Windows Client UPDATE, August 8, 2002

Windows Client UPDATE—brought to you by the Windows & .NET Magazine Network
http://www.winnetmag.net


THIS ISSUE SPONSORED BY

Windows & .NET Magazine Road Show
http://www.winnetmag.com/seminars/roadshow


SPONSOR: WINDOWS & .NET MAGAZINE ROAD SHOW

WHY PAY WHEN YOU CAN GET IN-PERSON SECURITY EXPERTISE FOR FREE?
Windows & .NET Magazine Road Shows are coming soon to Chicago, New York, Denver, and San Francisco! Now's your chance to learn from experts like Mark Minasi and Paul Thurrott about how to shore up your system's security and what desktop security features are planned for .NET and beyond. Brought to you by NetIQ. Registration is free so sign up now!
http://www.winnetmag.com/seminars/roadshow


August 8, 2002—In this issue:

1. COMMENTARY

  • Forcing Password Changes

2. NEWS AND VIEWS

  • Linux Market Shrinks in 2001

3. ANNOUNCEMENTS

  • The Backup and Recovery Solutions You've Been Searching For!
  • Get a Free Digital or Print Sample Issue Today!

4. READER CHALLENGE

  • July 2002 Reader Challenge Winners
  • August 2002 Reader Challenge

5. RESOURCES

  • Featured Thread: Office 2000 on XP
  • Tip: NIC References in the Registry

6. NEW AND IMPROVED

  • Personal Web Portal Software
  • Browser Companion

7. CONTACT US

  • See this section for a list of ways to contact us.

1. COMMENTARY
(David Chernicoff, News Editor, [email protected])

  • FORCING PASSWORD CHANGES

  • Much of the email I get from readers requesting assistance falls into the "What the heck is going on?" category. Usually something is happening on their network or with their computer that has no readily ascertainable cause. One of the more interesting email messages that I received recently was from a systems administrator with whom I had been in correspondence throughout a migration from Windows 9x desktops to Windows XP. I hadn't heard from him for few months and was a little surprised to get a problem-laden message from him.

    The situation was this: After a quarterly security audit, his Help desk staff started getting phone calls from users who reported problems accessing file shares and Encrypting File System (EFS)-encrypted files. After some discussion, we determined that the only thing in common among the users reporting the problems was that they were all running XP (as most of the enterprise clients now were) and that IT staffers had changed the users' passwords during the security audit.

    As part of the audit process, IT staffers walked through users' cubicles and offices; if a user had passwords taped to his or her monitor or displayed in an obvious place, an IT staffer would log on as an administrator and force a password change on the user's computer. The company was taking network and data security very seriously due to some requirements on contracts the company was bidding on, and IT was actively enforcing user policies that included specific instructions to users not to leave written passwords in their offices.

    When I told the systems administrator that denying access to password-protected data after a forced password change is designed behavior in XP, he was incredulous—not that users would be locked out of some data areas, but that the designed behavior appeared to be unpredictable. The forced password change hadn't affected all users equally—some users had no problems, others lost access to everything beyond their local machine, and others were reporting problems only with EFS.

    I observed that he was basing his perception of inconsistent behavior on user complaints to the Help desk—users would call with the first complaint and possibly not with any others that were related to the forced password change. I also pointed out that he need not have forced password changes; IT staffers could have used the accessible passwords to log on as the users and change the passwords.

    In some cases, the systems administrator was able to solve the problem by logging on and resetting the user's password to what it had been before the change, but this fix required that users remember their passwords (and if they had been able to do that, they probably wouldn't have had their passwords on sticky notes attached to their monitors). In other cases, the administrator was able to recover data in EFS-encrypted files by using the standard EFS recovery methods, which are described in detail in the Microsoft article "Methods for Recovering Encrypted Data Files" at
    http://support.microsoft.com/default.aspx?id=kb;en-us;q255742.

    The systems administrator has decided not to force user-password changes in this situation again, and I completely agree with him. Forcing a password change in a business environment on a computer on which you've applied reasonable security causes problems. As Microsoft points out, securing data also means securing it from easy access by rogue administrators (my words, not Microsoft's). A serious security hole would exist if changing a user's password, then reading all the user's data or using the user's credentials to access network resources were a simple matter. Complete details about XP's behavior after a forced password change, which data is affected, and the reasoning behind the behavior appear in the Microsoft article "EFS, Credentials, and Private Keys from Certificates Are Unavailable After a Password Is Reset" at
    http://support.microsoft.com/default.aspx?id=kb;en-us;q290260 .

    2. NEWS AND VIEWS
    (contributed by Paul Thurrott, [email protected])

  • LINUX MARKET SHRINKS IN 2001

  • Despite more than half a decade of hype, an undeserved level of press coverage, and unsubstantiated claims about the product's superiority to Windows and other OSs, open-source poster child Linux saw its market shrink last year, according to reports by market researchers International Data Corporation (IDC) and NPD INTELECT. According to the IDC report, Linux-generated revenue shrank 5 percent in 2001, the first time the fledgling OS has seen its market contract. A similar NPD INTELECT report says that the Linux market shrank 10.2 percent last year.

    "The previously strong growth of Linux \[server\] shipments was interrupted during 2001," said Al Gillen, IDC's research director of system software. "\[But\] we also saw China's Red Flag and Brazil's Conectiva make strong contributions to the Linux \[desktop\] market, which continued to grow at a healthy pace." Of course, with approximately 0.5 percent of the desktop market, it's not hard for the Linux desktop to grow. In the more entrenched server space, Linux commands almost 30 percent of the market. But with Windows Server and UNIX servers now firmly established on the high end of the server market, it's unclear whether Linux can make much more headway.

    Interestingly, Linux wasn't the only operating environment to have a tough time last year. Aside from Microsoft's blockbuster Windows XP release, which sold a record 46 million licenses in its first 9 months of availability, all operating environments experienced negative revenue growth in 2001, IDC says.

    3. ANNOUNCEMENTS

  • THE BACKUP AND RECOVERY SOLUTIONS YOU'VE BEEN SEARCHING FOR!

  • Our popular Interactive Product Guides (IPGs) are online catalogs of the hottest vendor solutions around. Our latest IPG highlights the backup and recovery solutions and services that will help you recover your data and your network when disaster strikes. Download the IPG for free at:

    http://www.itbuynet.com/pdf/0802-backup-ipg.pdf

  • GET A FREE DIGITAL OR PRINT SAMPLE ISSUE TODAY!

  • SQL Server Magazine is the premiere independent resource for SQL Server database solutions—packed with hands-on, how-to articles to keep your database running at peak performance. This technical handbook is now available in two convenient formats. Select your free digital or print sample issue at:
    http://www.sqlmag.com/sub.cfm?code=sfei212hdu

    4. READER CHALLENGE
    (contributed by Kathy Ivens, [email protected]

  • JULY 2002 READER CHALLENGE WINNERS

  • Congratulations to our July Reader Challenge winners. Jim Ruby of Plano, Texas, wins first prize, a copy of my book "Admin911: Windows 2000 Registry." Second prize, a copy of Dustin Sauter's "Admin911: Windows 2000 DNS/WINS," goes to Eric Durkin of Butte, Montana. Visit http://www.win2000mag.com/articles/index.cfm?articleid=25801 to read the answer to the July Reader Challenge.

  • AUGUST 2002 READER CHALLENGE

  • Solve this month's Windows Client problem, and you might win a prize! Email your solution (don't use an attachment) to [email protected] by August 16. You must include your full name, street mailing address, and phone number (in July, more than 30 correct answers arrived without that information—sorry; no prize).

    Winners are picked from the pool of correct answers, and the author is the supreme authority (hint: I'm a sucker for humor and originality). Because of the number of entries, I can't reply to all respondents (and I never respond to a request for a receipt). Look for the solution to this month's problem at http://www.win2000mag.com/articles/index.cfm?articleid=26200 on September 12.

    The Problem:
    A reader in the IT department of a growing business wrote to tell me the following story and ask for a solution. The sales department at the reader's company had two employees: one person in charge of invoicing customers and one in charge of collections. Both employees worked at computers running Windows 98 Second Edition (Win98SE). The invoicer had a Hewlett-Packard LaserJet printer (which held invoice forms) connected to her computer, and the collector had an HP DeskJet printer (which held statement forms) connected to her computer.

    The company hired two new people for the department, and the reader added two computers: one running Windows 2000 Professional and the other running Windows XP Professional. He moved the printer that held invoices to the Win2K Pro computer and the printer that held statements to the XP Pro computer. Then he shared the printers so that all four employees could access either printer. To help identify the printers for the employees, he named the printer share for the LaserJet LJ-InvoiceForm and the printer share for the DeskJet DJ-StatementForm.

    When the reader created the printer shares, the system displayed a message indicating that the names might not be accessible from some MS-DOS workstations and asking whether he was sure he wanted to use these names. (Windows had originally suggested eight-character share names based on the printer names, but the reader had replaced these with his selected names.) The reader knew that DOS can't handle more than eight characters in a name, but he also knew he didn't have any DOS workstations. So he clicked Yes to tell Windows he was sure he wanted the printer share names he'd created.

    The reader told all four employees to open Network Neighborhood or My Network Places, open the icons for the computers in the department to see the printer shares, and install the printers. The Win98SE users couldn't find the printers. Why not?

    5. RESOURCES

  • FEATURED THREAD: OFFICE 2000 ON XP

  • Sylvie wonders how stable Microsoft Office 2000 is on Windows XP. Join the discussion at the following URL:
    http://www.winnetmag.net/forums/rd.cfm?app=83&id=111014

  • TIP: NIC REFERENCES IN THE REGISTRY

  • (contributed by David Chernicoff, [email protected])

    A recent email message from a reader asked me how to get rid of a recurring error message in his server event logs. The reader had upgraded his backbone from 100Base-T to Gigabit Ethernet and had replaced the 100Mbps Ethernet cards used for the backbone with gigabit NICs. Since the reader had made the switch, the System logs on the servers were generating an error message stating that a device attached to the system wasn't functioning.

    The problem is that the servers' registry contains artifacts from the previous NIC. This situation can happen on any server or workstation machine when you swap NICs. To prevent the error messages, you must remove any reference to the old NIC in the following four registry subkeys (if they exist):

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSetServices\<Adapter>
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSetServices\NWLinkIPX   NetConfig
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\<Adapter or Manufacturer>
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion  NetworkCards

    You must reboot to make these changes effective.

    6. NEW AND IMPROVED
    (contributed by Carolyn Mader, [email protected])

  • PERSONAL WEB PORTAL SOFTWARE

  • A.I.Studio announced WatzNew 1.9, a personal Web portal to check Web sites for changes and pull information from the Web without banners, ads, and graphics. You can incorporate support for WatzNew into your Web site to easily inform customers and employees about Web site updates, forum postings, and other company news. WatzNew 1.9 runs on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x and costs $25. For more information, contact A.I.Studio at [email protected]
    http://www.watznew.com

  • BROWSER COMPANION

  • Akretio released Kapere, a browser companion that offers features such as file download acceleration and management. The download accelerator lets you pick up where you left off if your system crashes or dropped phone lines interrupt downloads. The download manager can help you organize downloaded video and MP3 files on your hard disk. Kapere is designed to integrate with Windows XP and is compatible with Windows 2000, Windows NT, and Windows 9x. The software costs $25, which includes free updates. Contact Akretio at [email protected] or go to its Web site.
    http://www.akretio.be

    7. CONTACT US
    Here's how to reach us with your comments and questions:

    (please mention the newsletter name in the subject line)

    This weekly email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
    http://www.winnetmag.com/sub.cfm?code=wswi201x1z

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    Thank you for reading Windows Client UPDATE.

    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish