Windows Client UPDATE—brought to you by the Windows & .NET Magazine Network
http://www.winnetmag.net
THIS ISSUE SPONSORED BY
Windows & .NET Magazine - Exclusive Rate
http://www.winnetmag.com/rd.cfm?code=nfei202lup
SPONSOR: WINDOWS & .NET MAGAZINE - EXCLUSIVE RATE
HERE'S AN OFFER YOU CAN'T AFFORD TO PASS UP!
For a limited time, you can get an exclusive $19.95 rate for 1 year of Windows & .NET Magazine. That's only $1.66 an issue in the US — a whopping 60% off our regular rate. This offer won't be around forever, so subscribe today at
http://www.winnetmag.com/rd.cfm?code=nfei202lup
January 2, 2003—In this issue:
1. COMMENTARY
- Take Care When Disabling Windows' Default Shares
2. NEWS & VIEWS
- XP Shell Vulnerability Threatens Systems
3. ANNOUNCEMENTS
- Give Us Your Feedback and You Could Win a Digital Camera
- Stop Hackers, Viruses, and Popup Ads — At No Cost? You Bet!
4. RESOURCES
- Tip: Removing Programs from XP's Start Menu
- Featured Thread: XP Event Viewer: Bug or ??
5. NEW AND IMPROVED
- Protect Client Systems Automatically
6. CONTACT US
- See this section for a list of ways to contact us.
1. COMMENTARY
(David Chernicoff, [email protected])
Recently, I received a phone call from a former coworker who left a small Independent Software Vendor (ISV) to take a job in a large corporate IT department. He had some questions about Microsoft Systems Management Server (SMS) that he hoped I could answer. We chatted about the product and his computing environment, then he signed off to install SMS on his test network.
Twenty-four hours later, I received a somewhat panicky phone call: SMS wouldn't install on some of the computers on his test network, and my friend couldn't figure out why. Coincidentally, I had just answered a reader question that indirectly provided me with the solution to the SMS problem: My friend needed to reinstate Windows' default shares on the computers in his network.
Many users, very reasonably, are concerned about the overall security of networked computers. To provide what they feel is the highest possible level of security against outside attacks, they disable some (or all) of the default shares that Windows creates on server and client computers. Some third-party security software products even automate disabling default administrative shares as part of their security solution. This automation is necessary because the Server service that runs on Windows computers recreates the default administrative shares every time the computer is restarted.
However, disabling default shares has a major downside. Products such as SMS, Microsoft Operations Manager (MOM), and many third-party systems management tools depend on the existence of the default shares for proper operation. A little knowledge about these default shares and how to properly manage them can help you avoid problems such as the one my friend experienced with SMS.
Managing administrative shares is simple. Launch the Control Panel Administrative Tools applet, open Computer Management, and double-click the Shared Folders tree to expand it. Click Shares to display the list of administrative shares, and right-click any listed share to stop or start sharing it. Depending on which Windows OS you're using, you'll have at least three of the following default shares enabled: ADMIN$, Netlogon, IPC$, PRINT$, FAX$, and one share for the root of each disk partition or volume (DriveLetter$).
ADMIN$ is the system root folder (%systemroot%—e.g., C:\winnt). Most administrative functions require access to this share. Netlogon is necessary to process logon requests. IPC$ is the interprocess communications share that named pipes use for interserver communication. PRINT$ is required for remote printer administration, and client fax services use FAX$.
Administrative shares also have one unique property: When created, their default access permission is that all Administrators have full control and all other users have no access (unlike the Everyone permissions granted to other shares). Because of this access permission, you can create administrative shares only through the Computer Management console, not through the individual share's Properties tab.
Managing shares is crucial to keeping your computing environment safe and secure. Just as important is knowing what you're doing before you restrict share access or disable system shares completely because, as my friend found out, you might not be able to foresee the effects these shares have on other programs and tools. If you plan to start disabling default configurations, make sure that you experiment on test or noncritical equipment before you apply these policies networkwide.
2. NEWS AND VIEWS
(contributed by Paul Thurrott, [email protected])
A security vulnerability in the Windows XP shell could compromise user systems, letting attackers take over machines and run malicious code. The vulnerability affects all XP versions—XP Home Edition, XP Professional Edition (including the 64-bit version), XP Media Center Edition, and XP Tablet PC Edition—and takes advantage of an XP feature that lets the system extract information from audio files in MP3 and Windows Media Audio (WMA) formats.
"An unchecked buffer exists in one of the functions used by the Windows Shell to extract custom attribute information from audio files," a Microsoft security bulletin that describes the vulnerability reads. "A security vulnerability results because it is possible for a malicious user to mount a buffer overrun attack and attempt to exploit this flaw."
An attacker could use the vulnerability to create a bogus or compromised audio file that contains executable code that's accessible through the file's metadata information. A user can trigger the code by retrieving the file from a file-sharing service, through email, or from some other online location, then holding the cursor over the file in the Windows Explorer shell. Malicious code in the file could crash the shell or unleash an attack that creates, modifies, or deletes data; reconfigures the system; or reformats the hard disk. Although security researchers originally viewed this problem as a Windows Media Player (WMP) vulnerability, Microsoft says the vulnerability is in the XP shell, not in the player.
XP users who have enabled Auto Update are already protected against this vulnerability. Other XP users can download a fix from Windows Update. For more information and a downloadable version of the patch, visit the Microsoft Web site.
3. ANNOUNCEMENTS
(brought to you by Windows & .NET Magazine and its partners)
Take our very brief, confidential survey on wireless technologies and you could win a digital camera. Click here!
http://www.zoomerang.com/survey.zgi?C1YJGJE04CPQ440T7CF15M4V
Answers to questions like these are found in our online Windows newsletter, the Infopackets Gazette. Enjoyed by over 35,000 users, the Gazette is published 3x weekly and caters to new and intermediate users — at no cost. Visit us today and receive a special report: Stop Hackers & Viruses, Stop PopUps, Automate Hotmail, MS Windows Keyboard Secrets...and more!
http://www.infopackets.com
4. RESOURCES
(contributed by David Chernicoff, [email protected])
Recently, several people asked me how to prevent specific programs from appearing on the Windows XP Start menu's All Programs list. These systems and network administrators didn't want to disable the list completely; they just wanted to stop specific programs from automatically appearing in the All Programs list. A couple of the questions came from administrators who didn't want the automated VPN application tool that was installed on traveling users' laptops to be so obvious.
Stopping an individual application from adding itself to the Start menu list is very straightforward within the Registry.
- Launch regedit.
- Navigate to the HKEY_CLASSES_ROOT\Applications registry subkey.
- Scroll down to the application you want to make invisible on the Start menu list.
- Create a new string value (type REG_SZ) called NoStartPage.
- Leave the value's data field empty.
That's all there is to it. The application will no longer list itself on the Start menu.
Forum member "Ibrahiem" updated his Windows XP Professional system with Service Pack 1 (SP1). Now he can't open Event Viewer, and he gets the error message "Unable to complete the operation. Access is denied." When he uninstalls SP1, everything works fine. If you can help, join the discussion at the following URL:
http://www.winnetmag.com/forums/rd.cfm?cid=36&tid=52002
5. NEW AND IMPROVED
(contributed by Sue Cooper, [email protected])
Altiris announced Altiris Client Recovery Solution 5.1, a client backup and recovery solution that automatically takes daily snapshots of local and remote systems. Web-based file recovery allows anytime, anywhere access. New features include backup check-point recovery to restart an interrupted backup at the point when the connection was lost, snapshot Wake on LAN (WOL) to schedule off-hour backup snapshots of computers regardless of whether they're powered up, and silent snapshots that are invisible to end users. Pricing for Altiris Client Recovery Solution 5.1 is $70 per node for 10 through 99 nodes. For worldwide sales information, visit http://www.altiris.com/sales .
http://www.altiris.com
6. CONTACT US
Here's how to reach us with your comments and questions:
- ABOUT THE COMMENTARY — [email protected]
- ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR WINDOWS CLIENT UPDATE SUBSCRIPTION?
Customer Support — [email protected]
- WANT TO SPONSOR WINDOWS CLIENT UPDATE?
[email protected]
This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows profession
http://www.winnetmag.com/sub.cfm?code=wswi201x1z
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email
