W2Knews[tm] (the original NTools E-News) Electronic Newsletter Vol. 5, #16b- April 10, 2000 Published by sunbelt-software.com since 1996 - ISSN: 1527-3407 'Immediate Notification Of Important Windows NT/2000 Events' ******************* over 600,000 SUBSCRIBERS***************** This Issue of W2Knews contains: 1. EDITORS CORNER: * It's an 'Active Directory Special' this time. 2. TECH BRIEFING: * Pro's and Con's of Microsoft AD V1.0. * Article on AD by Andy Milford, creator of UltraAdmin. 3. AD THIRD PARTY NEWS: * Brand New UltraAdmin V2.0 has great AD support. * DirectoryAnalyzer: AD monitor & troubleshooter. * April Special Offer: Security Explorer. 4. HOW TO USE THE MAILING LIST Instructions on how to subscribe, sign off or change your address. *************************SPONSOR******************************** Check out the new Windows 2000 Magazine Network. Not only can you access great content from 11 Web sites in the Windows 2000 Magazine family, you can zero in on answers from sources you know and trust. We've divided our content into convenient channels to allow you to broaden your knowledge about specific topics without having to bounce around from site to site. It's well worth a look. http://www.Win2000mag.net **********************WHAT IS W2Knews?*************************** Sunbelt W2Knews (the original NTools E-News) is the World's first and largest E-Newsletter designed for NT/2000 System Admins that have the job to get and keep NT up & running in a production environment. Sunbelt launched this electronic newsletter early 1996. Every week we keep the Windows NT/2000 community informed and aware of new developments of NT and 3-rd party System Management Tools. You get hints and tips that will enable you to better utilize and understand Win NT/2000 and help to pass your Certification Exams. Info and Stu's bio: http://www.sunbelt-software.com/w2knews.htm Via (separate) NTools E-NewsFlashes we will send you important breaking news like new service packs, killer viruses, etc. Sunbelt Software is the first and largest provider worldwide of Third Party System Management Tools for Windows NT. Tell Your Friends! All back issues are here, searchable and indexed on key words: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=nt-list&text_mode=0 ------------------------------------------------------------------- 1. "EDITORS CORNER" -------------------------------------------------------------------- ! [NOTE: Due to a glitch in the scheduling of Lyris, a small part ! ! of you received a preliminary version of this already last Monday! ! night. It was killed after a few percent went out. Here is the ! ! full final version that has quite a few modifications] ! -------------------------------------------------------------------- Hi NT/W2K Pro's, It's an 'Active Directory Special' this time. I'll go into detail in the Tech Briefing but I'll try to stick to the essentials. In the Third Party section we have two tools I specifically like if you already run AD, or shortly will go there. My feeling is that many network admins are dragging their feet on starting the Windows 2000 migration process partly due to fear, partly due to lack of knowledge, and mostly due to insufficient hardware for running 2000. What would be a good lab excercise is that you can create a small testnet and only upgrade one server on that network to support Active Directory. In particular, all you have to do is install Windows 2000 to your PDC, and boom - your test domain is now running in Windows 2000 mixed mode. Keep in mind that very few features of Win2K can be actually realized until users begin logging into the Active directory, but this setup will allow some ease of workstation management to start with. (In a production environment you'd want at _least_ 2 W2K domain controllers for redundancy reasons). That will allow you some experimentation time and give you some time to put well thought out planning in place before you touch a production environment. Think about things like logon scripts, replication, domain consolidation and a dozen other things. Real W2K domain migration is a big job you want to attack with a team. Warm regards, Stu. Email me with feedback at: [EMAIL PROTECTED] OOPS1: SR-1 of Office 2000 does not break all the time in every configuration. My item last week was a bit too 'general'. Some specifics: http://www.msnbc.com/news/387569.asp?0m=T23E&cp1=1 OOPS2: The actor in 'Network' was Peter Finch, and the movie itself was directed by Sidney Lumet. PPS: Thanks again for your extremely positive feedback about our new website design. Everybody said it was much easier to navigate. Not looked yet? Check: http://www.sunbelt-software.com/index.htm *************************SPONSOR******************************** Want to track your NT/2000 Event Logs from any web browser? With Event+Solution from Computing Edge, centrally define the Event Log policies and automatically receive notification (i.e. pager, e-mail, or SNMP) and initiate an automated response. Numerous web-based reports give you total flexibility to track the reports and status from any web browser. Save hundreds, even thousands of dollars compared to other Event Log products. Same low price for NT workstation and server. 30-day FREE trial! http://www.computingedge.com **************************************************************** 2. TECH BRIEFING: * Pro's and Con's of MS Active Directory Active Directory was an immediate response from MS to complaints from large scale users that big NT domains were a headache to manage. Keep in mind that NT 3.51 and 4.0 were basically only initially developed as servers for relatively small networks. Microsoft came out of the consumer market and the next level up was small business and small LAN's. NT 3.51 and 4.0 were simply not ready for really large scale environments. AD and W2K are the solution to this. Microsoft claims that Active Directory makes it easier to manage your (large) networks. Their position is that if you move to W2K, one of the biggest returns is that AD makes your life a lot easier. They also say it cuts costs for your employer. Let's look first at what Microsoft states about AD. (I took some paragraphs of their site and worked them around a bit). "What _is_ AD? It's a mechanism to manage the identities and relationships of the distributed resources that make up your network environment. The directory service provides a place to store the info about all your network-based entities such as applications, files, printers, and people. AD provides a consistent way to name, describe, locate, access, manage, and secure information about those individual resources you currently manage with a multitude of tools. Further, a directory service acts as the main switchboard of the W2K network itself. It is the central authority that manages the identities and brokers the relationships between these distributed resources, enabling all of them to work together in concert. Because a directory service supplies these fundamental network operating system functions, it must be tightly coupled with the management and security mechanisms of the operating system to ensure the integrity and privacy of your network. It also plays a critical role in your organization's ability to define and maintain your network infrastructure, perform system admin tasks, and control your overall user experience." "Why migrate to AD? - It simplifies management. Ad provides a single, consistent point of management for both users, applications, and devices. - It strengthens security. Ad gets users with a single sign-on to network resources and provides you as an administrator with powerful and consistent tools to manage security services for internal desktop users, remote dial-up users, and external e-commerce customers. - It extends interoperability. Supplies standards-based access to all Active Directory features as well as synchronization support for popular directories. A directory service is both a management and user tool. As the number of objects in a network grows, the directory service becomes essential. The directory service is the hub around which a large distributed system turns. To address these needs, Windows 2000 Server introduces Active Directory, an integrated set of directory services that improve the management, security, and interoperability of the Windows network operating system." What are the pitfalls? Now let's start with the potential pitfalls of AD. Peter Coburn sent me the following and I have to agree mostly, as we are really looking at a Microsoft V1.0 product. We know that these usually are bare bones and somewhat clunky, but they do get it right over time. 1. Active Directory is new, untested, about where Novells's NDS was 5 years ago 2. Active Directory does not support a heterogeneous environment yet, including other MS systems! 3. Performance: not as good as Novell's NDS 4. Reliability: largely untested and unknown 5. Security: ditto. This means that I would strongly advise you to actually so start with it as soon as possible in an advanced (power user) department and get familiar with the new concepts. Get trained on AD, find out where and if it gives you benefits, and approach it thoroughly and professionally. I'm sure that MS still has some challenges to overcome with AD, but the concept is sound. At the end of the following webpage is a 16 minute video they produced, which gives you a pretty good overview about the benefits. Up to you to get this implemented in your own environment! http://www.microsoft.com/windows2000/guide/server/features/dirlist.asp Below you find some tools that will help you with that task. ---------------------------- * Article on AD by Andy Milford, creator of UltraAdmin "As I interact more and more with my network administrator friends, I find that a common shared concern is the amount of time and money it will take to move towards Windows 2000 in their organization. In detail, they are concerned about upgrading hardware to meet the demands of Windows 2000, flattening their domain models, and charting out a comprehensive upgrade schedule for all of the servers and work- stations on their networks. They often are surprised when I tell them that it really doesn't take a lot of work to begin realizing one of Windows 2000's greatest features - Active Directory. Specifically, all a domain administrator needs to do is upgrade the PDC (Primary Domain Controller) of a NT 4 domain to Windows 2000 Server. This in itself isn't that tedious - for if you read MS's recommendations, they simply ask you to verify that 1.) your server meets the requirements of the Windows 2000 HCL, 2.) has enough disk space on the system partition for the new OS, 3.) your file system is NTFS, and 4.) you have a domain backup strategy in place using a disconnected BDC (Backup Domain Controller). Since a good majority of organizations already have their current PDCs running on powerful, fault-tolerant machines, most of the steps outlined above have been met. All that remains is about 2 hours of work on a weekend or evening when network use is at a minimum. Once your PDC has been upgraded to Windows 2000 Server with Active Directory in place, your domain begins running in Windows 2000 mixed mode, and your PDC still can replicate information to the older BDCs still running NT 4. But even more importantly, you now have access to the rich information database of Active Directory. Using our utility, UltraAdmin, you can quickly start adding Active Directory information to users, groups, and computers in your new Windows 2000 domain. Soon, you'll start to have a much more comprehensive view of how your organization is structured. For example, instead of just having a brief description of John Doe, you can begin filing away his phone numbers, email address, job title, mailing address, web pages, and more. You can store the physical location of computers and their DNS names every time you create a new computer account. In sum, as an administrator, Active Directory becomes a detailed rolodex of information about your network. Certainly, I don't want to oversimplify the Windows 2000 migration process. Stu has plenty of tools and books that can help you with the finer details of a migration. Yet all it takes to begin implementing Active Directory is a single Windows 2000 upgrade coupled with a flexible and AD-enabled administration tool like UltraAdmin." Andy Milford, CEO/Chief Software Architect Dorian Software Creations, Inc. **************************************************************** 3. AD THIRD PARTY NEWS: * Brand New UltraAdmin V2.0 has great AD support What's new in UltraAdmin 2.0? Sunbelt is proud to announce the release of UltraAdmin 2.0, the second version of the consolidated user, group, and server admin tool for Microsoft Windows NT/2000 networks. Version 2.0 ships with several new features, the most important being Active Directory support for users, groups, and computers inside W2K mixed and native mode domains. The developer Dorian Software told us they are dedicated to insuring UltraAdmin's interoperability between W2K and NT domains during this especially critical time of operating system transition. Already, UltraAdmin is gaining recognition in the emerging W2K community. In January of 2000, UltraAdmin was selected for inclusion with the Windows 2000 Server Bible, published by IDG Books. What can UltraAdmin do for you network administrators? Many IT departments have already made plans for migrating to W2K, others are drafting such plans currently. Handling the migration is a lengthy process, and many of you will have a mixed environment of existing NT 4 domains and machines alongside newer W2K ones. What will prove difficult for network admins is finding a tool versatile enough to manage the different types of users, groups, and computers in this mixed environment. UltraAdmin meets this challenge by effectively becoming a domain admin's "Swiss army knife," with many different feature sets that auto-adapt to the current mode of the domain (NT 4, Mixed Mode 2000, Native Mode 2000). Want specifics? Here are some of the new areas of W2K support that UltraAdmin 2.0 offers you: 1) UltraAdmin supports Active Directory for W2K Users, Groups, and Computers W2K brings Active Directory technology to the table, which allows administrators to collect and maintain much more detailed info about their users, groups, and computers in a central database. However, management of Active Directory is much different than traditional user and group management using User Manager for Domains. In fact, Active Directory account names are distinct from the traditional SAM account names maintained by NT 4 domain control- lers. Furthermore, Active Directory administration requires learning the new MMC snap-in Microsoft provides, which can only be run from a W2K system. UltraAdmin gives you full access to Active Directory information on users, groups, and computers regardless of their workstation OS (as UltraAdmin runs on NT 4 and 2000). Furthermore, it compartmentalizes the new Active Directory information and distinguishes it from legacy NT 4 account information (e.g. logon hours, dial-in settings, user-rights, etc). Account info is still enumerated using traditional SAM account names, but with Active Directory information just a click away. By using this unique approach to Active Directory, UltraAdmin eases the learning curve for anyone that is new to W2K. 2) UltraAdmin auto-detects NT 4, 2000 mixed mode, and 2000 native mode domains. UltraAdmin's interface always keeps you abreast of what mode a domain is in, displaying a graphic indicating the mode in the lower right-hand corner. Furthermore, UltraAdmin adapts its interface to the different rules that apply to different modes. For instance, did you know that you can't synchronize a W2K native mode Active Directory server? Or that W2K domains only accept the creation of one kind of computer account? UltraAdmin adjusts itself automatically to prevent headaches for you. 3) UltraAdmin supports new user account flags. Remember those traditional user account flags in User Manager, like "User cannot change password?" Microsoft W2K adds a whole new slew of these, like: + Require Smart Card Logon + Trust Account for Delegation + Account Cannot be Delegated + Support Reversible Encryption of Passwords (for Apple clients) + Use DES Encryption + Kerberos Preauthentication As stated before, UltraAdmin adapts its administrative views, and will allow you to toggle these flags when managing W2K users. 4) UltraAdmin continues to support W2K specific user rights, and audit policies. In addition to its new W2K features, UltraAdmin 2.0 includes new features useful in both Windows NT and 2000 environments, like: + Device configuration and management + Group account renaming + User and group copying, producing easy, templated account creation + Remote viewing of installed software + Remote viewing of network hardware (especially useful on multihomed machines) When you combine these new features with UltraAdmin's already rich set of Windows NT/2000 administration capabilities, you have a tool that needs to be in every network administrator's tool suite, especially those migrating to W2K. But surprisingly, with all of its functionality, UltraAdmin remains the most competitively priced utility in its class, costing only $175.00 per network administrator using the software. Per license discounts are available for volume purchases. You can get a single license from the Sunbelt Onlineshop with immediate delivery of full product. For Volume licenses, call your reseller or your Sunbelt Account Rep. To get your copy now, go to the new Sunbelt Software website and click the ONLINE SHOP tab. http://www.sunbelt-software.com/index.htm If you're still not convinced, check out some of the rest of UltraAdmin's many features: + Edit, add, and delete user accounts + Edit, add, and delete group accounts + Add and delete computer accounts + Map security identifiers to account names and vice versa + Manage NT services remotely + Manage open server resources + Manage user sessions/connections + Manage shared printers + Manage network shares and access control lists + Check free disk space / total disk space remotely + Check processor and OS type remotely + Check original date of installation and Service Pack info remotely + View remote server time and time zone information + Calculate relative network speed, number of hops, and round trip time to a server + Initiate full and partial domain resynchronization + Set domain-wide and computer-specific user account policy + Set domain-wide and computer-specific audit policy (NT 4 set AND Win2K set) + Manage user rights explicitly per user and per group (NT 4 set AND Win2K set) + Reboot servers remotely + Hide servers and workstations from the browse list + Perform remote network logons to untrusting workstations + Send popup messages to other NT users' machines + Browse to computer file shares + Quickly open connections to administrative hidden shares (e.g. C$, ADMIN$) + View event log information + Create and delete Exchange Server mailboxes when you add and delete domain users + Extend UltraAdmin with the UltraAdmin SDK Additional functionality is added all the time. Check out the specs here: http://www.sunbelt-software.com/product.cfm?id=277 Again, you can get a single admin license online for just $175 with immediate delivery of FULL product. For more than one license call your Reseller or Sunbelt Rep. Find us over here at: http://www.sunbelt-software.com/contact_us.cfm ------------------------------- * DirectoryAnalyzer: AD monitor & troubleshooter Deploy Active Directory with Microsoft W2K Server and you're taking the first step into a whole new world of network manageability. Ad is a powerful facility to administer user access to distributed services, control security and implement personal preferences. And, that's only the beginning. It's just a matter of time before everyone in your company will heavily depend on Active Directory. You can't afford to take chances with AD. You need to proactively manage the availability and performance of your directory with the only tool built specifically for that purpose: DirectoryAnalyzer, manufactured by NetPro Computing, Inc. While other (and older) server-oriented management products may promise the same value, they can't deliver it. Active Directory is logically distributed across your network, and it can only be managed with a tool that sees the service as a whole, not just one server at a time. If you have Active Directory you simply need DirectoryAnalyzer to keep it healthy. Major features: + Ensures the health of the directory + Delivers early warning of directory infrastructure problems + Provides error resolution with context-sensitive knowledge base + Troubleshoots your domains, DCs and DNS server + Centralizes access to directory information Download a 30-day eval and see what this tool can do in your domains: http://www.sunbelt-software.com/product.cfm?id=333 --------------------------- * April Special Offer: Security Explorer. Security Explorer is a powerful and intuitive utility to search for and modify Windows NT security on NTFS drives, the Registry, and Shares. Search across subdirectories for permissions. Grant, revoke, and clone permissions across subdirectories without affecting any other user's permissions. Select 50 shares on a server, and grant permissions to multiple users and groups at one time. Export permissions to a database for further analysis and reporting. Back up your file permissions and restore them if necessary. Set ownership on files and direc- tories. Seamless integration with the NT 4.0 Desktop (right-click just about anywhere). Security Explorer makes finding security holes and fixing them a snap! APRIL ONLY SPECIAL: Normally a Corporate, world-wide license, including maintenance costs $13,194. But for April 2000 only, this has been brought down to just $9,495 and, thrown in is 1 year tech support, updates, and a free upgrade to the Windows 2000 version that comes out in a few months. A BIG DISCOUNT ! Check out: http://www.sunbelt-software.com/product.cfm?id=788 **************************************************************** 4. "HOW TO USE THE MAILING LIST" Instructions on how to subscribe, sign off or change your email address TO SUBSCRIBE TO THE LIST (Tell your friends!) Click: http://lyris.sunbelt-software.com/scripts/lyris.pl?join=nt-list and fill out the form, simple & easy: 1 minute work. Or by email, send a blank message to the following address: [EMAIL PROTECTED] _____________________________________________________ TO QUIT THE LIST 1) The Web Way: http://lyris.sunbelt-software.com/scripts/lyris.pl? choose the NT-List, use your email address that is at the bottom of each newsletter and leave the list via the web interface. 2) The Email Way: Simply follow the personalized instructions at the very end of this newsletter. _____________________________________________________ TO CHANGE YOUR ADDRESS First unsubscribe and then resubscribe as per the procedure above. ******************************************************************** FOR MORE INFORMATION On the World Wide Web point your browser to: For the newsletter and our website: http://www.sunbelt-software.com For Tech Support on Sunbelt products mentioned: http://www.sunbelt-software.com/scripts/rightnow.exe Email for US sales information to: [EMAIL PROTECTED] Email for US Tech support to: [EMAIL PROTECTED] Email to the US Editor: [EMAIL PROTECTED] Email for European Sales to: [EMAIL PROTECTED] Email for European Tech support to: [EMAIL PROTECTED] At the time of this newsletter's release, all links were checked to verify their accuracy and validity. However, due to the ever changing pages of various sites, some links may later prove to be invalid. We regret any inconvenience should you be unable to open any of these links. ******************************************************************** Things Our Lawyers Make Us Say: This document is provided for informational purposes only. The information contained in this document represents the current view of Sunbelt Software Distribution on the issues discussed as of the date of publication. Because Sunbelt must respond to changes in market conditions, it should not be interpreted to be a commitment on the part of Sunbelt and Sunbelt cannot guarantee the accuracy of any informa- tion presented after the date of publication. INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM INFRINGEMENT. The user assumes the entire risk as to the accuracy and the use of this document. This document may be copied and distributed subject to the following conditions: 1) All text must be copied without modification and all pages must be included; 2) All copies must contain Sunbelt's copyright notice and any other notices provided therein; and 3) This document may not be distributed for profit. All trademarks acknowledged. Copyright Sunbelt Software Distribution, Inc. 1996-2000. [archive@jab.org] This is a posting from the nt-list, To unsubscribe, send a blank email to [EMAIL PROTECTED]