- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Apr 21, 2003 (Vol. 8, #16 - Issue #422)
W2K3 "Gotchas"
  This issue of W2Knews™ contains:
    • My New XP Book Is Out!
    • MS Exchange 2003 Gets Virus & Spam Filter API
    • Mark Minasi: 'Active Directory God'
    • MS Announces Windows Server 2003 Exam Dates
    • W2Knews Short Takes
    • MS Renames W2K3... Again?
    • W2K3 "Gotchas"
    • More On Novell And Linux
    • Does MS Deliver Security In W2K3?
    • What Are The Sunbelt Top 10 Bestsellers?
    • Results From Data Protection Survey
    • What Is New With Active Administrator?
    • "Why Is UpdateEXPERT Superior Over XML-based Tools?"
    • Businesses Responsible for Personal Data
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Stu's New Windows XP Book
FREE Active Directory Webcast Featuring Mark Minasi
Want to separate fact from fiction when it comes to managing
Active Directory in a Windows Server 2003 world? Tune in on May
6th to get the real-world expertise you need during NetIQ's free
webcast, "Managing Active Directory in a Windows Server 2003 World,"
featuring Windows guru Mark Minasi. Register now:
Visit NetIQ for more information.

My New XP Book Is Out!

Dang, there is a lot of news at the moment. First this though.

As you all know, I produced the Windows NT Power Toolkit, The Windows 2000 Power Toolkit and the plan was to create a third in the series called... you already guessed it. But Microsoft Press hijacked that title (grrr) and came out with their own book called the Windows XP Power Toolkit. We gave it some thought, decided to call my new one "The WinXP Power Pack", and we added for good measure the tagline: A great XP resource without the Microsoft Party Line. That serves them right. [grin]

This book was written for power users and corporate IT Pros. You'll get to know the specs of what is under the XP hood, how to squeeze maximum performance out of your XP Box, the XP internals in understandable language, and a lot of cool networking stuff. The book covers Windows XP Second Edition, which includes many new enhancements. It also includes a full licensed copy of AutoPilot for XP, a real-time performance tuner with a super-computer background. We are not selling it on the Sunbelt Online shop but we provide a link to Amazon.com instead. Here is the page for the book, with a full table of content and some sample chapters. Shameless plug: This book is warmly recommended! Get your copy now. Killer deal with the free full feature performance booster software included:

PS: Reminder: IT Survey: 3 prizes of $500 each

W2Knews subscribers are leading edge IT people, so you are invited to participate in an extremely sensitive and important research study. We cannot reveal publicly what the survey is about, except that it is very relevant and that while you fill it out, you will see what it is they are after. [grin] Please take part by clicking on the link below or pasting it into your browser:

Survey Eligibility:

Quotes of the Day:

  • Politics... Wise men talk because they have something to say.
    Fools talk because they have to say something." -- Plato
  • One-Liners... The severity of the itch is proportional to the reach.
  • Bumper Stickers... Driver carries no cash; HE IS MARRIED
Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])
  SPONSOR: Double-Take
New surveys show: Disaster Recovery and Security are #1 priority!
This means you have to have a tested plan and reliable tools in
place for the moment your site goes down. Double-Take is that tool.
Sold more than all other High-Availability tools combined. It is
even certified for W2K Datacenter. No other HA tool is. How it
works? "Server A goes down--Server B takes over". Get the eval
copy here, this is your ultimate job-security:
Visit Double-Take for more information.

MS Exchange 2003 Gets Virus & Spam Filter API

MS is adding new anti-virus and anti-spam features to the new Exchange Server 2003. They should do something about it, since the market is screaming bloody murder about spam. A Gartner report predicts that by 2004, 50% of all e-mail message traffic will be spam. That is highly unlikely, and 30% seems more realistic, but it is still a major headache, especially since spam seems to be promoting more and more vile p~orn, which will inevitably cause legal problems. Federal law prohibits a "hostile work environment".

MS has decided to only provide a 'bare bones' baseline anti-spam functionality, and not include a full feature spam solution in E2K3. More over, you need the combo of Exchange 2003 plus Outlook (Office) 2003 to make the baseline stuff work.

Redmond's policy is to open this area to their third party software partners which will provide enterprise-quality add-ons. So they created a new Virus and Spam Application Programming Interface: VSAPI. This allows blocking for both junk mail and viruses at the network perimeter.

VSAPI 2.5 is supposed to prevent infected e-mail from leaving an organization by scanning outgoing e-mail and deleting infected messages. Third parties can use this API for their applications. You can then add the best of these to your Exchange 2003 servers. MS plans to launch Exchange Server 2003 mid-year. MS press release:

Which brings us to the next SunPoll:

Which of the following best describes the ideal anti-spam capability you would ultimately like for your organization?

  • In-house server/gateway-based system only
  • Combination of in-house server gateway and desktop
  • Outsourced System
  • Desktop-based system only
  • Other
Vote here, leftmost column:

Mark Minasi: 'Active Directory God'

I just wanted you guys to be aware that Mark Minasi, the best-selling author in our Windows technical space is giving a web seminar about AD management. This is something you do not want to miss.

May 6 there is a WebCast sponsored by NetIQ called "Managing Active Directory in a Windows Server 2003 World" and you'll get Mark's own real-world expertise in his usual humorous style. I always describe him as the mix of a karate black belt and an MCSE on steroids. You can register here:

MS Announces Windows Server 2003 Exam Dates

Microsoft has announced hard release dates for eight of its upcoming Windows Server 2003 certification exams. The schedule was unveiled at the MCP TechMentor conference last week in New Orleans. According to product managers in the Microsoft certification program, the beta for six exams will be released in June, followed by public release of four exams in August. Full article at SearchWin2000:

W2Knews Short Takes

-- Microsoft reported good financials... again. Licensing 6.0 was the main reason for boosted profits. Server business jumped with 21%. -- Unisys's Windows-based Mainframes are going strong. There are now almost a 1000 of these monsters installed. -- Windows 2000 Service Pack 4 is in Beta now. Expect it late Fall. -- Systems Management Server 2003 hit the beta 2 phase, moving the management server further along the track for its planned September release. -- MS upset about a key for W2K3 running loose on the Net? Well they send these keys unencrypted to their customers. Just saw one of these emails myself. -- Dell is back On Top Of Worldwide PC Shipments. They rose 2.1% from the first quarter of 2002 to 34.6 million units, the third straight quarter of growth. --


MS Renames W2K3... Again?

Looks like Redmond has decided to move away from using 'years' in their products, and create Master Brand: "Windows Server System". Getting rid of any kind of numeric indication like 2003 seems to be smart if you think of the fact that any new versions of the NT kernel will be two to three years off. Can you imagine in 2006 you are still running Windows 2003? Positively ancient!

So, W2K3 seems not to be simply called Windows Server 2003. Looks like all of the new server stuff is going to be called the Windows Server System, for instance Exchange as well. It's a new positioning they are now going for, seemingly, since the whole .Net thing has been a complete disaster. Nobody understood what that really meant.

The Windows Server System name will now serve as the umbrella term for server-based Microsoft products including SQL Server, Exchange, BizTalk, Commerce Server, Content Management Server, Project, Host Integration Server, Real-Time Communications Server, Internet Security & Acceleration Server, Systems Management Server, Microsoft Operations Manager and Application Center.

And let's do some counting here. This is only the sixth time that its name was changed. The original code name was Whistler, next was Windows 2002 Server, then Windows .NET Server, then .NET Server 2003 and the latest name lasted 3 months and was Windows Server 2003. Dang. I'm getting dizzy.

W2K3 "Gotchas"

I was pretty positive about W2K3 (and still am), but there are a few things that you should know about the new code:

  1. IIS6 will only run on W2K3. MS admits that IIS5 was buggy, slow and full of security holes, but if you want to fix it, you HAVE to upgrade the whole OS, not just the app. Just like how IIS5 is unique to W2K, IIS6 is unique to W2k3. And yes IIS6 is by far the best version of IIS that has been released yet.
  2. Exchange 2000 will not run on W2K3. Exchange 2K is supported in a W2K3 environment, but it must be run on a W2k server. See the MS KB:
  3. SQL 2000 will run on W2K3, but -only- if you apply SP3. Reference:
  4. The statement that the free terminal services licenses that worked on W2K Server that came with XP Pro do not work on W2K3 is true...to a point. As we all know MS has changed their licensing model greatly since the release of W2K. With the release of W2K3, people will really start to get a feel for how much this is really going to cost them. The link below has MS's licensing information for W2K3, at the bottom they touch on the TS licensing a little. If you currently have Windows XP deployed you have a little good news. Be prepared to shell out for some new CALs. Reference:
  5. Be aware that the process of upgrading AD might be painful. It looks like the fixes in AD synchronization can only be achieved by going to AD on W2K3. It sure would have been nice had they made the AD a modular product that could be upgraded on W2K server.
  6. If you want to continue running W2K, but buy W2K3 and downgrade, I wonder how many of you will write a "Dear Santa, please may I please downgrade..." letter to MS? Looking at the form, you should allow 15-21 business days for a reply - how many small companies plan new people that far in advance? In normal system admin experience, they usually find out someone new has arrived and needs a PC/Software the very same morning they turn up. See the downgrade permission link:

More On Novell And Linux

My short comment about "Novell is actually porting Netware to Linux," was a little misleading because Novell has had services for Linux and Unix for a long time. Their flagship product Novell eDirectory supports LDAP and many other existing Internet standards, but runs on more operating systems than its competitors. Specifically, eDirectory runs on the following platforms: IBM AIX, Linux, NT, W2K, of course NetWare but also Sun Solaris. NetWare is not dead. For more info checkout:

Does MS Deliver Security In W2K3?

We have not seen all that many products coming out of MS's Trustworthy Computing initiative. Since launching the campaign to "get secure, stay secure" more than a year ago, Redmond spent tens of millions of dollars cleaning up the security of its OS and apps. What lacked was a centerpiece to show off the fruits of its labor.

That changes this month with the release of W2K3 of course. MS has devoted the bulk of its security effort toward making W2K3 "secure by design, secure by default, secure in deployment" (which are the three "Ds" of Trustworthy Computing.)

The user community is looking to see if W2K3 meets this benchmark, and many are waiting to see if hackers and security researchers poke holes in the OS the way they did with NT.

To see exactly what MS has done to improve security, Information Security magazine (ISM) tested an advance version (release candidate 2) of W2K3. ISM looked at its basic feature sets, architecture, security functions and the security of subsystems. What ISM found is MS has definitely raised the bar, but by how much remains open to interpretation. Read the full article with comparison grids at:


What Are The Sunbelt Top 10 Bestsellers?

These are the results from March 2003:

  1. Double-Take: Real-time (and open file) data protection.
  2. Sunbelt Remote Admin: a superfast remote control program.
  3. UpdateEXPERT: Service Pack and Hotfix Manager for Windows.
  4. ScriptLogic: Sick and tired of messing with login scripts?
  5. iHateSpam: Eliminate Annoying Spam. Client and Server based.
  6. NTAccess: Reset lost administrator passwords.
  7. sonicAdmin: Network Management from the Palm of Your Hand.
  8. Active Administrator: Active Directory OU Management.
  9. PestPatrol Corporate Edition: Powerful anti-hacker utility.
  10. Retina: Scan for the latest vulnerabilities on your networks.
You can find evals for all of these tools here:

Results From Data Protection Survey

We want to thank those of you that responded to the recent survey on data protection and replication. We have gathered the results and there are some interesting nuggets that we would like to share with you. There was an interesting mix of data protection implementations, ranging from the standard tape solution to the more progressive disk-to-disk mirroring choices (like Double-Take).

But, tape was clearly the solution of choice for the majority of respondents, although 24% of those that responded acknowledged that remote data protection was a key concern for them, while 50% have been dealing with the challenge of a shrinking window in which backups need to be completed.

From a cost of down-time perspective, the answers were highly varied where the responses ranged from "infinite" to "unknown". But, nearly 80% of the group knows that their e-mail and database servers are the most critical to protect. From a remote protection perspective, 60% believe that they have enough bandwidth to complete the solution if required, which was contrary to our assumption before the poll results were tabulated. Finally, 72% of the folks believe that data replication is a moderate to enormous headache to execute, while 77% feel that creating an effective high-availability solution is a moderate to enormous headache.

Thanks again for taking the time to complete the poll and we hope these results have been helpful for you as you map your data protection strategy with your business requirements.

Here are the leading HA/DR solutions:

What Is New With Active Administrator?

Active Administrator 3.0 will come out soon, which will include several new features which GPMC (the free MS tool) does not. These are mostly related to Active Directory Security, Auditing, and Group Policy version history.

The initial release will be available at the end of April. This includes the ability to keep a log of exactly who is changing Active Directory. This includes the creation, deletion, and modification of all objects in Active Directory, Users, Groups, Group Membership Changes, Group Policy Objects, Computers, etc... Optional email alerts can occur when any specific event is triggered. All events are logged to a centralized MS SQL 2000 database for review / reporting.

From this auditing, we can tell when a Group Policy is changed, and WHO changed it. When this trigger occurs, we create a new backup of the GPO and mark it as a new version. You can run reports on older versions and rollback if necessary. Shortly we will have this so that you can run diff reports between versions, etc... This way you have any change to your GPOs instantly backed up and documented, including WHO did the modification. Check out Active Admin V 2.7 over here:

"Why Is UpdateEXPERT Superior Over XML-based Tools?"

We got this question from one of our customers. Here is the answer! St. Bernard Software has a metadatabase of patches much larger than the XML database. If you exclude the private patches in UpdateEXPERT, as of March 18, the number of patches available from UpdateEXPERT is 1666. With private patches, we have 2066 patches (plus, a customer can have us add a private patch if it is needed). The total number of security patches is 948. The total number of patches available in the XML database is 784. This means the XML database does not include all security patches and any of the other patches that UpdateEXPERT offers today.

Most "enterprise" customers have the requirement to manage servers (and some workstations) that are isolated or otherwise locked down. In order to accomplish this task, an agent is required. UpdateEXPERT 6.0 fulfills this requirement. In addition, version 6.0 offers the agent as an option. Based on feedback from 6.0 BETA sites, we know that customers prefer to deploy agents only when necessary. This is an exclusive for UpdateEXPERT, as no other agent-based patch management product offers the agent as an option. Customers can use UpdateEXPERT in a wide number of configurations, with agents, without or both. (see deployment guide)

While some of our competitors like to talk about immediate release of the XML database, we add value by understanding the inter-dependencies for a broader set of patches much larger than the XML database. Ultimately, if a customer requires the immediate deployment of a patch, UpdateEXPERT includes an easy to use "custom install" feature. As for ease of use, other products may appear to have an upper edge here, but then again, these other products are managing half as many patches. Check out the most recent deployment guide in the White Papers, Documents and Other Files Section here:

Businesses Responsible for Personal Data

Beginning July 2003, California agencies and private companies will be held responsible for the theft of confidential personal data stored on their networks. Senate Bill 1386 requires customers to be notified following any unauthorized access to their personal data. Personal Data is defined as the first and last name and any other related identification, such as social security number, credit card, or driver's license.

Since the law covers any agency, person, or business that conducts business in California, it effectively covers the entire U.S. As a result, all businesses will be exposed to increased risks, including:

  • Civil litigation- from customers seeking damages from breach of contract and identity theft.
  • Loss of consumer confidence- from public exposure to security breaches.
If you do business in California and store confidential personal data it is imperative that you take immediate steps to increase the security of your data.

How does data theft occur?

Recent studies indicate that adults spend more time on personal Internet activity at work than at home. This includes surfing, email, and IM. Each of these activities exposes a computer and network to infection by spyware. Once spyware has found its way onto a network, it's a simple thing for the spyware to secretly explore and snatch data, then transmit that data outside the network to third parties.

What is Spyware?

Spyware is a category of malicious code that invisibly gathers and exports computer data without the user's knowledge. Included in this category are Remote Access Trojans (RATS), key loggers, and hacker tools. Spyware is not detected by anti-virus software, firewalls, or intrusion detection systems. Spyware can sit silently on your system for long periods without detection and gather anything from keystrokes to customers' credit card numbers. Without the knowledge or consent of the user, this data can be shipped to someone waiting for it outside the network.

How can you protect yourself from spyware?

The only way to prevent infection from spyware is to use software specifically designed to detect it. PestPatrol not only detects spyware, but also allows you to quarantine or clean your system as well. PestPatrol's archive of 70,000 signatures also notifies you of cookies, adware, and other "pests" planted on your network to gather user data for distribution and use by third parties.

Any system can be victimized spyware and other pests. To learn more about spyware and PestPatrol, and check out the Corporate Edition, go to:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • From the web archives. Very old ('98) but still interesting:

  • http://www.w2knews.com/rd/rd.cfm?id=030421FA-Archives
  • The Tokyo Robodex tradeshow short movie clips of fun stuff:

  • http://www.w2knews.com/rd/rd.cfm?id=030421FA-Tokyo_Robodex
  • A key ring with 256MB data storage? Naah. A watch is much easier!

  • http://www.w2knews.com/rd/rd.cfm?id=030421FA-Watch
  • How to build a Bot Trap and keep bad bots away from a web site:

  • http://www.w2knews.com/rd/rd.cfm?id=030421FA-Bot_Trap
  • Why Am I Getting All This Spam? Unsolicited Commercial E-mail Research Six Month Report:

  • http://www.w2knews.com/rd/rd.cfm?id=030421FA-Spam_Report
  • The Matrix Phone. Check it out:

  • http://www.w2knews.com/rd/rd.cfm?id=030421FA-Matrix_Phone

    Stu's New Windows XP Book

    From the back cover:

    Microsoft Windows XP Power Toolkit is geared for the Windows XP working professional or hardcore consumer who is looking to squeeze every last drop of performance from XP Professional. While some basic XP features are covered, said coverage is brief and designed to get a busy administrator up-to-speed quickly with user interface changes between XP and the platform from which they are migrating (NT, 2000, etc.). The CD provides a host of retail third-party applications designed for the XP administrator. Previous editions of this book have helped thousands of XP users become power users, including Windows NT Power Toolkit, which reached No. 4 on Amazon's bestseller list the first week it was released and Windows 2000 Power Toolkit, which also cracked the Amazon Top 10. Check it out: