- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 24, 2001 (Vol. 6, #73 - Issue #308)
FREE Nimda Scanner!
  This issue of W2Knews™ contains:
    • Need An Early Worm Heads-Up?
    • AutoPilot Design Directions? - We Need Your Input!
    • MS IIS Lockdown Tool Seems To Quarrel With Exchange 2000
    • Hired Or Fired Employees Lately?
    • Can't Login? Lost The Administrator Password?!
    • Transcender Releases E2000 Goods
    • FREE Nimda Scanner!
    • Free "Cost of Printing" Calculator
    • Do You Have False Sense Of Security?
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Hacking Exposed - Windows 2000!
  SPONSOR: NTP Software
SRM technology that is easy to use AND that provides an integrated
solution to storage management problems. David G. Hill, Research
Director at Aberdeen Group states "NTP Software?s EASE technology
could save hundreds of man-hours over conventional server by server
administration?" Why work harder than you need to? NTP Software,
the best of American technology. Visit for more information:
Visit NTP Software for more information.

Need An Early Worm Heads-Up?

Knowing about a sudden virus - before your users tell you- is a lot of work. For some people it's a lot easier than others. Why? They are subscribed to list servers that warn them. To illustrate this, read what Martin Blackstone wrote on the NTSYSADMIN list, Sept 20-th:

"There are some MAJOR advantages to being on these lists. As an example, many of us knew about Nimda hours before anyone else did. Granted we didn't have technical details or a name, but we knew there was something bad happening and to start battening down the hatches. You cannot put a price on info like that. I guarantee you, you sub to these lists, your knowledge will grow exponentially, and you will look like a hero to your boss when you know the S#!T is about to hit the fan well before anyone else does".

Sunbelt Software sponsors several free list servers for the NT/W2K community. One of the extremely popular ones is the NTSYSADMIN list. There are about 5,000 very sharp people on this list, and the volume can be very high. You need to set up a rule to filter it into a separate mailbox, then sort by thread and delete whole treads if you are not interested. A good rule is to "lurk" for a week before you post. Sunbelt lists are: ON TOPIC, NO NOISE and FRIENDLY. Sub here:

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Event Log Monitor
With Event Log Monitor, you can. ELM monitors Windows servers in real-
time, alerting you before your users know about security breaches,
health problems, and critical events but also network device problems
that affect reliability and availability. Need to monitor services
and automatically restart them when they go down? Whether you have
one server or a hundred, a LAN or a WAN, ELM will provide you maximum
visibility and uptime with minimal impact. For a 30-day eval, click:
Visit Event Log Monitor for more information.

AutoPilot Design Directions? - We Need Your Input!

There are an estimated 50-70,000 active AutoPilot licenses running on machines. Over the years we have sold a lot, but also added it to many books as a special incentive. We're ready to take AutoPilot to the next level, but would really like to know where you would like us to go with it. (If you are new to W2Knews, AutoPilot is a real-time NT/W2K tuner that boosts performance).

So, we reasoned, why not simply ask you! We have a survey that is a bit different from the other ones you get. This is a bit more of a technical challenge. Are you up to it? We describe a particular technical performance boosting feature, and you tell us if that idea basically stinks, or of you'd really like to see that in the product by scoring it from 1 to 5. We'll tabulate the seven feature questions and let you know about the results. There is an 8-th question where you can propose things we did not think of.

As an example, - this is not for the weak of heart! - here's one:

Question: "AutoPilot has a unique vantage point on activities performed by applications within the system. As you know, AutoPilot contains neural network technology that allows it to distill information from a number of performance "probes" into a single decision point. Currently, AutoPilot assumes that nothing can be done to change the physical parameters of the machine to affect performance. However, if AutoPilot's algorithms were modified slightly, they could be used to advise the administrator on what hardware additions would most positively impact performance. In other words, what hardware additions would provide the most "bang for the buck" from a performance perspective. Please rate the importance of this feature: 1 for "naaah", 5 equals "gimme!".

Please tell us how you'd like to see AutoPilot Designed Further?


MS IIS Lockdown Tool Seems To Quarrel With Exchange 2000

An Exchange Guru in Microsoft's Techical team (PSS) told some one IIS lockdown tool should not be used on an Exchange 2000 Server. It seems they looked a bit more in detail what the lockdown tool did, and found that because of the fact E2K relies on IIS 5, the tool is disrupting normal E2K behavior. I'm still waiting for a confirmation by MS. At least you're warned for the possibility of a potential problem here. Other apps relying on IIS might be affected as well.

Hired Or Fired Employees Lately?

Enterprise Security Reporter, V2.0, was released this week. It is a powerful security reporting tool. This latest release features new interactive reporting capabilities, optimization of the discovery engine, new 'Account Policies' and 'User Rights' reports and enhanced enterprise management. It's also affordable.

You utilize ESR to audit the security configuration of your network, saving you from security breaches. Which gets more and more urgent. ESR extensive reporting capabilities show you exactly who has permissions to which files and folders across your network.

ESR, version 2.0's new functionality includes:

  • New interactive reporting capabilities, allowing you to create hundreds of unique reports from one easy to use graphical interface. These new reports are available for both NTFS permissions reports and Group Membership reports.
  • Version 2.0's enhanced discovery engine has faster discovery times and reduces network traffic, making Enterprise Security Reporter less obtrusive to your network.
  • New reports added for Account Policies, and User Rights. Easily find which servers meet corporate security standards and which users have special user rights.
  • Enhanced Enterprise Discovery Management. ESR 2.0 now allows you to group similar servers into a single discovery group, and with the improved queuing capabilities, managing the discovery of hundreds of servers is a snap.
Here are the specs and an eval:

Can't Login? Lost The Administrator Password?!

NTAccess can replace the administrator password of a Windows NT or Windows 2000 system by rebooting the computer with a special set of boot disks. This is useful if you forgot the administrator password and cannot access the Windows NT/2000 system.

Product Features
So you have a workstation where nobody can login? Nobody seems to remember the admin password on that server? With NTAccess, you can reset the admin password so you can login! Here's a breakdown of the process:

You'll need a set of Windows NT/2000 Setup boot disk. You can create the disks using your Windows NT/2000 CD-ROM. Copy a few special files on the disks and optionally modify one text file. Now you can boot with these disks and replace the password of the administrator account of any Windows NT/2000 System on the machine.

The complete process takes about 10 minutes to create the boot disks and another 10 minutes to boot with them and replace the administrator password. However you only need to create the boot disks once and can use them as long as the floppy disks last. Just $70 on the OnlineShop.

Transcender Releases E2000 Goods

Transcender has always been one of the best test preparation companies out there. They've just released their Deluxe Exchange 2000 Pak It's got a bunch of good simulators built-in to give you a bunch of that useful hands-on stuff that will help you get through the MS exams.

"Time is running out for MCSEs to upgrade to Windows® 2000 certification, and since exams 70-224 and 70-225 both count as elective credits for the MCSE 2000, using our Deluxe Exchange 2000 Pak to study will help facilitate this upgrade" says Kim Giles, vice president of marketing.

ExchangeCert/Admin 2000 and ExchangeCert/Design 2000 also have Transcender?s Money-Back-If-You-Don?t-Pass-Guarantee.* ExchangeFlash/Admin 2000 and ExchangeFlash/Design 2000 each present hundreds of questions in a flash-card format that allows you to review concepts in a self-graded, untimed, low-pressure environment. TranscenderFlash exams are reviews of the concepts that will be covered by the actual certification exams. For more details, contact Transcender LLC at 615.726.8779, visit the Web site at:


FREE Nimda Scanner!

The Retina Nimda Scanner is a tool created by eEye Digital Security that is able to scan up to 254 IP addresses (Class C) at once and determine if any are vulnerable to the "Nimda Worm". If a machine or server is found to be vulnerable to the Nimda Worm, the Retina Nimda Scanner will flag the IP address. You can download this tool for free from the Retina Page at the link below. It shows you your machines that are vulnerable but it does not disinfect them. There are a few out there that do this, but prudence rules. You do not suddenly want to get ALL your shared killed. ;-)

Retina Nimda Scanner - Class B Version
Due to popular demand, eEye developed a special version of the Nimda scanner which is capable of scanning an entire Class B subnet at one time. The Class B scanner is similar in functionality to the free Class C version. The output of the scan is presented in the same user interface as the free version. This is a "no-frills" product designed to help owners of large networks who need to quickly assess the impact of the Nimda Worm and its variants on their systems. Once you have identified the machines, follow MS instructions to get rid of it:

The Class B scanner is available for purchase by request only. This product can be used to scan an unlimited number of IPs an unlimited number of times. Site licenses are also available for very large networks. If you want to know more, fill out the QUESTION link at the end of the Retina page and a Rep will get in touch with you. But to start off, it would be a good idea to get the free Class C scanner.

Get it from the Retina download page, (yes you have to fill out your address) and then click on Help to find out how it works.

Free "Cost of Printing" Calculator

Print Manager Plus now comes with a free Cost of Printing Calculator. It allows you quickly look at the hidden cost of printing in your organization and see how much budget you would be able to save by putting in a bit more control on rampant printing. Think about all the other cool stuff you could get like huge flat panel displays instead of wasting trees. Here are some of your colleagues that commented on the cost of printing and savings possible:

"We have recouped the outlay on Print Manager Plus about 5 times over already as the students cannot waste reams of paper and toner to their hearts content! Thanks again, Mike Turner - Downend School, UK."

"We have actually purchased Print Manager Plus for our Server and it has saved us more than $40,000 dollars in the 1 year and 1/2 that we have been running." - Healesville High School in Australia"

"Hewlett-Packard manager Nickolai Stickel has revealed that the cost of printing is an area that has been neglected and one where huge savings can be made. He says, printing is the last uncontrolled area of expense. A printer is not expensive in itself but it is all the add- on costs over the life of the printer that creates a huge expense."

"While the Internet has changed printing requirements, people still print off e-mails and online documents and an increase in electronic info has lead to an increase in the amount of paper. In the US it has been calculated that on average, every worker prints 28 pages off the internet each day."

"Gartner Group calculates that the cost of acquiring a printer is only 20% of the total cost involved."

The free calculator is an Excel spreadsheet you can download in the section White Papers, Documents and other files over here:

Do You Have False Sense Of Security?

When we asked the Developer of the new Shavlik Admin Suite how they compare to other Hotfix Tools they said:

"The Shavlik Hotfix Checker is the only product that 100% accurately identifies machines with missing Microsoft security patches in real time and then tells users why their systems are not truly patched even when they think they are. We use a proprietary binary file and registry comparison to accurately tell users what patches they have, or do not have. This proprietary solution (that we developed together with Microsoft) also uses a tuned algorithm that tells users only about the patches they need, a very important feature in regard to the Rollup Patches Microsoft is providing.

"Many of our customers have thanked us for creating this feature as it has saved them from falsely identifying machines as secure. We have a number of customer testimonials that reflect this high level of customer satisfaction. Our product removes the false sense of security other tools provide to assure our customers know exactly how their systems are patched".

To see this for yourself, here is an eval you can download:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Cisco page on "How to Protect Your Network Against the Nimda Virus" and block it at the network level.
  • Gartner has created a good resource page about Disaster Recovery.
  • Want to build your own Submarine? He're are two IBM consultants doing just that in his own garage. Lots of pictures. Pretty cool.

    Hacking Exposed - Windows 2000!

    This book of the week is also a repeat. I'm now reading it and it's REAL GOOD. It's one of these books that you just GOTTA have. If you only buy one or two books a year, this is one of them. Remember how enthused I was about the original "Hacking Exposed"? Well, they have done it again, but now with an all-Windows 2000 focus. This is the end-all of hacking into your W2K servers. A must-read if you want to secure your networks and a 'Stu's Warmly Recommended!' It's a treasure trove of information no W2K sysadmin should be without.