Windows & .NET Magazine UPDATE—brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies.
THIS ISSUE SPONSORED BY
Stop the Fax Machine Madness: SEND FAXES via EMAIL (Eval CD)
VeriSign — The Value of Trust
SPONSOR: : Send, Receive, & Manage FAXES from EMAIL (Eval CD)
Give your users the ability to send and receive fax documents
from their e-mail system or a browser-based fax application!
Save money, and make your users more productive. NET SatisFAXtion
fax servers seamlessly integrate with all e-mail systems.
Register for our 30-day evaluation CD-ROM at:
or call 800-329-2225, or email [email protected]
December 3, 2002—In this issue:
- Microsoft Addresses Inherent Security of Windows
2. HOT OFF THE PRESS
- West Virginia Joins Massachusetts in Microsoft Appeal
3. KEEPING UP WITH WIN2K AND NT
- Snap-In Unlocks Locked-Out Accounts
- NTBackup Restores Alter Network Configuration
- The System File Checker and WFP
- When Add/Remove Programs Doesn't Respond
- Attend Our Free Tips & Tricks Web Summit
- Planning on Getting Certified? Make Sure To Pick Up Our New eBook!
5. HOT RELEASE (ADVERTISEMENTS)
- Guidelines for Implementing a Storage Resource Management Policy
6. INSTANT POLL
- Results of Previous Poll: Desktop-Replacement PCs
- New Instant Poll: Password Changes
- Tip: Default Imaging Software
8. NEW AND IMPROVED
- Understand Identity Management Components
- Deter Inappropriate Computer Usage
- Submit Top Product Ideas
9. CONTACT US
- See this section for a list of ways to contact us.
(contributed by Paul Thurrott, News Editor, [email protected])
Two weeks ago, at COMDEX Fall 2002, I sat down with Mike Nash, the vice president of Microsoft's Security Business Unit, to discuss various security concerns. Nash deals with the overall security of what he calls the Microsoft environment, which includes not just Windows, but all of Microsoft's core products, including Visual Studio .NET and Microsoft Office. "My job is to make sure that the Trustworthy Computing vision comes true in our product groups," Nash said.
One topic Nash addressed was particularly intriguing. As I've written in the past (see my April 2002 commentary, "Maybe It's Time for a New Platform," at http://www.winnetmag.com/articles/index.cfm?articleid=25037), one concern I have with the Trustworthy Computing initiative is that Microsoft designed Windows NT — the foundation for today's Windows versions — in the late 1980s as a small-workgroup alternative to UNIX, and as such, the OS might not be able to respond to today's security requirements. Perhaps, I posited, Microsoft needs to engineer a new platform and stop stacking feature after feature on the aging NT architecture.
Nash, however, disputed my statement. "The NT architecture was designed with a sense of history," he said. "And it's all about change and innovation. It's impossible to say that when Dave Cutler was designing NT in the late 1980s he was thinking about the Tablet PC. But it's cool that such sweeping changes can come along, and NT has the versatility to solve today's problems."
Nash says NT is important because of its foundation, which makes it easy to make major architectural changes over time. "Directory services, \[the Encrypting File System\], and other technologies have been added to NT over time," he said. "The great thing about that architecture is that it was designed to let you swap in new components as they became appropriate. It's a modular approach."
The bigger technological concern with security, Nash explained, is that Microsoft didn't originally understand that security is implemented through nonsecurity features. For example, NT's core security subsystem has always been solid, but many of the system's vulnerabilities have emerged from unlikely applications or services because so-called nonsecurity technologies weren't built to be secure. So the company spent $100 million in early 2002 to train developers and improve the core security of Windows .NET Server (Win.NET Server) 2003, which will ship to customers in April 2003. And the company is porting back changes to Windows 2000 and even NT 4.0, where appropriate. "Taking these new ideas and bringing them back to Windows 9x is hard because of its outdated architecture, however," Nash told me. "A key milestone for Windows XP was its convergence of the Win9x compatibility features and device-driver model. There used to be separate driver models for 9x and NT, and each decision was a compromise. Today, convergence gives us the best of both worlds, and a true superset product for end-users."
Naturally, the proof is in the pudding, and it will be months or even years before we see whether Microsoft's Trustworthy Computing initiative bears fruit in the form of more secure products. Naturally, Windows & .NET Magazine will follow Microsoft's progress in making its products more secure.
More About Windows XP Power Management
Last week, I discussed XP's power-management schemes and how they might affect a portable computer's processing speed in different usage situations. Several readers wrote to me with more information, including Kevin Campbell, who provided a chart that lists power-management schemes and processing speeds, which you can view at the following URL:
Why couldn't Microsoft have made these options more obvious? In the Power Management UI, for example, the company could have noted how various power-management schemes affect the processor. This information is valuable, especially for mobile warriors trying to eke out the last bit of battery life or performance.
SPONSOR: VERISIGN - THE VALUE OF TRUST
FREE E-COMMERCE SECURITY GUIDE
Is your e-business built on a strong, secure foundation? Find out with VeriSign's FREE White Paper, "Building an E-Commerce Trust Infrastructure." Learn how to authenticate your site to customers, secure your web servers with 128-Bit SSL encryption, and accept secure payments online. Click here:
2. HOT OFF THE PRESS
(contributed by Paul Thurrott, [email protected])
The State of West Virginia announced Monday that it would join Massachusetts in appealing a US District Court decision that granted Microsoft a lenient sentence in its antitrust case. Last month, Judge Colleen Kollar-Kotelly rejected stronger remedies sought by the so-called nonsettling states and gave the green light to a proposed settlement that the software giant reached with the US Department of Justice (DOJ). The attorneys general of both West Virginia and Massachusetts have described this settlement as ineffectual and ridden with loopholes and will now seek to have stricter remedies imposed on Microsoft. For the complete story, visit the following URL:
3. KEEPING UP WITH WIN2K AND NT
(contributed by Paula Sharick, [email protected])
If you lock out accounts after a certain number of logon failures, you expect the accounts to remain locked out until the time period you define in your security policy expires. A bug in how the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in implements account changes causes the snap-in to clear the locked-out flag when you change the "Password never expires" or the "Store password using reversible encryption" account attributes. If you modify either of these fields, save the changes, then restart the snap-in, you'll see that the account is unlocked, even though you didn't clear the field. On October 3, Microsoft released a new version of dsprop.dll as a bug fix for this problem. You can obtain the update only from Microsoft Product Support Services (PSS); mention the Microsoft article " Locked User Account Is Unlocked If You Change Account Options".
If you use the NTBackup utility (ntbackup.exe) to restore the system state on a Windows 2000 machine, take note: The restore procedure has a bug that causes NTBackup to restore only part of the Plug and Play (PnP) database. Restoring the system state on a machine that has one or more network adapters can alter system network components: Network adapters might be missing or have the wrong name in Device Manager, or the system might have Layer Two Tunneling Protocol (L2TP) ports that weren't present at the time of the backup. In many cases, you might be unable to restore the system to its previous configuration (i.e., you might not be able to remove the incorrect or misnamed adapters in Device Manager, and you might not be able to configure the existing adapters). You'll encounter this nasty bug every time you try to restore the system state from a backup until you implement the workaround or install the bug fix.
If you manage only a few systems, you can work around these network problems by modifying the registry on the Win2K system that performs the restorations. Start a registry editor and locate the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\KeysNotToRestore registry subkey. Double-click the PlugandPlay value entry in the right pane to open the Multi-String Editor screen. The value entry should contain two strings: CurrentControlSet\Enum and CurrentControlSet\Control\CriticalDeviceDatabase. Delete the first string, CurrentControlSet\Enum, and reboot. After you make this change, run all the backups that are part of your standard production environment. You should then be able to successfully restore the system state; however, you'll encounter the network adapter restore problem every time you restore a system from a backup you created before making this change.
If you use NTBackup as your primary backup and recovery tool on many systems, call Microsoft Product Support Services (PSS) and ask for the NTBackup bug fix. For more information about this problem and fix, see the Microsoft article "Network Adapters Are Missing or Incorrect in Device Manager After You Run NTBackup to Restore System State Data"
Windows File Protection (WFP) provides a built-in mechanism that in most cases prevents a hotfix, service pack, or application from replacing crucial system files with earlier versions of those files. Read more about this tool and learn a few caveats for using it at the following URL:
Have you ever clicked Add/Remove Programs, only to see a window appear for a second, then disappear? When you see this behavior, the most likely cause is an out-of-date system file. Find out more about this problem and how to solve it at the following URL:
(brought to you by Windows & .NET Magazine and its partners)
Join us on December 19 for our Tips & Tricks Web Summit featuring three eye-opening events: Disaster Recovery Tips & Tricks, Intrusion Detection: Win2K Security Log Secrets, and Merging Exchange Systems: Tips for Managing 5 Key Challenges. There is no charge for this event, but space is limited so register today!
"The Insider's Guide to IT Certification" eBook is hot off the presses and contains everything you need to know to help you save time and money while preparing for certification exams from Microsoft, Cisco Systems, and CompTIA and have a successful career in IT. Get your copy of the Insider's Guide today!
5. HOT RELEASE (ADVERTISEMENTS)
Download this free technical white paper now from Windows & .NET Magazine's White Paper Central. Brought to you courtesy of Precise SRM.
6. INSTANT POLL
The voting has closed in Windows & .NET Magazine's nonscientific Instant Poll for the question, "Is your organization looking at high-end laptops as desktop-replacement PCs for your users?" Here are the results (+/-2 percent) from the 166 votes:
- 10% Yes, we're moving toward all desktop-replacement laptops for users.
- 37% We're considering moving some of our users to laptops as desktop replacements.
- 52% No, we're sticking with our traditional desktop machines.
- 0% I don't know.
The next Instant Poll question is, "How often does your organization force users to change passwords?" Go to the Windows & .NET Magazine home page and submit your vote for a) At least once a month, b) Every 2 to 3 months, c) Every 3 to 6 months, d) Every 6 months or more, or e) We don't force password changes.
(contributed by John Savill, http://www.windows2000faq.com)
8. NEW AND IMPROVED
(contributed by Carolyn Mader, [email protected])
Rainbow Technologies and Realtimepublishers.com announced that Rainbow will sponsor a new eBook, "The Definitive Guide to Identity Management," by Archie Reed. The eBook will provide information about implementing a comprehensive identity-management solution. Topics covered in the eBook include Web services integration, account life-cycle management, auditing and reporting, mobile services, Digital Rights Management (DRM), and federated identity. You can download the free book on a chapter-by-chapter basis at Rainbow Technologies' Web site.
Alexander Jmerik released Boss Everyware, a security program that records data about how your computer is being used. The software keeps a log that details which programs each user runs and how much time the user spends on the programs and records all users' keystrokes. The program can act as a deterrent to inappropriate computer usage by displaying a warning message that lets users know that the program is running. Boss Everyware runs on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x systems and costs $49. Contact Alexander Jmerik at [email protected].
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions to [email protected].
9. CONTACT US
Here's how to reach us with your comments and questions:
- ABOUT THE COMMENTARY — [email protected]
- ABOUT KEEPING UP WITH WIN2K AND NT — [email protected]
- ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR Windows & .NET Magazine UPDATE SUBSCRIPTION?
Customer Support — [email protected]
- WANT TO SPONSOR Windows & .NET Magazine UPDATE?
This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.