W2Knews[tm] (the original NTools E-News) Electronic Newsletter Vol. 5, #56- December 4, 2000 - Issue #231 Published by sunbelt-software.com since 1996 - ISSN: 1527-3407 'Immediate Notification Of Important Windows NT/2000 Events' *******************over 600,000 Readers****************************** This Issue of W2Knews contains: 1. EDITORS CORNER: * Downtime for Sunbelt - rare but true. 2. TECH BRIEFING: * GUEST COLUMN: The Three Event Log Management Categories 3. NT/2000 RELATED NEWS: * What is NASDAQ's influence on Microsoft? * Office 2000 Service Pack 2 released * Do I need the new Intel Pentium 4 for NT/W2K? 4. NT/2000 THIRD PARTY NEWS: * ZD-Benchmarks Show AutoPilot For W2K Shines * Save Your Weekend - Here's how. 5. W2Knews 'FAVE' LINKS: * This week's three Fave Links from Sunbelt. 6. BOOK OF THE WEEK: "Certification City!" 7. HOW TO USE THE MAILING LIST Instructions on how to subscribe, sign off or change your address. *********************** SPONSOR: SurfControl************************* HAVE YOU LOST CONTROL OF YOUR NETWORK? Cyberslackers spend hours, consuming large amounts of network bandwidth window-shopping & making purchases. This holiday season analysts predict a GLOBAL BIG BANG in online shopping - 60% more than last season. Don't be caught UNAWARE! Easily Monitor, Block, Report & Manage employee Internet use. Take control! Download SurfControl's FREE 30-day trial TODAY, complete w/ tech support: http://www.sunbelt-software.com/redir.cfm?id=120400surfctrl **************************What Is W2Knews?*************************** Sunbelt W2Knews is the World's first and largest e-zine designed for NT/2000 System Admins and Power Users that need to keep these platform up & running. Every week we get you pragmatic, from-the- trenches news regarding NT/2000 and 3-rd party System Management Tools. W2Knews will help you to better understand NT/2000 and pass your Certification Exams. You will get breaking news like new tools, service packs, sites, or killer viruses via W2KNewsFlashes. Sunbelt Software is THE NT/2000 e-business tools site. At the end of this e-zine are links to all indexed and searchable back issues. --------------------------------------------------------------------- 1. "EDITORS CORNER" * Downtime for Sunbelt - rare but true. Hi NT/W2K-ers, Well, yesterday was the rare occasion where we had 4 hours of downtime of our site in the middle of the day, OUCH! How did that happen? Our local ISP is normally very reliable and has multiple feeds from different backbones, but yesterday one major single point of failure was exposed: their big CISCO 7500 router. The device lost *all* its configurations and so the routing tables were not accessible. In short, the device took a long, deep dive and lemminged. Anyone asking for www.sunbelt-software.com or any of the ISP's other customers (hundreds) could not get through. Yikes. Now you might ask, "Well don't you have some other machines at another location for redundancy?" Yes we do. We have a second, completely independent server that sits hosted in a protected co-location site in Texas, far removed from an eventual complete hurricane wipeout of our Clearwater, FL site. Both sites are identical with all the website data coming out of SQL 7, a Cold Fusion driven interface and replicated with Double-Take between the two sites to guarantee everything is always updated and available. So, how come the downtime? We first thought that it would take the ISP just a few minutes to get back up. When that was more than an hour we grabbed the car and drove over there to figure out what the heck was happening. It’s only a 5 minute drive. After about 20 minutes we knew it might take a while before they would be back up. So at that point we decided to route everyone to our Texas site by entering a new DNS record that would point to the TX site instead of Clearwater. But how? No internet access from the office! So we drove over to my home office with Cable modem and entered the Texas site with Terminal Server and changed the DNS settings. However, the Time To Live was an hour, so it took a while to propagate. All in all, it took 4 hours to get back into the air. The lesson we learned? Double-Take did its replication work admirably, but Sunbelt as a website was were not set up correctly for the event that our www.sunbelt-software did not resolve. So, what we will do is get a DNS server in-house and set things up so that we have DNS round- robin with Texas. Not a lot of work really but our ISP has not gone down for 5 years so we had become lazy. [grin]. Next issue I'll talk about a case study where Egghead.com uses Double-Take and Radware for the high-availability of much bigger website. And we'll have a white paper that shows how that works. We learned we were still vulnerable when our ISP got wiped out, despite the fact we had two geographically separate and replicated sites. This weekend we are changing 60 NT workstations to W2K, with latest version of O2K SP2, and when we're done with that, we'll get that DNS server installed!! Warm regards, Stu. (email me with feedback: [EMAIL PROTECTED]) *********************** SPONSOR: Win2000Mag************************** The recent hacks on Microsoft's internal network are a reminder that security breaches can happen to anyone. But there are steps you can take, like subscribing to the new Security Administrator newsletter from the editors at Windows 2000 Magazine. Protect your systems and subscribe today! http://www.sunbelt-software.com/redir.cfm?id=120400secadmin ********************************************************************* 2. TECH BRIEFING: * GUEST COLUMN: The Three Event Log Management Categories Event log management may well be one of the most overlooked areas of network management by system administrators. While event logs in W2K/ NT contain a wealth of information pertaining to network security, health of system hardware, and status of software apps, many admins find it too tedious to develop a strategy for harnessing this data. Some of the biggest challenges they face in their attempts at utilizing event log information are as follows: 1) Decentralization of event log entries (each NT/2000 server and workstation maintains its own set of logs) makes multi-computer analysis difficult. 2) Manual collection of event log entries on a scheduled basis takes too many human hours to implement. 3) Event logs fill up rapidly (especially when full-auditing has been enabled), either resulting in lost records or additional administrative overhead (see number 2) 4) Little or no reference information on common auditing categories makes it difficult to filter security logs. 5) No intrinsic reporting tools are available for presenting event log information to management. 6) No intrinsic mechanisms exist to monitor event log activity in real time. Fortunately, there are variety of third-party solutions available that can help you streamline your event log management strategies. Most of these tools focus on one or more of the following three categories. Let's explore each category in more depth. I. Event Log Archiving Tools Archiving tools establish schedules for automatically collecting and storing event log entries. These tools may place event log records in ODBC databases (such as Microsoft Access or SQL Server), or store them as a collection of EVT or text files. When stored independently as files, administrators can open up individual archived logs if they need to investigate activity that happened weeks or months in the past. Some law enforcement agencies prefer obtaining security evidence in EVT format only, since they consider this format to be less susceptible to tampering. Additionally, some tools in this category can consolidate multiple computer logs into central databases, setting up an arena for cross- network, multi-computer analysis. II. Event Log Reporting/Analysis Tools Reporting and analysis tools assist the administrator in spotting trends or isolating certain types of activity (often security related) on their network. Most tools in this category contain built in, or "canned" mechanisms for generating reports as a benefit to the network administrator. Reports can be detailed (e.g. showing every related event that occurred in a log source), or comprehensive for broader trend analysis. In sum, these tools know what to look for inside event logs and subsequently save the system admin time. III. Event Log Monitoring Tools Monitoring tools typically deploy "agents" to watch over selected event logs within a network, and are capable of generating notifica- tions when certain predefined criteria are met. Common notification forms are SMTP email, TAPI/pager notification, NT/2000 popup alerts, and console messages. Often, event log monitoring tools are popular with larger organizations that need instant, real-time alerts to activity occurring on the network. Not all Microsoft Windows NT/2000 networks are the same, especially when it comes to size and budget. However, it's important to implement an event log management strategy utilizing tools from one or more of the above categories, based on the needs of your network. Such a comprehensive strategy helps to strengthen the security and bolster the health of your network, and allows you to be a more proactive, as opposed to reactive, sys admin. Here are two links to useful event log management tools. Some of these combine elements of all three categories above, and others are stand- alone modules that focus on just one function. http://www.sunbelt-software.com/product.cfm?id=533 http://www.sunbelt-software.com/redir.cfm?id=120400dorian (This article was written especially for W2Knews by Any Milford, CEO of Dorian Software Creations). ********************************************************************* 3. NT/2000 RELATED NEWS: What is NASDAQ's influence on Microsoft? The market is now at about 50% of its peak on March 10, 2000. Back in those times we lived in the times of the 'Internet Bubble' and 'irrational exuberance'. But Alan Greenspan regularly hiked the interest rates and, (though I'm not suggesting a causal relationship) in April this year, the bubble burst and the current meltdown started. Next thing you know, a bunch of so called 'pre-announcements' came through from the tech sector. It means a company warns they will not make the numbers that Wall Street expects them to make. To make matters worse, last week Gateway said that their Thanksgiving weekend sales stank and were 30% below last year's. Their Q4 will see a loss. That sent even more shock waves through the market. The U.S. election mess is not helping either. So, how is Microsoft fairing through all this? Pretty well actually. Sure, in the last week their stock dove with all the others but is still around $55. This is unlike some of the dotcom flameouts that lost 80 to 90% of their stock value in the last 6 months. Gateway blames overall world conditions instead of problems that are specific to itself. But Compaq and Dell denied that their sales were as bad as Gateway's. It may well be that PC's have reached a saturation level especially in the USA with 53% of the households owning a PC now. Handhelds are the new growth market. Keep in mind, this is all in the consumer markets. The commercial markets are not affected as much, but PaineWebber worried that it could spill into commercial. That means good news for us, as you will see prices drop for hardware in Q1 due to high inventory levels. Very soon it will be the time to get those new servers you needed. You can start planning now. And since 70% of the new servers in 2001 will get W2K preinstalled on them, I suggest you choose that option too. ---------------------- * Office 2000 Service Pack 2 released Last Tuesday, MS released SP2 for O2K. It was waited for impatiently, as SP1 did not have such a good reputation. SP2 has around 200 patches for security and bug fixes, and is only a small 9MB download. If you get the System Admin version it's 30MB. An important note is that you can ONLY install it on top of SP1 (they call it 'Service Release' instead of Service Pack for inexplicable reasons). I tried it just for fun, and SP2 refuses to install when you do not have SR1 installed first. Make sure that you test it first, as there IS NO UNINSTALL with this SP2. There are quite a few fixes that are relatively insignificant like spelling errors. But a few of the bigger ones are performance issues and memory leaks. Outlook has the most fixes (and needed it). More details of O2K SP2 and the downloads, are at: http://officeupdate.microsoft.com/2000/downloaddetails/SP2upd.htm Here is the list with bugfixes: http://support.microsoft.com/support/kb/articles/Q276/2/57.asp ---------------------------- * Do I need the new Intel Pentium 4 for NT/W2K? Well, I can be really short about that question. No, unless you are deeply involved in either graphics or multimedia. The typical cube- dweller like us will not see any significant benefits from this chip. And frankly, this is exactly what Intel has been telling everyone all along but that message might not have been heard. The P4 was released a few weeks ago and was redesigned to speed the delivery and creation of multimedia, better graphics, voice and video performance. The new P4 gets you faster rendering of multimedia stuff by anticipating what chunks of data will be needed next, think large graphics files or streaming video. It did not get much smarter though when you look at the Operating System or Office 2K. Intel now has two P4 flavors: 1.4 and 1.5 GHz. Reports have come out that they are running office apps at about 10% faster than the older P3 1Ghz silicon so I see no burning need for you to upgrade. The new buzzwords Intel is using for the P4 wizardry are 'Hyper Pipelined Technology'(HPT) and 'Advanced Dynamic Execution'(ADE) which respectively allow the P4 chip to handle more processes at the same time, and juggle more data simultaneously. The upshot? A CPU that has better multitasking features and some built-in intelligence that tries to see what you will do next. I'm waiting for the next buzzword for the P5: ESP [grin]. For the moment, I'm going to play with my new Dell Dual 933 that arrived this week. Tell you more about this puppy next week! ********************************************************************* 4. NT/2000 THIRD PARTY NEWS: * ZD-Benchmarks Show AutoPilot For W2K Shines When the new AutoPilot for Windows 2000 was released a month after thorough field testing, we had not really taken the time to find out HOW MUCH it would speed up the systems. So, we took a few brand new Dell boxes we already had sitting in a stack for the W2K upgrade this weekend. We took a single CPU 933 and a Dual CPU 933 and let the Ziff-Davis WinBench 99 loose on them with very good results. (PS, these benches are great: www.winbench.com) As you know perhaps, AutoPilot has a series of different modules that you can turn on and off for further tuning. What we first did was run the Bench just as is, without AP. Then we ran it with *all* AP modules turned on, and next with each module just by itself. Next we looked at the results of each module and took the three that showed the best results and turned those ON and the rest OFF. Keep in mind that each WinBench tests different kinds of things so we tuned AutoPilot to get the best results. We found that we got the highest numbers with the following three AutoPilot modules turned ON: "Pentium Pro, Priority, and Working Set" on a brand new Dell 933 with W2K Pro Build 2195 factory installed. Well, the results were very encouraging to say the least. AP never caused any numbers to really go down, and in a few cases it made a tremendous postivive difference. Here are some WinBench 99 numbers that show a significant increase in the disk speeds (which are the slowest component of each computer obviously) NO AP WITH AP Business Disk WinMark 99 (1000 Bytes/Sec) 3230 3960 Disk Playback/HE:AVS/Express 3.4 (1000 Bytes/Sec) 4610 12,000 Disk Playback/HE:FrontPage 98 (1000 Bytes/Sec) 11,400 28,100 Disk Playback/HE:MicroStation SE (1000 Bytes/Sec) 7930 14,900 WinBench 99/Disk Playback/HE:Overall 5820 11,700 Similar apps like Premiere and SoundForge also saw increases of 50 to 100% in disk playback. We like these numbers as you will understand. Need an application accelerator for Windows 2000? Check out: http://www.sunbelt-software.com/product.cfm?id=222 ------------------------- * Save Your Weekend - Here's how. Four o’clock on Friday, HR has just hired 20 new people and the paperwork just hit your desk! You need to setup all 20 Windows NT/2000 accounts, Exchange mailboxes, home directories and home shares, Terminal Server profiles and a myriad of group and Exchange distribution list assignments by 8:00 AM Monday. There goes your weekend. What if you could create everything these 20 new employees needed, while enforcing user and group naming conventions and password security in less than seven (7) minutes and still be able to leave work early to beat the commuter rush home? With Trusted Enterprise Manager (TEM) from MDD Inc. you could do that... or even one better. Why not delegate the creation of new users accounts to HR, Office Administrators, or even the Helpdesk to Trusted Managers? - Trusted Managers do not need the years of technical training and certifications that you have. - Trusted Managers did not need an understanding of how the network is structured and how all the pieces fit together. - Trusted Managers did not have to be relied on to follow the carefully defined conventions you have created to keep order and manageability on your network. - Trusted Managers can be delegated specific and granular admin permissions necessary to create new user accounts, but also denied any other admin permissions on the network. - Trusted Managers can be forced to follow the naming conventions for users, groups and distribution lists. - Trusted Managers user templates guarantee that each user is assigned to the proper groups, Exchange distribution lists, and receives the proper home directory permissions? - Trusted Manager created users are automatically pointed to standard login scripts. - Trusted Managers entire user creation process consists of simply selecting template user accounts based on department and typing the user’s full name. I know it sounds too easy and you are afraid they will still find a way to mess it up. Not to worry, after Trusted Managers have created new users, you are able to run comprehensive reports on their actions and the new accounts to confirm that everything was created correctly. Sound too good to be true? All this and more is available with Trusted Enterprise Manager. TEM 3.1 allows you to take any of your existing Windows NT/2000 Groups and link them to Exchange Distribution List, so they can be managed simultaneously. Copying an existing user and the associated group membership to a new user will automatically add the new user to the corresponding Exchange Distribution Lists. Membership changes will automatically be reflected in both directories. All of this can be accomplished in a matter of seconds. TEM 3.1 enhances this benefit by allowing delegation of this feature to trusted non-domain administrators. Coupled with user share creation and naming convention enforcement, TEM 3.1 can transform a laborious task into a couple of mouse clicks. TEM 3.1 has had an impressive positive impact with thousands of NT/2000 Enterprise Administrators, who use it everyday to automate tasks, delegate administration, strengthen security, centralize auditing and generate real-time reports. See for yourself and download the latest TEM 30-day eval version. Fast install & Powerful features. We have a System Engineer ready for your phone walkthrough. Check out: http://www.sunbelt-software.com/product.cfm?id=255 ********************************************************************* 5. W2Knews 'FAVE' LINKS: === Northern Light Technology has a good page about virus protection: http://special.northernlight.com/compvirus/ === Here is a site that combines almost all Tech E-zines and the option to subscribe to them: http://www.freetechmail.org/ === The internet mapped, and also in 3D. Pretty cool stuff actually! http://maps.map.net/ === A good CISCO white paper about building secure networks from the ground up: http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safe_wp.htm ********************************************************************* 6. BOOK OF THE WEEK: "Certification City!" This time we have pretty much ALL the books you need to get W2K certified, and all discounted big time. Have a look and get what you need for your next exam over at the Sunbelt BookClub! http://www.sunbelt-software.com/bookclub/ ********************************************************************* 7. "HOW TO USE THE MAILING LIST" Instructions on how to subscribe, sign off or change your email address TO SUBSCRIBE TO THE LIST (Tell your friends!) Click: http://lyris.sunbelt-software.com/scripts/lyris.pl?join=w2knews and fill out the form, simple & easy: 1 minute work. Or by email, send a blank message to the following address: [EMAIL PROTECTED] _____________________________________________________ TO QUIT THE LIST Go here, choose the list you are on, and follow instructions: http://lyris.sunbelt-software.com/scripts/lyris.pl and unsubscribe from either the nt-list or w2knews. You can see which list you are on looking at the FROM address of the newsletter. (It takes a week for this change to filter through so you may still get one or two news items before the flow stops). ____________________________________________________ TO CHANGE YOUR ADDRESS First unsubscribe and then resubscribe as per the procedure above. ********************************************************************* FOR MORE INFORMATION On the World Wide Web point your browser to: For the newsletter and our website: http://www.sunbelt-software.com For Tech Support on Sunbelt products mentioned: http://www.sunbelt-software.com/scripts/rightnow.exe Back Issues are here, all searchable and indexed. NT-list: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=nt-list&text_mode=0 Back Issues of W2Knews are all here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=w2knews&text_mode=0 Cannot unsubscribe? Getting it twice? Send an email to a live person: [EMAIL PROTECTED] (It will take about a week for the change to filter through the systems, so you may still receive one or two newsletters before the flow stops.) Email for US sales information to: [EMAIL PROTECTED] Email for US Tech support to: [EMAIL PROTECTED] Email to the US Editor: [EMAIL PROTECTED] Email for European Sales to: [EMAIL PROTECTED] Email for European Tech support to: [EMAIL PROTECTED] At the time of this newsletter's release, all links were checked to verify their accuracy and validity. However, due to the ever changing pages of various sites, some links may later prove to be invalid. We regret any inconvenience should you be unable to open any of these links. ********************************************************************* Things Our Lawyers Make Us Say: This document is provided for informational purposes only. The information contained in this document represents the current view of Sunbelt Software Distribution on the issues discussed as of the date of publication. Because Sunbelt must respond to changes in market conditions, it should not be interpreted to be a commitment on the part of Sunbelt and Sunbelt cannot guarantee the accuracy of any informa- tion presented after the date of publication. INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM INFRINGEMENT. The user assumes the entire risk as to the accuracy and the use of this document. This document may be copied and distributed subject to the following conditions: 1) All text must be copied without modification and all pages must be included; 2) All copies must contain Sunbelt's copyright notice and any other notices provided therein; and 3) This document may not be distributed for profit. All trademarks acknowledged. Copyright Sunbelt Software Distribution, Inc. 1996-2000.