Windows Client UPDATE, July 10, 2003

==== This Issue Sponsored By ====


Panda Security


1. Commentary: Testing Client-Side Spam Control Products 2. Reader Challenge - June 2003 Reader Challenge Winners - July 2003 Reader Challenge

3. News & Views - Microsoft's Plan to End the Patch Management Nightmare

4. Announcements - Find Your Next Job at Our IT Career Center - New Active Directory Web Seminar!

5. Resources - Tip: Accessing the Local Security Policy Application in XP - Featured Thread: Mouse Configuration Problem on NT 4.0 PC

6. Events

7. New and Improved - Migrate User Profiles and Domains - Submit Top Product Ideas

8. Contact Us - See this section for a list of ways to contact us.

==== Sponsor: NetSupport ====

FREE TRIAL - NetSupport Manager PC Remote Control Software Perform remote support and management on multiple systems simultaneously over a LAN, WAN and the Internet with this powerful PC remote control software. NetSupport Manager provides speedy, secure remote PC access, dynamic inventory, automated scripting and scheduling, file transfer, remote deployment, system monitoring, help requests and much more. Use NetSupport Manager to manage help desk support, mobile computing, desktop management, software training and system automation. A great add-on for SMS. Network Computing Editor's Choice Award winner. Installed in millions of desktops worldwide. Download a free, fully functional 30-day trial today. Click here.


==== 1. Commentary: Testing Client-Side Spam Control Products ====
by David Chernicoff, [email protected]

I'm beginning to get the feeling that dealing with spam is a full-time job for most people. Despite creating dozens of filters and automating my mail management, the garbage mail continues to squeak through the cracks in my defenses, leaving offers for things I neither need nor want popping up in my various inboxes.

Part of the problem is the large number of email accounts I use. A contributing factor is that I use two different email programs--Outlook XP and Eudora Pro--to manage my email. Add to this mix the fact that a few of my addresses have existed for more than 10 years (one or two are plastered all over the Web in articles I've written), and you can imagine how many spam lists I'm on. This state of affairs is partly my fault: I searched on some of my older email addresses and found references to them on the Google UseNet archive ( ) that go back to the early 1990s. If I can find those addresses so easily, you know that the spammers have long since harvested them.

Because I'm not willing to get rid of all my old accounts, I'm forced to find some other ways to defend myself from this onslaught of mercantile missives. As a small office/home office (SOHO) user, I don't run my own mail servers (although I've done so in the past), so the variety of server-based antispam solutions aren't suitable for me. My initial foray into the world of client-side spam control leaves me with the impression that three types of solutions exist: external email filtering and authentication services, a middleware layer that sits on a local machine between mail applications and ISP mail servers, embedded applications or add-ins for existing email programs.

As a public service, I plan to install and use examples of each of these client-side solutions for the next few weeks. I have representative software, but if you have a special favorite that you'd like me to look at, send me an email message and let me know about it. I'd like reader feedback about the criteria by which you think I should judge these solutions.

In my opinion, the two major criteria should be ease of use and effectiveness. These features overlap significantly; a product that's easy to use but that makes erroneous guesses about content and consistently blocks email that isn't spam isn't really easy to use because you have to double-check everything it does. Conversely, software that requires consistent user interaction and is rarely wrong is little better than filtering spam manually. A happy medium between ease of use and effectiveness is necessary.

I know that the 5000 to 7000 email messages I receive each week will be a challenge for the client-side products I've chosen. In addition to mailing lists that I subscribe to that generate hundreds of messages a week, I also get dozens of press releases every week from computer product vendors. The press releases fulfill many spam filters' criteria for spam, but they are legitimate mail for me. I'm looking forward to conducting what should be an interesting series of tests.


==== Sponsor: Panda Security ====

Viruses like Bugbear.B are routinely infecting networks that are "fully protected." What to do? Is total protection possible? Find the answer in the free guide HOW TO KEEP YOUR COMPANY 100% VIRUS FREE, from Panda Software. Learn how the latest viruses enter networks, what they can do, and the most effective weapons to combat them. Protect your network effectively and permanently - download this free guide today!


==== 2. Reader Challenge ====
by Kathy Ivens, [email protected]

June 2003 Reader Challenge Winners

Congratulations to our June Reader Challenge winners! Quan Ha of Orange, California, wins first prize, a copy of "Windows Server 2003: The Complete Reference." Rick Patterson of Frisco, Texas, wins second prize, a copy of "Admin911:Windows 2000 Registry." Visit to read the answer to the June 2003 Reader Challenge.

July 2003 Reader Challenge

Solve this month's Windows Client problem, and you might win a prize! Email your solution (don't use an attachment) to [email protected] by July 24, 2003. You must include your full name, street mailing address, and phone number (all required for shipping your prize).

I choose winners at random from the pool of correct entries. Because I receive so many entries each month, I can't reply to respondents (and I never respond to a request for a receipt). Look for the solutions to this month's problem at on July 24, 2003.

One of the things I learned when I was raising my children (and my children are learning now as they raise their own children) is that if you make rules you can't enforce, you might as well give up making rules. I was reminded of this precept last month, when several clients called me with the same problem. The end of the school year meant term reports were due for the children of many of my clients' employees. The reports were long and highly decorated, using many colorful graphics. Employees were bringing the document files from home and printing the reports on the company's color laser printer (regardless of any rules restricting the printing of personal documents). Of course, the legitimate business print jobs were taking forever to come out of the printer because they were sitting behind the large report documents in the print queue. My clients told me they'd reached an agreement with the employee-parents: Parents could use the printer to print their child's reports, but not until after 5:00 p.m. Because few of the parents would want to stay late, my clients knew that the new rule would probably be ignored. So, my clients asked me whether a command or tool exists to hold the report documents in the print queue until 5:00, then let the parents retrieve the printed documents the next morning. Yes, doing so is possible, and I told my clients how. Can you? ==== 3. News & Views ====
by Paul Thurrott, [email protected]

Microsoft's Plan to End the Patch Management Nightmare

One of the biggest concerns facing Microsoft's enterprise customers today is patch management, primarily because the company's many products all have their own tools and methods for providing software updates. The problem is exacerbated by the bewildering number of product revisions, language versions, and other product differentiators, many of which require Microsoft to issue multiple patches for the same vulnerability. Finally, because many Microsoft tools use different patch infrastructures, customers who use products such as Windows Update, Microsoft Baseline Security Analyzer (MBSA), Software Update Services (SUS), and Systems Management Server (SMS) with the SUS Feature Pack can wind up achieving differing results. To solve these problems, Microsoft is overhauling its patch management infrastructure and will unleash a new generation of patch management tools for its customers as soon as early 2004.

Today, Microsoft's patch management solutions are, well, patchy at best. The company admits that it often provides incomplete and inaccurate patch information, inadequate assessment and deployment tools, an inconsistent patch experience because of the wide range of installer types the company makes available, and poor-quality patches. The latter point is a tough spot for the company, which is walking the line between delivering high-quality patches and delivering patches quickly. Changes to the underlying infrastructure should help it do both.

To address these concerns, Microsoft is creating a new, centralized patch management architecture that it will use for all of its products. Then, it will build new versions of WU, MBSA, SUS, and the SUS Feature Pack for SMS that work from the new infrastructure. Intriguingly, the company plans to provide these tools to customers in early 2004, which is much earlier than I had expected. Microsoft has been discussing centralized patch management for years, but it always seemed like pie in the sky functionality; at an early June reviewer's workshop for Exchange Server 2003, the company noted that Kodiak, the next major Exchange version, would integrate with Windows Update, which led me to believe that the centralized architecture was still some years away because Kodiak isn't due until 2006-2007.

Microsoft has many patch management milestones in the months ahead. Later this month, the company will standardize its Knowledge Base articles, making them easier to read, and release a new version of the Search tool, which will search for security patches. According to Microsoft, searching for security patches is one of the primary reasons why customers visit the Knowledge Base site. Also, Microsoft just released updated best practices guides for patch management (available at ). In the first quarter 2004, Microsoft will deliver its common patch architecture, convert its patch installers to be consistent with one another, and release a new version of Windows Update that is geared toward all Microsoft products. We might call this "Microsoft Update," although the final name has yet to be chosen. In second quarter 2004, SUS and SMS 2003 will be upgraded to work with this new architecture. In late 2004, Microsoft will convert from eight patch installer types to just two (i.e., MSI 3.0 and Update.exe).

==== 4. Announcements ====
(from Windows & .NET Magazine and its partners)

Find Your Next Job at Our IT Career Center

Check out our new online career center, in which you can browse current job openings, post your resume, and create automated notifications to notify you when a job is posted that meets your specifications. It's effective, it's private, and there's no charge. Visit today!

New Active Directory Web Seminar!

Discover how to securely manage Active Directory in a multiforest environment, establish attribute-level auditing without affecting AD performance, enhance secure permission management with "Roles," and more! There's no charge for this Aelita Software-sponsored event, but space is limited--register today!

==== 5. Resources ====

Tip: Accessing the Local Security Policy Application in XP
(contributed by David Chernicoff, [email protected])

A reader recently brought to my attention the fact that many Windows XP users don't realize that the Local Security Policy application on their computer lets them use the Group Policy metaphor to apply security policies and controls to all users on an XP computer. This feature is useful when multiple users, most of whom don't have administrative privileges, share a computer. To access Local Security Policy, click Start, select Administrative Tools, and select Local Security Policy. Many users are unaware of the Administrative Tools menu entry because it isn't displayed by default. You can also access Local Security Policy by clicking Start, Run, and entering secpol.msc in the text box. Click OK and follow the instructions to enable a policy.

XP includes a good tutorial for getting started using this security application. To access the tutorial, go to the Help And Support link on the Start menu and enter Local Security Policy in the search field.

Featured Thread: Mouse Configuration Problem on NT 4.0 PC

Forum member dtolbert98 is running Windows NT 4.0 with Service Pack 6 (SP6) on an older Aroma PC. The machine has one serial port for the mouse. He recently purchased a LinkSys keyboard/video/mouse (KVM) switch with a PS/2 mouse and keyboard connectors. When he uses an adapter to connect the PS/2 cable to the KVM, he can't use the mouse. He has a similar setup with an NT server, but in that case he can use the mouse without a problem. He's checked drivers, ports, and IRQs but has found no clues. He suspects the adapter might be the problem but doesn't understand why it will work on the server and not the PC. If you can help, join the discussion at the following URL:

==== 6. Events ====
(brought to you by Windows & .NET Magazine) New--Mobile & Wireless Road Show!

Learn more about the wireless and mobility solutions that are available today! Register now for this free event!

==== 7. New and Improved ====
by Sue Cooper, [email protected]

Migrate User Profiles and Domains

Miramar Systems released Desktop DNA Enterprise Edition 4.6, software to manage the migration of users' PC settings, data, and preferences during Windows OS upgrades, hardware refreshes, and disaster recoveries. The software automates transferring user profiles from Windows NT Server 4.0 domains to Windows Server 2003 Active Directory (AD). The User Redirection feature can rename, copy, create, and move any user's profile to a different domain or to AD. The DNA Options Editor lets you update or create custom configuration files, without requiring expertise with XML. Command-line functionality gives you added flexibility. Desktop DNA Enterprise Edition 4.6 supports Windows XP/2000/Me/NT/98/95. Contact Miramar Systems at 805-966-2432.

Submit Top Product Ideas

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions to [email protected]

==== Sponsored Links ====


Jerry Honeycutt Desktop Deployment Whitepaper;5790077;8214395;s? ====================

==== 8. Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.