- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Feb 21, 2002 (Vol. 7, #15 - Issue #346)
Security Baseline Checklists
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Your W2Knews Stays Free, But What Changes?
  2. TECH BRIEFING
    • CISCO Releases Router Audit Tool & Benchmark
  3. NT/2000 RELATED NEWS
    • Security Baseline Checklists
    • Other Useful Technical Sites
  4. NT/2000 THIRD PARTY NEWS
    • Security, Management & FREE User Migration. Interested?
    • ScriptLogic 4.0 RC-2 is now available!
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Windows 2000 Admin Black Book - Second Edition
  SPONSOR: Aelita Software
Migrating to Active Directory?
Don't do it without ERDisk for Active Directory!
It is the ideal solution for keeping business
critical AD and Exchange 2000 up and running.
ERDisk for AD offers full backup and 10-minute
restore, as well as advanced AD troubleshooting
capabilities. Download your FREE trial today!
Visit Aelita Software for more information.
  EDITORS CORNER

Your W2Knews Stays Free, But What Changes?

Thanks a lot for all your feedback on the recent SunPoll and the survey on how we can improve things. Very, very useful. And I also found I did not phrase the SunPoll correctly. What we are considering is ADD a second, paid version of W2Knews. That one would come with a whole series of extra features for which we'd hire a special technical editor. And that one would be 10 bucks a year. You will always still get the normal free W2Knews!

So, I'm going to redo the SunPoll, and if you would not mind, go back and answer it from this (new) perspective? You can vote here:
http://www.w2knews.com/rd/rd.cfm?id=020221ED-W2KnewsPlus

And the "How Are We Doing Survey" was revealing. Thanks so much for all the feedback you gave. I came to find that I also have not been clear enough about what is already there for you. For instance, we have years of our archives on the website, in a searchable format right here:
http://www.w2knews.com/rd/rd.cfm?id=020221ED-Archives

It turns out that quite a few of you do not know that Sunbelt Software (the "master sponsor" of this e-zine) also hosts a series of list servers that provide a community for several high interest areas. Here they are, and the topics describe exactly what they are about:

  • Active Directory Management Issues
  • NT on Alpha
  • Disaster Recovery
  • MS Exchange Management Issues
  • Firewalls
  • Home Automation
  • MAC on an NT LAN
  • MCSE Study Issues
  • NTSYSADMIN Issues
  • NTSYSADMIN Issues Espanol
  • NT Resellers List
  • NT Resumes
  • MS SQL Management Issues
  • Windows Security Issues
  • Windows XP Users
You can subscribe to them all over here. Make sure you read the list charter. Ground rules: ON TOPIC, NO NOISE and FRIENDLY.
http://www.w2knews.com/rd/rd.cfm?id=020221ED-Community

Oh, and some people responded they do not appreciate the third party mailers that we sometimes send. These are companies that we screen for relevancy and want to sell something to you. We send it out for them and your email address never leaves our systems. But if you do not want these, you can go to your profile, update it and indicate you do not want these third party mailers. The link to your profile is at the bottom of each issue.

PS, We migrated to Active Directory last weekend. Every one can still log in, so far so good, [famous last words]. We'll do an in-depth write-up on this one about a week from now.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: ScriptLogic
SICK AND TIRED OF MESSING WITH LOGON SCRIPTS?
ScriptLogic solves your problem by delivering the config created for
each user wherever they log in. Security policies, drive mappings,
folder redirection, printers, Internet config, Microsoft Office paths,
and Outlook/Exchange mail profiles are automatically configured during
the logon process. Users can log in from any PC, running any Windows
32-bit OS, over any LAN, dial-up or VPN connection -- and instantly
have access to their unique desktop configuration. Check the new V4.0!
Visit ScriptLogic for more information.
  TECH BRIEFING

CISCO Releases Router Audit Tool & Benchmark

The Router Audit Tool checks security settings in the configurations of your Cisco IOS routers. It reports the problems it finds and gives each router an overall score. It also points you to the precise methods of fixing the problems. In other words it plays the role of a top flight router security expert.

The Benchmark is based on the US National Security Agency Router Security Configuration Guide, and provides the basis for the "best practice" configuration rules and defines a minimum security baseline for all routers running IOS 11 or 12. I will let you know when I have found more detail. It's a bit sketchy at the moment, they are only just introducing it. Stay tuned!

  NT/2000 RELATED NEWS

Security Baseline Checklists

There is a page on the MS website that I'm not sure you are aware of. It's highly useful but they do not do a good job of promoting the fact that it is there. Sometimes even MS needs a hand. This TechNet page has all the free MS security tools, some of the screen savers, a whole bunch of security checklists, and security updates. Check out this page and bookmark it!

You can use these checklists in a multitude of situations, like as a starting point of discussions with clients during security audits.
http://www.w2knews.com/rd/rd.cfm?id=020221RN-SecBaseline

Other Useful Technical Sites

Out of the "How Are We Doing" survey came some other very useful info as well. These were the most popular other technical sites apart from Microsoft MSDN/Technet and Sunbelt. High on the list were:

  • ZDNET: 50%
  • CNet: 44%
  • TechRepublic: 40%
  • Brainbuzz/Cramsession: 25%
  • PCworld: 19%
  • SearchWin2000: 17%
And Rory Canavan from Compaq sent me the following remark: "Further to your guide on SNMP, I have come across this site in the Oracle help files. It really did provide an excellent (and readable!) overview of SNMP. All the best, and keep up the good work!" You need to register for this site to get in, but it's free.
http://www.w2knews.com/rd/rd.cfm?id=020221RN-technetOracle
  THIRD PARTY NEWS

Security, Management & FREE User Migration. Interested?

Solve multiple Administrative headaches with one silver bullet: Trusted Enterprise Manager.

Task Automation - Are you spending time performing trivial administrative tasks, rather than focusing on larger issues?

Permissions Delegation - A significant management and security issue faced by any enterprise is too many under trained folks with Administrative or Operator access to your network. Replacing Admin and Operator access with limited delegated roles will increase security and reduce costly mishaps.

Comprehensive Auditing - Once you delegate permissions, do you know what the delegates are really up to? Are users being mysteriously deleted or accounts locked? Don't waste time investigating - check your audit trail and have the answer.

Integrate NT/2000/Exchange/TS User Admin - Don't waste precious time toggling between these screens just to change user attributes or trying to manage a mixed mode environment.

Comprehensive Reporting - Instantly generate detailed reports of true last login statistics, passwords set to never expire, or any user attribute and then apply mass updates with a mouse click in Admin by Report.

The developers of Trusted Enterprise Manager are about to release a major revision of this enterprise-level application - including an NT to W2K drag and drop user migration utility. It's a great way to manage, secure and migrate your user environment.

Buy Trusted Enterprise Manager now before the pricing increases and get your UPGRADE AND USER MIGRATION TOOLS FREE.

Follow this link:
http://www.w2knews.com/rd/rd.cfm?id=020221TP-Trusted_Enterprise_Mgr

ScriptLogic 4.0 RC-2 is now available!

ScriptLogic gets you a centralized "hands-off" approach to the administration of your NT/W2K domains. No more repeated trips to desktop, maintaining multiple batch files, learning scripting languages, repairing corrupt roaming profiles, and maintaining complex group policies. V4 is more than 200% faster than previous versions. ScriptLogic Release Candidate Version 4.0-2a is available for public beta testing. Some exciting new features include:

  • Enhanced 4-part Validation Logic (Class: Desktop, Portable, Term Serv Client, Server or Domain Controller) (OS: 95, 98, Me, NT4, 2000 and XP) (Type: added Primary Group and 5 new Terminal Server specific options to list of choices).
  • New RunAdmin service (acquired from the Quimeras Company) will allow you to execute any application as a local administrator.
  • New multi-threaded Service Manager applet.
  • New multiple profile support (Enterprise Edition only).
  • New Alert Management System.
  • New INI File manipulation tab.
  • Enhanced cycle logic for Application Launcher and Message Boxes. You now have the option of launching applications only once per computer and/or user.
  • New Logoff Scripting (via the Application Launcher).
  • Ability to define different mail profiles (list-based) using Validation Logic.
  • Added support for Active Directory Universal and Nested groups.
  • Full support for Microsoft Windows XP and Office XP.
  • New ScriptLogic API to streamline custom scripting and software deployments.
Oh, and let's not forget that it executes about 200-300% faster when your clients logon...

Beyond Anti-Virus Software:
With all the ploy-morphing VBS virus strains these days, one of them is sure to make it through your anti-virus scanner. This ScriptLogic custom script can be your last-line-of-defense by disassociating common extensions from Windows Script Host. End result: attempting to double-click a virus opens it safely with notepad! We've developed a comprehensive custom script which you can simply plug-in. C1030 (AntiVirus.kix).

"Root mapping" user home directories:
Need help understanding how to "root map" a drive letter to each user's home directory? KB Article S1042 explains the complete process in detail. It's easy -- when you combine ScriptLogic with AutoShare!

Sunbelt does not provide technical support for this Release Candidate, and we do not recommend you put it in production until a full-blown final version gets released in a few weeks, but you should have a look at this new powerful V4.
http://www.w2knews.com/rd/rd.cfm?id=020221TP-ScriptLogic

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • Do not get enough Spam? Here is an unlimited spam generator with the best specimens. [grin]
    http://www.w2knews.com/rd/rd.cfm?id=020221FA-MoreSpam
  • Need to keep an eye on users? Here is the ultimate SuperSnoop software.
    http://www.w2knews.com/rd/rd.cfm?id=020221FA-SuperSnoop
  • For a moment, you think it's real. And then you see this is a (good) spoof.
    http://www.w2knews.com/rd/rd.cfm?id=020221FA-WhiteHouseSpoof
  • Handy with hardware? Here is how to watercool your XBOX. Really.
    http://www.w2knews.com/rd/rd.cfm?id=020221FA-WaterCooledXBOX
  •   PRODUCT OF THE WEEK

    Windows 2000 Admin Black Book - Second Edition

    I'm one of the authors of this one. The topics covered are: MS W2K, explained mostly in a series of procedures, for installing, configuring, and managing the operating system for a medium-to-large organization; how to perform key work in disk management, Active Directory setup, Registry management, and print services provision; migration from NT 4.0 to W2K, IntelliMirror, and the Microsoft Management Console (MMC).

    Windows 2000 Systems Administrator's Black Book is a must-have reference for system administrators and IS professionals who install, configure, and support workstations and servers on Windows 2000 networks, and who require a detailed guide to Windows 2000 security, start-up and shut-down, disk and file systems management, networking, Internet Information Server, and the Active Directory. Windows 2000 Systems Administrator's Black Book provides details of the upgrade process from Windows NT 4.0. Amazon has a special at the moment, where they offer this one together with an Active Directory one for a special low price. Recommended! Link to Amazon:
    http://www.w2knews.com/rd/rd.cfm?id=020218BW-W2KBlackbook2E