- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Aug 6, 2001 (Vol. 6, #59 - Issue #294)
Preventing The Next Code Red
  This issue of W2Knews™ contains:
    • Dramatic Drop In MCSE's - Part II
    • How Do I Modify The W2K Startup Logo?
    • Second Microsoft-backed DSL Provider Goes Under
    • MS Crystal Ball Gazing
    • Yup, a WinBOX with 128-CPU's
    • StorageCeNTral Is Standard For World's #1 SRM Deployment
    • Get Ready For CA Mini-Unicenter
    • Service Accounts Possible Major Security Hole
    • Preventing The Next Code Red
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Information Warfare
  SPONSOR: NTP Software
Microsoft Exchange includes several critical objects which should be
monitored constantly for system availability and performance: MTA, Disk
I/O, IS, CPU utilization, DS, network and SA. While Exchange provides
performance monitoring counters to detect problems, it's difficult to
watch them manually. NTP Software System Sentinel automatically monitors
and collects data on these counters. When trouble is detected, System
Sentinel immediately initiates corrective actions and sends alerts.
Visit NTP Software for more information.

Dramatic Drop In MCSE's - Part II

WOW, this item has caused the highest amount of feedback ever! First of all, let me thank all of you (many hundreds) for voicing your often passionate opinion. I'm not able to answer everyone personally but I read your email!

The responses I received fall in two broad but 180-degree opposed categories. On one side are people upset and feeling cheated by losing their certification. The other category are people that say this is a good thing, and it will raise the standards of the MCSE cert. I have not had the time to tabulate the percentages but will let you know in a coming issue.

On another note, all of us in IT are confronted with significant data overload. There's no way that you can keep up with the volume of trade mags, e-zines and alerts that drop on your desk and in your inbox and still get your job done. But that data is essential to your job! W2Knews filters out the noise, and gets you the essentials about NT/W2K and WXP in a "no fluff, no bull" style. Please forward a copy to your friends and colleagues, ask them to subscribe and get their own copy. They'll be grateful. Thanks in advance!

UNDO DEPT: Re the story about laws to make sure systems are secure: It's not HIPPA, but HIPAA: "Health Insurance Portability and Accountability Act" passed in 1997.

Warm regards,

Stu Sjouwerman
(email me with feedback: [email protected])

  SPONSOR: Intense School
The Virtues of IT Certification Boot Camps
Boot camps can be intensive, challenging experiences that immerse you
in a course of learning. While there are many ways of preparing for
difficult exams, the boot camp experience allows you to focus all of
your attention on your studies. Because of this intense focus, lessons
learned at a boot camp can stick with you. Continued...
Visit Intense School for more information.

How Do I Modify The W2K Startup Logo?

Tired of gazing at that boring W2K-logo when booting? Here's a way to change that to your company logo or other even more fun things. This is also at the same time a tutorial about the W2K file protection system. When I saw that one of our Techs had done this, I asked him to write it up so here you go:

In order to modify the W2K startup logo you have to be aware of a few things up front:

  1. The logo is a 16 color (not bit) bitmap that is 640 by 480 in size. It is built into the ntoskrnl.exe.
  2. W2k file protection will not let you just modify this file and place it in the system32 directory, it will be overwritten shortly thereafter with the original.
Knowing this you'll need a tool to pull apart the ntoskrnl.exe and replace the bitmap. I'm using a tool called "Resource Hacker". This is available here:

It's a fairly simple program, just extract the files to a directory and run the exe. Once it's open, do a "File/Open" and select your ntoskrnl.exe. This is located in X:\winnt\sytem32.

You'll get 3 main folders, Bitmap is the one we want to work with. If you are on W2k Pro, it's under the directory "1" and is called "1033". If you run W2k Server, it's under "4" and is also called "1033". You'll see the current boot time logo.

Now you can do "Action/Replace Bitmap". Select the bitmap you have created to replace the old bitmap. Or, you could export the bitmap, modify it, then import it back in. It is very important that you do not deviate from 640x480 w/ 16 colors. Here is a nice gallery of already created images that could be downloaded and quickly converted to 16 color bmps:

In the Replace Bitmap browser once you have selected the new bitmap you'll need to select the bitmap number in the bottom right that you wish to replace. "1" for Pro and "4" for Server (or Adv Server).

Now you need to do a "File/Save As" and save the file somewhere on your drive. Do *NOT* save it in the same directory or it will be quickly snarfed up by Windows File Protection.

