Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Aug 6, 2001 (Vol. 6, #59 - Issue #294)
Preventing The Next Code Red
This issue of W2Knews contains:
- EDITORS CORNER
- Dramatic Drop In MCSE's - Part II
- TECH BRIEFING
- How Do I Modify The W2K Startup Logo?
- NT/2000 RELATED NEWS
- Second Microsoft-backed DSL Provider Goes Under
- MS Crystal Ball Gazing
- Yup, a WinBOX with 128-CPU's
- NT/2000 THIRD PARTY NEWS
- StorageCeNTral Is Standard For World's #1 SRM Deployment
- Get Ready For CA Mini-Unicenter
- Service Accounts Possible Major Security Hole
- Preventing The Next Code Red
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
SPONSOR: NTP Software
MICROSOFT EXCHANGE CAN BE PROACTIVELY MANAGED!
Microsoft Exchange includes several critical objects which should be
monitored constantly for system availability and performance: MTA, Disk
I/O, IS, CPU utilization, DS, network and SA. While Exchange provides
performance monitoring counters to detect problems, it's difficult to
watch them manually. NTP Software System Sentinel automatically monitors
and collects data on these counters. When trouble is detected, System
Sentinel immediately initiates corrective actions and sends alerts.
Visit NTP Software for more information.
Dramatic Drop In MCSE's - Part II
WOW, this item has caused the highest amount of feedback ever! First
of all, let me thank all of you (many hundreds) for voicing your often
passionate opinion. I'm not able to answer everyone personally but I
read your email!
The responses I received fall in two broad but 180-degree opposed
categories. On one side are people upset and feeling cheated by losing
their certification. The other category are people that say this is
a good thing, and it will raise the standards of the MCSE cert.
I have not had the time to tabulate the percentages but will let you
know in a coming issue.
On another note, all of us in IT are confronted with significant data
overload. There's no way that you can keep up with the volume of
trade mags, e-zines and alerts that drop on your desk and in your inbox
and still get your job done. But that data is essential to your
job! W2Knews filters out the noise, and gets you the essentials about
NT/W2K and WXP in a "no fluff, no bull" style. Please forward a copy
to your friends and colleagues, ask them to subscribe and get their
own copy. They'll be grateful. Thanks in advance!
UNDO DEPT: Re the story about laws to make sure systems are secure:
It's not HIPPA, but HIPAA: "Health Insurance Portability and
Accountability Act" passed in 1997.
(email me with feedback: [email protected])
SPONSOR: Intense School
The Virtues of IT Certification Boot Camps
Boot camps can be intensive, challenging experiences that immerse you
in a course of learning. While there are many ways of preparing for
difficult exams, the boot camp experience allows you to focus all of
your attention on your studies. Because of this intense focus, lessons
learned at a boot camp can stick with you. Continued...
Visit Intense School for more information.
How Do I Modify The W2K Startup Logo?
Tired of gazing at that boring W2K-logo when booting? Here's a way
to change that to your company logo or other even more fun things.
This is also at the same time a tutorial about the W2K file protection
system. When I saw that one of our Techs had done this, I asked him
to write it up so here you go:
In order to modify the W2K startup logo you have to be aware of a
few things up front:
Knowing this you'll need a tool to pull apart the ntoskrnl.exe and
replace the bitmap. I'm using a tool called "Resource Hacker".
This is available here:
- The logo is a 16 color (not bit) bitmap that is 640 by 480 in
size. It is built into the ntoskrnl.exe.
- W2k file protection will not let you just modify this file
and place it in the system32 directory, it will be overwritten
shortly thereafter with the original.
It's a fairly simple program, just extract the files to a directory
and run the exe. Once it's open, do a "File/Open" and select your
ntoskrnl.exe. This is located in X:\winnt\sytem32.
You'll get 3 main folders, Bitmap is the one we want to work with.
If you are on W2k Pro, it's under the directory "1" and is called
"1033". If you run W2k Server, it's under "4" and is also called
"1033". You'll see the current boot time logo.
Now you can do "Action/Replace Bitmap". Select the bitmap you have
created to replace the old bitmap. Or, you could export the bitmap,
modify it, then import it back in. It is very important that you
do not deviate from 640x480 w/ 16 colors. Here is a nice gallery
of already created images that could be downloaded and quickly
converted to 16 color bmps:
In the Replace Bitmap browser once you have selected the new bitmap
you'll need to select the bitmap number in the bottom right that
you wish to replace. "1" for Pro and "4" for Server (or Adv Server).
Now you need to do a "File/Save As" and save the file somewhere on
your drive. Do *NOT* save it in the same directory or it will be
quickly snarfed up by Windows File Protection.
For the next step we'll need a tool that can open .CAB files as
well as create them. I used WinAce: http://www.winace.com
Now you'll need to open the latest service pack .cab file that you
have in your system. This file is located in X:\winnt\driver cache\i386
and will be called something like SP1.cab or SP2.cab. Extract the
contents of the most current one to a directory. Now take your
modified ntoskrnl.exe and drop it in that directory, it will
overwrite the existing one.
Re-compress the all the files back into a .CAB and overwrite the
original SP1.cab or SP2.cab (Back up the original first just in case).
Then drop your modified ntoskrnl.exe into X:\winnt\system32\dllcache
and X:\winnt\system32, in that order. This way Windows file protection
has nowhere to get the original ntoskrnl.exe and leaves well enough
alone. At this point, you can reboot.
You hose your system, it's not my fault... I've done it about 20 times
on different systems and haven't had a problem yet. Special thanks to
www.littlewhitedog.com and their forums for supplying much of the
information in this report.
Greg Kras MCP+I MCSE
Sunbelt Software Technical Services Manager
NT/2000 RELATED NEWS
Second Microsoft-backed DSL Provider Goes Under
And there are actually only three independent DSL backbone players
in the USA. Last April, NorthPoint Communications bit the dust. Now
it's Rhythms NetConnections that folded and filed for Chapter 11
That could mean that you will be one of the 50,000 without your DSL
hookup in 30 days. Better check who the actual carrier of your DSL is.
Earlier this year, Sunbelt ordered a DSL line via UUnet, only to find
out that NorthPoint was the actual carrier and we lost that DSL line
we had planned for a backup DNS server even before we could get it
Rhythms wants to find a buyer, so they first filed for Chapter 11
instead of shutting the doors immediately. If they cannot find some
one, they will start sending warnings out that the service will stop
completely in 30 days.
Microsoft owned $60Mil in NorthPoint, for their MSN DSL subscribers,
but also has $30Mil invested in Rhythms. They pretty much can write that
off now, the stock is trading at pennies. Rhythms financial reports of Q1
showed losses of $120Mil on sales of $19Mil, and they are still burning
cash fast. Ouch.
So that leaves one DSL backbone provider standing on its feet: COVAD.
But it's wobbly too. They are burning lots of money, were kicked off
the NASDAQ (stock trading below $1 for 30 days) and their CFO jumped
ship a few hours after Rhythms filed its Chapter 11 papers. There is
an old Dutch saying: "The rats are leaving the sinking ship".
Microsoft has $40 million in ISP CAIS, which resells Covad's lines to
its business customers nationwide. So there is another reason to double
check who your DSL carrier is, and start planning for an alternative
solution in case they go dark too and your servers cannot be reached
anymore. Source: Client Server News.
MS Crystal Ball Gazing
- For the rest of the year, what's the outlook for MS? Well, it does
not look like the government is going to block WXP legally, they are
mulling it over however. It would cause the IT industry to even fall
back further and no one would like government lawyers to push their
stocks even further in the mud so I expect this politically to be
- WXP should boost MS income and the general economic IT weather a bit.
Not too much though, as it's FAT and many people will not be willing
to upgrade as they need a whole new computer to run WXP as well. (As
usual, the software trashes the hardware) MS Server bizz is now 20%
of overall sales and consumer bizz (MSN etc) is 10%.
- The new category of servers built up out of "blades" (a whole server
on a card) will take off and MS will benefit. You can build a rack
full of blades in one eighth of the space it took before. The World
Wide Wait is caused not by network congestion but by slow servers.
You can wait for the switch and the server merging into what is called
a "blade server", which combines CPU, I/O and routing to provide a
fast integrated unit. W2K will run on these puppies.
- Sales will be pretty much flat in Q3, because server sales are flat
as well compared to last year. During Q2, server shipments worldwide
were 973,784 units, compared to 966,779 servers in Q2, 2000.
Yup, a WinBOX with 128-CPU's
Unisys plans to make its ES7000 that currently maxes out at 32 CPUs
into a 128-way monster. It could have a 256GB-2TB (yes, TeraByte!)
of main RAM. You read that right, that's not disk space, that's RAM.
Can you imagine? Remember that BillG once said that 64Meg was fine
for Windows machines.
Growing the ES-series of course depends on the new Intel 64-chips.
Unisys plans to add dynamic workload balancing and logical and
physical partitioning. With that in place, you will have balancing
across partitions, granular processor allocation, expanded affinity
control (think processor, I/O and memory) and increased partition
potential. Dang, can I have one of these puppies for Christmas?
There are more powerful features planned built into these new machines
that come straight out of the mainframe world. Unisys has said they
sold 420 of the ES-systems up to now, and a good 65% of them were
with 16 CPU's or more. Windows on Mainframes, oh goodie!
THIRD PARTY NEWS
StorageCeNTral Is Standard For World's #1 SRM Deployment
WQuinn (a Sunbelt business partner) announced that EDS has
selected StorageCentral SRM to proactively control data storage and
maintain high availability of disk space on the enterprise-wide U.S.
Navy Marine Corps Intranet ("NMCI") project.
This project is the world's largest storage resource management "SRM"
software on Microsoft Windows-based systems to date, EDS will install
StorageCentral SRM Enterprise Edition over the course of the five-year
deployment on the more than 2,500 Dell PowerEdge servers running W2K
that comprise the NMCI.
In October 2000, EDS was awarded the $6.9 billion, five-year contract
to build, manage, and maintain the U.S. Navy Marine Corps Intranet to
be accessed by more than 360,000 users at 300 bases throughout the
United States, Puerto Rico, Cuba, and Iceland.
A quote from happy WQuinn CEO Naj Husain: "Having the ability to
proactively manage and control mission-critical Windows 2000 storage
resources throughout global enterprises is one of the greatest IT
challenges managers face today. EDS' selection of StorageCentral
SRM as the standard for the immense NMCI project not only punctuates
the significance of this challenge, but also demonstrates the unique
ability of WQuinn's Federal solutions organization to address the
challenge effectively even on the largest scale, and in real time."
WQuinn's has also provided StorageCentral SRM to more than 100 U.S.
Federal Government agencies, including every major branch of the U.S.
Department of Defense.
StorageCentral SRM is the only patented storage resource management
(SRM) software that controls and screens disk utilization in real
time; that provides web-based reports on storage content, usage and
trending to ensure appropriate disk allocation; and that eliminates
server downtime from exceeded capacity. With its patented TruStor[tm]
I/O quota filtering technology, StorageCentral SRM enables IT managers
to optimize their enterprise storage resource management in real time
without sacrificing performance.
So, enough talk. Here's how to control that sea of files. Download:
Get Ready For CA Mini-Unicenter
Computer Associates is going to try to sell you via email on their
scaled-down version of Unicenter. They are obviously targeting Microsoft
SMS and Intel's LanDesk and will charge half the price. It's for the
segment 25-250 PC's. They plan to charge $30 a year per machine, it
runs on an NT/W2K box, includes maintenance and the only way you can
get support is via the Internet.
CA threw four modules together: remote control, backup, asset/inventory
management, and software delivery. All of these pieces were recycled
code they picked up along the road. For instance, the remote control
is the RemotelyPossible32 code from Avalon that Sunbelt used to sell
before CA bought it. CA claims the install is automatic and self-
installs to the clients on your network. CA has not done this kind
of email marketing before, and they are also planning to hit the
phones and cold call.
I have the strong impression that this is not going to be a hit --
support only via the Internet? Naaaah.
Source: Client Server News
Service Accounts Possible Major Security Hole
Most of you know this, but you might just have forgotten to DO
something about it. Remember that the Service Accounts have passwords?
If one of those accounts would be broken into and known by hackers,
(or if a disgruntled IT employee would leave), how to change this
potential backdoor account on all these services? Service Explorer
can help you by making makes mass changes to them. Simple, cheap,
and a great insurance policy.
Preventing The Next Code Red
Are IIS exploits turning your otherwise joyful existence into a
one-way trip into hell? It seems like the world's second oldest
profession is hacking IIS. If you're responsible for maintaining
production IIS web servers, then I've got a treat for you. This
puppy protects IIS servers from both known and UNKNOWN attacks!
SecureIIS works between the layers of IIS, allowing it to analyze
incoming data for security threats before it reaches your server.
Unlike conventional firewalls that can only protect against
publicized security breaches, SecureIIS is able to block a new
attack before it is discovered and its patch made public.
This feature is due to the ability of SecureIIS to protect against
any attack that can be categorized into one of many common classes
of attack. Two of these classes are buffer overflow attacks and
high-bit attacks, both of which are used by the Code Red worm.
As a result, every eEye client running SecureIIS was protected from
the Code Red worm before it was discovered, even if they were late
in applying their patches.
So here's the way to turn the next Code Red into Code DEAD:
This Week's Links We Like. Tips, Hints And Fun Stuff
Want to remove components (like accessories) out of W2K? Here's how:
RouterGod. Online mag for Cisco Pro's. The celeb interviews are a hoot
BMW has a new short film on their site. 8 minutes. Perfect for a break
Moller Skycar. I'd like one of these for Christmas too. Only $US 1 Mil
PRODUCT OF THE WEEK
A release in "Books for IT Leaders" series, Information Warfare explains
the methodologies behind hacks and cyber attacks and provides defensive
strategies and counter measures designed to help companies survive
infrastructure attacks, military conflicts, competitive intelligence
gathering, economic warfare, and corporate espionage. The authors are
renowned industry experts--Michael Erbschloe has connections with the
government and is known for his analysis of The Love Bug.