Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Feb 21, 2002 (Vol. 7, #15 - Issue #346)
Security Baseline Checklists
This issue of W2Knews contains:
- EDITORS CORNER
- Your W2Knews Stays Free, But What Changes?
- TECH BRIEFING
- CISCO Releases Router Audit Tool & Benchmark
- NT/2000 RELATED NEWS
- Security Baseline Checklists
- Other Useful Technical Sites
- NT/2000 THIRD PARTY NEWS
- Security, Management & FREE User Migration. Interested?
- ScriptLogic 4.0 RC-2 is now available!
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Windows 2000 Admin Black Book - Second Edition
SPONSOR: Aelita Software
Migrating to Active Directory?
Don't do it without ERDisk for Active Directory!
It is the ideal solution for keeping business
critical AD and Exchange 2000 up and running.
ERDisk for AD offers full backup and 10-minute
restore, as well as advanced AD troubleshooting
capabilities. Download your FREE trial today!
Visit Aelita Software for more information.
Your W2Knews Stays Free, But What Changes?
Thanks a lot for all your feedback on the recent SunPoll and the
survey on how we can improve things. Very, very useful. And I also
found I did not phrase the SunPoll correctly. What we are considering
is ADD a second, paid version of W2Knews. That one would come with
a whole series of extra features for which we'd hire a special
technical editor. And that one would be 10 bucks a year. You will
always still get the normal free W2Knews!
So, I'm going to redo the SunPoll, and if you would not mind, go back
and answer it from this (new) perspective? You can vote here:
And the "How Are We Doing Survey" was revealing. Thanks so much for all
the feedback you gave. I came to find that I also have not been clear
enough about what is already there for you. For instance, we have years
of our archives on the website, in a searchable format right here:
It turns out that quite a few of you do not know that Sunbelt Software
(the "master sponsor" of this e-zine) also hosts a series of list
servers that provide a community for several high interest areas. Here
they are, and the topics describe exactly what they are about:
You can subscribe to them all over here. Make sure you read the list
charter. Ground rules: ON TOPIC, NO NOISE and FRIENDLY.
- Active Directory Management Issues
- NT on Alpha
- Disaster Recovery
- MS Exchange Management Issues
- Home Automation
- MAC on an NT LAN
- MCSE Study Issues
- NTSYSADMIN Issues
- NTSYSADMIN Issues Espanol
- NT Resellers List
- NT Resumes
- MS SQL Management Issues
- Windows Security Issues
- Windows XP Users
Oh, and some people responded they do not appreciate the third party
mailers that we sometimes send. These are companies that we screen
for relevancy and want to sell something to you. We send it out for
them and your email address never leaves our systems. But if you do
not want these, you can go to your profile, update it and indicate
you do not want these third party mailers. The link to your profile
is at the bottom of each issue.
PS, We migrated to Active Directory last weekend. Every one can still
log in, so far so good, [famous last words]. We'll do an in-depth
write-up on this one about a week from now.
(email me with feedback: [email protected])
SICK AND TIRED OF MESSING WITH LOGON SCRIPTS?
ScriptLogic solves your problem by delivering the config created for
each user wherever they log in. Security policies, drive mappings,
folder redirection, printers, Internet config, Microsoft Office paths,
and Outlook/Exchange mail profiles are automatically configured during
the logon process. Users can log in from any PC, running any Windows
32-bit OS, over any LAN, dial-up or VPN connection -- and instantly
have access to their unique desktop configuration. Check the new V4.0!
Visit ScriptLogic for more information.
CISCO Releases Router Audit Tool & Benchmark
The Router Audit Tool checks security settings in the configurations
of your Cisco IOS routers. It reports the problems it finds and gives
each router an overall score. It also points you to the precise methods
of fixing the problems. In other words it plays the role of a top
flight router security expert.
The Benchmark is based on the US National Security Agency Router
Security Configuration Guide, and provides the basis for the "best
practice" configuration rules and defines a minimum security baseline
for all routers running IOS 11 or 12. I will let you know when I
have found more detail. It's a bit sketchy at the moment, they are
only just introducing it. Stay tuned!
NT/2000 RELATED NEWS
Security Baseline Checklists
There is a page on the MS website that I'm not sure you are aware of.
It's highly useful but they do not do a good job of promoting the fact
that it is there. Sometimes even MS needs a hand. This TechNet page
has all the free MS security tools, some of the screen savers, a whole
bunch of security checklists, and security updates. Check out this
page and bookmark it!
You can use these checklists in a multitude of situations, like as a
starting point of discussions with clients during security audits.
Other Useful Technical Sites
Out of the "How Are We Doing" survey came some other very useful info
as well. These were the most popular other technical sites apart from
Microsoft MSDN/Technet and Sunbelt. High on the list were:
And Rory Canavan from Compaq sent me the following remark: "Further to
your guide on SNMP, I have come across this site in the Oracle help
files. It really did provide an excellent (and readable!) overview of
SNMP. All the best, and keep up the good work!" You need to register
for this site to get in, but it's free.
- ZDNET: 50%
- CNet: 44%
- TechRepublic: 40%
- Brainbuzz/Cramsession: 25%
- PCworld: 19%
- SearchWin2000: 17%
THIRD PARTY NEWS
Security, Management & FREE User Migration. Interested?
Solve multiple Administrative headaches with one silver bullet: Trusted
Task Automation - Are you spending time performing trivial administrative tasks, rather than focusing on larger issues?
Permissions Delegation - A significant management and security issue
faced by any enterprise is too many under trained folks with Administrative
or Operator access to your network. Replacing Admin and Operator access
with limited delegated roles will increase security and reduce costly
Comprehensive Auditing - Once you delegate permissions, do you know
what the delegates are really up to? Are users being mysteriously
deleted or accounts locked? Don't waste time investigating - check your audit trail and have the answer.
Integrate NT/2000/Exchange/TS User Admin - Don't waste precious time
toggling between these screens just to change user attributes or trying
to manage a mixed mode environment.
Comprehensive Reporting - Instantly generate detailed reports of true last login statistics, passwords set to never expire, or any user attribute
and then apply mass updates with a mouse click in Admin by Report.
The developers of Trusted Enterprise Manager are about to release a major
revision of this enterprise-level application - including an NT to W2K
drag and drop user migration utility. It's a great way to manage, secure
and migrate your user environment.
Buy Trusted Enterprise Manager now before the pricing increases and get
your UPGRADE AND USER MIGRATION TOOLS FREE.
Follow this link:
ScriptLogic 4.0 RC-2 is now available!
ScriptLogic gets you a centralized "hands-off" approach to the
administration of your NT/W2K domains. No more repeated trips
to desktop, maintaining multiple batch files, learning scripting
languages, repairing corrupt roaming profiles, and maintaining
complex group policies. V4 is more than 200% faster than previous
versions. ScriptLogic Release Candidate Version 4.0-2a is available
for public beta testing. Some exciting new features include:
Oh, and let's not forget that it executes about 200-300% faster when
your clients logon...
- Enhanced 4-part Validation Logic (Class: Desktop, Portable, Term Serv Client, Server or Domain Controller) (OS: 95, 98, Me, NT4, 2000 and XP) (Type: added Primary Group and 5 new Terminal Server specific options to list of choices).
- New RunAdmin service (acquired from the Quimeras Company) will allow you to execute any application as a local administrator.
- New multi-threaded Service Manager applet.
- New multiple profile support (Enterprise Edition only).
- New Alert Management System.
- New INI File manipulation tab.
- Enhanced cycle logic for Application Launcher and Message Boxes. You now have the option of launching applications only once per computer and/or user.
- New Logoff Scripting (via the Application Launcher).
- Ability to define different mail profiles (list-based) using Validation Logic.
- Added support for Active Directory Universal and Nested groups.
- Full support for Microsoft Windows XP and Office XP.
- New ScriptLogic API to streamline custom scripting and software deployments.
Beyond Anti-Virus Software:
With all the ploy-morphing VBS virus strains these days, one of them
is sure to make it through your anti-virus scanner. This ScriptLogic
custom script can be your last-line-of-defense by disassociating common
extensions from Windows Script Host. End result: attempting to
double-click a virus opens it safely with notepad! We've developed a
comprehensive custom script which you can simply plug-in. C1030 (AntiVirus.kix).
"Root mapping" user home directories:
Need help understanding how to "root map" a drive letter to each user's
home directory? KB Article S1042 explains the complete process in detail.
It's easy -- when you combine ScriptLogic with AutoShare!
Sunbelt does not provide technical support for this Release Candidate,
and we do not recommend you put it in production until a full-blown
final version gets released in a few weeks, but you should have a look
at this new powerful V4.
This Week's Links We Like. Tips, Hints And Fun Stuff
Do not get enough Spam? Here is an unlimited spam generator with the
best specimens. [grin]
Need to keep an eye on users? Here is the ultimate SuperSnoop software.
For a moment, you think it's real. And then you see this is a (good) spoof.
Handy with hardware? Here is how to watercool your XBOX. Really.
PRODUCT OF THE WEEK
Windows 2000 Admin Black Book - Second Edition
I'm one of the authors of this one. The topics covered are: MS W2K,
explained mostly in a series of procedures, for installing, configuring,
and managing the operating system for a medium-to-large organization;
how to perform key work in disk management, Active Directory setup,
Registry management, and print services provision; migration from NT 4.0
to W2K, IntelliMirror, and the Microsoft Management Console (MMC).
Windows 2000 Systems Administrator's Black Book is a must-have reference
for system administrators and IS professionals who install, configure,
and support workstations and servers on Windows 2000 networks, and who
require a detailed guide to Windows 2000 security, start-up and shut-down,
disk and file systems management, networking, Internet Information Server,
and the Active Directory. Windows 2000 Systems Administrator's Black Book
provides details of the upgrade process from Windows NT 4.0. Amazon has a
special at the moment, where they offer this one together with an Active
Directory one for a special low price. Recommended! Link to Amazon: