- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Aug 27, 2001 (Vol. 6, #65 - Issue #300)
Anniversary Issue #300
  This issue of W2Knews™ contains:
    • Welcome to Anniversary Issue #300
    • Wait! Don't upgrade that Windows NT4 PDC -- yet!
    • Microsoft Long Term View
    • NEW PRODUCT: Sunbelt Remote Administrator
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Windows 2000: Group Policy, Profiles, and IntelliMirror
    • INSIDE Windows 2000 Server
Sign up now to receive your free white paper, "Managing Your Windows
Environments with Ease" from NetIQ. Learn how to ensure the security
and integrity of your Windows NT 4 and Windows 2000 systems, enforce
automated business policies and organize your directories the way you
like to view them. Register now!
Visit NetIQ for more information.

Welcome to Anniversary Issue #300

Hi All,

Hope you liked our little birthday Flash-animation.

This is a special issue, with only 1 item in each section. But it's a special item that goes in depth so we hope to give you some extra perspective. In the Tech Briefing we have a guest column by two NT/ W2K Gurus that warn us for a nasty upgrade glitch they discovered.

The NT/2000 column discusses the long term Microsoft view. And in the Third Party News section we're introducing a new tool that I think you actually will like a lot, and also can afford.

Let's do another 300 issues! Thank you for your continued support.

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: StorageCentral
In the current economic conditions, budgets are under pressure. In
more and more cases, IT departments are asked to charge users for
storage. This requires an infrastructure to be built. Here is where
StorageCentral comes in. It reports on storage consumption and gives
you storage charge-back capabilities. It's got strong capacity planning
features built-in. Download the 30-day eval & begin invoicing...
Visit StorageCentral for more information.

Wait! Don't upgrade that Windows NT4 PDC -- yet!

By Jeremy Moskowitz and William Boswell

I'm guessing a big portion of you, our readers, are thinking about upgrading your Windows NT domain to Windows 2000 and Active Directory.

The first big task on the agenda is the upgrade of the existing NT4 PDC to W2K. My friends, you should NOT to plunge ahead. At least, not before you read this entire exposť of a very little known, but hugely problematic, change that comes with Windows 2000 Service Pack 2.

Let's start at the beginning. That is the way upgrades were done prior to Service Pack 2. When W2K was released back in February 2000, it included a whole slew of new technologies. One of those was Group Policies, a comprehensive tool for enterprise management of users and computers.

Microsoft's original game plan for deployment was to have the Group Policies take effect immediately for any existing W2K Professional desktops. When you plop that W2K CD-ROM into the NT4 PDC of your domain and upgrade the server to W2K and the domain to AD, the W2K desktops would see the new W2K domain controller, authenticate to it, and get their Group Policies.

That strategy was terrific -- except when you install your first W2K Active Directory Domain Controller in New York and 30,000 W2K Pro clients in China now insist on authenticating to that domain controller instead of their local NT4 BDCs. Microsoft calls this phenomenon "overloading the upgraded domain controller."

This behavior was technically classified as a bug. Microsoft's initial workaround was to encourage you to deploy enough W2K domain controllers during the first stage of the rollout to handle authentication from any existing W2K Professional desktops. Microsoft then included a "fix" to the overload bug in Service Pack 2.

Now, here's the fun part.

Recall that W2K allows you to embed the latest service pack into the standard Setup files. This is called "slipstreaming," a time-saving mechanism that allows you to deploy the OS with all the latest bug fixes during the initial installation. You can now upgrade your NT4 PDC to W2K using the slipstreamed Service Pack 2 files and avoid the hassle of updating with the service pack later on.

If you do this, though, you are officially in for a long, long weekend. This is because you didn't put a barely documented Registry change in place before you upgraded your PDC. Here's what happens.

The Service Pack 2 "fix" to the overload problem essentially lets a new W2K domain controller pretend that it is still an NT4 domain controller so that the current W2K Professional desktops will ignore it and continue to authenticate using their existing BDCs.

This "fix" has an unusual side effect. If a W2K desktop happens to authenticate at a legacy BDC, it will not get Group Policies. If a W2K desktop happens to authenticate at a W2K SP2 domain controller, it will get Group Policies and it will adopt that domain controller and refuse to go back to authenticating with a legacy BDC. Even if you take the W2K domain controller off the wire so that only BDCs are left, the desktop will ignore the BDCs and log on with cached credentials and cached Group Policies.

The end result is that some of your desktops will get Group Policies and some won't. And you won't be able to predict the outcome. Try explaining this to your users as they call the Help Desk wanting to know why they aren't getting the software that was supposed to be deployed to their desktops and the drive mappings they were supposed to get in their new logon scripts. But the user next to them is.

How do you force all your W2K desktops to get Group Policies? In this situation, you would need to disjoin the desktops from the domain, put them into a workgroup, then rejoin them to the domain. When they rejoin the domain, they will see the new W2K domain controller, authenticate to it, and get their Group Policies.

Microsoft recommends scripting this evolution using NETDOM, but scripts won't save you from hours and hours of work if you have thousands of desktops.

You can prevent shuffling your desktops out of and back into the domain by taking a preliminary step documented in MS Knowledgebase article Q284937. This consists of adding the following Registry entry to the PDC BEFORE you upgrade it to Windows 2000 and SP2.

    Key: HKEY_Local_Machine\System\CurrentControlSet\Services\Netlogon\Parameters
    Value: NT4Emulator
    Data: 1 (REG_DWORD)
You MUST put the Registry entry on the NT4 PDC BEFORE you upgrade it to Windows 2000 and SP2. You can't add it later and expect to avoid disjoining and rejoining your desktops to the domain.

The Registry entry eliminates the "have" and "have-not" behavior in the W2K desktops. All desktops continue to behave as if they were in an NT4 domain. When you have enough W2K domain controllers to handle authentication from the W2K desktops, you can either delete the Registry entry or change it to 0. The W2K desktops will now authenticate exclusively with W2K Domain Controllers and everyone gets their Group Policies at the same time. You may need to reboot them several times to get them to see a W2K domain controller.

The Knowledgebase article also documents a Registry change for a W2K Professional client that forces it to authenticate to a W2K domain controller so it can be used to manage the domain.

In summary, if you upgrade an existing NT4 domain to Windows 2000 using Setup files that have been slipstreamed with Service Pack 2, you must put the Q284937 Registry entry in place on the PDC before you upgrade it. The same is true for every BDC you upgrade. If you don't, you'll likely be spending your weekend running around to every W2K client. We hope this article made it to you before you started your upgrades.

This guest column is brought to you by two well-recognized Windows 2000 authors and speakers:

Jeremy Moskowitz, author of the ground-breaking SYBEX book, Windows 2000: Group Policy, Profiles, and IntelliMirror which is part of the new Mark Minasi Technical Series. The book can be located at Amazon.com at

William Boswell, author of the hugely successful NEW RIDERS book, INSIDE Windows 2000 Server. The book can be located at Amazon.com at


Microsoft Long Term View

In 1997, Microsoft was the master of the digital universe. BillG was the richest guy on the planet. But the empire was being eaten from the inside, and nobody but a few insiders knew about it. A battle for Microsoft's future was being fought between two camps: the Net Doves and the Windows Hawks.

At stake was the future direction of the company. Would it be a dramatic change to Internet geared software, or push Windows harder? Like many things with Bill, it was not either or, it was "both". Bill had not forgotten that he had beaten IBM coming from the low end with something more simple, low cost and high volume. The thing that revolutionized the industry was that Microsoft broke out software from the hardware and sold the code separately (to all the combatants in the hardware business). That was their winning strategy.

It helped the market escape from being locked in by hardware vendors. But it opened at the same time the danger of being locked in by MS. And Bill has been benefiting from that option. They have worked hard to create hooks to make sure no one would do to them what they did do IBM: Come from under with something new that makes you obsolete.

Internet Explorer was developed by a separate team from Windows, and the two camps were continually debating the future direction of MS. After a long battle, Bill decided he wanted to bundle it with Windows, instead of making IE a new and independent platform that might replace Windows. He calls this integration. Then the Government sued, being pushed by MS competition, claiming that integration was illegal and misuse of their monopoly position. Bill continued to defend the right of MS to include anything into the OS they wanted, with the argument that would increase customer value.

In the software industry, the real battle is for control of the key interfaces. That means the API's for developers on the one hand, and the GUI for the end-users on the other hand. If you control the interfaces that a lot of other software developers depend on, you've got it made and you get a positive feedback loop which grows your product and revenues significantly. Second best is "open standards" but you cannot make as much money that way.

In 1998, MS was doing well financially, but internally adrift. If you look at it from an exterior viewpoint, Microsoft had started as a hot IT-revolutionary, but now was the big guy that was on the defense. It's not a role Bill ever wanted. The "one team fighting the competition" was replaced with infighting and political maneuvering. Many employees sometimes wondered how they got products out the door.

To a large extent there are 2 sorts of people in MS. Techies like Bill and marketeers like Steve. Over the last few years, the marketeers have won. Bill basically stepped aside to let Steve Ballmer run the company. To some extent even, Bill was pushed in the role he has now so that Steve can run things. Bill does long term planning and tech strategy. Steve makes day-to-day decisions. Bill's technical choices have often been driven by the dictates of the existing technology and not by customer needs.

In 1999, the management team that had been together for a long time basically dissolved due to the infighting. Everyone was in their forties, a multimillionaire and other things like family and external interests became more important. Out of the original eight members of the MS Exec Committee, five left. And all the while, the Internet was hovering like MS's death star.

January 2000, the new battle-cry became "software-as-a-service". The old business model (selling boxes via distributors) was a dead end. Bill wanted to sell Wintone, just like dialtone or the electricity bill. The new name for the initiative was "Dot Net". This was going to be both a platform and a bunch of applications. (compare to the Windows platform and apps like Word/Excel/Access/etc etc). The actual difference was that these apps were not boxes in shrinkwraps but a service over the Net. They would create the momentum by helping third parties develop and build .Net services. See Steve Ballmer:

This new platform would give MS the control over a whole set of new interfaces: speech, vision, handwriting recognition, GUI improvements, etc. And MS would claim these were all open standards and everyone could develop for them. The whole story was still about control over the interfaces. And there are three major ones: Work, Entertainment and Communication. MS has a lock on the Work interface: Windows. The other two are up for grabs. The new Xbox is the attempt of MS to move into the entertainment market and grab that interface. And it's a known fact MS has been investing billions in the cable market, which covers to some extent both communications and entertainment.

The interesting thing is that MS from the one end is seen as a predatory monopolist, but on the other hand is attacked as a dinosaur that only has a real market share in a PC market that is dwindling due to upgrade fatigue. That is why Bill wants to get to "MS v3.0". Integration of Internet services and a rich client that works great with all this new Netstuff. Integration across all devices, from handhelds to megaservers. And lock-in is no longer the main goal: now it's interoperability.

The major court case really is about this: is integration actually benefiting the customer, or is MS allowed to integrate so they have a strategic advantage as a software developer? And here is where the future comes in. What is Hailstorm? Basically another MS strategic move for the interfaces in the areas of payments, file storage, software delivery, privacy, security, copyright and a few more.

Now, it takes a large company to pull this off. I do not think that any one but MS would be able to do this, and get it working. But it is a little scary to think that just one large outfit would have that much control. Unless they publish the API's and make these open standards. That is what they are doing at the moment. And there is a Linux outfit building code for Dot Net. But remember, Word pushed Word Perfect out of the market, and Excel killed Lotus 1-2-3.

The challenge for the IT market in the coming years is to have all the above interfaces to be able to interoperate, but have no dominant player that can bend the market's arm. MS is working on it's new tablet PC that has most of the stuff above built-in. It's a new GUI that is supposed to make computing a lot easier.

With a unified code base, the .Net strategy in place and MS to a very large degree back on track, they have a good chance of getting "MS V3.0" right and actually pull it off. I think the market, the competition, and the DOJ will keep 'em honest and we might see an IT infrastructure develop that up till now we only dreamt about in Science Fiction.

Recommended reading: Breaking Windows by David Banks. It gives you a good backgrounder on how things work internally in MS.


NEW PRODUCT: Sunbelt Remote Administrator

Yes, there are at least 10 remote control tools out there. Why are we coming out with a Sunbelt-branded one? It's the kind of tool you use all the time, and for the W2Knews 300-th anniversary we decided to present you all with a really powerful, really low cost tool especially made for System Admins.

Since most of us "live in" remote control tools a lot, we'd like to see you live in one of the Sunbelt tools, at a price that cannot be beat. Sure, there is freeware like VNC. But we think this is a better deal with a lot of powerful features. And since this puppy is backed by Sunbelt you'll have real support for it. So, here goes:

Sunbelt Radmin is a superfast, award winning remote control program. You can take over one or more remote systems, and even daisy chain them! Radmin is a complete remote control tool especially designed for busy system administrators. The truly crucial features are all there: superfast remote control, file transfer, NT security, telnet and multi-language support. Radmin has a very small, tight footprint and is blisteringly fast. The price is ridiculously low. This is one sweet little tool that now comes with Sunbelt's industry strength tech support and resources. Move over, pcAnywhere.