For the next step we'll need a tool that can open .CAB files as well as create them. I used WinAce: http://www.winace.com

Now you'll need to open the latest service pack .cab file that you have in your system. This file is located in X:\winnt\driver cache\i386 and will be called something like SP1.cab or SP2.cab. Extract the contents of the most current one to a directory. Now take your modified ntoskrnl.exe and drop it in that directory, it will overwrite the existing one.

Re-compress the all the files back into a .CAB and overwrite the original SP1.cab or SP2.cab (Back up the original first just in case). Then drop your modified ntoskrnl.exe into X:\winnt\system32\dllcache and X:\winnt\system32, in that order. This way Windows file protection has nowhere to get the original ntoskrnl.exe and leaves well enough alone. At this point, you can reboot.

You hose your system, it's not my fault... I've done it about 20 times on different systems and haven't had a problem yet. Special thanks to www.littlewhitedog.com and their forums for supplying much of the information in this report.

Greg Kras MCP+I MCSE
Sunbelt Software Technical Services Manager


Second Microsoft-backed DSL Provider Goes Under

And there are actually only three independent DSL backbone players in the USA. Last April, NorthPoint Communications bit the dust. Now it's Rhythms NetConnections that folded and filed for Chapter 11 bankruptcy protection.

That could mean that you will be one of the 50,000 without your DSL hookup in 30 days. Better check who the actual carrier of your DSL is. Earlier this year, Sunbelt ordered a DSL line via UUnet, only to find out that NorthPoint was the actual carrier and we lost that DSL line we had planned for a backup DNS server even before we could get it on line.

Rhythms wants to find a buyer, so they first filed for Chapter 11 instead of shutting the doors immediately. If they cannot find some one, they will start sending warnings out that the service will stop completely in 30 days.

Microsoft owned $60Mil in NorthPoint, for their MSN DSL subscribers, but also has $30Mil invested in Rhythms. They pretty much can write that off now, the stock is trading at pennies. Rhythms financial reports of Q1 showed losses of $120Mil on sales of $19Mil, and they are still burning cash fast. Ouch.

So that leaves one DSL backbone provider standing on its feet: COVAD. But it's wobbly too. They are burning lots of money, were kicked off the NASDAQ (stock trading below $1 for 30 days) and their CFO jumped ship a few hours after Rhythms filed its Chapter 11 papers. There is an old Dutch saying: "The rats are leaving the sinking ship".

Microsoft has $40 million in ISP CAIS, which resells Covad's lines to its business customers nationwide. So there is another reason to double check who your DSL carrier is, and start planning for an alternative solution in case they go dark too and your servers cannot be reached anymore. Source: Client Server News.

MS Crystal Ball Gazing

  • For the rest of the year, what's the outlook for MS? Well, it does not look like the government is going to block WXP legally, they are mulling it over however. It would cause the IT industry to even fall back further and no one would like government lawyers to push their stocks even further in the mud so I expect this politically to be unacceptable.
  • WXP should boost MS income and the general economic IT weather a bit. Not too much though, as it's FAT and many people will not be willing to upgrade as they need a whole new computer to run WXP as well. (As usual, the software trashes the hardware) MS Server bizz is now 20% of overall sales and consumer bizz (MSN etc) is 10%.
  • The new category of servers built up out of "blades" (a whole server on a card) will take off and MS will benefit. You can build a rack full of blades in one eighth of the space it took before. The World Wide Wait is caused not by network congestion but by slow servers. You can wait for the switch and the server merging into what is called a "blade server", which combines CPU, I/O and routing to provide a fast integrated unit. W2K will run on these puppies.
  • Sales will be pretty much flat in Q3, because server sales are flat as well compared to last year. During Q2, server shipments worldwide were 973,784 units, compared to 966,779 servers in Q2, 2000.

Yup, a WinBOX with 128-CPU's

Unisys plans to make its ES7000 that currently maxes out at 32 CPUs into a 128-way monster. It could have a 256GB-2TB (yes, TeraByte!) of main RAM. You read that right, that's not disk space, that's RAM. Can you imagine? Remember that BillG once said that 64Meg was fine for Windows machines. Growing the ES-series of course depends on the new Intel 64-chips. Unisys plans to add dynamic workload balancing and logical and physical partitioning. With that in place, you will have balancing across partitions, granular processor allocation, expanded affinity control (think processor, I/O and memory) and increased partition potential. Dang, can I have one of these puppies for Christmas? There are more powerful features planned built into these new machines that come straight out of the mainframe world. Unisys has said they sold 420 of the ES-systems up to now, and a good 65% of them were with 16 CPU's or more. Windows on Mainframes, oh goodie!


