[Image]Sunbelt Windows NToolstm Electronic Newsletter Vol. 2, #22 - November 16,1997 http://www.sunbelt-software.com ------------------------------------------------------------------------ Sunbelt Windows NTools E-News is the world's first and largest E-Newsletter designed for NT System Managers that have the job of getting and keeping NT up & running in a production environment. Sunbelt launched this electronic newsletter so that we could keep members of the Windows NT community informed and aware of what is happening with 3-rd party NT System Management Tools, and to provide hints and tips that will enable you to better understand and utilize Windows NT. You'll find general Windows NT related and third party news, technical information, and 3-rd party beta and release information. By subscribing to NTools E-News[tm], you are also a charter member of the Sunbelt Field Test Bonus Program. Sunbelt Software is the first and largest distributor worldwide of Third Party System Management Tools for Windows NT with subsidiaries in the USA, UK, France, Germany, Holland and Italy. [Image] This issue of Windows NTools E-News contains: 1. "EDITORS CORNER" * Don't overlook the Value Of Support- Sunbelt Knowledge Base Announcement. 2. "TECH BRIEFING" * ANOTHER ACRONYM.. WHAT IS LDAP? 3. "NT RELATED NEWS" * WIN NT 5.0 TWICE AS BIG AS NT 4.0 * MCP MAGAZINE NEW ISSUE IS ONLINE * ANOTHER SECURITY HOLE AND A FIX FOR NT4.0 * UNDO Department: Corrected definition of Page Fault. * MICROSOFT WILL EASE RAS PAINS IN NT 5.0 4. "THIRD PARTY NEWS" * FORTESS-NT NOW AVAILABLE FOR ALPHA * ANOTHER WAY TO RECOVER FROM A CRASH * FINALLY, A SID CHANGER HAS BEEN DEVELOPED * BACKOFFICE CERT. FOR POWERFUL PERFORMANCE MONITOR 5. "HINTS AND TIPS - TIME SAVERS AND OTHER GOODIES... 6. "NEW: THE NT STOCK WATCH" 7. "HOW TO USE THE MAILING LIST" NEW Instructions on how to subscribe, sign off and change addresses. ***************************************************************** [Image] 1. "Editor's Corner" * Don't overlook the value of Support Last week I mentioned price changes in MS's Premier Service. The manager in charge of that area sent me an slightly concerned email and said that in the US the prices had not changed, started at a level of $45,000 and up depending on what services were offered. Microsoft has also introduced a new kind of "scaled-down" version of this package called "Authorized Support". It's priced at $29,000 and change in North America, offering multivendor support by HP and Digital but with direct Microsoft services built-in. But some of you would say that is still a lot of money... The crux of this whole support matter is of course downtime cost. Everything revolves around keeping your systems up & running. It is probably fair to say that the losses of one day of production downtime with 50 or more users on an NT Server are greater than the cost of whole server itself! So it is becoming increasingly important that you don't overlook the value of service and support. The relationship you have with your vendor doesn't end with the sale. In fact it really doesn't begin until you complete the transaction. That's when the quality of service and support your vendor provides will really become apparent. Unfortunately you can't know how valuable this service and support will be to your company until you need help. There are however some guidelines for rating the value of vendors service and support offerings, and these are true for both hard- and software. After sale support: It may be horribly inconvenient for some vendors, but computer system problems don't only happen during business hours. You need coverage and protection 24 hours a day, seven days a week, 365 days a year. Access to immediate technical information: Anyone with an NT box hooked up to the internet should be able to receive technical and informational documents and interactive support from their vendor. People: Who is at the other end of the line when you call for help? It can make all the difference. It's not reasonable for you to interview the employees off your vendor, but you can get a feel for the investment a vendor is willing to make. Ask how the vendor trains to its own people and how frequently. In buying system management software for your company, you want to deal with vendors that are strong on both sides of the offering: Excellent Products and Excellent Support. You may have found a great tool for your NT Server, but found a better deal (read: a few hundred bucks less) from a discounter. The first time you need support and spend a few hours to solve the problem due to lack of or bad support, you lost the small price advantage. Every problem after that, costs you dearly. The fact that the NT platform is much more cost effective than mini's, and is rapidly taking over the LAN server space helps your IS budgets. But make sure that you get your hard- and software from companies that know their stuff, and are committed to helping you keep your systems up and running. Tools that would have cost you $5,000 for a Digital VAX a few years ago, are now for sale for $300. But do not make the mistake to get involved with a vendor that cannot support the product you buy, because that practically always turns out more expensive than you think. That is why Sunbelt is committed to provide you with mainframe quality tech support, and the reason we are now announcing the Sunbelt Knowledge Base(SKB). You can find the SKB on our brand new website, where we have thousands of questions and solutions related to Win NT 3-rd party system management tools. Have a look at: http://www.sunbelt-software.com and check out this new resource we now have on-line for you. For a limited amount of time the SKB is open for all public. In the future it will be available only to our customers, resellers and software testers during the 30-day eval period of tools. Have a sneak peak at our SKB and you will get an idea about our commitment to customer service. To illustrate, an email that was sent last week by one of our customers: "I would like you and the management people at Sunbelt to know that I really appreciate all the help that Joe Huffman has been in helping me get Octopus to run. He has went out of his way to talk me through the setup and to answer all the questions that I come up with in a timely and professional manner. It is a joy and pleasure to work with someone of Joe's knowledge to get a product operational. I wish that other companies would follow your lead in making customer service number one. Thanks for all the help". - John Janes, Ceridian Corporation Warm regards, Stu [Image] 2. "TECH BRIEFING" * ANOTHER ACRONYM.. WHAT IS LDAP? Many of the top network directory vendors such as Novell, Microsoft, Banyan Systems, and Netscape have all agreed to support Lightweight Directory Access Protocol (LDAP) 3.0 as an open standard for accessing directory resources. However, LDAP compatibility only solves half of the problem of providing a universal method for managing network resources and applications. Although LDAP does provide a common directory schema (or directory object definition model) and directory access protocol, it doesn't provide any real integration between disparate network directories. For that, network administrators will need additional tools. Forthcoming management tools will use LDAP to write properties to different implementations of directory services objects. However, because these tools will have difficulty accessing extended object properties efficiently and dependably, they won't be considered adequate management tools in the short term. The LDAP idea is a good one. But whether or not it will ever provide real integrated management of all network resources is a question that won't be answered any time soon. [Image] 3. "NT RELATED NEWS" * WIN NT 5.0 TWICE AS BIG AS NT 4.0 Did you now that Win NT 5.0 is going to be twice as big as 4.0? Late next year when 5.0 will be released, the number of lines of code will likely double. That means that implementation of 5.0 is also going to be big. And it's up the you to make sure it doesn't become a big headache. What are the biggest changes? The domain model was thrown away, no more PDC's or BDC's. Instead Win NT 5.0 creates a hierarchical domain structure with domain controllers that are peers. And that's not all, the Windows NT security model goes bye bye as well. Instead we will have public keys and Kerberos authentication. Other important improvements are dynamic disks, and so-called virtual volumes. These break that 26-letter alphabet "ball-and -chain limitation", and allow you to move volumes between boxes in a domain. NT 5.0 looks more like a completely new product instead of an upgrade, and it would be good to start experimenting with it as soon as you can. Having the experience will make your upgrade path a lot easier. Get your hands on early 5.0 copies and plug them in a testbed. Keep in mind that 5.0 has much higher system requirements, like just under 300 Meg disk space. Users and analysts said system upgrades for Windows NT 5.0 could cost from $300 to $600 per station. But there are pitfalls if you want to play with 5.0, here are some examples: - Extreme difficulty with the installation process. - Problems getting two Windows NT 5.0 Beta 1 machines to communicate on the same network segment. - Inclusion of two separate sets of administration tools in the beta one for Windows NT 5.0 and one for 4.0 with no integration. - A manual disk defragmentation utility. Users who want automatic defragmentation capabilities still must buy third-party tools at an average cost of about $350. - Changes in the way simple, routine tasks are performed such as deleting files could slow down some users. For example, instead of clicking the mouse button once to delete a file or a folder, users now must hover their cursor over the item to be deleted, wait for the mouse to highlight the item, then click to delete. - Slow performance compared with the current Windows NT 4.0 release. For example, the Control Panel takes between three and four minutes to open because it is loading all graphic subsystem information. * MCP MAGAZINE NEW ISSUE IS ONLINE Have a look at the new issue. Lots of goodies including a test of a bunch of self-study kits for the MCSE exams. Here is the URL: http://www.mcpmag.com/members/97novdec/fea2main.asp * ANOTHER SECURITY HOLE AND A FIX FOR NT4.0 Another security flaw that allows for devious users to install a Trojan horse program. The hole in NT's default registry system -- which confers special access privileges in the Everyone setting -- is a backward-compatibility problem that stems from upgrading Windows 3.1 and Windows for Workgroups systems to NT. You can add an executable in there and the system would run it on start-up. That's what it's meant for, but the problem is that you could look at the permissions on that key, and it's giving full control to everyone, and anyone could add items in that. The solution is to tweak the settings back to where they really should have been in the first place. The result is that anyone with access to such an NT machine could perform an unauthorized software installation. To fix this, Microsoft recommends editing the Registry so that the Everyone setting in NT's permissions security setting has read-only access. * UNDO Department: Corrected definition of Page Fault. My definition: "Pagefault: the actual process of writing data from RAM to the pagefile on disk" was incorrect. I actually reversed it. A Fault is when a virtual page is referenced and needs to be retrieved from the Pagefile or the Standby List. Sorry 'bout that! * MICROSOFT WILL EASE RAS PAINS IN NT 5.0 Microsoft is working to add functionality to RAS in 5.0 that will allow users to add and remove serial devices, such as modems, without shutting down and restarting the service. It essentially boils down to plug-and-play functionality. You will have on-the-fly, automatic configuration, and the addition/removal of hardware. But at the moment, it's a pretty big problem. If you have to bring the service down, then you have the operating expenses for your employees as well as any profits or sales that are lost for the time it is down. Microsoft has recently announced additional RAS capabilities with the release of Internet Connection Services for RAS, Beta 3. Formerly code-named Base Camp, the enhanced RAS package is scheduled to ship by the end of the year in Windows NT Server 4.0 Option Pack, a bundle of technologies which will be ready before NT 5.0, due out end of 1998. The technology seeks to simplify RAS by providing a Connection Manager Client, a Connection Manager Administration Kit, a Connection Point Server, and an Internet Authentication Server. The administration kit will let administrators customize desktops; set support for multiple service types; automatically update phone books; create auto-applications that launch or shut down browsers or other applications when a connection is made or terminated; distribute licensing agreements and contracts to the client; build custom help files; offer multilanguage support; and assign secure connections. Internet Connection Services for RAS will support Microsoft's Point to Point Tunneling Protocol, Remote Authentication Dial-In User Service, and the Challenge Handshake Authentication Protocol. Support for the Layer 2 Tunneling Protocol will be ready in the Windows NT 5.0 time frame, Microsoft officials said. [Image] 4. "THIRD PARTY NEWS" * FORTESS-NT NOW AVAILABLE FOR ALPHA Fortress-NT provides several flexible but tamperproof security enhancements to Windows NT Workstations and Servers, applied on a per- user or per-workstation basis. Easily administered, Fortress-NT can be remotely installed and configured. Ideal for secure environments. Currently, Fortress-NT is in use at Boeing and the United States Coast Guard. It allows non-Administrator logons only during specified hours, and forcibly log the user off at a predetermined time, ending all tasks initiated by that user. Fortress provides an Idle Logout screen saver which logs the user off after a predetermined period of inactivity. Fortress Enforces that the workstation always have a password-protected screen saver enabled with a maximum specifiable delay. The product is now unavailable for Digital's Alpha NT platform as well as for Intel. * ANOTHER WAY TO RECOVER FROM A CRASH Mike Tibbs sent us the following: "In the latest newsletter, Vol. 2 #21, some options are discussed for recovering an NT Server crash. The article mentions Cheyenne (ArcServe backup software, I assume) as one option. Another option you should have included it UltraBac. This is the only backup software that I have found that can do an "image" backup of the entire system partition (or disk) which is a bit-for-bit image of the partition. The restore is done using a floppy and the image backup tape. You don't have to reinstall NT plus the backup software before restoring. You can also backup specific subkeys in the registry, e.g. HKLM/system/CurrentControlSet/Services, as opposed the course-grained approach of REGBACK or NT Backup, by using REGEDT32. This is an interactive/manual process, but could be automated (someone probably has already done this"). - Mike Tibbs Here is more info: http://www.sunbelt-software.com/ultrabac.htm * FINALLY, A SID CHANGER HAS BEEN DEVELOPED PowerQuest Corporation has developed a tool to solve conflicts arising between IS technicians' need for an imaging solution and Microsoft's concerns about duplicating security identifiers (SID) on NT workstations. Called PowerQuest SIDchanger, the tool replaces imaged workstation security identifiers and computer names. The tool is free to Drive Image Professional registered users, and can be downloaded from the PowerQuest Web site. The company plans to incorporate it into future releases. Drive Image Professional is PowerQuests new product that allows an IS technician to create, store, and transfer hard-drive images via a network, then download that image to any number of workstations. While there is no conflict with other operating systems, such as Windows 95, OS/2, or DOS, concern arose over the fact that NT workstation SIDs would be duplicated. This could create conflicts such as the first workstation being allowed access to the server, but subsequent workstations with the same SID being denied access, among other scenarios. PowerQuests SIDchanger resolves that by assigning a unique security identifier after the image has been restored. In response to market concerns, they developed the SID and computer name replacement tool to specifically address Microsoft Windows NT workstation imaging problems, says Russ Marsh, PowerQuest developer, and lead engineer for SIDchanger. However, everyone needs to remember that this is evolving technology. The widespread use of NT is so new, so we will update the tool as new information comes to us. For more information, see PowerQuests Web site at http://www.powerquest.com (Note: At the time that I wrote this, I could not establish a connection with their website.) * BACKOFFICE CERTIFICATION FOR POWERFUL PERFORMANCE MONITOR Do you manage by crisis or prediction? The Information Systems Manager announces that PerfMan(TM), the early warning system for NT, has recently been approved to use the Microsoft(R) "Designed for Microsoft(R) BackOffice(R)" logo. "PerfMan is a valuable tool for system administrators responsible for managing networks. We're pleased to welcome it into the family of Microsoft BackOffice logoed products," said Craig Fiebig, BackOffice Group product manager. "Enhancing BackOffice customers' ability to proactively manage their environments and plan for the future delivers real value." "Significant data management, trend analysis, and reporting capabilities make PerfMan the perfect complement to Microsoft's Performance Monitor for proactive performance management and capacity planning," said Tom Evans, PerfMan product manager. "PerfMan delivers full control of performance metrics from a complex network of servers and workstations. It identifies exception conditions in the network and provides early warning of potential performance problems. In environments where service levels are critical to success, PerfMan delivers tangible results." PerfMan's powerful, easy to use package includes PerfMan Server, PerfMan Collector, and PerfMan Analyst. Each component is ready to use right out- of-the-box. PerfMan installs in minutes on your Windows NT Server or Workstation. With release of version 2.0, administrators achieve greater monitoring control of their environments. PerfMan Collector will monitor thousands of NT systems from a centralized point without requiring any agent software on the systems being monitored. This non-intrusive architecture and efficient collection technology dramatically cuts administrative overhead and significantly reduces the chance of human error. Download an eval copy at: http://www.sunbelt-software.com/perfman.htm [Image] 5. "HINTS AND TIPS - TIME SAVERS AND OTHER GOODIES... Jack Cummings sent us the following Tip: I have been receiving your E-News Electronic Newspaper for several months now, and enjoy reading both the articles and helpful tips. Recently, I have discovered a useful tip of my own if you would like to include it in your news article... As a member of the tech. staff at my high school, I have recently spent a good deal of time working with the NT4 server. I often needed to access the control panel applets, however I found it to be a nuisance to open the container window through Start->Settings-> Control Panel, selecting the one .CPL I wanted to use, then close the window again. As it turns out, you can place the contents of your Control Panel directly into the Start Menu as a folder! If you have the TweakUI applet that comes with Microsoft Power Toys, the job is simple: just go into the Desktop tab, highlight "Control Panel" and click "Save as File", directing the output to your Start Menu directory. Download the TweakUI, from the Sunbelt FreebieForum at: http://www.sunbelt-software.com/category_search.htm [Image] 6. "NEW: THE NT STOCK WATCH" Weekend Closing Numbers 52 WK 52 WK P/E WEEK SECURITY CLOSE HIGH LOW RATIO CHNG --------------------------------------------------------------------- Dell Computer Corp....... 79 1/8 103 7/8 22 1/16 39 +0.7% Digital Eqpmt. Corp...... 49 1/16 53 13/16 25 39 -2.6% Intergraph Corporation... 10 1/4 14 3/16 6 1/4 +2.5% McAfee Associates Inc.... 48 5/8 78 1/2 36 1/2 31 -6.2% Microsoft Corporation.... 133 5/16 150 3/4 73 11/16 50 +1.3% Network General Corp..... 19 13/16 30 1/4 11 1/8 -5.6% Novell Inc............... 8 1/8 13 6 17/64 +0.7% Oracle Corporation....... 34 7/16 42 1/8 22 25/64 49 -1.4% Qualcomm Inc............. 69 13/16 68 1/2 38 55 +11.7% Qualix Group Inc......... 4 1/4 9 3/4 4 14 -8.1% Seagate Technologies Inc. 25 1/2 56 1/4 23 1/8 22 -2.8% Sun Microsystems Inc..... 34 5/8 53 5/16 25 1/2 18 -4.4% Sybase Inc............... 15 13/16 23 5/8 12 1/8 63 +2.0% Symantec Corporation..... 24 1/8 25 3/4 12 22 +9.9% Dow Jones 30 Industrials. 7,572.48 -0.1% [Image] 7. "HOW TO USE THE MAILING LIST" Instructions on how to subscribe, sign off and change addresses TO SUBSCRIBE TO THE LIST Go to: http://www.sunbelt-software.com/scripts/lyris.pl?join=nt-list and fill out the form, simple & easy: 1 minute work. _____________________________________________________ TO QUIT THE LIST Two ways to do it: 1) Go to: http://www.sunbelt-software.com/scripts/lyris.pl choose the NT-List, use your email address that is at the bottom of each newsletter and leave the list via the web interface. 2) Simply forward any newsletter you get to this email address: unsub-nt-list@lyris.sunbelt-software.com _____________________________________________________ TO CHANGE YOUR ADDRESS First unsubscribe and then resubscribe as per the procedure above. FOR MORE INFORMATION On the World Wide Web point your browser to: For the newsletter: http://www.ntnews.com For Back Issue: Volume #2 Issue 20 Volume #2 Issue 21 For our website: USA: http://www.sunbelt-software.com Email for US sales information to: ntsales@sunbelt-software.com Email for US Tech support to: daved@mail.sunbelt-software.com Email to the US Editor: ntnews@gte.net Email for European Sales to: Europe@sunbelt.fr Email for European Tech support to: robdixon@sunbelt.demon.co.uk Legal Stuff: This document is provided for informational purposes only. The information contained in this document represents the current view of Sunbelt Software Distribution on the issues discussed as of the date of publication. Because Sunbelt must respond to changes in market conditions, it should not be interpreted to be a commitment on the part of Sunbelt and Sunbelt cannot guarantee the accuracy of any information presented after the date of publication. INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM INFRINGEMENT. The user assumes the entire risk as to the accuracy and the use of this document. This document may be copied and distributed subject to the following conditions: 1) All text must be copied without modification and all pages must be included; 2) All copies must contain Sunbelt's copyright notice and any other notices provided therein; and 3) This document may not be distributed for profit. All trademarks acknowledged. Copyright Sunbelt Software Distribution,Inc 1997. To Unsub or search all postings via the web-interface go to: http://www.sunbelt-software.com/scripts/lyris.pl