1. EDITORS CORNER
   • What's New in Win2003: Part 2
   • Technology Trends Survey
2. TECH BRIEFING
   • Drive B: lives in Windows Server 2003
   • Threats and Countermeasures Guide Helps with Service Dependencies
   • Windows XP IPSec NAT Traversal (NAT-T) Client Re-released
   • Free Windows Server 2003 Resource Guide
3. NT/2000 RELATED NEWS
   • Premiere Dallas-based Microsoft Call Center is the Latest Victim of Off-Shoring
   • Thinking of Applying a Patch? Please TEST it First
   • Mark Minasi Webcast: "When is an Operating System Obsolete?"
   • New Dfs Enhancements in Windows Server 2003 Could Cut TCO
   • Do You Believe Windows Server 2003 Sales Outpace Windows 2000? Maybe Not
4. NT/2000 THIRD PARTY NEWS
   • Does Service Pack 4 Overwrite the RPC Buffer Overrun Fix?
   • UpdateEXPERT 6.0 Updates Itself to 6.1 to Protect You Against Upcoming Attacks
5. W2Knews 'FAVE' LINKS
   • This Week's Links We Like. Tips, Hints And Fun Stuff
6. PRODUCT OF THE WEEK
   • UpdateEXPERT

What's New in Win2003: Part 2

Welcome to part 2 of our four part special Win2003. There is a lot of stuff to cover (like the important survey below) so let's get to it!

Technology Trends Survey

Are your company's information technology needs changing? Are you looking at software updates in the near future? How about hardware? Thinking about introducing some new technologies such as SANs, VoIP or SSL remote access? If you're an IT manager, we want to hear from you. We are conducting research to determine how the needs and desires of the IT department are changing over time. Tell us what you think and we'll enter you into a drawing to win $500. (Don't live in the USA? Ignore this item.)

http://www.w2knews.com/rd/rd.cfm?id=030811ED-Survey

Eligibility rules:
http://www.w2knews.com/rd/rd.cfm?id=030811ED-Eligibility

QUOTE OF THE DAY: "Always listen to experts. They'll tell you what can't be done and why. Then do it." - Robert Heinlein (1907-1988)

Drive B: lives in Windows Server 2003

In the olden days of computing (1980s), PCs often had two floppy drives, identified as A and B. After hard disks became commonplace, the second floppy all but disappeared, and the B drive letter has gone unused on numerous computers. Steve Frank wrote to us recently with what could be good news for some of you: Drive B: is now assignable! Steve has lots more useful tips and tricks in his tech blog over at:
http://www.w2knews.com/rd/rd.cfm?id=030811TB-TechTricks

Threats and Countermeasures Guide Helps with Service Dependencies

One of the first things you need to do when securing a server is disable extraneous services. This is recommended by almost every security document. But herein lies the rub: which services are extraneous? What happens if you disable one that's not? Well, if you've ever run a security template on an Exchange, SQL or VPN server and had everything blow up in your face, you know the answer to that. The problem is that many programs have service dependencies that aren't immediately obvious. But that doesn't mean you have to be afraid to ever disable a service again. Chapter 7 of Microsoft's Threats and Countermeasures Guide has the information you need to determine if you can safely disable a service.

Chapter 7:
http://www.w2knews.com/rd/rd.cfm?id=030811TB-Chapter_7

Threats and Countermeasures Guide Table of Contents:
http://www.w2knews.com/rd/rd.cfm?id=030811TB-Contents

Windows XP IPSec NAT Traversal (NAT-T) Client Re-released

One of the biggest drawbacks to IPSec in Windows 2000 was the fact that it wasn't compatible with NAT. Then with XP and Server 2003, Microsoft got us all excited with the news that NAT traversal would solve that problem. The Microsoft IPSec NAT Traversal (NAT-T) L2TP/ IPSec VPN client was released a few months ago - but then it was pulled soon after. Ouch! The problem was that the software interfered with some third party firewall apps. Well, we have good news: Those problems have been resolved and the Windows XP IPSec NAT-T L2TP/IPSec client now works great! You can connect a Windows XP machine situated behind a NAT device to a Windows Server 2003 VPN server using L2TP/IPSec. The only requirement is that the NAT device (NAT router or NAT based firewall) pass outbound UDP 500 and UDP 4500. The client software and the Windows Server 2003 VPN server are based on RFC specs, not proprietary IPSec encapsulation schemes. We're excited all over again. Try it, and you just might like it!
http://www.w2knews.com/rd/rd.cfm?id=030811TB-NAT_Traversal

Free Windows Server 2003 Resource Guide

Where do you find the answers to all those little questions that crop up when you think about deploying a new server operating system? MCP Magazine and ENTmag.com have combined forces to put together a great compilation of tips, tricks, and resources for Windows Server 2003 in their Windows Server 2003 Resource Guide. Some of the stuff you'll find there includes:

• How to get an eval version of Server 2003
• The inside dope on licensing 6.0
• Info about Windows Server 2003 exams and certification
• Key Windows Server 2003 KB articles
• Links to the best Windows Server 2003 White Papers

Premiere Dallas-based Microsoft Call Center is the Latest Victim of Off-Shoring

If you have an enterprise-level support agreement with Microsoft, then there's a good chance that you've talked to one of the crack PSS support pros at the Microsoft call center in Las Colinas, Texas (Las Colinas is just a few miles from downtown Dallas). The center has been answering those tough questions for years and some of us have forged relationships with the support personnel there. If you've noticed that some of PSS folks that you've worked with closely over the last few years don't answer your emails anymore, it might be because they lost their jobs. Rumor has it that the center is slated for shutdown sometime in 2004 and that those jobs are being outsourced to India. We can't say for sure, but we're thinking about learning Hindi, just in case:
http://www.w2knews.com/rd/rd.cfm?id=030811RN-Call_Center

Thinking of Applying a Patch? Please TEST it First

The only thing sadder than a man whose wife just left him and took his dog and his pickup truck is the fellow who just cratered his production Exchange Server by applying an untested security patch. With the huge number of "fixes" that are released, there are bound to be a few that end up breaking things instead of fixing them.

Check out this problem that Ken Olson shared with us regarding the latest RPC patch:
http://www.w2knews.com/rd/rd.cfm?id=030811RN-RPC_Patch

"I installed the fix on an SBS2000 server that was connected to a WinFrame 1.7 server (based on NT 3.51) and that is not a good combination. I'll grant you that it is not a common combination but I got random intermittent communication errors between the two servers. Fortunately, the error messages on the 3.51 box referred to an RPC communication issue so I figured out what the problem was, uninstalled the patch and everything was back to normal. Just thought you should know."

Stay tuned for more patch related horror stories next week.

Mark Minasi Webcast: "When is an Operating System Obsolete?"

Are you one of those "old school" admins who subscribe to the adage that if it's not broke, there's no need to fix (or upgrade) it? You're not alone.There are untold thousands of shops still humming along on Windows NT 4.0. They've finally gotten everything working right after years of fiddling around with the thing and they're perfectly happy sitting safe and secure, far from the cutting edge. The problem is that Microsoft is planning to pull the rug out from under them. If you're one of them, you'll want to check out Mark Minasi's September 16th Webcast. Mark will give you some advice on how to stay afloat even as the current tries to push you upstream toward an upgrade against your will:
http://www.w2knews.com/rd/rd.cfm?id=030811RN-Webcast

New Dfs Enhancements in Windows Server 2003 Could Cut TCO

The Distributed File System (Dfs) introduced with Windows 2000 got a bit of fanfare before the OS was released, but you didn't hear much about after it hit the streets. It might have been because more people swore at it than by it. If you're one of those folks who found Dfs to be a disappointment, especially in the performance department, take heart. Dfs's sullied reputation might be in for a change, with the improvements Microsoft has made to it in Windows Server 2003:
http://www.w2knews.com/rd/rd.cfm?id=030811RN-Dfs

Do You Believe Windows Server 2003 Sales Outpace Windows 2000? Maybe Not

Last week we mentioned that it appeared as if Windows Server 2003 sales were outpacing Windows 2000 sales. We thought perhaps it was related to the current economic upswing. Although that made us feel good, our little rush of happiness was short-lived. W2knews readers quickly handed us a clue-stick as to what might be going on. Here's what Marc-Andre D'Amour had to say about the issue:

"I saw in the last W2Knews that Windows Server 2003 sales are out- pacing the sales of W2K. I'm a reseller and I know why: We cannot buy Windows Server 2000 licenses anymore, we are selling 2003 licenses (which are backward compatible) with a W2K media kit and we install Windows 2000. The only way to sell W2K Server is to sell retail boxes. And we only sell open licenses because it is less expensive. Microsoft can say that the new OS is growing fast, but we all know the fact that Windows 2000 is dominant. Thanks for your attention and continue the good work!"

Does Service Pack 4 Overwrite the RPC Buffer Overrun Fix?

Installing a service pack can be an act of faith; you're never quite sure what it's going to do but you cross your fingers and hope for the best. Almost everyone wonders which files are overwritten when a service pack is applied. The rumor was that with the introduction of Windows 2000, you would never have to reapply a service pack again. However, not too many people we know are confident that their hotfixes aren't overwritten when they apply a service pack written before the hotfix was available.

This doubt is especially troublesome in light of MS03-026:
http://www.w2knews.com/rd/rd.cfm?id=030811TP-MS03-026

Here's what St. Bernard Software has to say about the issue:

"Does installing Windows 2000 SP4 overwrite the files installed by MS03-026 (Q823980)?

Due to recent concerns over vulnerabilities outlined in Microsoft knowledgebase article Q823980, there is a high level of interest in applying security patch MS03-026. For Windows 2000, there has been a related concern that MS03-026 files will be overwritten with the subsequent application of Windows 2000 SP4.

Internal testing by St. Bernard Software demonstrates that installing SP4 before, or after, MS03-026 results in the correct file versions remaining in Winnt\System32 directory as listed below. The fields shown below are date, time, size, version, and name.

07/05/2003 10:15a 944,912 5.0.2195.6769 Ole32.dll
07/05/2003 10:15a 432,400 5.0.2195.6753 Rpcrt4.dll
07/05/2003 10:15a 188,688 5.0.2195.6769 Rpcss.dll

To verify that you have the correct files installed, use "dir" to verify the date/time and filesize information, or right-click on each file to see its "properties", which will get you the version numbers (in bold) above. This is the most accurate way to verify that the DLLs from MS03-026 are in place.

Our testing verifies that UpdateEXPERT correctly detects the installation of MS03-026."

UpdateEXPERT 6.0 Updates Itself to 6.1 to Protect You Against Upcoming Attacks

Speaking of UpdateEXPERT, if you're a current user you might have noticed your UpdateEXPERT has quietly and automatically updated itself to version 6.1. Isn't that what effective patch management is all about?

You don't use UpdateEXPERT? Should you? Ask yourself these questions:

• Do you have time to write update scripts every time Microsoft comes out with a new security patch?
• Do you have time to visit each server and inventory each machine's patch status?
• Do you have time to create reports based on your inventory results?

UpdateEXPERT is an enterprise level utility that you can use to manage hotfixes and service packs. Here are some key improvements added to version 6.1:

• "Isolated" network support - An exclusive feature, which allows UpdateEXPERT to function in a truly isolated environment (disconnected from the Internet.) UpdateEXPERT v6.1 includes a utility, which allows administrators to manage updates on isolated machines via packaged updates. The packaged updates can be loaded onto a recordable medium and walked into the disconnected environment, where an additional UE console is ready to deploy. Customers benefiting from this include large data warehouses.
• Smart Plug-in for HP Open View - Another exclusive for UpdateEXPERT users. Smart Plug-Ins (SPI) are programs for HP OpenView. HP OpenView offers software add-ins that integrate outside vendors' software (St. Bernard Software) with the framework of HP OpenView. Third-party vendors such as SBS, who want their product to work with HP OpenView, develop SPIs to work with HP OpenView. Customers include large enterprises running HP OpenView. (big $$$ here).
• Export Table - Improved custom reporting via a real export tool. (no more cut and paste)
• Orphan Leaf Agent improvements - Leaf agents can be relocated/ renamed, without losing communication with the master agent. (This is done via a new backup utility, which works in the background).
• New on-line help - includes better web based help with more detail (FAQ format).

This Week's Links We Like. Tips, Hints And Fun Stuff

UpdateEXPERT

A U.K. security firm estimated the economic damage caused by the SQL Slammer Worm to have been over $1 billion. UpdateEXPERT is a powerful service pack and hotfix manager. You've got to do this to keep your networks secure. Use UpdateEXPERT as your research, inventory, deployment and validation tool that enables you to fix security vulnerabilities and stability problems on your machines. And they TEST the patches for you too.