Windows Client UPDATE, brought to you by the Windows & .NET Magazine Network
http://www.winnetmag.net
THIS ISSUE SPONSORED BY
SPONSOR: PACWEST SECURITY ROAD SHOW
BACK BY POPULAR DEMAND - DON'T MISS OUR SECURITY ROAD SHOW EVENT!
If you missed last year's popular security Road Show event, now's your chance to catch it again in Portland and Redmond. Learn from experts Mark Minasi and Paul Thurrott about how to shore up your system's security and what desktop security features are planned for .NET and beyond. Registration is free so sign up now!
January 23, 2003—In this issue:
1. COMMENTARY
- Hiding Specific Files from Unauthorized Users
2. NEWS & VIEWS
- Judge Orders Microsoft to Ship Java in Windows XP Within 120 Days
3. ANNOUNCEMENTS
- Windows & .NET Magazine Connections Announces Spring 2003 Dates
- Catch the Microsoft Mobility Tour—Time Is Running Out!
4. RESOURCES
- Tip: Turn Off "Low Disk Warning" in Windows XP
- Featured Thread: Windows 2000 Workstation Loses Connection to Domain
5. NEW AND IMPROVED
- Control User Access to Systems
- Use a Card to Restore Hard Disks
6. CONTACT US
See this section for a list of ways to contact us.
1. COMMENTARY
(David Chernicoff, [email protected])
Sometimes, challenging what we think we know is important. Last week, I received an email message from a reader asking a seemingly simple question: "How do I hide the content of drives from my users who don't have permission to see the files on those drives?" I tossed off a simple reply: "There's a Group Policy Object (GPO) called Prevent Access to Drives from My Computer. Use that."
The next day, the reader responded, telling me that using Prevent Access to Drives from My Computer didn't solve his problem—his users could use Windows Explorer to expand the folder listings on a particular drive by clicking the plus signs. Even worse, the Dir command still worked at the command prompt, fully enumerating the contents of the specified directory. Users couldn't access the files, but they could see that the files existed. To solve this administrator's problem, the files' existence needed to be hidden from unauthorized users.
I searched through the available GPOs and found "Hide these specified drives in My Computer." When you enable this policy, users can't use Windows Explorer to see the target drives. However, the drives and their content are still visible when a user runs the Dir command at a command prompt.
I wanted to discover some way to make this information invisible from the command line but didn't find any way to do so by using the services and tools that the OS makes available. I'm willing to bet that third-party tools exist that will let an administrator accomplish this goal. However, the best I could do was to suggest that the administrator set NTFS permissions to deny browsing on the target folders, a solution that isn't terribly helpful because it means making explicit permission changes on every network root folder that needs additional control. For the short term, I suggested that the administrator use the "Disable the Command prompt" policy to prevent users in groups with limited network access from launching a command session.
My solution is rather inelegant and definitely falls into the "If the only tool you have is a hammer, every problem looks like a nail" category. If any Windows Client UPDATE reader has found a better solution than using three separate GPOs yet can let users access the command prompt if necessary, please drop me an email message, even if your solution requires a third-party software tool.
2. NEWS AND VIEWS
(contributed by Paul Thurrott, [email protected])
US District Court Judge J. Frederick Motz ruled on January 15 that Microsoft must bundle Sun Microsystems' version of Java in Windows XP within 120 days, a compromise of sorts between the schedules the two companies sought. Sun wanted its version of Java included in XP within 90 days, whereas Microsoft asked for several months. The ruling came after a lengthy hearing with the two companies, in which Judge Motz asked Sun and Microsoft to continue working together and give him a final schedule by Monday.
"I want this done, and I want it done in 120 days," Judge Motz said, adding that Microsoft can extend the integration deadline later if the company has good technical reasons to do so. "I can't sit here hearing after hearing," he said. Perhaps more important, however, Judge Motz also granted Microsoft a 2-week stay, during which time the company can ask the 4th US Circuit Court of Appeals to consider an appeal of the decision. Microsoft wanted Judge Motz to stay the order until an appeal could be heard, but he wasn't interested in Microsoft's timetable. "If my order doesn't get stayed or reversed \[on appeal\], it's going to get done," Judge Motz said. "\[So\] we've got to get the order entered so the appeal is heard simultaneously with some implementation."
