Skip navigation
Menu
Data Analytics and Data Management>SQL

Windows & .NET Magazine UPDATE, October 8, 2002

Windows & .NET Magazine UPDATE, brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies.
http://www.winnetmag.com

THIS ISSUE SPONSORED BY

New Release - NetOp Remote Control v7.5
http://www.crossteccorp.com/w2kmag.htm

HP-Quest Software Free E2K Security Whitepaper
http://www.quest.com/landing/winnetmag_update100702.asp
(below COMMENTARY)

SPONSOR: NEW RELEASE - NETOP REMOTE CONTROL V7.5

FREE DOWNLOAD - CONTROL & ACCESS EVEN MORE PLATFORMS

NetOp Remote Control, winner of PC Magazine's Editors' Choice, is now even more powerful:

  • Supports Linux, Solaris and all Windows platforms including CE
  • New Inventory feature lets you know what HW/SW is on your Host PCs
  • Additional authentication, session recording and time-out security features Control, Access and support PCs over the Internet, LANs, modems or wireless just as if you were in front of them. Trust NetOp v7.5 for Real Speed Security and Stability. Try NetOp v7.5 FREE today
    http://www.crossteccorp.com/w2kmag.htm

    • October 8, 2002—In this issue:

    1. COMMENTARY

    • MEC Opens with a Confusing Server Message

    2. HOT OFF THE PRESS

    • Windows & .NET Magazine Names MEC 2002 Best of Show Finalists

    3. KEEPING UP WITH WIN2K AND NT

    • Critical Java Security Hotfix
    • SP3 GP Editor Deletes Allowed Application List
    • AD Access Violation
    • Win2K Authentication and Kerberos Packets

    4. ANNOUNCEMENTS

    • Mark Minasi and Paul Thurrott Are Bringing Their Security Expertise to You!
    • Test with VUE, Get a Special Deal on Windows & .NET Magazine!

    5. HOT RELEASE (ADVERTISEMENT)

    • Save Time with Winternals ERD Commander 2002

    6. INSTANT POLL

    • Results of Previous Poll: XP SP1
    • New Instant Poll: Bugbear

    7. RESOURCES

    • Featured Thread: Broadband Internet Sharing
    • Tip: Where Can I Get Updated Windows XP Boot Disks?

    8. NEW AND IMPROVED

    • Prevent Blue Screens
    • Build Site Maps and Navigation Systems

    9. CONTACT US

    • See this section for a list of ways to contact us.

    1. COMMENTARY
    (contributed by Paul Thurrott, News Editor, [email protected])

  • MEC OPENS WITH A CONFUSING SERVER MESSAGE

    • MEC 2002, being held this week in Anaheim, California, has evolved from its beginnings as the Microsoft Exchange Conference and has taken on a wider focus of enterprise manageability. To that end, MEC 2002 includes tracks on Windows .NET Server (Win.NET Server) 2003, Active Directory (AD), and various Microsoft .NET Enterprise Server products, including Microsoft Exchange Server. Like Tech Ed (previously an administrative show) and the Professional Developers Conference (PDC), which appear to be merging into one show in 2003, MEC has evolved over time, as has Microsoft's enterprise push. And if you're confused by Microsoft's extensive server product line, you're not alone.

    Summing up Microsoft's server products used to be easy. I recall a 1996 server overview where the company touted such products as Windows NT Server 4.0, Microsoft Mail (the company's Messaging API—MAPI—mail server in pre-Exchange days), SQL Server 6.5, SNA Server (for connectivity with legacy IBM servers), and Internet Information Server (IIS) 1.0, all of which were part of the Microsoft BackOffice suite. Back then, BackOffice seemed like a great play on words. However, the product suite was destined for little notoriety because the products would just sit quietly in the server room and do their thing. Although the BackOffice name and suite will quietly end with the Win.NET Server generation of products, the successors to the products that were once part of BackOffice—a confusing mix of products that Microsoft is constantly tweaking—are playing a major role in Microsoft's expansion into the enterprise. You can expect to see some consolidation of these products in the coming year, but until then, we all have to deal with a bewildering set of server products. To help you understand this group of products, I've categorized them according to functionality in the following summary. Although this product list isn't complete, even this subset should demonstrate the difficulty in identifying and understanding which products make sense for a particular enterprise.

    For infrastructure, Microsoft offers its core server products: Windows Server, Exchange Server, and SQL Server. Not coincidentally, Microsoft will use a SQL Server-based data store to integrate future versions of these products. For enterprise management of PCs, people, and other resources, the company offers AD, Systems Management Server (SMS), and Microsoft Operations Manager (MOM), although the future of these products is unclear because Microsoft might merge them in some way. To manage Web applications and Web services, Microsoft offers Application Center and Internet Information Services (IIS) products and various .NET-based support services. For interoperability with legacy systems, Host Integration Server has replaced SNA Server, and the Windows Services for UNIX (SFU) product offers tools for integrating Windows into UNIX environments. For managing inhouse resources such as documents and time, Microsoft offers Mobile Information Server, SharePoint Portal Server, and Project Server. The eBusiness server products, which have been evolving in recent days to adopt open standards such as XML, include BizTalk Server, Commerce Server, Internet Security and Acceleration (ISA) Server, and Site Server, as well as the recently upgraded Content Management Server 2002, which Microsoft officially launched this week at MEC 2002.

    Microsoft's description of Content Management Server does little to identify the product's unique role. Microsoft says that Content Management Server provides a faster, more cost-effective way to create, deploy, and maintain mission-critical, content-rich Web sites that are business tools for communication with customers, partners, and coworkers. Compared to the company's other Web-site building products, Content Management Server's distinctive functionality isn't as well defined. One might use SharePoint Portal Server, for example, to build intranet- and extranet-based Web sites, generally for internal use only, where customers can share and collaborate on documents using a Web interface. Commerce Server facilitates the creation of e-commerce Web sites. And all of these products build off of IIS, of course.

    Apparently, the distinction among these servers is that the sites they create perform different roles, but differentiating among them is confusing. And when you add BizTalk Server into the mix—a product designed to use XML-based adapters to integrate your applications with those from other companies—you get a bizarre mix of servers, each of which comes with a hefty price tag. Pity the poor company that needs to publish sites internally and externally and link to its customers' and partners' systems. And who has the skills to manage all these products? Microsoft's Web site creation servers need to undergo the same type of consolidation that the company's management servers will undergo in 2003.

    In Microsoft's bid to head off potential competitors in the vastly interconnected world of the future, the company has forgotten the successful formula that brought the company to its current position. That formula can be summed up in one word, "simplicity", and simplicity is sorely missing in the company's current enterprise strategy. In fact, the only certainty in any of these products is, sadly, the licensing, which you can also sum up in one word, "expensive". Microsoft has adopted the UNIX pricing model, which generally means a per-processor price. For BizTalk Server, for example, that price is $7000 per processor for the Standard Edition, or $25,000 per processor for the Enterprise Edition. And most of these products aren't available in standalone configurations. Content Management Server 2002, for example, requires Windows 2000 Server or later, which is to be expected, and SQL Server 2000, another capable but expensive solution. And you'll want Microsoft Office XP on client machines so your employees can author content and Visual Studio .NET for your developers. As you can see, Microsoft's server products comprise a totally integrated environment.

    Nervous yet? If the most obvious way for customers to approach these products is to simply ignore them, Microsoft is doing something wrong. And if the company is serious about offering end-to-end solutions for the enterprise, it needs to simplify its server products—not offer a different server for every conceivable product niche. Ironically, Microsoft's management products are anything but manageable. I'd like to see that situation change.

    SPONSOR: QUEST SOFTWARE

    FREE WHITEPAPER: ENHANCE SECURITY, EASE ADMINISTRATION AND INCREASE PRODUCTIVITY. With the right management tools and best practices, you can do more with less.
    Quest Software and Hewlett-Packard have collaborated to offer "Advanced Security and Directory Administration for Exchange 2000," a free whitepaper offering best practices to help you make the most of the capabilities of your new environment.
    Improve security across the enterprise and make Exchange 2000 work for YOU. Download the whitepaper today!
    http://www.quest.com/landing/winnetmag_update100702.asp

    2. HOT OFF THE PRESS
    (contributed by Paul Thurrott, [email protected])

  • WINDOWS & .NET MAGAZINE NAMES MEC 2002 BEST OF SHOW FINALISTS

    • Windows & .NET Magazine announced finalists for the Best of Show Awards for MEC 2002. Judges selected finalists in five categories: management, mobility, networking/infrastructure, security, and collaboration and productivity. Windows & .NET Magazine editors will announce the Best of Show winners in Booth #526 at 12 p.m. on October 10 during MEC 2002 in Anaheim, California. For more information, visit the following URL:
    http://www.wininformant.com/articles/index.cfm?articleid=26859

  • 3. KEEPING UP WITH WIN2K AND NT

    • (contributed by Paula Sharick, [email protected])

  • CRITICAL JAVA SECURITY HOTFIX

    • Microsoft released a critical hotfix on September 18 that corrects three Java-based security problems. If you disable Java applets in Microsoft Internet Explorer (IE), you can safely ignore this update. If you let Java applets run (as most users do), you need to install this hotfix on all systems on which you browse Web sites not under your control.

    The hotfix eliminates two vulnerabilities that can let a malicious user take control of a machine that browses an attacker's Web site. In one case, a flaw in how the Virtual Machine (VM) manages Java database functions provides an opportunity for a malicious user to run DLL files of the attackers choice on the local system. To be a target for this type of attack, you must browse a Web site that is under the attacker's control, or read an HTML-based email on a system that doesn't have the Microsoft Outlook Email Security Update installed. The hotfix also eliminates a related database flaw that lets an attacker provide invalid data to IE that can crash the browser and eliminates a vulnerability an attacker can exploit to take control of a local system by leveraging a flaw in how Java loads XML functions.

    You need to install the hotfix on all systems for which the VM version number is 3805 or lower. To check the version, open a command prompt and type 

    jview

    The VM version number appears at the end of the first line of the command's output, which should be similar to "...Command-line Loader for Java Version 5.00.3805." You can install this hotfix from WindowsUpdate; the WindowsUpdate reference number is Q329077. For more information, see the Microsoft article "MS02-052: Flaw in Microsoft VM JDBC Classes Might Permit Code to Be Run".

    WEB-EXCLUSIVE ARTICLES: The following items are posted on the Windows & .NET Magazine Web site. For the complete story, use the following link and scroll to the appropriate article.
    http://www.winnetmag.com/articles/index.cfm?articleid=26903

  • SP3 GP EDITOR DELETES ALLOWED APPLICATION LIST

    • A bug in Windows 2000 Service Pack 3 (SP3) causes Group Policy Editor (GPE) to incorrectly clear the list of allowed Windows applications. Discover the details at the following URL:
    http://www.winnetmag.com/articles/index.cfm?articleid=26903

  • AD ACCESS VIOLATION

    • A problem in the Lightweight Directory Access Protocol (LDAP) code that enumerates Active Directory (AD) properties causes all versions of Windows 2000 to generate an access violation when a program or service attempts to update AD. Find out how to fix this problem at the following URL:
    http://www.winnetmag.com/articles/index.cfm?articleid=26903

  • WIN2K AUTHENTICATION AND KERBEROS PACKETS

    • If you install and configure firewalls, you need to know about Windows 2000 authentication and Kerberos traffic on UDP port 88. Discover the details at the following URL:
    http://www.winnetmag.com/articles/index.cfm?articleid=26903

    4. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • MARK MINASI AND PAUL THURROTT ARE BRINGING THEIR SECURITY EXPERTISE TO YOU!

    • Windows & .NET Magazine Network RoadShow 2002 is coming this October to New York, Chicago, Denver, and San Francisco! Industry experts Mark Minasi and Paul Thurrott will show you how to shore up your system's security and what desktop security features are planned for Microsoft .NET and beyond. Sponsored by NetIQ, Microsoft, and Trend Micro. Registration is free, but space is limited so sign up now!
    http://www.winnetmag.com/seminars/roadshow

  • TEST WITH VUE, GET A SPECIAL DEAL ON WINDOWS & .NET MAGAZINE!

    • Windows & .NET Magazine has partnered with VUE to bring you the best rate ever on Windows & .NET Magazine! Simply register to take a Microsoft exam with VUE by October 31, 2002, and you'll be eligible for 2 years of the magazine for the price of one! This exclusive offer won't last so subscribe today!
    http://www.vue.com/winnetmag

    5. HOT RELEASE (ADVERTISEMENT)

  • SAVE TIME WITH WINTERNALS ERD COMMANDER 2002

    • What do you do when your server won't reboot? Re-image or reinstall? ERD Commander 2002 lets you troubleshoot and repair systems in a fraction of the time. Get a FREE 30-Day Trial CD at:
    http://www.winternals.com/widfreecd

    6. INSTANT POLL

  • RESULTS OF PREVIOUS POLL: XP SP1

    • The voting has closed in Windows & .NET Magazine's nonscientific Instant Poll for the question, "Has your organization rolled out Windows XP SP1 yet?" Here are the results (+/-2 percent) from the 334 votes: 
       - 29% Yes, we've rolled out XP SP1
   - 50% No, we still haven't upgraded to XP
   -  8% We haven't upgraded to XP SP1 yet, but we plan to soon
   - 13% We have no plans to roll out XP SP1

  • NEW INSTANT POLL: BUGBEAR

    • The next Instant Poll question is, "Has your organization been bitten by the Bugbear worm yet?" Go to the Windows & .NET Magazine home page and submit your vote for a) No, we haven't seen it, b) We've seen the worm, but our antivirus solution caught it, c) Yes, Bugbear has damaged our systems, d) I don't know.
    http://www.winnetmag.com/magazine

    7. RESOURCES

  • FEATURED THREAD: BROADBAND INTERNET SHARING

    • This user has two networked PCs and recently upgraded to a broadband Internet connection from a 56K modem. He can no longer access the Internet from the second computer. Can you help? Join the discussion at the following URL:
    http://www.winnetmag.com/forums/rd.cfm?cid=36&tid=47455

  • TIP: WHERE CAN I GET UPDATED WINDOWS XP BOOT DISKS?

    • (contributed by John Savill, http://www.windows2000faq.com) XP doesn't ship with boot disks, and you can't create these disks from the XP media. However, Microsoft provides downloads to create XP boot disks. As Microsoft continues to release service packs, the company will continue to update the downloadable boot disks, starting with new boot disks available for XP Service Pack 1 (SP1). You must download the correct set of boot disks for your version of XP (i.e., you can't use an XP Home Edition boot disk with an XP Professional Edition CD-ROM). XP Home SP1 boot disks are available at the first URL below, and XP Pro SP1 boot disks are available at the second URL.
    http://www.microsoft.com/downloads/release.asp?releaseid=42818
    http://www.microsoft.com/downloads/release.asp?releaseid=42819

    8. NEW AND IMPROVED
    (contributed by Carolyn Mader, [email protected])

  • PREVENT BLUE SCREENS

    • iolo technologies released System Mechanic 3.7, software that can prevent blue screens that result from system crashes. The program consists of 15 tools that clean the system registry, speed Internet and network connections, find and remove obsolete files, fix and remove broken shortcuts, eliminate footprints left behind following Internet sessions, and streamline system maintenance. System Mechanic runs on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x systems and costs $299.95. Contact iolo technologies at 626-793-3993.
    http://www.iolo.com

  • BUILD SITE MAPS AND NAVIGATION SYSTEMS

    • Auscomp released eNavigator Suite 7.0, software that lets you build fully customized information and site-navigation management systems for your Web, intranet, or extranet site in any of seven styles. You choose the style and technology you want and click the Site Indexer, which leads you to the Command Center, in which you can preview and edit your creation. For pricing, contact [email protected].
    http://www.auscomp.com

    9. CONTACT US
    Here's how to reach us with your comments and questions:

    This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
    http://www.winnetmag.com/sub.cfm?code=wswi201x1z

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    Windows & .NET Magazine UPDATE, brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies.
    http://www.winnetmag.com

    THIS ISSUE SPONSORED BY

    New Release - NetOp Remote Control v7.5
    http://www.crossteccorp.com/w2kmag.htm

    HP-Quest Software Free E2K Security Whitepaper
    http://www.quest.com/landing/winnetmag_update100702.asp
    (below COMMENTARY)

    SPONSOR: NEW RELEASE - NETOP REMOTE CONTROL V7.5

    FREE DOWNLOAD - CONTROL & ACCESS EVEN MORE PLATFORMS

    NetOp Remote Control, winner of PC Magazine's Editors' Choice, is now even more powerful:

  • Supports Linux, Solaris and all Windows platforms including CE
  • New Inventory feature lets you know what HW/SW is on your Host PCs
  • Additional authentication, session recording and time-out security features Control, Access and support PCs over the Internet, LANs, modems or wireless just as if you were in front of them. Trust NetOp v7.5 for Real Speed Security and Stability. Try NetOp v7.5 FREE today
    http://www.crossteccorp.com/w2kmag.htm

    • October 8, 2002—In this issue:

    1. COMMENTARY

    • MEC Opens with a Confusing Server Message

    2. HOT OFF THE PRESS

    • Windows & .NET Magazine Names MEC 2002 Best of Show Finalists

    3. KEEPING UP WITH WIN2K AND NT

    • Critical Java Security Hotfix
    • SP3 GP Editor Deletes Allowed Application List
    • AD Access Violation
    • Win2K Authentication and Kerberos Packets

    4. ANNOUNCEMENTS

    • Mark Minasi and Paul Thurrott Are Bringing Their Security Expertise to You!
    • Test with VUE, Get a Special Deal on Windows & .NET Magazine!

    5. HOT RELEASE (ADVERTISEMENT)

    • Save Time with Winternals ERD Commander 2002

    6. INSTANT POLL

    • Results of Previous Poll: XP SP1
    • New Instant Poll: Bugbear

    7. RESOURCES

    • Featured Thread: Broadband Internet Sharing
    • Tip: Where Can I Get Updated Windows XP Boot Disks?

    8. NEW AND IMPROVED

    • Prevent Blue Screens
    • Build Site Maps and Navigation Systems

    9. CONTACT US

    • See this section for a list of ways to contact us.

    1. COMMENTARY
    (contributed by Paul Thurrott, News Editor, [email protected])

  • MEC OPENS WITH A CONFUSING SERVER MESSAGE

    • MEC 2002, being held this week in Anaheim, California, has evolved from its beginnings as the Microsoft Exchange Conference and has taken on a wider focus of enterprise manageability. To that end, MEC 2002 includes tracks on Windows .NET Server (Win.NET Server) 2003, Active Directory (AD), and various Microsoft .NET Enterprise Server products, including Microsoft Exchange Server. Like Tech Ed (previously an administrative show) and the Professional Developers Conference (PDC), which appear to be merging into one show in 2003, MEC has evolved over time, as has Microsoft's enterprise push. And if you're confused by Microsoft's extensive server product line, you're not alone.

    Summing up Microsoft's server products used to be easy. I recall a 1996 server overview where the company touted such products as Windows NT Server 4.0, Microsoft Mail (the company's Messaging API—MAPI—mail server in pre-Exchange days), SQL Server 6.5, SNA Server (for connectivity with legacy IBM servers), and Internet Information Server (IIS) 1.0, all of which were part of the Microsoft BackOffice suite. Back then, BackOffice seemed like a great play on words. However, the product suite was destined for little notoriety because the products would just sit quietly in the server room and do their thing. Although the BackOffice name and suite will quietly end with the Win.NET Server generation of products, the successors to the products that were once part of BackOffice—a confusing mix of products that Microsoft is constantly tweaking—are playing a major role in Microsoft's expansion into the enterprise. You can expect to see some consolidation of these products in the coming year, but until then, we all have to deal with a bewildering set of server products. To help you understand this group of products, I've categorized them according to functionality in the following summary. Although this product list isn't complete, even this subset should demonstrate the difficulty in identifying and understanding which products make sense for a particular enterprise.

    For infrastructure, Microsoft offers its core server products: Windows Server, Exchange Server, and SQL Server. Not coincidentally, Microsoft will use a SQL Server-based data store to integrate future versions of these products. For enterprise management of PCs, people, and other resources, the company offers AD, Systems Management Server (SMS), and Microsoft Operations Manager (MOM), although the future of these products is unclear because Microsoft might merge them in some way. To manage Web applications and Web services, Microsoft offers Application Center and Internet Information Services (IIS) products and various .NET-based support services. For interoperability with legacy systems, Host Integration Server has replaced SNA Server, and the Windows Services for UNIX (SFU) product offers tools for integrating Windows into UNIX environments. For managing inhouse resources such as documents and time, Microsoft offers Mobile Information Server, SharePoint Portal Server, and Project Server. The eBusiness server products, which have been evolving in recent days to adopt open standards such as XML, include BizTalk Server, Commerce Server, Internet Security and Acceleration (ISA) Server, and Site Server, as well as the recently upgraded Content Management Server 2002, which Microsoft officially launched this week at MEC 2002.

    Microsoft's description of Content Management Server does little to identify the product's unique role. Microsoft says that Content Management Server provides a faster, more cost-effective way to create, deploy, and maintain mission-critical, content-rich Web sites that are business tools for communication with customers, partners, and coworkers. Compared to the company's other Web-site building products, Content Management Server's distinctive functionality isn't as well defined. One might use SharePoint Portal Server, for example, to build intranet- and extranet-based Web sites, generally for internal use only, where customers can share and collaborate on documents using a Web interface. Commerce Server facilitates the creation of e-commerce Web sites. And all of these products build off of IIS, of course.

    Apparently, the distinction among these servers is that the sites they create perform different roles, but differentiating among them is confusing. And when you add BizTalk Server into the mix—a product designed to use XML-based adapters to integrate your applications with those from other companies—you get a bizarre mix of servers, each of which comes with a hefty price tag. Pity the poor company that needs to publish sites internally and externally and link to its customers' and partners' systems. And who has the skills to manage all these products? Microsoft's Web site creation servers need to undergo the same type of consolidation that the company's management servers will undergo in 2003.

    In Microsoft's bid to head off potential competitors in the vastly interconnected world of the future, the company has forgotten the successful formula that brought the company to its current position. That formula can be summed up in one word, "simplicity", and simplicity is sorely missing in the company's current enterprise strategy. In fact, the only certainty in any of these products is, sadly, the licensing, which you can also sum up in one word, "expensive". Microsoft has adopted the UNIX pricing model, which generally means a per-processor price. For BizTalk Server, for example, that price is $7000 per processor for the Standard Edition, or $25,000 per processor for the Enterprise Edition. And most of these products aren't available in standalone configurations. Content Management Server 2002, for example, requires Windows 2000 Server or later, which is to be expected, and SQL Server 2000, another capable but expensive solution. And you'll want Microsoft Office XP on client machines so your employees can author content and Visual Studio .NET for your developers. As you can see, Microsoft's server products comprise a totally integrated environment.

    Nervous yet? If the most obvious way for customers to approach these products is to simply ignore them, Microsoft is doing something wrong. And if the company is serious about offering end-to-end solutions for the enterprise, it needs to simplify its server products—not offer a different server for every conceivable product niche. Ironically, Microsoft's management products are anything but manageable. I'd like to see that situation change.

    SPONSOR: QUEST SOFTWARE

    FREE WHITEPAPER: ENHANCE SECURITY, EASE ADMINISTRATION AND INCREASE PRODUCTIVITY. With the right management tools and best practices, you can do more with less.
    Quest Software and Hewlett-Packard have collaborated to offer "Advanced Security and Directory Administration for Exchange 2000," a free whitepaper offering best practices to help you make the most of the capabilities of your new environment.
    Improve security across the enterprise and make Exchange 2000 work for YOU. Download the whitepaper today!
    http://www.quest.com/landing/winnetmag_update100702.asp

    2. HOT OFF THE PRESS
    (contributed by Paul Thurrott, [email protected])

  • WINDOWS & .NET MAGAZINE NAMES MEC 2002 BEST OF SHOW FINALISTS

    • Windows & .NET Magazine announced finalists for the Best of Show Awards for MEC 2002. Judges selected finalists in five categories: management, mobility, networking/infrastructure, security, and collaboration and productivity. Windows & .NET Magazine editors will announce the Best of Show winners in Booth #526 at 12 p.m. on October 10 during MEC 2002 in Anaheim, California. For more information, visit the following URL:
    http://www.wininformant.com/articles/index.cfm?articleid=26859

  • 3. KEEPING UP WITH WIN2K AND NT

    • (contributed by Paula Sharick, [email protected])

  • CRITICAL JAVA SECURITY HOTFIX

    • Microsoft released a critical hotfix on September 18 that corrects three Java-based security problems. If you disable Java applets in Microsoft Internet Explorer (IE), you can safely ignore this update. If you let Java applets run (as most users do), you need to install this hotfix on all systems on which you browse Web sites not under your control.

    The hotfix eliminates two vulnerabilities that can let a malicious user take control of a machine that browses an attacker's Web site. In one case, a flaw in how the Virtual Machine (VM) manages Java database functions provides an opportunity for a malicious user to run DLL files of the attackers choice on the local system. To be a target for this type of attack, you must browse a Web site that is under the attacker's control, or read an HTML-based email on a system that doesn't have the Microsoft Outlook Email Security Update installed. The hotfix also eliminates a related database flaw that lets an attacker provide invalid data to IE that can crash the browser and eliminates a vulnerability an attacker can exploit to take control of a local system by leveraging a flaw in how Java loads XML functions.

    You need to install the hotfix on all systems for which the VM version number is 3805 or lower. To check the version, open a command prompt and type 

    jview

    The VM version number appears at the end of the first line of the command's output, which should be similar to "...Command-line Loader for Java Version 5.00.3805." You can install this hotfix from WindowsUpdate; the WindowsUpdate reference number is Q329077. For more information, see the Microsoft article "MS02-052: Flaw in Microsoft VM JDBC Classes Might Permit Code to Be Run".

    WEB-EXCLUSIVE ARTICLES: The following items are posted on the Windows & .NET Magazine Web site. For the complete story, use the following link and scroll to the appropriate article.
    http://www.winnetmag.com/articles/index.cfm?articleid=26903

  • SP3 GP EDITOR DELETES ALLOWED APPLICATION LIST

    • A bug in Windows 2000 Service Pack 3 (SP3) causes Group Policy Editor (GPE) to incorrectly clear the list of allowed Windows applications. Discover the details at the following URL:
    http://www.winnetmag.com/articles/index.cfm?articleid=26903

  • AD ACCESS VIOLATION

    • A problem in the Lightweight Directory Access Protocol (LDAP) code that enumerates Active Directory (AD) properties causes all versions of Windows 2000 to generate an access violation when a program or service attempts to update AD. Find out how to fix this problem at the following URL:
    http://www.winnetmag.com/articles/index.cfm?articleid=26903

  • WIN2K AUTHENTICATION AND KERBEROS PACKETS

    • If you install and configure firewalls, you need to know about Windows 2000 authentication and Kerberos traffic on UDP port 88. Discover the details at the following URL:
    http://www.winnetmag.com/articles/index.cfm?articleid=26903

    4. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • MARK MINASI AND PAUL THURROTT ARE BRINGING THEIR SECURITY EXPERTISE TO YOU!

    • Windows & .NET Magazine Network RoadShow 2002 is coming this October to New York, Chicago, Denver, and San Francisco! Industry experts Mark Minasi and Paul Thurrott will show you how to shore up your system's security and what desktop security features are planned for Microsoft .NET and beyond. Sponsored by NetIQ, Microsoft, and Trend Micro. Registration is free, but space is limited so sign up now!
    http://www.winnetmag.com/seminars/roadshow

  • TEST WITH VUE, GET A SPECIAL DEAL ON WINDOWS & .NET MAGAZINE!

    • Windows & .NET Magazine has partnered with VUE to bring you the best rate ever on Windows & .NET Magazine! Simply register to take a Microsoft exam with VUE by October 31, 2002, and you'll be eligible for 2 years of the magazine for the price of one! This exclusive offer won't last so subscribe today!
    http://www.vue.com/winnetmag

    5. HOT RELEASE (ADVERTISEMENT)

  • SAVE TIME WITH WINTERNALS ERD COMMANDER 2002

    • What do you do when your server won't reboot? Re-image or reinstall? ERD Commander 2002 lets you troubleshoot and repair systems in a fraction of the time. Get a FREE 30-Day Trial CD at:
    http://www.winternals.com/widfreecd

    6. INSTANT POLL

  • RESULTS OF PREVIOUS POLL: XP SP1

    • The voting has closed in Windows & .NET Magazine's nonscientific Instant Poll for the question, "Has your organization rolled out Windows XP SP1 yet?" Here are the results (+/-2 percent) from the 334 votes: 
       - 29% Yes, we've rolled out XP SP1
   - 50% No, we still haven't upgraded to XP
   -  8% We haven't upgraded to XP SP1 yet, but we plan to soon
   - 13% We have no plans to roll out XP SP1

  • NEW INSTANT POLL: BUGBEAR

    • The next Instant Poll question is, "Has your organization been bitten by the Bugbear worm yet?" Go to the Windows & .NET Magazine home page and submit your vote for a) No, we haven't seen it, b) We've seen the worm, but our antivirus solution caught it, c) Yes, Bugbear has damaged our systems, d) I don't know.
    http://www.winnetmag.com/magazine

    7. RESOURCES

  • FEATURED THREAD: BROADBAND INTERNET SHARING

    • This user has two networked PCs and recently upgraded to a broadband Internet connection from a 56K modem. He can no longer access the Internet from the second computer. Can you help? Join the discussion at the following URL:
    http://www.winnetmag.com/forums/rd.cfm?cid=36&tid=47455

  • TIP: WHERE CAN I GET UPDATED WINDOWS XP BOOT DISKS?

    • (contributed by John Savill, http://www.windows2000faq.com) XP doesn't ship with boot disks, and you can't create these disks from the XP media. However, Microsoft provides downloads to create XP boot disks. As Microsoft continues to release service packs, the company will continue to update the downloadable boot disks, starting with new boot disks available for XP Service Pack 1 (SP1). You must download the correct set of boot disks for your version of XP (i.e., you can't use an XP Home Edition boot disk with an XP Professional Edition CD-ROM). XP Home SP1 boot disks are available at the first URL below, and XP Pro SP1 boot disks are available at the second URL.
    http://www.microsoft.com/downloads/release.asp?releaseid=42818
    http://www.microsoft.com/downloads/release.asp?releaseid=42819

    8. NEW AND IMPROVED
    (contributed by Carolyn Mader, [email protected])

  • PREVENT BLUE SCREENS

    • iolo technologies released System Mechanic 3.7, software that can prevent blue screens that result from system crashes. The program consists of 15 tools that clean the system registry, speed Internet and network connections, find and remove obsolete files, fix and remove broken shortcuts, eliminate footprints left behind following Internet sessions, and streamline system maintenance. System Mechanic runs on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x systems and costs $299.95. Contact iolo technologies at 626-793-3993.
    http://www.iolo.com

  • BUILD SITE MAPS AND NAVIGATION SYSTEMS

    • Auscomp released eNavigator Suite 7.0, software that lets you build fully customized information and site-navigation management systems for your Web, intranet, or extranet site in any of seven styles. You choose the style and technology you want and click the Site Indexer, which leads you to the Command Center, in which you can preview and edit your creation. For pricing, contact [email protected].
    http://www.auscomp.com

    9. CONTACT US
    Here's how to reach us with your comments and questions:

    This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
    http://www.winnetmag.com/sub.cfm?code=wswi201x1z

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    Windows & .NET Magazine UPDATE, brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies.
    http://www.winnetmag.com

    THIS ISSUE SPONSORED BY

    New Release - NetOp Remote Control v7.5
    http://www.crossteccorp.com/w2kmag.htm

    HP-Quest Software Free E2K Security Whitepaper
    http://www.quest.com/landing/winnetmag_update100702.asp
    (below COMMENTARY)

    SPONSOR: NEW RELEASE - NETOP REMOTE CONTROL V7.5

    FREE DOWNLOAD - CONTROL & ACCESS EVEN MORE PLATFORMS

    NetOp Remote Control, winner of PC Magazine's Editors' Choice, is now even more powerful:

  • Supports Linux, Solaris and all Windows platforms including CE
  • New Inventory feature lets you know what HW/SW is on your Host PCs
  • Additional authentication, session recording and time-out security features Control, Access and support PCs over the Internet, LANs, modems or wireless just as if you were in front of them. Trust NetOp v7.5 for Real Speed Security and Stability. Try NetOp v7.5 FREE today
    http://www.crossteccorp.com/w2kmag.htm

    • October 8, 2002—In this issue:

    1. COMMENTARY

    • MEC Opens with a Confusing Server Message

    2. HOT OFF THE PRESS

    • Windows & .NET Magazine Names MEC 2002 Best of Show Finalists

    3. KEEPING UP WITH WIN2K AND NT

    • Critical Java Security Hotfix
    • SP3 GP Editor Deletes Allowed Application List
    • AD Access Violation
    • Win2K Authentication and Kerberos Packets

    4. ANNOUNCEMENTS

    • Mark Minasi and Paul Thurrott Are Bringing Their Security Expertise to You!
    • Test with VUE, Get a Special Deal on Windows & .NET Magazine!

    5. HOT RELEASE (ADVERTISEMENT)

    • Save Time with Winternals ERD Commander 2002

    6. INSTANT POLL

    • Results of Previous Poll: XP SP1
    • New Instant Poll: Bugbear

    7. RESOURCES

    • Featured Thread: Broadband Internet Sharing
    • Tip: Where Can I Get Updated Windows XP Boot Disks?

    8. NEW AND IMPROVED

    • Prevent Blue Screens
    • Build Site Maps and Navigation Systems

    9. CONTACT US

    • See this section for a list of ways to contact us.

    1. COMMENTARY
    (contributed by Paul Thurrott, News Editor, [email protected])

  • MEC OPENS WITH A CONFUSING SERVER MESSAGE

    • MEC 2002, being held this week in Anaheim, California, has evolved from its beginnings as the Microsoft Exchange Conference and has taken on a wider focus of enterprise manageability. To that end, MEC 2002 includes tracks on Windows .NET Server (Win.NET Server) 2003, Active Directory (AD), and various Microsoft .NET Enterprise Server products, including Microsoft Exchange Server. Like Tech Ed (previously an administrative show) and the Professional Developers Conference (PDC), which appear to be merging into one show in 2003, MEC has evolved over time, as has Microsoft's enterprise push. And if you're confused by Microsoft's extensive server product line, you're not alone.

    Summing up Microsoft's server products used to be easy. I recall a 1996 server overview where the company touted such products as Windows NT Server 4.0, Microsoft Mail (the company's Messaging API—MAPI—mail server in pre-Exchange days), SQL Server 6.5, SNA Server (for connectivity with legacy IBM servers), and Internet Information Server (IIS) 1.0, all of which were part of the Microsoft BackOffice suite. Back then, BackOffice seemed like a great play on words. However, the product suite was destined for little notoriety because the products would just sit quietly in the server room and do their thing. Although the BackOffice name and suite will quietly end with the Win.NET Server generation of products, the successors to the products that were once part of BackOffice—a confusing mix of products that Microsoft is constantly tweaking—are playing a major role in Microsoft's expansion into the enterprise. You can expect to see some consolidation of these products in the coming year, but until then, we all have to deal with a bewildering set of server products. To help you understand this group of products, I've categorized them according to functionality in the following summary. Although this product list isn't complete, even this subset should demonstrate the difficulty in identifying and understanding which products make sense for a particular enterprise.

    For infrastructure, Microsoft offers its core server products: Windows Server, Exchange Server, and SQL Server. Not coincidentally, Microsoft will use a SQL Server-based data store to integrate future versions of these products. For enterprise management of PCs, people, and other resources, the company offers AD, Systems Management Server (SMS), and Microsoft Operations Manager (MOM), although the future of these products is unclear because Microsoft might merge them in some way. To manage Web applications and Web services, Microsoft offers Application Center and Internet Information Services (IIS) products and various .NET-based support services. For interoperability with legacy systems, Host Integration Server has replaced SNA Server, and the Windows Services for UNIX (SFU) product offers tools for integrating Windows into UNIX environments. For managing inhouse resources such as documents and time, Microsoft offers Mobile Information Server, SharePoint Portal Server, and Project Server. The eBusiness server products, which have been evolving in recent days to adopt open standards such as XML, include BizTalk Server, Commerce Server, Internet Security and Acceleration (ISA) Server, and Site Server, as well as the recently upgraded Content Management Server 2002, which Microsoft officially launched this week at MEC 2002.

    Microsoft's description of Content Management Server does little to identify the product's unique role. Microsoft says that Content Management Server provides a faster, more cost-effective way to create, deploy, and maintain mission-critical, content-rich Web sites that are business tools for communication with customers, partners, and coworkers. Compared to the company's other Web-site building products, Content Management Server's distinctive functionality isn't as well defined. One might use SharePoint Portal Server, for example, to build intranet- and extranet-based Web sites, generally for internal use only, where customers can share and collaborate on documents using a Web interface. Commerce Server facilitates the creation of e-commerce Web sites. And all of these products build off of IIS, of course.

    Apparently, the distinction among these servers is that the sites they create perform different roles, but differentiating among them is confusing. And when you add BizTalk Server into the mix—a product designed to use XML-based adapters to integrate your applications with those from other companies—you get a bizarre mix of servers, each of which comes with a hefty price tag. Pity the poor company that needs to publish sites internally and externally and link to its customers' and partners' systems. And who has the skills to manage all these products? Microsoft's Web site creation servers need to undergo the same type of consolidation that the company's management servers will undergo in 2003.

    In Microsoft's bid to head off potential competitors in the vastly interconnected world of the future, the company has forgotten the successful formula that brought the company to its current position. That formula can be summed up in one word, "simplicity", and simplicity is sorely missing in the company's current enterprise strategy. In fact, the only certainty in any of these products is, sadly, the licensing, which you can also sum up in one word, "expensive". Microsoft has adopted the UNIX pricing model, which generally means a per-processor price. For BizTalk Server, for example, that price is $7000 per processor for the Standard Edition, or $25,000 per processor for the Enterprise Edition. And most of these products aren't available in standalone configurations. Content Management Server 2002, for example, requires Windows 2000 Server or later, which is to be expected, and SQL Server 2000, another capable but expensive solution. And you'll want Microsoft Office XP on client machines so your employees can author content and Visual Studio .NET for your developers. As you can see, Microsoft's server products comprise a totally integrated environment.

    Nervous yet? If the most obvious way for customers to approach these products is to simply ignore them, Microsoft is doing something wrong. And if the company is serious about offering end-to-end solutions for the enterprise, it needs to simplify its server products—not offer a different server for every conceivable product niche. Ironically, Microsoft's management products are anything but manageable. I'd like to see that situation change.

    SPONSOR: QUEST SOFTWARE

    FREE WHITEPAPER: ENHANCE SECURITY, EASE ADMINISTRATION AND INCREASE PRODUCTIVITY. With the right management tools and best practices, you can do more with less.
    Quest Software and Hewlett-Packard have collaborated to offer "Advanced Security and Directory Administration for Exchange 2000," a free whitepaper offering best practices to help you make the most of the capabilities of your new environment.
    Improve security across the enterprise and make Exchange 2000 work for YOU. Download the whitepaper today!
    http://www.quest.com/landing/winnetmag_update100702.asp

    2. HOT OFF THE PRESS
    (contributed by Paul Thurrott, [email protected])

  • WINDOWS & .NET MAGAZINE NAMES MEC 2002 BEST OF SHOW FINALISTS

    • Windows & .NET Magazine announced finalists for the Best of Show Awards for MEC 2002. Judges selected finalists in five categories: management, mobility, networking/infrastructure, security, and collaboration and productivity. Windows & .NET Magazine editors will announce the Best of Show winners in Booth #526 at 12 p.m. on October 10 during MEC 2002 in Anaheim, California. For more information, visit the following URL:
    http://www.wininformant.com/articles/index.cfm?articleid=26859

  • 3. KEEPING UP WITH WIN2K AND NT

    • (contributed by Paula Sharick, [email protected])

  • CRITICAL JAVA SECURITY HOTFIX

    • Microsoft released a critical hotfix on September 18 that corrects three Java-based security problems. If you disable Java applets in Microsoft Internet Explorer (IE), you can safely ignore this update. If you let Java applets run (as most users do), you need to install this hotfix on all systems on which you browse Web sites not under your control.

    The hotfix eliminates two vulnerabilities that can let a malicious user take control of a machine that browses an attacker's Web site. In one case, a flaw in how the Virtual Machine (VM) manages Java database functions provides an opportunity for a malicious user to run DLL files of the attackers choice on the local system. To be a target for this type of attack, you must browse a Web site that is under the attacker's control, or read an HTML-based email on a system that doesn't have the Microsoft Outlook Email Security Update installed. The hotfix also eliminates a related database flaw that lets an attacker provide invalid data to IE that can crash the browser and eliminates a vulnerability an attacker can exploit to take control of a local system by leveraging a flaw in how Java loads XML functions.

    You need to install the hotfix on all systems for which the VM version number is 3805 or lower. To check the version, open a command prompt and type 

    jview

    The VM version number appears at the end of the first line of the command's output, which should be similar to "...Command-line Loader for Java Version 5.00.3805." You can install this hotfix from WindowsUpdate; the WindowsUpdate reference number is Q329077. For more information, see the Microsoft article "MS02-052: Flaw in Microsoft VM JDBC Classes Might Permit Code to Be Run".

    WEB-EXCLUSIVE ARTICLES: The following items are posted on the Windows & .NET Magazine Web site. For the complete story, use the following link and scroll to the appropriate article.
    http://www.winnetmag.com/articles/index.cfm?articleid=26903

  • SP3 GP EDITOR DELETES ALLOWED APPLICATION LIST

    • A bug in Windows 2000 Service Pack 3 (SP3) causes Group Policy Editor (GPE) to incorrectly clear the list of allowed Windows applications. Discover the details at the following URL:
    http://www.winnetmag.com/articles/index.cfm?articleid=26903

  • AD ACCESS VIOLATION

    • A problem in the Lightweight Directory Access Protocol (LDAP) code that enumerates Active Directory (AD) properties causes all versions of Windows 2000 to generate an access violation when a program or service attempts to update AD. Find out how to fix this problem at the following URL:
    http://www.winnetmag.com/articles/index.cfm?articleid=26903

  • WIN2K AUTHENTICATION AND KERBEROS PACKETS

    • If you install and configure firewalls, you need to know about Windows 2000 authentication and Kerberos traffic on UDP port 88. Discover the details at the following URL:
    http://www.winnetmag.com/articles/index.cfm?articleid=26903

    4. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • MARK MINASI AND PAUL THURROTT ARE BRINGING THEIR SECURITY EXPERTISE TO YOU!

    • Windows & .NET Magazine Network RoadShow 2002 is coming this October to New York, Chicago, Denver, and San Francisco! Industry experts Mark Minasi and Paul Thurrott will show you how to shore up your system's security and what desktop security features are planned for Microsoft .NET and beyond. Sponsored by NetIQ, Microsoft, and Trend Micro. Registration is free, but space is limited so sign up now!
    http://www.winnetmag.com/seminars/roadshow

  • TEST WITH VUE, GET A SPECIAL DEAL ON WINDOWS & .NET MAGAZINE!

    • Windows & .NET Magazine has partnered with VUE to bring you the best rate ever on Windows & .NET Magazine! Simply register to take a Microsoft exam with VUE by October 31, 2002, and you'll be eligible for 2 years of the magazine for the price of one! This exclusive offer won't last so subscribe today!
    http://www.vue.com/winnetmag

    5. HOT RELEASE (ADVERTISEMENT)

  • SAVE TIME WITH WINTERNALS ERD COMMANDER 2002

    • What do you do when your server won't reboot? Re-image or reinstall? ERD Commander 2002 lets you troubleshoot and repair systems in a fraction of the time. Get a FREE 30-Day Trial CD at:
    http://www.winternals.com/widfreecd

    6. INSTANT POLL

  • RESULTS OF PREVIOUS POLL: XP SP1

    • The voting has closed in Windows & .NET Magazine's nonscientific Instant Poll for the question, "Has your organization rolled out Windows XP SP1 yet?" Here are the results (+/-2 percent) from the 334 votes: 
       - 29% Yes, we've rolled out XP SP1
   - 50% No, we still haven't upgraded to XP
   -  8% We haven't upgraded to XP SP1 yet, but we plan to soon
   - 13% We have no plans to roll out XP SP1

  • NEW INSTANT POLL: BUGBEAR

    • The next Instant Poll question is, "Has your organization been bitten by the Bugbear worm yet?" Go to the Windows & .NET Magazine home page and submit your vote for a) No, we haven't seen it, b) We've seen the worm, but our antivirus solution caught it, c) Yes, Bugbear has damaged our systems, d) I don't know.
    http://www.winnetmag.com/magazine

    7. RESOURCES

  • FEATURED THREAD: BROADBAND INTERNET SHARING

    • This user has two networked PCs and recently upgraded to a broadband Internet connection from a 56K modem. He can no longer access the Internet from the second computer. Can you help? Join the discussion at the following URL:
    http://www.winnetmag.com/forums/rd.cfm?cid=36&tid=47455

  • TIP: WHERE CAN I GET UPDATED WINDOWS XP BOOT DISKS?

    • (contributed by John Savill, http://www.windows2000faq.com) XP doesn't ship with boot disks, and you can't create these disks from the XP media. However, Microsoft provides downloads to create XP boot disks. As Microsoft continues to release service packs, the company will continue to update the downloadable boot disks, starting with new boot disks available for XP Service Pack 1 (SP1). You must download the correct set of boot disks for your version of XP (i.e., you can't use an XP Home Edition boot disk with an XP Professional Edition CD-ROM). XP Home SP1 boot disks are available at the first URL below, and XP Pro SP1 boot disks are available at the second URL.
    http://www.microsoft.com/downloads/release.asp?releaseid=42818
    http://www.microsoft.com/downloads/release.asp?releaseid=42819

    8. NEW AND IMPROVED
    (contributed by Carolyn Mader, [email protected])

  • PREVENT BLUE SCREENS

    • iolo technologies released System Mechanic 3.7, software that can prevent blue screens that result from system crashes. The program consists of 15 tools that clean the system registry, speed Internet and network connections, find and remove obsolete files, fix and remove broken shortcuts, eliminate footprints left behind following Internet sessions, and streamline system maintenance. System Mechanic runs on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x systems and costs $299.95. Contact iolo technologies at 626-793-3993.
    http://www.iolo.com

  • BUILD SITE MAPS AND NAVIGATION SYSTEMS

    • Auscomp released eNavigator Suite 7.0, software that lets you build fully customized information and site-navigation management systems for your Web, intranet, or extranet site in any of seven styles. You choose the style and technology you want and click the Site Indexer, which leads you to the Command Center, in which you can preview and edit your creation. For pricing, contact [email protected].
    http://www.auscomp.com

    9. CONTACT US
    Here's how to reach us with your comments and questions:

    This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
    http://www.winnetmag.com/sub.cfm?code=wswi201x1z

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    TAGS: Security SQL Windows 7/8
    Hide comments

    More information about text formats

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish
    Recommended Reading
    digital world map on warehouse background
    How To Build an International Shipping Software System
    Jan 30, 2024
    PowerShell Analytics header.jpg
    Interactive Data Analytics With PowerShell, SQL, and ChatGPT (Sample Script)
    Sep 19, 2023
    blue gears
    How To Filter SQL Server Data in Windows PowerShell
    Sep 15, 2023
    PowerShell Chart hero.jpg
    How To Visualize SQL Server Data in PowerShell (With Sample Script)
    Sep 11, 2023