Sunbelt Remote Administrator is loaded with powerful features, here are just a few highlights:

  • Runs as a service: Radmin server can work as a SERVICE under WinNT and Win9X, which allows you to logon and logoff a user remotely.
  • Multiple connections support: Radmin server supports multiple remote control and view sessions to one screen.
  • Full-screen, scaling and windowed view modes. Full-screen mode allows you to see the remote screen on the entire screen of your display. Scaling mode allows you to see the scaled remote screen in a window with the user defined size. Radmin uses a video hook kernel mode driver under Windows NT 4.0 to improve the performance. This allows you to work on the remote computer with an incredible 'real- time' update speed (hundreds of screen updates per second). Radmin works on both NT and W2K, the video hooks for W2K are coming soon, but we're waiting for the WXP release to make sure we're compatible.
  • File transfer allows you to transfer files to or from the remote box. Works with easy-to-use interface similar to Windows Explorer.
  • Drag-and-Drop support
  • File Transfer resuming after abnormal disconnection
  • Remote shutdown feature
  • Telnet server
  • Windows NT security support
  • Password protection
  • Event Log support
  • IP filter
  • Clipboard transfers
  • Sending Ctrl-Alt-Del to the remote computer
  • And many, many more features that were developed especially for busy system admins that you'll find on the webpage.
Security and reliability

Radmin is easy to use and provides robust 128bit strong encryption of all its data streams. The software is based on the TCP/IP protocol which is by now the most widespread protocol in WANs and LANs. All you need to control a computer located in any place on the planet is a TCP/IP connection between these two boxes. When in the "Full control" mode you can do on the remote computer what you like - transfer files to and fro, shutdown or logoff, etc. -- if you have enough permissions. Radmin is a very SECURE and RELIABLE remote control tool. A lot of attention was paid to security questions in the Radmin design. Check out the webpage for details, but one thing we're letting you know up front: Radmin 2.1 does support both Windows NT/2000 user level security.

Remote Administrator has a very easy interface. It is devoid of all 'value added' features that are not needed but make it harder to work with the product and slow down the speed. Radmin has been developed to satisfy three main corporative requirements for remote control software:

System Administrator Tool: Radmin makes it easy really for you to get started. Using Radmin, you can monitor servers and correct problems at any time of the day from any location. Capability to monitor multiple hosts at the same time at a high speed also is very helpful. Radmin allows you to transfer files at a blistering speed with an easy to use interface. Radmin's features give you a high level of mobility, independence and control. It's as if you are there.

Corporate Help Desk: Radmin lets helpdesk staff troubleshoot problems without having to run all over the building. Helpdesk staff needs strong remote-control performance plus features such as tools for pushing the host software down to client PCs for easy installation, and the ability to launch the host module remotely.

Customer Service: If a customer encounters a problem, a support technician can take over the system and resolve the problem without having to ship the PC back and forth. This tool is very helpful if you are a vendor or either hardware or software. The increasing complexity of computer software and hardware make it almost impossible to solve problems through verbal interaction between the user and the technician. In this case customers can save their money as well as technicians can reduce costs for support.

Ammo to ask for budget:

  • Improve customer service but cut cost at the same time
  • Provide support to telecommuters: significant savings on travel
  • Faster problem resolution: increased productivity
  • Fantastic pricing compared to other bloatware tools
And here's the pricing in $US. (pricing in EU varies due to rates)
  • Single license (good for 2 machines ) $35
  • Site license (the whole building, unlimited units) $900
  • Company license (whole company, unlimited units) $4,500
Check out the 30-day eval, that I recommend you try out on NT if you can. In many cases, this money is less than the yearly maintenance fees for your existing remote control tool: Big Time Savings.

This Week's Links We Like. Tips, Hints And Fun Stuff

  • An entertaining (somewhat juvenile) spoof on Windows. Funny though
  • W2K is vulnerable to attacks with infrared ray guns. No kidding. Patch!
  • Annoyed by pop-ups when you are surfing? Pop-Up Stopper is the cure

    Windows 2000: Group Policy, Profiles, and IntelliMirror

    It is part of the new Mark Minasi Technical Series and written by Jeremy Moskowitz, a well know W2K Guru. Check it out at Amazon:

    INSIDE Windows 2000 Server

    Conjured up by William Boswell, NT/W2K Tech Wiz. This is another one of the successful NEW RIDERS series. The book can be located at Amazon.com at: