- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 17, 2003 (Vol. 8, #11 - Issue #417)
MCSE Mutiny!
  This issue of W2Knews™ contains:
    • MCSE Mutiny!
    • New AD Tool: Directory Inspector
    • WormWatch: Deloder Worm Threatens DDos Attack
    • Experts' Top Five: AD Migration Tips
    • New Variant Of Code Red In The Wild
    • Very Useful Windows Glossary
    • Data Security Survey: How are you doing?
    • Survey Results: W2K3, WinXP and Active Directory Deployment
    • MS Server License Changes Could Save You Money
    • Windows Gurus Teach Internals Class in Washington
    • I'm A Contrarian. I Want To Get MCSE Certified
    • New AD Tool: Directory Inspector
    • eEye Announces Availability of Retina Remote Manager
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Hacking Exposed - Fourth Edition (with live DVD)
  SPONSOR: Directory Inspector
Finally got Active Directory rolled out (or plan to this year)?
And now you are stuck with having to keep it secure and pass the
audits? Need to analyze and report on AD but lack the tool to do
it? Do not have the utility that enables you to get insight in your
AD data in a uniform, homogeneous manner? Sunbelt's Directory
Inspector is a brand new, wizard-based tool that provides you
with a suite of analyzers addressing structure, security and
integrity. Directory Inspector is a crucial element of keeping
your directories secure. Get your evaluation copy here:
Visit Directory Inspector for more information.

MCSE Mutiny!

Almost two thousand people answered our SunPoll last week. And dang, a whopping 50%+ is not going to renew their MCSE! Another 25% is on the fence, leaving only less than 25% to renew. This is shocking news. Looks like MS needs to make some definite changes in their program or else lose well over half of their certified people. Here are the percentages from the recent SunPoll:

Question: Are you going to upgrade your MCSE to W2K3?

  • Sure thing, I need to stay up to date and the company pays: 11.67%
  • Heck yes, even if I have to shell out the dollars myself: 9.25%
  • Not so sure anymore... But I'll keep learning on my own: 25.4%
  • Not likely, no time and money plus the returns are not there: 21.74%
  • No Way! Seems like certification has become an MS profit center: 31.91%
That spells trouble for Redmond. Remember, you heard it here first!

And here is your next SunPoll:

Q: Does your organization have an active business continuity or disaster recovery program in place?

  • Yes
  • No, but we are currently implementing one
  • No, but we will have within the next 12 months
  • No, and it will be more than 1 year before we do
  • No, and we have no plans for one
Vote here. Leftmost column:
Also participate in our Data Security Survey. See Tech Briefing below.

New AD Tool: Directory Inspector

Sunbelt is excited to announce a new AD tool: Directory Inspector. Read the announcement in the Third Party News Section. And remember, Sunbelt sponsors a forum where you can discuss AD-related issues with hundreds of colleagues. Read the charter and subscribe here:

PS, we'll report in next week's issue on Microsoft's Management Summit that will start in Vegas coming Monday. They'll announce that SMS and MOM will be merged, together with other tools for Windows manageability.

Quote Of The Day:
Numbers are like people; torture them enough and they'll tell you anything... but don't be surprised if they tell you only what you wanted to hear.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: iHatePopups
Sick and Tired of Irritating Advertising Popups?
Hate being "spammed" like that? Need something to kill Popups?
Fight back with iHatePopups. Fast, easy protection from annoying
popup advertising. Special Intro Price for W2Knews subscribers:
only $9.95. iHatePopups blocks a wide range of annoying popup
advertising. Let's face it - popup windows can make surfing the
net an act of pure frustration. iHatePopups is an unobtrusive
and elegant utility. Buy your copy right away. Click below!
Visit iHatePopups for more information.

WormWatch: Deloder Worm Threatens DDos Attack

The Deloder worm threatens a massive DDos attack. This worm uses the VNC remote control freeware to make machines into zombies: ugly. This particular critter is similar to previous worms on TCP445 and spreads via network shares. Your corporate environment should be protected because you do not allow untrusted connections into your network. But, there are some scenarios where this could happen after all:

A: Laptops connected to unprotected Internet hookups when out of your sanitized corporate environment, (home or business trips) and then brought back into the office.

B: (and worse) boxes that use VPN connections into your corporate LAN network but are not properly protected from the Net. Make sure these machines have protection, as in up-to-date AV signatures and Personal Firewalls. You could also envision tools like PestPatrol that scan for nonviral malware. More at these links:



Experts' Top Five: AD Migration Tips

Patience and humility, always good qualities, are a must when it comes to AD, which is notoriously unforgiving, the experts say. In this story at TechTarget, they provide AD tips that are bound to save you time and aspirin. Click here for the full tip:

New Variant Of Code Red In The Wild

It uses the same method to infect servers as the original Code Red (i d q.d l l). However, expect to start seeing an increase in the well known code red signatures, many machines are still unprotected. You are protected if you have done any of the following:

  • Applying SP3 or MS01-044 to Windows 2000
  • Applying the post SP6a security rollup to NT4
  • Block any request for .i d q, .i d a , and .h t w
  • Removing the application mappings routing requests i d q.d l l, but remember that prior to SP3, applying a Service Pack to W2K would reinstall the .i d q application mappings, ouch. Check the MS KB Number Q308268 for this.
If you are running the UpdateEXPERT patch management tool, verify that you have installed the MS01-033 patch (first added to UpdateEXPERT in June 2001).

If your systems aren't updated with critical security patches, they are vulnerable to the next security exploit. You can 'harden' your systems with UpdateEXPERT. This is a patch remediation tool featuring an exclusive patch database that has been tested for deployment interdependencies. Remember, security is a process.

UpdateEXPERT scans networks for missing hotfixes, and fixes the discovered weaknesses. Supports Windows NT4/2000/XP, SQL Server, Exchange Server, IE, Outlook and other critical apps. It scans, validates, and installs updates remotely without a required client agent. No charge 15-day live trial and Whitepaper at:

While CodeRed.F has yet to cause major damage, the new variant bypasses firewalls and signature-based IDS due to the code variation. There are two products available from eEye which enable you to detect and protect against CodeRed.F. eEye's award-winning network vulnerability scanner, Retina, will scan your entire network and identify weaknesses so you can be sure your organization is not at risk for CodeRed.F and other vulnerabilities that can be exploited by intruders.

To protect your Microsoft IIS web servers, eEye offers SecureIIS, the world's first application designed to specifically protect Microsoft IIS and provide comprehensive protection against both known and unknown attacks -- including CodeRed.F and future variants. Both products are available for trial download from Sunbelt software:

Retina Network Security Scanner:

SecureIIS Web Server Protection:

Very Useful Windows Glossary

There are so many Window acronyms and terms and so little time to figure them all out. SearchWin2000.com has gathered and defined some of the industry's top used acronyms and terms to help you stay abreast of the older and upcoming lingo out there. If you're puzzled by a term not seen there, you can email them at [email protected] and they'll add your definition to the list:

Data Security Survey: How are you doing?

It's getting more and more important: Data Security. That is why Sunbelt Software and NSI Software (developer of Double-Take) have a few very interesting questions we'd like you to answer. We'll report next week how you are doing compared to your peers! If you'd like to know how your peers are coping with questions like these, fill out the survey!

  • How often are you asked to restore files that users have deleted or become corrupt?
  • Is your backup window shrinking?
  • Have you had any difficulty in the past implementing a remote replication solution for your data storage?
  • Does the amount of your current bandwidth prevent you from implementing a remote storage replication solution?
It's going to take less than 5 minutes:

Survey Results: W2K3, WinXP and Active Directory Deployment

As promised, here's the Executive Summary of the survey results.

Thanks to all of the 1,000 of you who responded to the two surveys in last week's issue that we conducted with the Yankee Group. The results are in and they show some very interesting buying and deployment trends.

It's hardly a mad dash. But after three years of relative inertia, a significant portion MS Windows and Office corporate enterprises appear poised for major migrations to the newest Microsoft platforms within the next 12 to 18 months. Those are the results of the latest independent joint Yankee Group/Sunbelt Software poll of one thousand IT Administrators worldwide.

The most compelling factors spurring the upcoming wave of migrations are the need to get current for security and competitive business reasons and preparing the environment to support extranet and Web services applications.

Nearly 20% of the survey respondents indicated they would upgrade to Windows Server 2003 within the first 12 months of shipment and another 26% said they would upgrade to Office 11 aka Office 2003 within the first year of shipment. And nearly 18 months after it first shipped, businesses finally appear ready to embrace the WinXP client operating system. Close to two-thirds of those polled -- 63% -- said they'd switch to Windows XP within the next 12 months.

These figures pale in comparison to the stampede that ensued -- literally -- when Windows 95 shipped eight years ago. But they are highly respectable when viewed in the context of the current economic slump that has caused IT departments to cut staff and budget to the bone.

The mood among corporate enterprises remains cautious and pragmatic owing to this prolonged downturn. Hence, businesses need to construct a business case to justify any migration. Additionally, the IT admins surveyed indicated that their top concerns remain a lack of capital expenditure budget for new equipment and migrations; network security; under-staffing in their IT departments and migration issues associated with moving to the forthcoming Microsoft Windows Server 2003, Active Directory and Office 2003 platforms.

Among the other survey highlights:

  • Some 59% of respondents indicated they will use Active Directory
  • Approximately one-third -- 34% -- of those polled currently have no plans to migrate to Windows XP
  • Nearly four percent of the IT managers said their firms will switch their enterprise desktop environment from Windows to Linux
  • To date, approximately 28% of organizations have upgraded to the Microsoft Licensing 6.0 plan
  • Only 19% of businesses presently have definitive Web Services migration plans
  • The administrative areas of greatest concern are a lack of IT budget for new software and equipment purchases; network security; the under-staffing of the IT department and tactical migration issues to next generation Windows, Office and Active Directory
-- Laura DiDio, Senior Analyst, The Yankee Group.

MS Server License Changes Could Save You Money

The Analystview site has a good short article about the changes to MS's per-processor server licensing model. It could significantly reduce licensing costs. But Microsoft will give no refunds, and the new model will not cover everyone.

On 6 March 2003, Microsoft announced that on 1 April 2003 it would change its per-processor licensing model to accommodate the physical and logical partitioning of multiprocessor servers.

First Take: Microsoft's move could save enterprises money if they use partitioning to segregate different applications running on the same multiprocessor server. Previously, some Microsoft customers complained about having to license all CPUs on a multiprocessor server even though not all of them access the software. This situation arose especially with enterprises consolidating several single- or dual-processor servers onto one larger server containing up to 32 CPU's as a way to control hardware and systems management support costs. More at:

Windows Gurus Teach Internals Class in Washington

David Solomon and Mark Russinovich, authors of "Inside Windows 2000, 3rd edition", will be teaching a public offering of their 3-day Windows Internals and Advanced Troubleshooting class in Bellevue April 21-23. The course covers the Windows 2000/XP/Server 2003 kernel architecture, as well as the internals of processes, thread scheduling, memory management, cache manager, registry, security, the I/O system, startup and shutdown, and basic crash dump analysis. Can't attend the class? Check out the Internals video that Microsoft licensed for their internal training - see:

For complete details or to register online, visit:

I'm A Contrarian. I Want To Get MCSE Certified

We were sent the following question: "Can you tell me the replacement exam and study for the old networking essentials exam and workstation 4 exam?" Our MCSE Guru Ed Tittel answered as follows:

Dear Robert:

There really is no direct analog for the old Networking Essentials exam (70-058). However, the workstation 4 exam (70-073, I think) is replaced by either 70-210 Windows 2000 Professional or 70-270 Windows XP Professional.

Because the Windows Server 2003 exams aren't going to be out until summer and fall, I'll describe the exams for the Windows 2000 MCSE here (and provide a link to information about the newer MCSE program as well). Most experts, including myself, recommend that you tackle the MCSE for Windows 2000 Exams in the following order:

  1. Windows Desktop Core Exam
    Take either 70-210 or 70-270 to begin with
  2. Windows 2000 Server Core Exams
    Take the following exams in numerical order:
    70-215: Windows 2000 Server
    70-216: Windows 2000 Network Infrastructure
    70-217: Windows 2000 Directory Services
  3. Choose and take your electives:
    You must pick any 2 of the electives described in the Windows 2000 MCSE requirements online at:
    Of those exams, 70-218 Managing a Win2K Network Environment will let you get an MCSA along the way to getting your MCSE, and 70-227 ISA Server is also a very popular option.
  4. Take your design core exam, which means taking one of the following, (listed in order of popularity):
    70-219: Designing a Win2K Directory Services Infrastructure
    70-221: Designing a Win2K Network Infrastructure
    70-220: Designing Security for a Win2K Network
    70-226: Designing Highly Available Web Solutions with Win2K Server Technologies

    Of these exams, hardly anybody takes 70-226, but you should feel free to go after any of the first 3. For a preview of upcoming Windows Server 2003 MCSE requirements and exams, please visit:


New AD Tool: Directory Inspector

Need to analyze and report on AD but lack the tool to do it? Do not have the utility that enables you to get insight in your AD data in a uniform, homogeneous manner?

Well, here is your solution.

Sunbelt's Directory Inspector is a brand new, wizard-based tool that provides you with a suite of analyzers addressing topics such as directory structure, security and integrity, and standards and policy compliance. Perfect for use in an AD-only environment, and even more useful when you run multiple directories. Directory Inspector is a crucial element of keeping your directories secure. It helps uncover weaknesses in your users' security settings, standards and corporate policy non-compliance.

Here are just a few examples:

  • Identify user accounts that are no longer in use
  • Ad hoc query tool to generate reports on filtered directory objects
  • Easy Templates to report on objects, memberships, access control, etc.
  • Identify user accounts with insecure logon property values
  • Much, much more.
And Directory Inspector is unique in that it not only works great for Microsoft Active Directory, it has support for ALL the major industry standard directories: IBM, Microsoft, Netscape, Novell and LDAP. We've got a good PDF reviewer's guide on the page as well.

The Security of your Directory really is crucial. Better start with this early. The cost for this tool is super low. Check it out at:

eEye Announces Availability of Retina Remote Manager

eEye Digital Security announces the immediate availability of Retina Remote Manager to enable centralized, trustworthy access to its Retina vulnerability assessment scanners. As leaders in vulnerability assessment technology, eEye developed a remote management software product to augment the usage of its scanners and to provide Retina users with an intuitive web-based interface and concurrent user access.

With Retina Remote Manager, administrators can establish a secure scanning station inside or outside the perimeter of the network to conduct vulnerability assessment tests. Administrators are able to log in via the secured HTTPS interface and schedule perimeter scans to run as often as needed. In an enterprise setting with multiple scanners, Retina Remote Manager serves as the secure data transfer catalyst for eEye's comprehensive Enterprise Vulnerability Assessment solution:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • The Ultimate Karaoke Challenge!

  • http://www.w2knews.com/rd/rd.cfm?id=030317FA-Karaoke
  • Afraid of heights? This will make you ill!

  • http://www.w2knews.com/rd/rd.cfm?id=030317FA-Empire_State
  • The latest. Internet psychic [grin]:

  • http://www.w2knews.com/rd/rd.cfm?id=030317FA-Internet_Psychic
  • Need a free tool to check your software compliance?

  • http://www.w2knews.com/rd/rd.cfm?id=030317FA-Compliance
  • Sick and Tired of Irritating Advertising Popups? W2Knews $9.95 offer:

  • http://www.w2knews.com/rd/rd.cfm?id=030317FA-iHatePopups
  • Here's a collection of computer humor directly from Microsoft KB:

  • http://www.w2knews.com/rd/rd.cfm?id=030317FA-Humor
  • Xbox Hacking continues. The Neo Project presents 'Operation Project X' software, similar to [email protected], with distributed computing. Juicy detail, the cracking code is written in MS.NET:

  • http://www.w2knews.com/rd/rd.cfm?id=030317FA-XBOX_Hacking
  • Time to Refer a Friend to W2Knews and Win great prizes!

  • http://www.w2knews.com/login.cfm?id=$memberid

    Hacking Exposed - Fourth Edition (with live DVD)

    A lot of computer-security textbooks approach the subject from a defensive point of view. "Do this, and probably you'll survive a particular kind of attack," they say. In refreshing contrast, Hacking Exposed, Second Edition talks about security from an offensive angle. A Jane's-like catalog of the weaponry that black-hat hackers use is laid out in full. Readers see what programs are out there, get a rundown on what the programs can do, and benefit from detailed explanations of concepts (such as wardialing and rootkits) that most system administrators kind of understand, but perhaps not in detail. The book also walks through how to use the more powerful and popular hacker software, including L0phtCrack. This new edition has been updated extensively, largely with the results of "honeypot" exercises (in which attacks on sacrificial machines are monitored) and Windows 2000 public security trials. There's a lot of new stuff on e-mail worms, distributed denial-of-service (DDoS) attacks, and attacks that involve routing protocols.