EDITOR'S NOTE: Windows & .NET Magazine welcomes feedback from readers about the magazine. Please send comments to letters @winnetmag.com and include your full name, email address, and daytime phone number with your letter. We edit all letters and replies for style, length, and clarity.
FASTFACT
50% of Windows & .NET Magazine readers have migrated to Win2K Server. Another 40% are planning to migrate to Win2K by the end of 2002.
Source: Windows & .NET Magazine Reader Survery, June 2002
Browstat is a part of the Win2K Support Tools set. To install it, run the setup.exe file in the \support\tools directory on the main Win2K installation CD-ROM. You won't find the command if you search the CD-ROM because browstat.exe is one of the files in the support .cab file in the same directory.
The Downside of VNC
David Chernicoff's Forefront: "Remote Administration of Windows Server Systems" (May 2002, InstantDoc ID 24548) and Don Jones's "Must-Have Remote Administration Tools" (May 2002, InstantDoc ID 24536) both mention using Virtual Network Computing (VNC) but fail to discuss some important concerns regarding its use:
- VNC security—Out of the box, VNC is not secure because it allows connections from any IP address. By editing the AuthHosts registry entry, you can restrict access by IP address. I'd further recommend running RRAS on the VNC server and restricting access to VPN ports only, thereby ensuring that all communication to and from the system is encrypted.
- Performance—VNC can have a significant effect on processor performance. Just open a command prompt and watch. Or, move the mouse in circles and see the process not only spike but stay elevated. Processor performance might not be a concern in some environments, but it certainly is in others.
- Updating screen info—Depending on the interface, VNC occasionally has problems knowing which components to refresh.
I use VNC frequently, especially in cross-platform environments (e.g., to manage Windows 2000 or Windows NT systems from Linux-based workstations), but understanding the trade-offs is important.
Regarding your comment about VNC security, I always recommend that machines running remote control software—even Terminal Services—be protected by a firewall that will let only authorized traffic access the machines. I've known many companies to deploy internal firewalls to protect their servers from internal users, ensuring that only file-sharing, printing, or other ports are allowed through, and VNC presents no exception to such precautions. Although VNC carries a higher performance hit than solutions such as the built-in Terminal Services, I've found it to be much better than third-party solutions such as Symantec's pcAnywhere. Nothing's perfect, of course. As you do, I use VNC frequently because it's definitely worth at least what you pay for it!
Don Jones's "Must-Have Remote Administration Tools" is an excellent read. I work for the US Air Force, and we use Terminal Services to a great extent for remote administration for our servers across the European Theater. One thing that the author did not point out clearly, if at all, was the use of the Application Server mode versus the Remote Administration mode. The latter gives you only two sessions, whereas the former gives you many more. (I can't recall the exact limit, but we use 20.) Of course, you must provide information to get the correct licensing after you have selected the box under Add/Remove Windows Components, Terminal Services Licensing. You then have to click Administrative Tools, Terminal Services Licensing to fill in the rest of the information. Microsoft will email you the key you need to activate the license. We also use Microsoft Systems Management Server (SMS), which provides remote control of the NT boxes. We run an NT 4.0 domain with Win2K servers. RDP is a better alternative than SMS because RDP requires less overhead.
RDP certainly carries lower overhead than SMS's remote control feature. With RDP showing up in the Windows client OS (Windows XP and later), I wouldn't be surprised if SMS doesn't eventually include that feature. The big difference between Application and Remote Administration mode for Terminal Services is, as you point out, licenses. In Windows .NET Server (Win.NET Server), you always get Remote Administration mode and its two connections, whether or not you choose to use it. Most shops find that two connections is more than adequate for administration, but if you need more and have the licenses, you can certainly use Application mode. Application mode requires the deployment of a Terminal Server Licensing server to manage those license keys Microsoft sends you, so it's a bit of extra work to get going.
Shopping for Backup
Our company is in the process of reviewing enterprise backup software. I read Tom Iwanski's "Enterprise Backup Software" (June 2000, InstantDoc ID 8725) and wondered whether the author has done any recent reviews.
For a more recent look at backup products, see Ed Roth's "Enterprise Backup Solutions" (October 2001, InstantDoc ID 22239). I suggest that you thoroughly test any products in your own environment, if possible. Some vendors provide a timed trial version of their software that's viable for comparative testing. Defining what features are most important for your environment and which product addresses them the best is crucial. For example, performance might be critical for your organization because you have a narrow backup window. Ease of use is also important, especially if you'll have moderately skilled technicians performing backups and restores. The list is unique to each environment.
Where is Browstat?
I liked John Green's "Keep the Computer Browser Service Humming" (August 2002, InstantDoc ID 25643). In the article, the author mentions the browstat.exe file. Where do I find the file on my Windows 2000 CD-ROM?
Stop the Merry-Go-Round
I read Michael Otey's Editorial: "Slow Down the Upgrade Merry-Go-Round" (July 2002, InstantDoc ID 25323), and I couldn't agree more with the author. In fact, in addition to further encouraging companies to find an alternative to Microsoft's server OSs and prompting less confidence in quality, the accelerated release pace costs Microsoft money. My company has been running Windows NT 4.0 on all our servers for more than 6 years. We were fully prepared to move to Windows 2000 this summer. Because of the pending release of Windows .NET Server (Win.NET Server), we determined that migrating to Win2K would waste time and financial resources. We decided to wait 12 to 18 months and migrate to Win.NET Server when Microsoft releases Service Pack (SP2), thus skipping an entire release and all associated licensing costs. As a technical project manager, I could live with an upgrade cycle of every 4 years with additional features and benefits. Microsoft's current life-cycle plans reduce that window to 3 years: You have to wait at least a year to deploy a new OS because of poor software quality. Then, you have to start your migration planning at least a year before test-bedding the software. Every day I look harder for ways to get the Microsoft code out of my network.
With RDP showing up in the Windows client OS, I wouldn't be surprised if SMS doesn't eventually include that feature.
Rundll32 Shortcuts Revisited
Several readers let me know that Tip 1 of Top 10: "Rundll32 Shortcuts" (July 2002, InstantDoc ID 25339) is incorrect. The command I gave to shut down Windows (rundll32.exe shell32.dll, SHExitWindowsEX 0) works only for Windows 98 and Windows Me, not for Windows NT, Windows 2000, or Windows XP. To shut down an NT system from the command line by using the rundll32 utility, enter the following command:
RUNDLL32 USER32.DLL,ExitWindowsEx
Unfortunately, this command doesn't work for Win2K or XP. To shut down Win2K, use the shutdown.exe utility that the Microsoft Windows 2000 Server Resource Kit provides, or use Sysinternals' freeware PsShutdown utility. XP incorporates the Shutdown command into its native command set, so to shut down an XP system, simply enter the Shutdown command at the command prompt.
Windows Script Host (WSH) also provides another way to shut down a Win2K or XP system. Here's a WSH script that performs the task:
'WSHShutdown.vbs
Set OpSysSet = GetObject("winmgmts:\{(Shutdown)\}//./root/cimv2")
.ExecQuery("select * from Win32_OperatingSystem where Primary=true")
for each OpSys in OpSysSet
OpSys.ShutDown()
next
