- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Feb 28, 2002 (Vol. 7, #17 - Issue #348)
We Migrated To W2K Active Directory
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Media Player Tracking Redux
    • "How Are We Doing" Survey Winners
    • New SunPoll: Security Training
  2. TECH BRIEFING
    • Want To See Something Scary?
    • System Administrator Sentenced To Federal Prison
  3. NT/2000 RELATED NEWS
  4. NT/2000 THIRD PARTY NEWS
    • Sunbelt Remote Admin Now Available OnLine for just $35
    • Automate Hotfix Management: IIS, SQL, E2K, IE, NT, W2K, WXP
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Configuring ISA Server 2000
  SPONSOR: St. Bernard Software, maker of iPrism
WEB FILTERING MADE EASY WITH IPRISM
Your company's decided it's time for Web filtering. But deploying server
or client software on a network is yet another headache for IT. With
iPrism, the PC MAGAZINE EDITOR'S CHOICE, server setup and software
installation and ongoing maintenance issues vanish. This filtering appliance
solution helps eliminate hassles versus adding to them - and for less money
than add-on software solutions.
Visit St. Bernard Software, maker of iPrism for more information.
  EDITORS CORNER

Media Player Tracking Redux

Well over a hundred people sent me solutions to the tracking issue. Thanks very much all of you. The variety of different ways to get rid of this log was surprising! Mike George was the first one with this solution.

"On my computer, the WMP database is stored at: C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db. The file is identifed in its header as a MSISAM Database.

I removed it two different ways. First, I renamed it by changing the filename. When I played a song with WMP, it just created the file again. Next, I deleted it. When I played a song, WMP just created the file again. This link from the Microsoft Knowlege Base discusses how to update this file (that they call the library). The same idea could be used to delete it."
http://www.w2knews.com/rd/rd.cfm?id=020228ED-MSKB

Other people recommended commercial products like Window Washer which has a plug-in that will get rid of the file. And Windows XP has an option to turn off the "feature": Tools, Options, and uncheck: Allow Internet sites to uniquely identify your player".

Then there is the registry that you can empty out. The entries are here:
HKEY_USERS\user guid\software\microsoft\windows\current version\explorer\comdlg32\opensavemru\wmv*
and
HKEY_CURRENT_USER\software\microsoft\media player\player\recent file list
(There may even be more)

And here is some more interesting (in depth) data. According to an inside source at Microsoft, they are recording how many times a certain DVD or CD is played through Windows media. He stated that they were NOT recording usage statistics by user even though they have the ability to link the WMP User ID into Passport and hence to an email address. They have all the ingredients to build a specific marketing campaign tailored to you based upon what you've viewed in the past but say the data is firewalled and they do not use it. We'll have to trust their baby blue eyes I guess. [grin]

When a CD or DVD is played, WMP queries windowsmedia.com for the unique manufacturer serial number encoded on the media. It then writes an entry to the file wmplibrary_v_0_12.db. Here is the nitty gritty:
http://www.w2knews.com/rd/rd.cfm?id=020228ED-nittygritty

And here is even more about this and MS's most recent comments:
http://www.w2knews.com/rd/rd.cfm?id=020228ED-EvenMore

"How Are We Doing" Survey Winners

Here they are, these 10 people get either a 50 dollar Amazon Cert or an XBOX game. Thanks all for participating!

  1. Chuck Silver at ssa.gov
  2. Dane Slinkard at Agilent.com
  3. Dale Schofield at Calgaryhealthregion.ca
  4. Donald Pijpstra at sca.com
  5. Fabio Faletto at HP.com
  6. Glen Dodson at uhc.com
  7. Jim Hill at nfinity.com
  8. Kari Brown at EDS.com
  9. Nick Bentley at lfs.co.uk
  10. Paul Ross at icanz.co.nz

New SunPoll: Security Training

Q: Have you had any formal security training, like classroom, bootcamp or online Certification study?

  • Nope, not interested either.
  • Not yet, but I'd like to.
  • Seriously looking but time/money are a problem.
  • Yes, I have my first certification on the wall!
Vote here: Leftmost column
http://www.w2knews.com/rd/rd.cfm?id=020228ED-NewSunPoll

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: SecureIIS
Thought A FireWall Would Protect Your Webserver?
Think again. In order to have your web server actually serving the
web you must punch holes in your firewall. That means your firewall
does not provide protection for your web server. Time to check out
SecureIIS. This is an application firewall that really protects your
IIS web server, even against whole classes of attacks. Prevent getting
hit with the next Nimda or Code Red.
Visit SecureIIS for more information.
  TECH BRIEFING

Want To See Something Scary?

I thought you might be interested in trying this and then see your hair stand out. When I tried it just now (Wednesday Feb 27, 11am) it still worked. It's real too, yikes. This web page opens up a DOS box on your computer. Someone really interested in destruction would be able to wreak havoc on everyone visiting them. Or, cracked sites might be equipped with this doozy on their home page and all their visitors just beheaded. I'm not sure how you could protect your users against this kind of attack. Suggestions anyone?
http://www.w2knews.com/rd/rd.cfm?id=020228TB-Scary

System Administrator Sentenced To Federal Prison

Tim Lloyd, a former Systems Administrator, was sentenced to 41 months in federal jail and ordered to pay more than $2 million in restitution for a 1996 attack on his former employer's computer network. He must surrender May 6.

What did he do? Plant a software time bomb in a central file server. His malware destroyed the programs that ran the company's manufacturing machines, costing them more than $10 million in losses and $2 million in reprogramming costs and eventually leading to 80 layoffs. The Lloyd case was the first federal criminal prosecution of computer sabotage.

Lesson learned? Have the procedures and policies in place that really spot disaffected employees, and handle them before they become a liability. See the story on ComputerWorld below.
http://www.w2knews.com/rd/rd.cfm?id=020228TB-AdminJail

  NT/2000 RELATED NEWS

We Migrated To W2K Active Directory

Well, we finally did it. This is our journey to Active Directory. The article was written by Greg Kras, our Tech Wiz, and hacked around by yours truly.

"For a year or so we have been threatening to upgrade Sunbelt's internal network to an Active Directory but never had the resources to make it happen. Finally a month ago we discovered that we actually had time to plan such and upgrade and beg for the funds needed... and so we began our journey.

We feared that upgrading a single domain to AD would be a chore but after much research on Microsoft's site it became apparent that it did not have to be. The first process would be some extensive testing in our test lab. We built a new BDC for our production network and synced him up to the domain. We then pulled him off the production network and moved him to a test network where we promoted him to a PDC. We built up an Exchange server, a SQL server, a BDC/fileserver, and 5 workstations which we joined to the copy of our production domain. This gave us an effective microcosm of our real environment that was ours to destroy as needed.

Using Microsoft's document titled "Upgrading a Windows NT Domain to Windows 2000 Active Directory" we took the plunge and upgraded the test PDC to W2K. We also pulled the BDC off the network so that we would have a backup of the SAM in the event things went horribly awry.

After going through the typical upgrade procedure of W2K it got to the wizard which prompted our way through making a new Domain in a new Forest. It prompted to install DNS which we let it do during the setup procedure. It then cranked its way through a DCPROMO and finished about 30 minutes later. DNS didn't seem to be working very well and we realized that the machine wasn't set to use itself as a DNS server, can't register with DNS if you have the wrong name server specified. Amazingly everything else seemed to be fine, we inspected every account, every group, each mailbox, user shares, etc... nothing appeared to be out of place.

So far, so good. However, we really didn't want to have a production server operating an upgrade to W2K server. As one of our techs commented, "That's just dirty". So we built up another machine to be a domain controller in the test network. Simple procedure, just install W2K, make it a domain controller, install DNS. Cool, now we have two domain controllers. Now lets move the Global Catalog to the new server... Surprise, the second item in Windows help is "Global Catalog" and near the bottom is a link on how to move the GC using Active Directory Sites and Services. At this point all the techs involved started to feel that we were in some sort of a Twilight Zone as *nothing* ever goes this well. Over the next 2 weeks we did the same process 3 more times with similar results, no problems.

During all the testing we managed to get budgeted for 2 new Dell 2550's to become our AD controllers, score! That was an interesting project in and of itself, perhaps I'll write an article titled "Asking Multiple Times Per Day For Several Days Really Works!" in the future ;) [Editor's comment: I was at the receiving end of this. If you want to keep your job, do not try this at the office ;-) ]

We now had all the testing, experience and equipment needed to do the upgrade. We built our snazzy new servers up as W2K Servers and just left them as member servers for the time being. Since our existing PDC and BDC's were rather antiquated we built a new BDC so that the upgrade to W2K would go quickly. After the new BDC was online we turned the DC's off and promoted it to the PDC.

We set this server to use itself for DNS before the upgrade to W2K so that the machine would register properly with DNS after the install. Bang bang bang, we upgraded it to W2K and everything seemed to work fine. We tested with various workstations and servers to make sure. Next we then grabbed the servers that we had built earlier and ran DCPROMO on them to make them DC's in the domain, no problems there either.

Moved the GC off of the upgraded server onto one of the clean servers and then unplugged the upgraded server from the network... now we had problems. The clients couldn't authenticate any more and DNS wasn't getting updated. Looking over the event logs it became clear that we hadn't waited long enough after moving the GC to unplug the original server. We plugged him back in and everything came back to life. Ok, simple enough, the Chinese food we had ordered had just got in so we took a lunch break.

After we finished we looked into Sites and Services to verify that the GC had in fact moved over to the new server and that the other servers also agreed that this was the case. Lastly we ran DCPROMO on the machine that we had upgraded and made him a standard member server with no further role in the AD.

After about a week of watching everything like a hawk we found a few items in the event log that needed to be addressed. The machine that we had originally upgraded to W2K was listed as the licensing server in Site and Services even though we had removed it from the AD using DCPROMO. Simple enough, we modified the record to point to one of the other servers and that handled that.

We had a few rogue workstations that had at some point been hard coded to some arbitrary DNS servers, we noticed them as they hadn't been registered in DNS. And the last problem that really caught us off guard was that our Terminal Server stopped allowing connections. After doing some research we found that if you license a Terminal Server on an NT4 domain and make the Terminal Server itself the Terminal Server Licensing it will not work after upgrading to AD.

Per the data we got from Microsoft you need to have the Terminal Server Licensing on one of the AD controllers. We did this and the Terminal Server started working once again. It's now been two weeks and things are running like a top with the AD. In retrospect, this was one of the smoothest upgrades I've seen. Now we are working on our Exchange 2000 migration and you should be reading about that in the next few weeks :)

Greg Kras MCP+I MCSE
Sunbelt Software Technical Services Manager

  THIRD PARTY NEWS

Sunbelt Remote Admin Now Available OnLine for just $35

This is one of the Top 10 Best Selling Tools on our Site. You can now get the $35 single license (Client and Server) via our online shop. No more talking to a Rep or sending PO's. Nobody has the time for that when it gets so cheap! Radmin was recently dubbed by an end-user as a "pcAnywhere killer", you should really check the Site- and Company licenses, you will be amazed at the low price, the excellent speed and the quality of this tool that was made-by-and-for System Admins.
http://www.w2knews.com/rd/rd.cfm?id=020228TP-RadminOnline

Automate Hotfix Management: IIS, SQL, E2K, IE, NT, W2K, WXP

Been hit by viruses lately? Need to keep IIS up to snuff? The new version 5.1 of UpdateExpert adds a tremendous amount of value to overworked and underpaid system- and security administrators. Just ask yourself if any of these statements apply to you:

"Microsoft just released the latest security hotfixes for IIS and W2K but unfortunately...

  • I don't have time to write scripts and test them.
  • I'm too busy cleaning up after the recent virus I got hit with.
  • I need to know if the hotfix installations I deployed last month are still valid.
  • Since Microsoft's updates are not regular, I am forced to reprioritize my day, as well as figure out which ones apply to my machines.
  • I need to define what hotfixes are required and detect what machines conform to my policies".
UpdateEXPERT solves these and many more problems. Here are the new features in Version 5.1. UpdateEXPERT now supports Windows XP and the following Microsoft apps:
  • IIS
  • SQL Server
  • Exchange Server
  • Internet Explorer
  • Media Player
  • Windows Media Services
  • NetMeeting
  • Office (Summer 2001)
  • Outlook (Summer 2001)
In addition to installing the updates, UpdateEXPERT will ensure that the update is correctly installed. This validation can be performed at any time and as part of the deployment process. You can designate updates as required. This enables you to manage hotfixes by policy, something that is regarded as the holy grail but just wasn't available up to now.

You can simply define what updates are required with a click of the mouse. The sum of required updates equals the user's policies. Policies are used for many configuration parameters. Security and staging are just a couple of policy factors.

You can run reports to verify your policy adherence. This report makes it easy to see how your inventory matches up against what updates are required. Policy management is enforced by defining policy (with required Updates) and managing by exception those machines that are incomplete. Note on the Eval you can download: This version of UpdateEXPERT will allow you to evaluate 5 machines for 15 days.
http://www.w2knews.com/rd/rd.cfm?id=020228TP-UpdateExpert

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • Brand new personal vehicle. Drives like a trike, but banks like a bike!
    http://www.w2knews.com/rd/rd.cfm?id=020228FA-Carver
  • How to use NTLDR to boot Windows NT, Windows 95, Linux and old versions of DOS using NTLDR.
    http://www.w2knews.com/rd/rd.cfm?id=020228FA-NTLDRHack
  • Tired of those motivational posters? Here's welcome relief. This site is a riot. I laughed my @$$ off, but of course that might be my twisted humor:
    http://www.w2knews.com/rd/rd.cfm?id=020228FA-Despair
  • A very good tutorial how a Distributed Denial Of Service attack works
    http://www.w2knews.com/rd/rd.cfm?id=020228FA-DDOS
  •   PRODUCT OF THE WEEK

    Configuring ISA Server 2000

    If you are into building firewalls for W2K, this is a MUST-Have book. This time, instead of a short dry description, one of the Amazon.com Reader Reviews from May 17, 2001. Reviewer: James Glenn from Phoenix: "One of the best computer books I've read. I bought this book after having read the Shinders Windows 2000 TCP/IP book, and also several of their MCSE study guides, and I'm very glad I did. Anyone who has worked at all with ISA Server knows just how complex it really is. This book will make you truly understand all of these complexities".
    http://www.w2knews.com/rd/rd.cfm?id=020225BW-ISAServer