Windows & .NET Magazine UPDATE, April 30, 2002

Windows & .NET Magazine UPDATE—brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies.
http://www.winnetmag.com

THIS ISSUE SPONSORED BY

ERD Commander 2002-Try This Tech Ed Winner FREE!
http://winternals.com/UpdateFreeCD

24 x 7 Availability Web Seminar
http://www.winnetmag.com/webinar/availability.cfm
(below COMMENTARY)

SPONSOR: ERD COMMANDER 2002-TRY THIS TECH ED WINNER FREE!

Revive Dead Systems With ERD Commander 2002—FREE! With ERD Commander 2002—OVERALL BEST OF SHOW winner at Microsoft's Tech Ed 2002—you can boot dead XP/2000/NT4 systems directly from CD into a Windows-like interface to access the system's volumes for repairs. You'll be able to: edit the Registry, manage drivers/services, change system passwords, search/edit/delete/create files on dead systems, and more. Plus you'll have network access so you can safely move data off of, or onto, the dead system. See for yourself why ERD Commander 2002 won at Tech Ed.
Get your FREE, Full-Function TRIAL CD TODAY!
Get your FREE, Full-Function TRIAL CD TODAY!
http://winternals.com/UpdateFreeCD

April 30, 2002—In this issue:

1. COMMENTARY

2. HOT OFF THE PRESS

3. KEEPING UP WITH WIN2K AND NT

4. ANNOUNCEMENTS

5. HOT RELEASES (ADVERTISEMENT)

6. INSTANT POLL

7. RESOURCES

8. NEW AND IMPROVED

9. CONTACT US

1. COMMENTARY

Greetings,

Microsoft Chairman and Chief Software Architect Bill Gates' appearance last week at his company's remedy hearings had me on the edge of my seat: Gates was a liability during the original Microsoft antitrust trial when the US Department of Justice (DOJ) played embarrassing excerpts from his videotaped testimony; I was curious about how he would present himself this time. Apparently, Gates and company didn't expect the earlier testimony to ever see the light of day, and the person who appeared on tape bore little resemblance to the public perception most people have of the man. Instead of seeming intelligent and technical, the Gates in the videotape appeared sullen and uncooperative, and he appeared to have little idea what was going on with his company.

Well, the Gates who appeared in court last week was a different person. This Gates vigorously defended his company's right to innovate and, perhaps most controversially, fought against the nonsettling states' request to force Microsoft to produce a modular Windows version that would let end users, PC makers, and IT administrators add and remove middleware products such as Internet Explorer (IE), Windows Media Player (WMP), and Windows Messenger. Gates said such a requirement was impossible and would force Microsoft to take Windows off the market.

But perhaps that outcome isn't such a bad idea. For the past decade, the industry has watched Microsoft meld its legacy Windows products with Windows NT technologies, and the latest Windows OS—Windows XP—is the combination of these two product families. NT provides the sophisticated low-level services enterprise IT departments need in a modern OS, but most of the fluff (e.g., the UI, IE, and the digital media functionality) came from outside the NT team. In giving us the best of both worlds, Microsoft seems to have stripped the soul from NT by layering the core services under mountains of other garbage.

I've written about NT's origins and the ways that Microsoft has compromised the OS over the years, such as when the company made IE (then-buggy and unreliable) a required component for installing key server products such as Microsoft SQL Server or IIS. And in XP, the needs of consumers now seem to outweigh the needs of the enterprise. Microsoft has relegated NT—once the domain of businesses, developers, and other technical users—to the barely mentioned underpinnings of a system designed to not crash while Johnny is blasting space aliens or mom is ordering groceries online: It's a sad state of affairs.

So given Microsoft's recent security strategy, perhaps the time has come for the company to walk away from Windows in the enterprise and design a replacement that offers binary compatibility but none of the foundational problems. Remember, NT was a brand new world when Microsoft developed it in the early 1990s, but back then, the big connectivity concern was LAN Manager-based networking in small businesses, and security wasn't high on the priority list. Perhaps Microsoft needs to start thinking about another grassroots development project—one rooted in security—that could replace NT. Almost 15 years have passed since Dave Cutler wrote the requirements for NT, and that product was supposed to offer MS-DOS, OS/2, and POSIX compatibility as well as support for RISC processors and other technologies so far-out-of-date today as to be almost ridiculous. You can tack features onto an existing product for only so long before it's time to start over from scratch.

Interestingly, the Linux world might create that replacement OS first. I'm not sure I believe the Linux security promise, but Linux has a decent reputation in certain areas, and it's a viable alternative in various situations. NT interoperability has been a Linux goal for years, and various options are available that let you integrate Linux servers into NT-based domains and workgroups and even use a Linux server as a domain controller (DC). On the software front, various conversion technologies are also available that let you move ASP-based Web sites to Apache, for example, or interoperate with SQL Server databases. And earlier this year, a small Linux company released the software behind the Windows-compatible Lindows OS, which lets users run Microsoft Office, IE, and other Windows applications on a Linux desktop system. As Linux' ease of use improves, cost becomes more of a concern, and Linux can certainly be cheaper to deploy than Windows—a crucial deciding point in these economic times.

I don't think Windows will go away any time soon, but finding viable alternatives is possible now, more than ever. If Microsoft is serious about embracing security, perhaps the company should let go of its Windows cash cow and start anew. XP might be secure enough for the home, but it seems increasingly insufficient for the needs of the enterprise. And if the company doesn't start working on a solution now, it might find Windows collapsing under a mountain of security exploits and vulnerabilities far more damaging than any nonsettling states' plan.

Paul Thurrott, News Editor, [email protected]

SPONSOR: 24 x 7 AVAILABILITY WEB SEMINAR

Need 24 x 7 Availability?
High-availability networks, systems, and applications are critical to every business. Sign up for our (free!) Webinar taking place on May 14 (sponsored by MKS), and find out how to achieve 24 x 7 availability on Windows 2000. Windows & .NET Magazine author, Tim Huckaby, shares his expertise on load balancing, monitoring, and more. Register today!
http://www.winnetmag.com/webinar/availability.cfm

2. HOT OFF THE PRESS
(contributed by Paul Thurrott, [email protected])

Two interesting but uncorroborated looks at future Windows versions had the rumor mills working overtime last weekend. (Thanks to Eric Annal and Jasdev Dhaliwal for being the first readers to tip me off about these controversies.) The first report is an "official" Microsoft UK magazine that claims the company will release Windows XP Second Edition (SE) in early 2003. The second report is a supposed look at the next major Windows version (code-named Longhorn) and its new Start menu replacement. Are these reports genuine? Find out at the following URL:
http://www.wininformant.com/articles/index.cfm?articleid=25003

3. KEEPING UP WITH WIN2K AND NT
(contributed by Paula Sharick, [email protected])

Do you audit account logon failures? If so, you've probably seen Security Event log records with event ID 642 (User Account Changed) and the text "Account locked out" when a user reaches the bad password threshold. You expect to see this security event when a user enters a bad password for either a domain or local account. The security audit code correctly records this event when a user reaches the bad password threshold while logging on with a domain account; however, a bug in the audit code prevents the system from recording the account lockout when a user reaches the bad password threshold while logging on with a local workstation or server account. So, this glitch affects auditing only on systems that authenticate account credentials against the local SAM. The fix is extensive: It contains updates to 30 core OS and security-specific components, including DNS, the kernel, lsass.exe, samsrv.dll, and the time service. Most of the files have a mid-January release date, and you must call Microsoft Product Services (PSS) to get the code fix. For details, see Microsoft article "Account Lockout Is Not Audited for Local/SAM User Accounts" at the following URL:
http://support.microsoft.com/default.aspx?scid=kb;en-us;q314786

When you enable "Audit account management," you expect to see security events when you add, remove, or modify individual or group accounts. A second bug in security auditing occurs when you remove a user from a domain local group on a domain controller (DC) that isn't a global catalog (GC) server. When you remove a user who has an account in a different domain, but in the same forest, the security audit code doesn't have enough information about the user's account to record the removal event in the security log. The bug fix for this problem contains 32 files, including many of the same files that correct the first security auditing problem I described. Several of the duplicate files have a release date of January 28, 2002, which means this update supersedes the previous one.

If you need to install both updates, I suggest you install the local account audit fix first, then the domain account audit fix. Run Qchain (qchain.exe) to ensure you get only the most recent version of the common files, and then reboot. This method is the fastest way to eliminate file version conflicts and to guarantee that you've correctly installed both patches. Why can't Microsoft release one security audit update that contains the files we need for both of these problems so we can skip the arduous update process? For more information about this problem, see the article "Removing a User from a Domain Local Group May Not Be Audited" at the following URL:
http://support.microsoft.com/default.aspx?scid=kb;en-us;q316733

WEB-EXCLUSIVE ARTICLES: The following items are posted on the Windows & .NET Magazine Web site. For the complete story, use the following link and scroll to the appropriate article.
http://www.winnetmag.com/articles/index.cfm?articleid=25033

The Windows 2000 Post-Service Pack 2 (SP2) file system driver has a bug that might cause ntfs.sys to crash with a stop code of 0x00000003.

When a system has a bad print driver, you might get an error message when you try to print a file or document. To recover from this error, you need to delete the printer, delete the print-driver file, and clean up printing subsystem registry entries.

4. ANNOUNCEMENTS

Which companies and products do you think are the best on the market? Nominate your favorites in four different categories for our annual Windows & .NET Magazine Reader's Choice Awards. You could win a T-shirt or a free Windows & .NET Magazine Super CD, just for submitting your ballot. Click here!
http://www.winnetmag.com/readerschoice

The Windows & .NET Magazine LIVE! event brings together industry gurus who take security seriously. Topic coverage includes Microsoft IIS security, deploying public key infrastructure (PKI), designing Group Policies to enhance security, tips for securing Windows 2000 networks, security pitfalls (and solutions) for your mobile workforce, and more. Register today before this event sells out!
http://www.winnetmagLIVE.com

5. HOT RELEASES (ADVERTISEMENT)

According to PC Magazine, ". . . simplicity, unique enterprise management features and greased-lightening speed make NetOp Remote Control a hands-down winner." Use NetOp to support PCs over networks, the Internet, and modems. Download your fully functional Eval today.
http://www.crossteccorp.com/w2kmag.htm

New NetOp Remote Control v7.0—Try the award-winning, secure, fast & easy remote support & management tool. Control PCs over the Internet, networks or modems just as if you were in front of them.
http://www.crossteccorp.com/w2kmag.htm

6. INSTANT POLL

The voting has closed in Windows & .NET Magazine's nonscientific Instant Poll for the question, "Do you think forcing Microsoft to reveal its Internet Explorer (IE) and MSN Explorer source code would help competitors or consumers?" Here are the results (+/-2 percent) from the 315 votes:

The next Instant Poll question is, "Which computer-related job description most closely resembles your own?" Go to the Windows & .NET Magazine home page and submit your vote for a) Systems administrator, b) Developer, c) Web administrator, d) Home or office user, or e) Other.
http://www.winnetmag.com/magazine

7. RESOURCES

Bill is having difficulty installing Windows .NET Server beta 3 on a 6GB FAT32-formatted hard disk partition. Can you help? Join the discussion at the following URL:
http://www.winnetmag.net/forums/rd.cfm?app=83&id=103327

(contributed by John Savill, http://www.windows2000faq.com)

A. To enable autologon and bypass XP's prompt to enter a username and password, perform the following steps:

8. NEW AND IMPROVED
(contributed by Bob Kretschman, [email protected])

ElcomSoft released Advanced Registry Tracer (ART) 1.58, a registry editor that lets users take comprehensive control of their system's Windows registry without sacrificing system performance. ART gives users control over the registry by taking snapshots of the entire registry. You can compare the snapshots to discover new keys and other added or deleted registry files. You can then undo or redo registry changes. ART works with Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9.x. The software's full version costs $40. For more information, contact ElcomSoft at the following URL.
http://www.elcomsoft.com/art.html

9. CONTACT US
Here's how to reach us with your comments and questions:

(please mention the newsletter name in the subject line)

This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
http://www.winnetmag.com/sub.cfm?code=wswi201x1z

Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email