Windows Client UPDATE, January 30, 2003

Windows Client UPDATE, brought to you by the Windows & .NET Magazine Network
http://www.winnetmag.net


THIS ISSUE SPONSORED BY

PACWEST SECURITY ROAD SHOW


SPONSOR: PACWEST SECURITY ROAD SHOW

BACK BY POPULAR DEMAND - DON'T MISS OUR SECURITY ROAD SHOW EVENT!

If you missed last year's popular security Road Show event, now's your chance to catch it again in Portland and Redmond. Learn from experts Mark Minasi and Paul Thurrott about how to shore up your system's security and what desktop security features are planned for Microsoft .NET and beyond. Registration is free so sign up now!


January 30, 2003—In this issue:

1. COMMENTARY

  • Beware the Unintended Network Attack

2. NEWS & VIEWS

  • Microsoft Renames Palladium, Gives Up Trademark Hunt

3. ANNOUNCEMENTS

  • Catch the Microsoft Mobility Tour—Time Is Running Out
  • Windows Scripting Solutions for the Systems Administrator

4. RESOURCES

  • Tip: Customize the Windows Messenger Startup Message
  • Featured Thread: ACPI Compatibility on an XP Pro System

5. NEW AND IMPROVED

  • Back Up to USB Device
  • Manage Network Assets

6. CONTACT US
See this section for a list of ways to contact us.


1. COMMENTARY
(David Chernicoff, [email protected])

  • BEWARE THE UNINTENDED NETWORK ATTACK

  • Every office has at least one of these individuals: A well-respected longtime administrative assistant who occupies a parentlike role and is within a few years of retirement. Such a person is the last one you would suspect of crashing a huge email enterprise, but I recently learned of a situation in which this was the case.

    The story begins with a gigantic, very carefully run Microsoft Exchange Server environment with hundreds of thousands of mailboxes spread across multiple sites and dozens of servers on each site. Careful controls were in place to limit the damage a user could do to the environment: strict mailbox size limits, carefully limited distribution lists (DLs), regular backups, and strict email policies. Yet none of these precautions protected the environment from a well-meaning employee's mouse clicks.

    What happened was this. An administrative assistant much like the one I've described, whose responsibilities included corporatewide memo distribution, received an Internet hoax email message about a missing child. Not being Internet literate, and feeling genuine worry over the virtual lost child, the assistant used a dozen or so company mail lists to forward the hoax message to roughly a third of the company's email enterprise. What the assistant didn't realize was that those dozen addresses represented over 100,000 mailboxes.

    The situation at that point would have been bad enough, but because large numbers of the new recipients of the hoax email message were Internet-savvy, they checked the hoax sites and felt obligated to send a Reply to All message informing recipients that the original message was a hoax. So then, roughly 20,000 or so "ignore the hoax" messages were sent to a large percentage of the original 100,000-plus mailboxes. When the earliest "ignore the hoax" messages started to appear, most of the users who had also sent "ignore the hoax" messages realized that their messages were unnecessary and recalled them, which generated a recall message to every user who had received a later "ignore the hoax" message.

    By that point, the email infrastructure was slowing to a crawl because all the message activity I've described took place in a very short period of time. Then, to add insult to injury, a huge number of recipients of all the messages related to the original hoax decided that they had been added to a mailing list and sent Reply to All messages requesting that they be removed from the list. When I last heard from them, the Exchange administrators in this environment had been working for 3 days to clean up after this unintended network attack that released close to a million email messages onto their network.

    I'd like to say that I have an easy solution to this problem. I believe it happened because the administrative assistant was never clearly informed of the consequences of sending non-official email messages to multiple DLs. I'm certain of one thing: No one on this enterprise's very strong team of Exchange administrators ever imagined anything like this situation happening. You can be sure that their end-user training now explicitly addresses forwarding non-business-related email.

    More About Hiding Folders from Users
    I received more than 50 email messages with ideas and suggestions related to last week's commentary about hiding files on certain drives from specified users. Most of the suggestions require direct administrator interaction with server configurations; few offered an enterprisewide policy-based management solution. A couple of respondents pointed out that Novell NetWare already offers such a solution. I've passed the various ideas I received along to the site that was experiencing the problem, and I'll report in Windows Client UPDATE when I hear back about which solutions did and didn't work.

    2. NEWS AND VIEWS
    (contributed by Paul Thurrott, [email protected])

  • MICROSOFT RENAMES PALLADIUM, GIVES UP TRADEMARK HUNT

  • On January 24, Microsoft revealed that it had given up trying to trademark "Palladium," the term the company had given to its secure computing initiative. Microsoft says that the technologies once called Palladium will now go by the name Next Generation Secure Computing Base, which it feels is more accurate and mature. Also, another unnamed company had apparently applied for a trademark on the term Palladium, and Microsoft didn't want to be seen as strong-arming that company. "We did not want to be in a position of rolling over them," said Mario Juarez, Group Product Manager of Windows Trusted Platform Technologies at Microsoft.

    Palladium is one of Microsoft's most misunderstood technologies and, as a result, the name had become somewhat tarnished. Critics decried Palladium as a tool by which Microsoft would add Digital Rights Management (DRM) features to Windows or limit the ways in which people could interact with their PCs, although neither allegation is true. Instead, Palladium is designed to protect users' privacy and the integrity of data stored on their PCs. Microsoft hopes that customer education over the next few years will help people understand why the Next Generation Secure Computing Base is necessary. "It used to be radical to give computing power to small businesses and regular people," Juarez told me last fall. "Then, \[anyone\] could get a computer. Wouldn't it be nice if security and certainty was like that. It would help people sleep better at night."

    3. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • CATCH THE MICROSOFT MOBILITY TOUR—TIME IS RUNNING OUT!

  • This outstanding seven-city event will help you support your growing mobile workforce. Industry guru Paul Thurrott discusses the coolest mobility hardware solutions around, demonstrates how to increase the productivity of your "road warriors" with the unique features of Windows XP and Office XP, and much more. You could also win an HP iPAQ Pocket PC. There is no charge for these live events, but space is limited, so register today! Sponsored by Microsoft, HP, and Toshiba.

    http://www.winnetmag.com/seminars/mobility

  • WINDOWS SCRIPTING SOLUTIONS FOR THE SYSTEMS ADMINISTRATOR

  • You might not be a programmer, but that doesn't mean you can't learn to create and deploy timesaving, problem-solving scripts. Discover Windows Scripting Solutions, the monthly print publication that helps you tackle common problems and automate everyday tasks with simple tools, tricks, and scripts. Try a sample issue today.

    4. RESOURCES

  • TIP: CUSTOMIZE THE WINDOWS MESSENGER STARTUP MESSAGE

  • (contributed by David Chernicoff, [email protected])

    A reader recently asked me whether a way exists to customize the message that Windows Messenger displays on startup, so that corporate users don't receive the warning about giving out their credit card information. The answer is yes—you can easily make this fix in the registry by taking the following steps:

    1. Launch regedit.
    2. Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService\Policies.
    3. Add a value of type REG_SZ and name it IMWarning.
    4. Set the data value of IMWarning to the message you want to appear.
    5. Click OK and exit the registry editor.
    6. Reboot the computer for the change to take effect.

  • FEATURED THREAD: ACPI COMPATIBILITY ON AN XP PRO SYSTEM

  • Forum member Pat Trefry has been running a Windows XP Professional system (with no service packs and a 950MHz AMD Athlon processor) for almost a year with no problem until the computer recently crashed to a blue screen. The accompanying warning said that the system BIOS was not Advanced Configuration and Power Interface (ACPI)-compliant. Pat has read all the online documentation about ACPI compatibility and can't find any information relative to his problem. Pat believes his computer wouldn't have run properly for so long if the problem were with the BIOS. If you can help, join the discussion.

    5. NEW AND IMPROVED
    (contributed by Sue Cooper, [email protected])

  • BACK UP TO USB DEVICE

  • Procom Technology announced ProMobile, a portable hardware and software backup and storage solution for notebook and desktop PCs that plugs into the computer's USB interface. ProMobile automatically scans the source drive and copies only files that were created or changed since the last backup. The device supports Windows XP, Windows 2000, Windows Me, Windows 98 Second Edition (Win98SE), and USB 2.0 and measures 3" x 5" x 0.5" and weighs 6.25 ounces. Pricing starts at $249 for 20GB, 30GB, 40GB, and 60GB models. Contact Procom Technology at 800-800-8600 or [email protected]
    http://www.procom.com

  • MANAGE NETWORK ASSETS

  • iInventory released iInventory 5.3, software that inventories hardware and monitors software license compliance on your Windows, Macintosh, and Linux computers. After you install iInventory on a single Windows computer, you create inventory agents to run on the rest of your enterprise systems by way of email, LAN, WAN, logon script, floppy disk, intranet, or Internet. The product stores inventory data in a Microsoft Access 2000 database. You can audit a typical Windows workstation in the background in about 15 seconds. Pricing begins at $220 for an 11-node license. Contact iInventory in the US at 866-482-8348, in the UK at (44) (0) 870-607-0073, or at [email protected]
    http://www.iinventory.com

    6. CONTACT US
    Here's how to reach us with your comments and questions:

    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish