Software announces a new "emergency break-in" utility that fixes this kind of problem. Why? If you are locked out of a system you need a quick way to get back in without having to rebuild that box from bare metal. Sunbelt will provide you with the kind of commercial support you need in these cases. Available 24/7 via the online shop for just 70 bucks. You want this puppy in your toolkit for the moment these kinds of things happen. Better to get one right away. You'll be a hero when you can whip this thing out and fix the problem. Note that will take up to one business day for us to ship out NTAccess with your key.

NTAccess can replace the administrator password of a Windows NT or W2K system by rebooting the computer with a special set of boot disks. This is useful if you forgot the administrator password and cannot access the Windows NT/2000 system.

Product Features

With NTAccess, you can reset the admin password so you can login. Here's a breakdown of the process:

You'll need a set of Windows NT/2000 Setup boot disk. You can create the disks using your Windows NT/2000 CD-ROM. Copy a few special files on the disks and optionally modify one text file. Now you can boot with these disks and replace the password of the administrator account of any Windows NT/2000 System on the machine.

The complete process takes about 10 minutes to create the boot disks and another 10 minutes to boot with them and replace the old admin password. However you only need to create the boot disks once and can use them as long as the floppy disks last.

NTAccess looks for the built-in administrator account. This account cannot be disabled, it can only be renamed. NTAccess always displays the name of this account so you know how to log in. NTAccess only changes the password of the built-in administrator account, it does not affect any other accounts or any registry settings and does not destroy any information on the system.

NTAccess can also set the password for Windows 2000 Servers running Active Directory. This is a definite advantage of NTAccess.

NOTE: NTAccess can not turn off the optional SYSKEY protection for Windows 2000 which may requires a password or a floppy disk with an encryption key to start up before you can log in. NTAccess can still set a new administrator password, but you need to know the startup password or have the floppy disk with the encryption key. NTAccess can remove the SYSKEY protection for NT 4.0. The FAQ, specs and Sunbelt Online Shop are here:
http://www.w2knews.com/rd/rd.cfm?id=071901-NTACCESS

Need To Plan, Monitor and Report On Active Directory Change?

Sunbelt introduces a second new tool in this issue. DirectoryInsight is the only solution designed to help you plan, monitor and report on Active Directory change and growth automatically. DirectoryInsight tracks the population of directory objects over time and records key infrastructure change data, allowing you to keep Active Directory change under control throughout deployment and beyond. Here is a DirectoryInsight Feature Tour:

• Manage Change in Active Directory
  With DirectoryInsight, you can plan, monitor and report on the deployment and growth of Active Directory. Through browser-based change reporting, you'll gather valuable insight to manage and plan for object population growth and key infrastructure modifications. Whether you're deploying for the first time or accommodating new operational needs as a result of a merger or acquisition, DirectoryInsight helps you manage Active Directory.
• Track and Report on Object Population Growth
  Measuring fluctuations in object counts is necessary for deployment. As you add sites, domain controllers, global catalogs, and other objects to Active Directory, you'll need an easy way to track and monitor your progress. DirectoryInsight automatically captures and stores this information in a central database, eliminating the need for manual counts. Current and historical reports will help you monitor AD changes over time. And, if you use directory objects counts as a metric for capacity planning, DirectoryInsight's reports will provide guidance as you plan for future IT purchases.
• Eliminate Manual Infrastructure Change Logs
  DirectoryInsight is the first solution to automatically record all changes to Active Directory configuration and infrastructure in a central repository. As you deploy Active Directory, changes will be necessary to fine-tune the directory for performance and to accommodate growth. You'll make replication, structure, security, and schema changes that are critical to network performance. And, DirectoryInsight is the only solution that automatically records all infrastructure and configuration changes in a secure repository, eliminating the need for hand-written or typed change logs.
• Troubleshoot Active Directory security changes quickly
  When a security change happens, you need to know about it. And you need to be able to trace the history of changes in order to effectively troubleshoot them. DirectoryInsight enables you to troubleshoot security issues quickly by monitoring and reporting on key security elements such as group policy objects, trust relationships, and security group memberships.

This Week's Links We Like. Tips, Hints And Fun Stuff

Cisco Certification

The W2Knews BookClub has a whopping 25 (!) books that are all JUST about getting your Cisco Certification. Here's a list of some of them. And because you are a W2Knews subscriber, you can find them all with BIG discounts in our BookClub:

• Advanced IP Network Design
• Building Cisco Multilayer Switched Networks
• Building Cisco Remote Access Networks
• CCDA Exam Certification Guide
• CCIE Fundamentals: Network Design and Case Studies, Second Edition
• CCIE Professional Development: Routing TCP/IP Volume I
• CCNP Remote Access Exam Certification Guide
• CCNP Routing Exam Certification Guide
• CCNP Support Exam Certification Guide
• CCNP Switching Exam Certification Guide
• Cisco ATM Solutions
• Cisco CCDA Preparation Library
• Cisco CCDA Training Kit
• Cisco CCNA #640-507 Preparation Library
• Cisco CCNA Exam #640-507 Certification Guide
• Cisco CCNA Training Kit Exam #640-507
• Cisco CCNP Certification Library
• Cisco CCNP Training Kit
• Cisco Internetwork Troubleshooting
• Cisco WAN Quick Start
• Designing Cisco Networks
• Large-Scale IP Network Solutions (CCIE Professional Development series)