StorageCeNTral Is Standard For World's #1 SRM Deployment

WQuinn (a Sunbelt business partner) announced that EDS has selected StorageCentral SRM to proactively control data storage and maintain high availability of disk space on the enterprise-wide U.S. Navy Marine Corps Intranet ("NMCI") project.

This project is the world's largest storage resource management "SRM" software on Microsoft Windows-based systems to date, EDS will install StorageCentral SRM Enterprise Edition over the course of the five-year deployment on the more than 2,500 Dell PowerEdge servers running W2K that comprise the NMCI.

In October 2000, EDS was awarded the $6.9 billion, five-year contract to build, manage, and maintain the U.S. Navy Marine Corps Intranet to be accessed by more than 360,000 users at 300 bases throughout the United States, Puerto Rico, Cuba, and Iceland.

A quote from happy WQuinn CEO Naj Husain: "Having the ability to proactively manage and control mission-critical Windows 2000 storage resources throughout global enterprises is one of the greatest IT challenges managers face today. EDS' selection of StorageCentral SRM as the standard for the immense NMCI project not only punctuates the significance of this challenge, but also demonstrates the unique ability of WQuinn's Federal solutions organization to address the challenge effectively even on the largest scale, and in real time."

WQuinn's has also provided StorageCentral SRM to more than 100 U.S. Federal Government agencies, including every major branch of the U.S. Department of Defense.

StorageCentral SRM is the only patented storage resource management (SRM) software that controls and screens disk utilization in real time; that provides web-based reports on storage content, usage and trending to ensure appropriate disk allocation; and that eliminates server downtime from exceeded capacity. With its patented TruStor[tm] I/O quota filtering technology, StorageCentral SRM enables IT managers to optimize their enterprise storage resource management in real time without sacrificing performance.

So, enough talk. Here's how to control that sea of files. Download:

Get Ready For CA Mini-Unicenter

Computer Associates is going to try to sell you via email on their scaled-down version of Unicenter. They are obviously targeting Microsoft SMS and Intel's LanDesk and will charge half the price. It's for the segment 25-250 PC's. They plan to charge $30 a year per machine, it runs on an NT/W2K box, includes maintenance and the only way you can get support is via the Internet.

CA threw four modules together: remote control, backup, asset/inventory management, and software delivery. All of these pieces were recycled code they picked up along the road. For instance, the remote control is the RemotelyPossible32 code from Avalon that Sunbelt used to sell before CA bought it. CA claims the install is automatic and self- installs to the clients on your network. CA has not done this kind of email marketing before, and they are also planning to hit the phones and cold call.

I have the strong impression that this is not going to be a hit -- support only via the Internet? Naaaah.
Source: Client Server News

Service Accounts Possible Major Security Hole

Most of you know this, but you might just have forgotten to DO something about it. Remember that the Service Accounts have passwords? If one of those accounts would be broken into and known by hackers, (or if a disgruntled IT employee would leave), how to change this potential backdoor account on all these services? Service Explorer can help you by making makes mass changes to them. Simple, cheap, and a great insurance policy.

Preventing The Next Code Red

Are IIS exploits turning your otherwise joyful existence into a one-way trip into hell? It seems like the world's second oldest profession is hacking IIS. If you're responsible for maintaining production IIS web servers, then I've got a treat for you. This puppy protects IIS servers from both known and UNKNOWN attacks!

SecureIIS works between the layers of IIS, allowing it to analyze incoming data for security threats before it reaches your server. Unlike conventional firewalls that can only protect against publicized security breaches, SecureIIS is able to block a new attack before it is discovered and its patch made public.

This feature is due to the ability of SecureIIS to protect against any attack that can be categorized into one of many common classes of attack. Two of these classes are buffer overflow attacks and high-bit attacks, both of which are used by the Code Red worm. As a result, every eEye client running SecureIIS was protected from the Code Red worm before it was discovered, even if they were late in applying their patches.

So here's the way to turn the next Code Red into Code DEAD:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Want to remove components (like accessories) out of W2K? Here's how:
  • RouterGod. Online mag for Cisco Pro's. The celeb interviews are a hoot
  • BMW has a new short film on their site. 8 minutes. Perfect for a break
  • Moller Skycar. I'd like one of these for Christmas too. Only $US 1 Mil

    Information Warfare

    A release in "Books for IT Leaders" series, Information Warfare explains the methodologies behind hacks and cyber attacks and provides defensive strategies and counter measures designed to help companies survive infrastructure attacks, military conflicts, competitive intelligence gathering, economic warfare, and corporate espionage. The authors are renowned industry experts--Michael Erbschloe has connections with the government and is known for his analysis of The Love Bug.