Under terms of the ruling, Microsoft must issue XP Service Pack 2 (SP2), a set of software updates that includes Sun's latest Java technology, within 120 days. XP SP2 will also include the Microsoft .NET Framework, a Java competitor. Microsoft had argued that including Java in XP would take far longer than 90 days because of technical complexities, but Judge Motz admonished Microsoft lawyers for not bringing up the issues earlier. He reminded them of his December 2002 opinion, in which he wrote that "\[when Microsoft\] has the will to obstruct, the obstruction is complete."
Judge Motz also rejected Microsoft's request to dismiss all seven of Sun's tying claims (i.e., tying .NET to Windows) against the software giant and reversed an order he issued last week that dismissed two of Sun's tying charges. Judge Motz reinstated the charges and will rule on those claims as part of his overall ruling.
3. ANNOUNCEMENTS
(brought to you by Windows & .NET Magazine and its partners)
Learn firsthand from the magazine writers you know and trust. Join Mark Minasi, Mark Russinovich, Sean Daily, Brett Hill, Christa Anderson, Jeremy Moskowitz, and other gurus who will share real-world tips and the latest ideas to help you get the most out of your Windows deployments. May 18-21, 2003 in Scottsdale, AZ. Register today and save.
This outstanding seven-city event will help you support your growing mobile workforce. Industry guru Paul Thurrott discusses the coolest mobility hardware solutions around, demonstrates how to increase the productivity of your "road warriors" with the unique features of Windows XP and Office XP, and much more. You could also win an HP iPAQ Pocket PC. There is no charge for these live events, but space is limited, so register today! Sponsored by Microsoft, HP, and Toshiba.
4. RESOURCES
(contributed by David Chernicoff, [email protected])
Lately, when I configure and set up test computers, I use disks that I attach to the computers with 1394 and USB 2.0 connections. The disks I move between computers are usually almost completely full, and to my annoyance, Windows XP generates a persistent Low Disk Warning on the taskbar. Because I know that, for my purposes, disk capacity isn't a problem, I need a quick way to turn the warning off. To do so, I take the following steps:
- Launch regedit.
- Open HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.
- Add a new value of type REG_DWORD and name it
- Set the entry data value to 1.
NoLowDiskSpaceChecks.
Forum member "cityyk" is responsible for a Windows 2000 workstation that, when restarted, loses its connection to the domain. The only solution to the problem is to remove the workstation from the domain, manually remove the workstation from Active Directory (AD), remove the workstation from the WINS Server, then restart the computer and add it to the domain. This solution works until the workstation is restarted again. The event viewer logs don't provide information about the problem. If you can help, join the discussion at the following URL:
http://www.winnetmag.com/forums/rd.cfm?cid=37&tid=53246
5. NEW AND IMPROVED
(contributed by Sue Cooper, [email protected])
PC Guardian has released Encryption Plus Hard Disk 7.0.9, software that encrypts a machine's hard disk to control access to the Windows OS, software applications, and the data that Windows software applications create. You can use the software's password recovery options alone or in combination: One option requires a corporate or administrator password and physical access to the user's computer, another option lets you generate one-time passwords for users over the Internet, and a third option authenticates users and automates password resets without administrator interaction. Encryption Plus Hard Disk 7.0.9 supports Windows XP, Windows 2000, and Windows NT. Contact PC Guardian at 800-288-8126 or through its Web site.
VOOM Technologies announced the Instant Save Instant Restore (ISIR) card, hardware that lets you instantly save or restore a PC's hard disk. The ISIR card fits in a PCI slot and is cabled between the motherboard and hard disk. The card lets you choose to perform an instant save, an instant restore (to the last save-point), or continue a typical startup. The ISIR card supports most Windows clients, and support for Linux is planned in first quarter 2003. Contact VOOM Technologies at 651-998-1618 or [email protected].
http://www.voomtech.com
6. CONTACT US
Here's how to reach us with your comments and questions:
- ABOUT THE COMMENTARY — [email protected]
- ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line) - TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR WINDOWS CLIENT UPDATE SUBSCRIPTION?
Customer Support — [email protected] - WANT TO SPONSOR WINDOWS CLIENT UPDATE? — [email protected]
