Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 24, 2001 (Vol. 6, #73 - Issue #308)
FREE Nimda Scanner!
This issue of W2Knews contains:
- EDITORS CORNER
- Need An Early Worm Heads-Up?
- TECH BRIEFING
- AutoPilot Design Directions? - We Need Your Input!
- NT/2000 RELATED NEWS
- MS IIS Lockdown Tool Seems To Quarrel With Exchange 2000
- Hired Or Fired Employees Lately?
- Can't Login? Lost The Administrator Password?!
- Transcender Releases E2000 Goods
- NT/2000 THIRD PARTY NEWS
- FREE Nimda Scanner!
- Free "Cost of Printing" Calculator
- Do You Have False Sense Of Security?
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Hacking Exposed - Windows 2000!
SPONSOR: NTP Software
FINALLY! END-TO-END STORAGE RESOURCE MANAGEMENT!
SRM technology that is easy to use AND that provides an integrated
solution to storage management problems. David G. Hill, Research
Director at Aberdeen Group states "NTP Software?s EASE technology
could save hundreds of man-hours over conventional server by server
administration?" Why work harder than you need to? NTP Software,
the best of American technology. Visit for more information:
Visit NTP Software for more information.
Need An Early Worm Heads-Up?
Knowing about a sudden virus - before your users tell you- is a lot
of work. For some people it's a lot easier than others. Why? They are
subscribed to list servers that warn them. To illustrate this, read
what Martin Blackstone wrote on the NTSYSADMIN list, Sept 20-th:
"There are some MAJOR advantages to being on these lists. As an
example, many of us knew about Nimda hours before anyone else did.
Granted we didn't have technical details or a name, but we knew there
was something bad happening and to start battening down the hatches.
You cannot put a price on info like that. I guarantee you, you sub
to these lists, your knowledge will grow exponentially, and you will
look like a hero to your boss when you know the S#!T is about to hit
the fan well before anyone else does".
Sunbelt Software sponsors several free list servers for the NT/W2K
community. One of the extremely popular ones is the NTSYSADMIN list.
There are about 5,000 very sharp people on this list, and the volume
can be very high. You need to set up a rule to filter it into a
separate mailbox, then sort by thread and delete whole treads if you
are not interested. A good rule is to "lurk" for a week before you
post. Sunbelt lists are: ON TOPIC, NO NOISE and FRIENDLY. Sub here:
(email me with feedback: [email protected])
SPONSOR: Event Log Monitor
NEED TO BE THE FIRST TO KNOW WHEN THE $#!+ HITS THE FAN?
With Event Log Monitor, you can. ELM monitors Windows servers in real-
time, alerting you before your users know about security breaches,
health problems, and critical events but also network device problems
that affect reliability and availability. Need to monitor services
and automatically restart them when they go down? Whether you have
one server or a hundred, a LAN or a WAN, ELM will provide you maximum
visibility and uptime with minimal impact. For a 30-day eval, click:
Visit Event Log Monitor for more information.
AutoPilot Design Directions? - We Need Your Input!
There are an estimated 50-70,000 active AutoPilot licenses running
on machines. Over the years we have sold a lot, but also added it
to many books as a special incentive. We're ready to take AutoPilot
to the next level, but would really like to know where you would
like us to go with it. (If you are new to W2Knews, AutoPilot is a
real-time NT/W2K tuner that boosts performance).
So, we reasoned, why not simply ask you! We have a survey that is
a bit different from the other ones you get. This is a bit more of
a technical challenge. Are you up to it? We describe a particular
technical performance boosting feature, and you tell us if that
idea basically stinks, or of you'd really like to see that in the
product by scoring it from 1 to 5. We'll tabulate the seven feature
questions and let you know about the results. There is an 8-th
question where you can propose things we did not think of.
As an example, - this is not for the weak of heart! - here's one:
Question: "AutoPilot has a unique vantage point on activities performed
by applications within the system. As you know, AutoPilot contains
neural network technology that allows it to distill information from
a number of performance "probes" into a single decision point. Currently,
AutoPilot assumes that nothing can be done to change the physical
parameters of the machine to affect performance. However, if
AutoPilot's algorithms were modified slightly, they could be used
to advise the administrator on what hardware additions would most
positively impact performance. In other words, what hardware additions
would provide the most "bang for the buck" from a performance
perspective. Please rate the importance of this feature: 1 for
"naaah", 5 equals "gimme!".
Please tell us how you'd like to see AutoPilot Designed Further?
NT/2000 RELATED NEWS
MS IIS Lockdown Tool Seems To Quarrel With Exchange 2000
An Exchange Guru in Microsoft's Techical team (PSS) told some one
IIS lockdown tool should not be used on an Exchange 2000 Server.
It seems they looked a bit more in detail what the lockdown tool
did, and found that because of the fact E2K relies on IIS 5, the
tool is disrupting normal E2K behavior. I'm still waiting for a
confirmation by MS. At least you're warned for the possibility of
a potential problem here. Other apps relying on IIS might be
affected as well.
Hired Or Fired Employees Lately?
Enterprise Security Reporter, V2.0, was released this week. It is
a powerful security reporting tool. This latest release features
new interactive reporting capabilities, optimization of the discovery
engine, new 'Account Policies' and 'User Rights' reports and enhanced
enterprise management. It's also affordable.
You utilize ESR to audit the security configuration of your network,
saving you from security breaches. Which gets more and more urgent.
ESR extensive reporting capabilities show you exactly who has
permissions to which files and folders across your network.
ESR, version 2.0's new functionality includes:
Here are the specs and an eval:
- New interactive reporting capabilities, allowing you to create
hundreds of unique reports from one easy to use graphical interface.
These new reports are available for both NTFS permissions reports
and Group Membership reports.
- Version 2.0's enhanced discovery engine has faster discovery times
and reduces network traffic, making Enterprise Security Reporter
less obtrusive to your network.
- New reports added for Account Policies, and User Rights. Easily
find which servers meet corporate security standards and which users
have special user rights.
- Enhanced Enterprise Discovery Management. ESR 2.0 now allows you
to group similar servers into a single discovery group, and with
the improved queuing capabilities, managing the discovery of
hundreds of servers is a snap.
Can't Login? Lost The Administrator Password?!
NTAccess can replace the administrator password of a Windows NT
or Windows 2000 system by rebooting the computer with a special
set of boot disks. This is useful if you forgot the administrator
password and cannot access the Windows NT/2000 system.
So you have a workstation where nobody can login? Nobody seems to
remember the admin password on that server? With NTAccess, you can
reset the admin password so you can login! Here's a breakdown of
You'll need a set of Windows NT/2000 Setup boot disk. You can create
the disks using your Windows NT/2000 CD-ROM. Copy a few special files
on the disks and optionally modify one text file. Now you can boot
with these disks and replace the password of the administrator account
of any Windows NT/2000 System on the machine.
The complete process takes about 10 minutes to create the boot disks
and another 10 minutes to boot with them and replace the administrator
password. However you only need to create the boot disks once and can
use them as long as the floppy disks last. Just $70 on the OnlineShop.
Transcender Releases E2000 Goods
Transcender has always been one of the best test preparation
companies out there. They've just released their Deluxe Exchange
2000 Pak It's got a bunch of good simulators built-in to give you
a bunch of that useful hands-on stuff that will help you get through
the MS exams.
"Time is running out for MCSEs to upgrade to Windows® 2000
certification, and since exams 70-224 and 70-225 both count as
elective credits for the MCSE 2000, using our Deluxe Exchange 2000
Pak to study will help facilitate this upgrade" says Kim Giles,
vice president of marketing.
ExchangeCert/Admin 2000 and ExchangeCert/Design 2000 also have
ExchangeFlash/Admin 2000 and ExchangeFlash/Design 2000 each present
hundreds of questions in a flash-card format that allows you to
review concepts in a self-graded, untimed, low-pressure environment.
TranscenderFlash exams are reviews of the concepts that will be
covered by the actual certification exams. For more details, contact
Transcender LLC at 615.726.8779, visit the Web site at:
THIRD PARTY NEWS
FREE Nimda Scanner!
The Retina Nimda Scanner is a tool created by eEye Digital Security
that is able to scan up to 254 IP addresses (Class C) at once and
determine if any are vulnerable to the "Nimda Worm". If a machine or
server is found to be vulnerable to the Nimda Worm, the Retina Nimda
Scanner will flag the IP address. You can download this tool for free
from the Retina Page at the link below. It shows you your machines
that are vulnerable but it does not disinfect them. There are a few
out there that do this, but prudence rules. You do not suddenly want
to get ALL your shared killed. ;-)
Retina Nimda Scanner - Class B Version
Due to popular demand, eEye developed a special version of the Nimda
scanner which is capable of scanning an entire Class B subnet at one
time. The Class B scanner is similar in functionality to the free
Class C version. The output of the scan is presented in the same user
interface as the free version. This is a "no-frills" product designed
to help owners of large networks who need to quickly assess the impact
of the Nimda Worm and its variants on their systems. Once you have
identified the machines, follow MS instructions to get rid of it:
The Class B scanner is available for purchase by request only. This
product can be used to scan an unlimited number of IPs an unlimited
number of times. Site licenses are also available for very large
networks. If you want to know more, fill out the QUESTION link at
the end of the Retina page and a Rep will get in touch with you. But
to start off, it would be a good idea to get the free Class C scanner.
Get it from the Retina download page, (yes you have to fill out your
address) and then click on Help to find out how it works.
Free "Cost of Printing" Calculator
Print Manager Plus now comes with a free Cost of Printing Calculator.
It allows you quickly look at the hidden cost of printing in your
organization and see how much budget you would be able to save by
putting in a bit more control on rampant printing. Think about all
the other cool stuff you could get like huge flat panel displays
instead of wasting trees. Here are some of your colleagues that
commented on the cost of printing and savings possible:
"We have recouped the outlay on Print Manager Plus about 5 times over
already as the students cannot waste reams of paper and toner to their
hearts content! Thanks again, Mike Turner - Downend School, UK."
"We have actually purchased Print Manager Plus for our Server and it
has saved us more than $40,000 dollars in the 1 year and 1/2 that we
have been running." - Healesville High School in Australia"
"Hewlett-Packard manager Nickolai Stickel has revealed that the cost
of printing is an area that has been neglected and one where huge
savings can be made. He says, printing is the last uncontrolled area
of expense. A printer is not expensive in itself but it is all the add-
on costs over the life of the printer that creates a huge expense."
"While the Internet has changed printing requirements, people still
print off e-mails and online documents and an increase in electronic
info has lead to an increase in the amount of paper. In the US it
has been calculated that on average, every worker prints 28 pages off
the internet each day."
"Gartner Group calculates that the cost of acquiring a printer is only
20% of the total cost involved."
The free calculator is an Excel spreadsheet you can download in the
section White Papers, Documents and other files over here:
Do You Have False Sense Of Security?
When we asked the Developer of the new Shavlik Admin Suite how they
compare to other Hotfix Tools they said:
"The Shavlik Hotfix Checker is the only product that 100% accurately
identifies machines with missing Microsoft security patches in real
time and then tells users why their systems are not truly patched even
when they think they are. We use a proprietary binary file and
registry comparison to accurately tell users what patches they have,
or do not have. This proprietary solution (that we developed together
with Microsoft) also uses a tuned algorithm that tells users only
about the patches they need, a very important feature in regard to
the Rollup Patches Microsoft is providing.
"Many of our customers have thanked us for creating this feature as
it has saved them from falsely identifying machines as secure. We
have a number of customer testimonials that reflect this high level
of customer satisfaction. Our product removes the false sense of
security other tools provide to assure our customers know exactly
how their systems are patched".
To see this for yourself, here is an eval you can download:
This Week's Links We Like. Tips, Hints And Fun Stuff
Cisco page on "How to Protect Your Network Against the Nimda Virus" and
block it at the network level.
Gartner has created a good resource page about Disaster Recovery.
Want to build your own Submarine? He're are two IBM consultants doing
just that in his own garage. Lots of pictures. Pretty cool.
PRODUCT OF THE WEEK
Hacking Exposed - Windows 2000!
This book of the week is also a repeat. I'm now reading it and it's
REAL GOOD. It's one of these books that you just GOTTA have. If you
only buy one or two books a year, this is one of them. Remember how
enthused I was about the original "Hacking Exposed"? Well, they have
done it again, but now with an all-Windows 2000 focus. This is the
end-all of hacking into your W2K servers. A must-read if you want
to secure your networks and a 'Stu's Warmly Recommended!' It's a
treasure trove of information no W2K sysadmin should be without.