Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Aug 27, 2001 (Vol. 6, #65 - Issue #300)
Anniversary Issue #300
This issue of W2Knews contains:
Welcome to Anniversary Issue #300
Wait! Don't upgrade that Windows NT4 PDC -- yet!
NT/2000 RELATED NEWS
Microsoft Long Term View
NT/2000 THIRD PARTY NEWS
NEW PRODUCT: Sunbelt Remote Administrator
W2Knews 'FAVE' LINKS
This Week's Links We Like. Tips, Hints And Fun Stuff
PRODUCT OF THE WEEK
Windows 2000: Group Policy, Profiles, and IntelliMirror
INSIDE Windows 2000 Server
FREE WINDOWS MANAGEMENT WHITE PAPER
Sign up now to receive your free white paper, "Managing Your Windows
Environments with Ease" from NetIQ. Learn how to ensure the security
and integrity of your Windows NT 4 and Windows 2000 systems, enforce
automated business policies and organize your directories the way you
like to view them. Register now! Visit NetIQ for more information.
Welcome to Anniversary Issue #300
Hope you liked our little birthday Flash-animation.
This is a special issue, with only 1 item in each section. But it's
a special item that goes in depth so we hope to give you some extra
perspective. In the Tech Briefing we have a guest column by two NT/
W2K Gurus that warn us for a nasty upgrade glitch they discovered.
The NT/2000 column discusses the long term Microsoft view. And in
the Third Party News section we're introducing a new tool that I
think you actually will like a lot, and also can afford.
Let's do another 300 issues! Thank you for your continued support.
IS MANAGEMENT TELLING YOU TO CHARGE-BACK FOR STORAGE?
In the current economic conditions, budgets are under pressure. In
more and more cases, IT departments are asked to charge users for
storage. This requires an infrastructure to be built. Here is where
StorageCentral comes in. It reports on storage consumption and gives
you storage charge-back capabilities. It's got strong capacity planning
features built-in. Download the 30-day eval & begin invoicing...
Visit StorageCentral for more information.
Wait! Don't upgrade that Windows NT4 PDC -- yet!
By Jeremy Moskowitz and William Boswell
I'm guessing a big portion of you, our readers, are thinking about
upgrading your Windows NT domain to Windows 2000 and Active Directory.
The first big task on the agenda is the upgrade of the existing NT4
PDC to W2K. My friends, you should NOT to plunge ahead. At least, not
before you read this entire exposť of a very little known, but hugely
problematic, change that comes with Windows 2000 Service Pack 2.
Let's start at the beginning. That is the way upgrades were done prior
to Service Pack 2. When W2K was released back in February 2000, it
included a whole slew of new technologies. One of those was Group
Policies, a comprehensive tool for enterprise management of users and
Microsoft's original game plan for deployment was to have the Group
Policies take effect immediately for any existing W2K Professional
desktops. When you plop that W2K CD-ROM into the NT4 PDC of your
domain and upgrade the server to W2K and the domain to AD, the W2K
desktops would see the new W2K domain controller, authenticate to
it, and get their Group Policies.
That strategy was terrific -- except when you install your first W2K
Active Directory Domain Controller in New York and 30,000 W2K Pro
clients in China now insist on authenticating to that domain controller
instead of their local NT4 BDCs. Microsoft calls this phenomenon
"overloading the upgraded domain controller."
This behavior was technically classified as a bug. Microsoft's initial
workaround was to encourage you to deploy enough W2K domain controllers
during the first stage of the rollout to handle authentication from any
existing W2K Professional desktops. Microsoft then included a "fix" to
the overload bug in Service Pack 2.
Now, here's the fun part.
Recall that W2K allows you to embed the latest service pack into the
standard Setup files. This is called "slipstreaming," a time-saving
mechanism that allows you to deploy the OS with all the latest bug
fixes during the initial installation. You can now upgrade your NT4
PDC to W2K using the slipstreamed Service Pack 2 files and avoid the
hassle of updating with the service pack later on.
If you do this, though, you are officially in for a long, long weekend.
This is because you didn't put a barely documented Registry change in
place before you upgraded your PDC. Here's what happens.
The Service Pack 2 "fix" to the overload problem essentially lets a
new W2K domain controller pretend that it is still an NT4 domain
controller so that the current W2K Professional desktops will ignore
it and continue to authenticate using their existing BDCs.
This "fix" has an unusual side effect. If a W2K desktop happens to
authenticate at a legacy BDC, it will not get Group Policies. If a
W2K desktop happens to authenticate at a W2K SP2 domain controller,
it will get Group Policies and it will adopt that domain controller
and refuse to go back to authenticating with a legacy BDC. Even if
you take the W2K domain controller off the wire so that only BDCs
are left, the desktop will ignore the BDCs and log on with cached
credentials and cached Group Policies.
The end result is that some of your desktops will get Group Policies
and some won't. And you won't be able to predict the outcome. Try
explaining this to your users as they call the Help Desk wanting to
know why they aren't getting the software that was supposed to be
deployed to their desktops and the drive mappings they were supposed
to get in their new logon scripts. But the user next to them is.
How do you force all your W2K desktops to get Group Policies? In
this situation, you would need to disjoin the desktops from the
domain, put them into a workgroup, then rejoin them to the domain.
When they rejoin the domain, they will see the new W2K domain
controller, authenticate to it, and get their Group Policies.
Microsoft recommends scripting this evolution using NETDOM, but scripts
won't save you from hours and hours of work if you have thousands of
You can prevent shuffling your desktops out of and back into the
domain by taking a preliminary step documented in MS Knowledgebase
article Q284937. This consists of adding the following Registry
entry to the PDC BEFORE you upgrade it to Windows 2000 and SP2.
You MUST put the Registry entry on the NT4 PDC BEFORE you upgrade it
to Windows 2000 and SP2. You can't add it later and expect to avoid
disjoining and rejoining your desktops to the domain.
The Registry entry eliminates the "have" and "have-not" behavior in
the W2K desktops. All desktops continue to behave as if they were in
an NT4 domain. When you have enough W2K domain controllers to handle
authentication from the W2K desktops, you can either delete the Registry
entry or change it to 0. The W2K desktops will now authenticate exclusively
with W2K Domain Controllers and everyone gets their Group Policies at
the same time. You may need to reboot them several times to get them
to see a W2K domain controller.
The Knowledgebase article also documents a Registry change for a W2K
Professional client that forces it to authenticate to a W2K domain
controller so it can be used to manage the domain.
In summary, if you upgrade an existing NT4 domain to Windows 2000
using Setup files that have been slipstreamed with Service Pack 2,
you must put the Q284937 Registry entry in place on the PDC before
you upgrade it. The same is true for every BDC you upgrade. If you
don't, you'll likely be spending your weekend running around to every
W2K client. We hope this article made it to you before you started
This guest column is brought to you by two well-recognized Windows
2000 authors and speakers:
Jeremy Moskowitz, author of the ground-breaking SYBEX book, Windows
2000: Group Policy, Profiles, and IntelliMirror which is part of the new
Mark Minasi Technical Series. The book can be located at Amazon.com at http://www.w2knews.com/rd/rd.cfm?id=082701-Moskowitz
In 1997, Microsoft was the master of the digital universe. BillG was
the richest guy on the planet. But the empire was being eaten from
the inside, and nobody but a few insiders knew about it. A battle
for Microsoft's future was being fought between two camps: the Net
Doves and the Windows Hawks.
At stake was the future direction of the company. Would it be a
dramatic change to Internet geared software, or push Windows harder?
Like many things with Bill, it was not either or, it was "both".
Bill had not forgotten that he had beaten IBM coming from the low
end with something more simple, low cost and high volume. The thing
that revolutionized the industry was that Microsoft broke out software
from the hardware and sold the code separately (to all the combatants
in the hardware business). That was their winning strategy.
It helped the market escape from being locked in by hardware vendors.
But it opened at the same time the danger of being locked in by MS.
And Bill has been benefiting from that option. They have worked hard
to create hooks to make sure no one would do to them what they did
do IBM: Come from under with something new that makes you obsolete.
Internet Explorer was developed by a separate team from Windows, and
the two camps were continually debating the future direction of MS.
After a long battle, Bill decided he wanted to bundle it with Windows,
instead of making IE a new and independent platform that might replace
Windows. He calls this integration. Then the Government sued, being
pushed by MS competition, claiming that integration was illegal and
misuse of their monopoly position. Bill continued to defend the right
of MS to include anything into the OS they wanted, with the argument
that would increase customer value.
In the software industry, the real battle is for control of the key
interfaces. That means the API's for developers on the one hand, and
the GUI for the end-users on the other hand. If you control the
interfaces that a lot of other software developers depend on, you've
got it made and you get a positive feedback loop which grows your
product and revenues significantly. Second best is "open standards"
but you cannot make as much money that way.
In 1998, MS was doing well financially, but internally adrift. If you
look at it from an exterior viewpoint, Microsoft had started as a hot
IT-revolutionary, but now was the big guy that was on the defense. It's
not a role Bill ever wanted. The "one team fighting the competition"
was replaced with infighting and political maneuvering. Many employees
sometimes wondered how they got products out the door.
To a large extent there are 2 sorts of people in MS. Techies like Bill
and marketeers like Steve. Over the last few years, the marketeers
have won. Bill basically stepped aside to let Steve Ballmer run the
company. To some extent even, Bill was pushed in the role he has now
so that Steve can run things. Bill does long term planning and tech
strategy. Steve makes day-to-day decisions. Bill's technical choices
have often been driven by the dictates of the existing technology and
not by customer needs.
In 1999, the management team that had been together for a long time
basically dissolved due to the infighting. Everyone was in their
forties, a multimillionaire and other things like family and external
interests became more important. Out of the original eight members
of the MS Exec Committee, five left. And all the while, the Internet
was hovering like MS's death star.
January 2000, the new battle-cry became "software-as-a-service". The old business model (selling boxes via distributors) was a dead end.
Bill wanted to sell Wintone, just like dialtone or the electricity
bill. The new name for the initiative was "Dot Net". This was going
to be both a platform and a bunch of applications. (compare to
the Windows platform and apps like Word/Excel/Access/etc etc). The
actual difference was that these apps were not boxes in shrinkwraps
but a service over the Net. They would create the momentum by helping
third parties develop and build .Net services. See Steve Ballmer:
This new platform would give MS the control over a whole set of new
interfaces: speech, vision, handwriting recognition, GUI improvements,
etc. And MS would claim these were all open standards and everyone
could develop for them. The whole story was still about control over
the interfaces. And there are three major ones: Work, Entertainment
and Communication. MS has a lock on the Work interface: Windows.
The other two are up for grabs. The new Xbox is the attempt of MS
to move into the entertainment market and grab that interface. And
it's a known fact MS has been investing billions in the cable market,
which covers to some extent both communications and entertainment.
The interesting thing is that MS from the one end is seen as a
predatory monopolist, but on the other hand is attacked as a dinosaur
that only has a real market share in a PC market that is dwindling
due to upgrade fatigue. That is why Bill wants to get to "MS v3.0".
Integration of Internet services and a rich client that works great
with all this new Netstuff. Integration across all devices, from
handhelds to megaservers. And lock-in is no longer the main goal:
now it's interoperability.
The major court case really is about this: is integration actually
benefiting the customer, or is MS allowed to integrate so they have
a strategic advantage as a software developer? And here is where
the future comes in. What is Hailstorm? Basically another MS strategic
move for the interfaces in the areas of payments, file storage,
software delivery, privacy, security, copyright and a few more.
Now, it takes a large company to pull this off. I do not think that
any one but MS would be able to do this, and get it working. But
it is a little scary to think that just one large outfit would have
that much control. Unless they publish the API's and make these
open standards. That is what they are doing at the moment. And there
is a Linux outfit building code for Dot Net. But remember, Word
pushed Word Perfect out of the market, and Excel killed Lotus 1-2-3.
The challenge for the IT market in the coming years is to have all
the above interfaces to be able to interoperate, but have no dominant
player that can bend the market's arm. MS is working on it's new
tablet PC that has most of the stuff above built-in. It's a new GUI
that is supposed to make computing a lot easier.
With a unified code base, the .Net strategy in place and MS to a
very large degree back on track, they have a good chance of getting
"MS V3.0" right and actually pull it off. I think the market, the
competition, and the DOJ will keep 'em honest and we might see an
IT infrastructure develop that up till now we only dreamt about in
Recommended reading: Breaking Windows by David Banks. It gives you
a good backgrounder on how things work internally in MS.
THIRD PARTY NEWS
NEW PRODUCT: Sunbelt Remote Administrator
Yes, there are at least 10 remote control tools out there. Why are we
coming out with a Sunbelt-branded one? It's the kind of tool you use
all the time, and for the W2Knews 300-th anniversary we decided to
present you all with a really powerful, really low cost tool especially
made for System Admins.
Since most of us "live in" remote control tools a lot, we'd like to
see you live in one of the Sunbelt tools, at a price that cannot be
beat. Sure, there is freeware like VNC. But we think this is a better
deal with a lot of powerful features. And since this puppy is backed
by Sunbelt you'll have real support for it. So, here goes:
Sunbelt Radmin is a superfast, award winning remote control program.
You can take over one or more remote systems, and even daisy chain
them! Radmin is a complete remote control tool especially designed
for busy system administrators. The truly crucial features are all
there: superfast remote control, file transfer, NT security, telnet
and multi-language support. Radmin has a very small, tight footprint
and is blisteringly fast. The price is ridiculously low. This is
one sweet little tool that now comes with Sunbelt's industry strength
tech support and resources. Move over, pcAnywhere.
Sunbelt Remote Administrator is loaded with powerful features, here
are just a few highlights:
Runs as a service: Radmin server can work as a SERVICE under WinNT
and Win9X, which allows you to logon and logoff a user remotely.
Multiple connections support: Radmin server supports multiple remote
control and view sessions to one screen.
Full-screen, scaling and windowed view modes. Full-screen mode
allows you to see the remote screen on the entire screen of your
display. Scaling mode allows you to see the scaled remote screen in
a window with the user defined size. Radmin uses a video hook kernel
mode driver under Windows NT 4.0 to improve the performance. This
allows you to work on the remote computer with an incredible 'real-
time' update speed (hundreds of screen updates per second). Radmin
works on both NT and W2K, the video hooks for W2K are coming soon,
but we're waiting for the WXP release to make sure we're compatible.
File transfer allows you to transfer files to or from the remote box.
Works with easy-to-use interface similar to Windows Explorer.
File Transfer resuming after abnormal disconnection
Remote shutdown feature
Windows NT security support
Event Log support
Sending Ctrl-Alt-Del to the remote computer
And many, many more features that were developed especially for
busy system admins that you'll find on the webpage.
Security and reliability
Radmin is easy to use and provides robust 128bit strong encryption of
all its data streams. The software is based on the TCP/IP protocol
which is by now the most widespread protocol in WANs and LANs.
All you need to control a computer located in any place on the planet
is a TCP/IP connection between these two boxes. When in the "Full
control" mode you can do on the remote computer what you like -
transfer files to and fro, shutdown or logoff, etc. -- if you have
enough permissions. Radmin is a very SECURE and RELIABLE remote control
tool. A lot of attention was paid to security questions in the Radmin
design. Check out the webpage for details, but one thing we're letting
you know up front: Radmin 2.1 does support both Windows NT/2000 user
Remote Administrator has a very easy interface. It is devoid of all
'value added' features that are not needed but make it harder to work
with the product and slow down the speed. Radmin has been developed to
satisfy three main corporative requirements for remote control software:
System Administrator Tool: Radmin makes it easy really for you to get
started. Using Radmin, you can monitor servers and correct problems at
any time of the day from any location. Capability to monitor multiple
hosts at the same time at a high speed also is very helpful. Radmin
allows you to transfer files at a blistering speed with an easy to
use interface. Radmin's features give you a high level of mobility,
independence and control. It's as if you are there.
Corporate Help Desk: Radmin lets helpdesk staff troubleshoot problems
without having to run all over the building. Helpdesk staff needs strong
remote-control performance plus features such as tools for pushing the
host software down to client PCs for easy installation, and the ability
to launch the host module remotely.
Customer Service: If a customer encounters a problem, a support
technician can take over the system and resolve the problem without
having to ship the PC back and forth. This tool is very helpful if
you are a vendor or either hardware or software. The increasing
complexity of computer software and hardware make it almost impossible
to solve problems through verbal interaction between the user and
the technician. In this case customers can save their money as well
as technicians can reduce costs for support.
Ammo to ask for budget:
Improve customer service but cut cost at the same time
Provide support to telecommuters: significant savings on travel
Faster problem resolution: increased productivity
Fantastic pricing compared to other bloatware tools
And here's the pricing in $US. (pricing in EU varies due to rates)
Single license (good for 2 machines ) $35
Site license (the whole building, unlimited units) $900
Company license (whole company, unlimited units) $4,500