1004red_cover.v5 9/16/04 3:25 PM Page 1

MONEY: Microsoft has it. Politicians want it. Who’s getting it? Page 48

OCTOBER 2004 ■ WWW.REDMONDMAG.COM

BillA 5-Year 2.0 Performance Review of Microsoft’s Chief Software Architect Page 26 48 Hours to Prepare for the Worst Page 43 Should You Dump Internet Explorer? Page 56 > $5.95 10 • Your Turn: SharePoint 2003 Earns (Mostly) OCTOBER High Marks from Readers

25274 867 27 Page 62 71 1004red_Network App_LH.qxd 9/13/04 3:51 PM Page 1 1004red_Network App_RH.qxd 9/13/04 3:53 PM Page 1 1004mcp_Surfcontrol.qxd 8/30/04 12:59 PM Page 1

stop spam now

Shut it off with SurfControl E-mail Filter.TM Only SurfControl E-mail Filter stops unwanted content using advanced Adaptive Reasoning Technology, artificial intelligence, and an Anti-Spam AgentTM that blocks virtually 100% of spam at the server. This simple-to-use enterprise solution also blocks inappropriate content, secures confidential data, optimizes network bandwidth and adds a layer of protection against viruses. And, it’s easy to install on any SMTP or Exchange platform. So get that spam out of your hair once and for all. Download SurfControl E-mail Filter now for a free 30-day evaluation. Visit www.surfcontrol.com or call 1.800.368.3366

© SurfControl. All rights reserved. SurfControl E-mail Filter and Anti-Spam Agent are trade marks of SurfControl plc. All other trade marks are property of their respective owners. 1004red_ToC_3.v5 9/16/04 12:28 PM Page 3

OCTOBER 2004 ■ WWW.REDMONDMAG.COM

RedmondTHE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY COVER STORY REDMOND REPORT Bill 2.0 11 News Analysis: Feel Free 5-Year Performance to Be a Stick in the Mud Treading softly with SP2 makes Review for sound security policy. Microsoft watchers give Bill Gates mixed 12 EventLog reviews for his performance since relin- quishing the CEO title to become Chief Updates on Longhorn, Yukon, Software Architect. MOM 2005 and more. 15 TechWatch Page 26 After being nixed from Longhorn, the future of WinFS PHOTO BY SPENCER PLATT/GETTY IMAGES is very much in doubt.

FEATURES Page 15 43 From the Trenches: An Ounce of Prevention Disaster recovery planning can be worth a lot more than a pound of cure when your network goes down.

48 Following Microsoft’s Money COLUMNS Changes to campaign finance laws mean a larger per- centage of Microsoft political contributions now go 6 Chief Concerns to Democrats, but the company remains a force in By Doug Barney both parties. 22 Beta Man 56 Time to Dump IE? By Don Jones Internet Explorer is a hacker’s dream. Can you (and 66 Windows Insider should you) drop it right now? By Bill Boswell 62 Your Turn: SharePoint Gets 71 Tips & Tricks (Mostly) Top Marks By Derek Melber Page 48 Once clear of the administrative 62 learning curve, users give SPS 2003 72 Mr. Script high marks for ease of use and integration features. By Chris Brooke 75 Security Advisor By Roberta Bragg REVIEWS 16 Bring Order 32 Redmond Roundup: 80 Ten By Paul Desmond to Hard Drive Chaos Virtual Servers PerfectDisk is an industrial- in the Real World ALSO IN THIS ISSUE strength defragmentation solution. Server consolidation may be a 4 Redmond Magazine Online 20 Get a Handle on necessary evil, but either Virtual Server 2005 or GSX Server can 8 Letters to Redmond Exchange Server ease the pain. AppAnalyzer helps you keep an 79 Ad and Editorial Indexes eye on server performance. 1004red_OnlineToC_4.v7 9/17/04 2:53 PM Page 4

redmondmagOCTOBER ONLINE .comOCTOBER 2004

REDMONDMAG.COM REDMOND COMMUNITY Redmond Newsletters We’re proud to introduce Redmondmag.com, the official site for Redmond magazine. We’re building in all the extras required to make this the site for ● Redmond Report—our weekly take the IT professional whose job is to stay informed and up-to-date on the on Microsoft news. Windows IT space. FindIT code: Newsletters Following is just a sample of what you’ll find at Redmondmag.com: ● Security Watch—keep current on the • Breaking news updated daily. latest Windows network security topics. • Online content that expands on the already informative articles you’ve just This newsletter features news from read in the print issue of Redmond. ENT and exclusive, online columns • Redmond Report, the by Redmond magazine contributing free, weekly newsletter filled editor Roberta Bragg. with news and expert analysis FindIT code: Newsletters on the most important Discussion and Forums Windows IT events. Post your thoughts under our articles, or stop by the forums for more in-depth To see for yourself, go to discussions. Redmondmag.com. Be sure FindIT code: Forum to let us know what you think by posting online Your Turn or e-mailing us at The interactivity center of the “What About Steve?” Use FindIT code: Bill2. [email protected]. Redmond universe, where you get to express your views. FindIT code: YourTurn MCPMAG.COM Exclusive Content MCPmag.com lives on! Check out FindITCodes Go online for our expanded Salary MCPmag.com and get original, Throughout this issue of Redmond, Survey charts. expert technical articles and tips you’ll find boxes containing FindIT FindIT code: Salary on troubleshooting and best prac- codes. You can key in those codes at tices for maintaining secure, net- Redmondmag.com to quickly get more OTHER 101COMMUNICATIONS SITES worked Windows systems. Plus, information on the topics covered in keep up on the latest Microsoft articles containing the codes. Redmondmag.com is just one of the training, certification and career Some of the FindIT codes for this many IT Web sites published by news and analysis. month include: 101communications. Be sure to also Here’s what we have planned ● DDrill: More information on per- check out this month’s content on our during October: forming a metadata cleanup of a sister sites: • Reader Reviews: SQL restored Active Directory database. ENTmag.com Reporting Services ● PKI: A list of resources for learning more about implementing PKI, The State of Windows Data Management • Bill Boswell’s Q&A including an overview of the PKI http://entmag.com/reports • Don Jones’ Windows Tip Sheet • Pop Quiz: MCSA Core Exams design process. TCPmag.com ● WUSbeta: Installation tips and • Exam Spotlight: SBS 2003 tricks for Windows Update Services. Guide To Building a Cisco Home Study Lab, • MCP Radio, the weekly audio Part II: Equipment Basics roundup of IT news. Plus many more. Enter the code in http://tcpmag.com/features/article.as MCPmag.com’s community also the box at the top-right of every p?EditorialsID=81 continues to thrive; join your fellow Redmondmag.com page. (Note that all FindIT codes are one word, and CertCities.com MCPs in live chats and discussion these codes are NOT case sensitive.) The New LPI 102 Linux Exam: Vendor forums that feature expert modera- Neutral Redux tors answering Windows, SBS, http://certcities.com/editorial/exams/ Exchange, and GPO troubleshoot- redmondmag.com story.asp?EditorialsID=91 ing problems around the clock.

4 | October 2004 | Redmond | redmondmag.com | 1004red_Websense.qxd 9/16/04 10:49 AM Page 1

Avoid the invisible threat.

Shed light on the dangers of spyware and save your company from perilous security breaches. Websense Enterprise® is the only solution that lets you block access to infected sites, disable malicious mobile code, stop outbound spyware traffic, and prevent malware from being launched at the desktop, including disconnected laptops. For more information and a free white paper on managing spyware, please visit www.websense.com/spyware/3.

©2004, Websense Inc. All rights reserved. Websense and Websense Enterprise are registered trademarks of Websense, Inc. in the United States and certain international markets. Websense has numerous other unregistered trademarks in the United States and internationally. All other trademarks are the property of their respective owners. 1004red_ChiefC_6.v8 9/17/04 2:52 PM Page 6

Chief Concerns Doug Barney

RedmondTHE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY OCTOBER 2004 ■ VOL. 1 ■ NO. 1

Editor in Chief Doug Barney [email protected] Editor Paul Desmond [email protected] MCPmag.com: Executive Editor, Reviews Lafe Low [email protected] Managing Editor Keith Ward [email protected] It’s Alive! News Editor Scott Bekker [email protected] Assistant Managing Editor, Wendy Gonchar ood news, MCPs: Microsoft Certified Professional Web Editor [email protected] Editor, Redmondmag.com, Becky Nagel CertCities.com [email protected] Magazine lives. Those who remember five pages back Editor, MCPmag.com Michael Domingo [email protected] must be saying, “Hey, I just saw a magazine cover Editor, ENTmag.com Scott Bekker G [email protected] Associate Editor, Web Dan Hong that said Redmond. What you talkin’ ’bout Willis?” [email protected]

Contributing Editors Bill Boswell, MCSE And we thought you were tech savvy. gy, getting a better deal, grappling Roberta Bragg, MCSE Haven’t you heard of the Internet? with internal IT issues, and more. And Chris Brooke, MCSE That is the future of . we’ll toss in a heaping helping of hard- Mike Gunderloy, MCSE, MCSD, MCP Magazine MCDBA, MCA For nearly 10 years MCP Magazine core tech to boot! Don Jones, MCSE has served the certified community a And if you like newsletters, be sure to Derek Melber, MCSE, MCT full plate of hands-on problem solving sign up for the all new Redmond Report, Contributing Online Editor Andy Barkl, MCSE, MCT tactical hard-core tech info—with a penned by our own Scott Bekker, edi- Art Director Michele Singh healthy dose of certification and train- tor of ENTmag.com and news editor Graphic Designers Steven L. Anderson ing coverage on the side. for Redmond magazine. Each week, Graye Smith Redmond magazine will continue with Scott will tell you what Microsoft is up Publisher Henry Allain the hands-on problem solving, tactical to, and what it all means. Associate Publisher Matt N. Morollo Manufacturing & Carlos Gonzalez hard-core tech info, but won’t spend Distribution Director nearly as much time covering certifica- So Whaddya Audience Development Manager Janice Martin tion issues. That’s where Michael Think of Redmond? Marketing Manager Michele Imgrund Domingo, longtime editor of MCP- This is the first issue of Redmond, which Senior Web Developer Rita Zurcher MCP TechMentor Conferences Kay Heitzman mag.com, comes in. MCPmag.com we consider to be an evolution of MCP Marketing Director not only lives on, but it will include far Magazine. We’re pretty proud of it, but Conference Sales Director Al Tiano more certification news and analysis— ultimately you will decide whether we Conference Operations Manager Sara Seely Conference MarketingManager Susan Knight thanks to Mike. If you feel as I do that hit the mark. What do you like, dislike? certified professionals are a distinct What technologies or issues should we community, then you’ll want to hang cover? We created this magazine for out at MCPmag.com every day. And you, so shoot me some mail at Enabling Technology Professionals to Succeed all the newsletters you were nice [email protected] and let me President & CEO Jeffrey S. Klein Executive VP Gordon Haight enough to sign up for will keep on know what you want us to tackle in Executive VP & CFO Stuart K. Coppens coming to your inbox, right on time. the future. Senior VP & Sheryl L. Katz General Counsel Another contender for your home Senior VP, Operations Bradford C. Stauffer page is Redmondmag.com. This site, Senior VP, Human Michael J. Valenti freshly built by Becky Nagel (our new GetMoreOnline Resources Redmondmag.com editor) and tech Subscribe to Scott Bekker’s weekly redmondmag.com Redmond Report and our other The opinions expressed within the articles and other contents whiz Rita Zucher, is a rich array of e-mail newsetters. herein do not necessarily express those of the publisher. strategic and technical information. Postmaster: Send address changes to FindIT code: Newsletters Redmond, 2104Harvell Circle, Bellevue, NE 68005 Redmondmag.com picks up where MCPmag.com leaves off, bringing you expert analysis of Microsoft’s lat- est moves, tips on justifying technolo- redmondmag.com

6 | October 2004 | Redmond | redmondmag.com | 1004mcp_Installshield 8/24/04 1:16 PM Page 1 1004red_letters_8.v5 9/16/04 12:18 PM Page 8

Letters to Redmond

So, Why Get Certified? what made me want and read the mag- azine. Now, not so much. It’s interesting that your Salary Survey [September] results for “No —James Frasch Microsoft Certification” lists a better salary than most certified cat- New Jersey egories! Could it be that many in that category are supervisors or Yawn. have been in the field long before certifications appeared? They I throw away most of my Infoweek and may feel like they don’t need certification and therefore don’t think InfoWorld magazines and rarely read more anyone else should, either. I’ve seen it everywhere when applying than one article per issue. I don’t need another business magazine with “impor- for a job—experience counts way more than any certification, tant” news about Microsoft policies and especially when those interviewing you aren’t certified. It’s been politics. I need a technical magazine that my experience that certifications also have little to do with salary tells me how to write shortcuts for creat- ing and deleting user accounts, how to increases from year to year. recover from DNS problems, and how to —An MCSE implement Kerberos (all past features in MCP Magazine). I make it a priority to Good observation, but the sample of people was a monthly reminder that I finally read MCP Magazine cover-to-cover. who have no certification changed this year. did it; that I finally got over the hump Your magazine has been a magazine for We decided to open the survey to those who and I have a career doing something I the guy in the trenches who sits around hold other certifications but may not neces- love. Every time it arrived it told me waiting for servers to reboot. You’ll lose sarily hold a Microsoft title. The No “You did it!!” your soul—and your readership—if you Microsoft Certification category doesn’t Receiving MCP Magazine always change that. exclude those who do hold other, salary-laden made me feel like part of something —Name withheld by request titles, such as the Cisco CCIE or any of the larger, something that I had put a lot of Franconia, Pennsylvania major security certifications. Naturally, this effort into being a part of. As soon as I category could be composed of those who hold became an MCP I did it all: ordered the If relevance is what you want, we’ll deliver. no certs whatsoever. So, you’d be partially magazine, downloaded the official Redmond will continue to publish informa- right in your observation. logos for use in my correspondence and tion that’s tactical in nature, and you will still —Michael Domingo, Editor, I carry the wallet card with me every find your favorite IT personalities offering MCPmag.com day. Having the mailroom drop off advice to make your networks faster and safer. Redmond magazine in my office in-box We’ll also offer new, compelling content that New Persona just won’t give me that same sense of puts all your work into perspective, helping The new name is going to be Redmond pride and achievement. To be honest, you deal with management-level challenges. magazine, but the slogan is “The even if the slogan were something along And remember, we’ll still provide Redmond Independent Voice of the Microsoft IT the lines of “The Independent Voice of magazine for free to those who qualify. Community?” No way those two things Certified Professionals,” it wouldn’t —The Editors go together. I see the word bother me so much. “Redmond,” and I think right off the I understand that the current title bat that it’s some sort of official probably excludes a lot of potential THE Microsoft publication. It’s not just the readers and makes it more of a niche HARD QUESTIONS content of the magazine that makes it publication. But that’s kind of what I We just had to ask important, there are many other rea- like best about it. There are already sev- sons as well. eral “voices” of the general Microsoft How does Bill Gates I was unable to go to college for a IT community at-large. In fact, I variety of reasons and I struggled to already subscribe to several, and don’t rate as a Chief afford training materials and take the know if I really need another one. The Software Architect? tests. I am very proud of my certifica- fact that MCP Magazine was a special Send your thoughtful responses tions. Receiving a magazine called publication just for MCPs (or so I to [email protected]. Microsoft Certified Professional Magazine thought, or assumed, by the title) was

8 | October 2004 | Redmond | redmondmag.com | 1004red_IBM.qxd 9/15/04 9:46 AM Page 1

Middleware is Everywhere. Can you see it?

4

5

3 2

1

Key MIDDLEWARE IS IBM SOFTWARE. Powerful WebSphere software. It’s the strong, seamless bond that can unite your 1. Guest checked in wirelessly. business,vendors,partners and customers. A dynamic link 2. Staff queries guest preferences. designed to make your entire organization more efficient. 3. Vendor services integrate seamlessly. More responsive. More flexible. On demand.WebSphere 4. Supplies are procured automatically. connects processes, with open standards. And it’s easy 5. Repeat customers increase profits. to manage, too. So all involved get a better night’s sleep.

Middleware for the on demand world. Learn more at ibm.com/middleware/process DEMAND BUSINESS

IBM, the IBM logo, WebSphere and the On Demand logo are registered trademarks or trademarks of International Business Machines Corporation in the United States and/or other countries. ©2004 IBM Corporation. All rights reserved. 1004red_GFI.qxd 9/3/04 9:46 AM Page 1

Control the use of portable storage devices on your network!

with GFI LANguard Portable Storage Control

P.S.C. Network-wide control of removable media

GFI LANguard P.S.C. offers you network-wide control of which users can: • Plug in a USB stick • Connect a smartphones, MP3 player or handheld device • Download/upload data to a digital camera • Access CDs • Access floppies GFI LANguard P.S.C. configuration All user management is done through Active Directory eliminating extra administration.

Download your FREE eval copy today from www.gfi.com/psc

tel: +1 888 243 4329 / +1 919 388 3373 | email: [email protected] | url: www.gfi.com/psc 1004red_redReport_11-15.v9 9/16/04 12:20 PM Page 11 RedmondReportOctober 2004 Feel Free To Be a Stick in the Mud Treading softly with SP2 makes for sound security policy.

❚ BY SCOTT BEKKER It’s been a little over a month since urable through Group Policy. The to get up to speed. The company pro- Microsoft started streaming SP2 to Windows Security Center dashboard vided a tool to allow administrators to Windows XP Professional cus- shows whether anti-virus software is instruct Windows XP systems to tomers over Automatic Update. running, if a firewall is up and whether delay installing SP2 from Automatic That means you’ve got another Automatic Updates is set to pull down Update for 120 days. Microsoft later three weeks or so to go until Oct. new patches. New features in Internet expanded the tool’s delay period to 25—the two-month anniversary of Explorer protect against malicious 240 days. the service pack’s full U.S. release— Web downloads, and IE has stronger If Microsoft had problems with its before you should start installing it. default settings in the Local Machine own apps, you can bet that among There’s no question that you should zone. The Add-on Manager helps ISVs—where anticipating the service be testing SP2 aggressively, deploy- detect spyware. pack was important, but far from job ing it on pilot systems and kicking SP2 will also help protect your net- one—problems are still being discov- homegrown applica- work against zero-day exploits, like ered. Holding off on deployment will tions back to in- those that targeted IE just before SP2 keep you out of your ISVs’ de facto News house developers to shipped. But those appear to be rare. SP2 beta programs, as they continue Analysis get them in line with Two extra months of testing shouldn’t to work through support bugs and get Microsoft’s new increase your exposure too much. their Web site FAQs up to date. That specs. SP2 is a critical service pack to Microsoft has been forced to agree can only make your eventual rollout deploy, just as Microsoft says. that it needed to give users more time go more smoothly. The well-publicized downside of all SP2’s changes is the number of applica- By the tions that break when Windows XP numbers SP2 installs. Microsoft worked hard for nine months in advance of the release Hot Servers to help ISVs get their apps in shape. Still, the company discovered embar- The second quarter of 2004 was a good one for the server industry, accord- rassing last-minute problems with ing to researchers at IDC. The $11.5 billion in factory revenues for Q2 2004 is major applications including Microsoft nearly a 7 percent jump over Q2 2003. By platform, Windows showed strong CRM, Microsoft Security Baseline growth while Linux flirted with the billion-dollar mark and IBM mainframes con- Analyzer and its popular game Halo. In tinued their comeback, with a third consecutive quarter of significant growth. all, Microsoft documented nearly 50 Platform Factory revenues Increase vs. Q2 2003 commercial applications that stop working properly when the firewall Unix $4.2 billion 1.8% starts. Another Microsoft list shows 38 Windows $3.6 billion 13.2% commercial applications that are IBM zSeries $1.5 billion 40.6% known to suffer a loss of functionality, Linux $900 million 48.9% such as failing to install. By now all the new features should be 0% 10% 20% 30% 40% 50% thoroughly familiar. The on-by-default Note: Factory revenues include server hardware, operating system and other bundled software. Windows Firewall blocks many more Source: IDC, FRAMINGHAM, MASS. types of traffic and is more config- — SCOTT BEKKER

| redmondmag.com | October 2004 | Redmond | 11 1004red_redReport_11-15.v9 9/16/04 12:20 PM Page 12

RedmondReport

A roundup of recent reached the RTM milestone and EventLog Windows-related events the first service pack for Office 2003 is now available. Microsoft Pipeline— Memory 64 Technology (EM64T) Microsoft carried through with Beta News processors. Previously, Microsoft plans to deliver a Windows XP With Windows XP Service Pack added “for Extended 64-bit “Lite” in some countries to 2 out the door, Microsoft Systems” to the end of each OS encourage use and combat pira- unveiled a major shakeup to the name. Now the products will be cy by delivering limited func- next version of Windows, code- identified as x64 editions (see tionality at a lower sticker price. named “Longhorn.” table, below). Windows XP Starter Edition will Breaking from a Longhorn tra- be available in Thailand, dition of dropping tantalizing Windowsx64Editions Indonesia and Malaysia. Editions hints and making unofficial Microsoft renamed versions of Windows are coming for two more coun- for the AMD64 and Intel EM64T platforms. statements about ship dates, in The current lineup: tries to be named later. late August the company came out with a news release com- Windows XP Odd Bits Professional x64 Edition mitting to a 2006 ship date for The TerraServer project that the Longhorn client and a 2007 Windows Server 2003 began six years ago as a proof Standard x64 Edition ship date for Longhorn server. point for the scalability of the A casualty of the new ship Windows Server 2003 then-unreleased SQL Server 7.0 is Enterprise x64 Edition date is Windows Future live and still growing, serving up Storage (WinFS), one of the Windows Server 2003 free aerial images of U.S. neigh- three main pillars of Longhorn. Datacenter x64 Edition borhoods, stadiums and harbors (For analysis on what this at half-meter resolution. In 1998 means for the future of WinFS, RTM and Beyond scalability for a Microsoft data- see TechWatch, p. 15.) The Microsoft Operations Manager base meant 1 TB of data and other two pillars, the Indigo (MOM) 2005, is released to man- required a room full of disk drives and Avalon technologies that ufacturing and should be gener- and other hardware valued at $2 make up the WinFX develop- ally available in the middle of million. Scalability now means a ment platform, meanwhile, are this month. With the MOM 2005 20 TB TerraServer in two small no longer Longhorn exclusives. RTM, Microsoft disclosed a new racks on $70,000 worth of hard- WinFX will be ported to pricing structure that more than ware. The server's images remain Windows XP and Windows doubles the MOM 2000 list price available at: http://terraserver. Server 2003. (See the cover of the central server to $729 microsoft.com. story on Bill Gates for more while eliminating per-processor about Longhorn, p.26.) requirements in favor of a sim- Microsoft's other blockbuster pler model similar to Client GetMoreOnline product in beta also hit a pre- Access Licenses for managed Check the Redmond Report release milestone over the sum- servers. Microsoft also mer. The SQL Server 2005 data- announced a $499 Workgroup each day for breaking news base—a.k.a. Yukon—went into the Edition for smaller organizations and analysis. For more detail Beta 2 testing stage, about two managing up to 10 servers. on many of these topics, years behind schedule. Microsoft quietly finished cod- check out the news archive Microsoft announced a new ing Virtual Server 2005 in by using FindIT code: pre-release build and a simpler August, about a year behind Newsarchive. name for the versions of schedule. General availability is Windows that will support the planned for later this year. Host AMD64 and Intel Extended Integration Server 2004 also redmondmag.com

12 | October 2004 | Redmond | redmondmag.com | 0804mcp_Sunbelt"Bull" 7/8/04 3:09 PM Page 1

Increase server uptime without wasting YOUR time. Monitoring the status of your servers isn’t supposed to be a Automated responses and alerts: Create automated challenge. It’s supposed to be fast and easy—and with our actions such as running a program, rebooting a system, or powerful new ServerVision™ server monitoring software, it is. restarting a Easy, powerful server and event log monitoring: Get service—as well a quick view of as sending you server status, alerts—based on Server Monitor Software DONE RIGHT prioritized event events or thresholds you define. Detailed analysis reporting: logs, disk space, Create detailed reports on event logs, performance, services, memory, CPU, and more. Configurable trend analysis: Create and view performance, performance trends, in intervals from minutes to months. and more— Easy on your budget: Pricing starts at $245 per server, with all without sliding-scale volume discounts. Free trial: Download a free having to sift through a mountain of details. And setting it all up trial copy at www.sunbelt-software.com/svred. is a snap with our straightforward user interface and wizards.

Sunbelt Software Tel: 1-888-NTUTILS (688-8457) or 1-727-562-0101 Fax: 1-727-562-5199 www.sunbelt-software.com [email protected]

© 2004 Sunbelt Software. All rights reserved. ServerVision is a trademark of Sunbelt Software. All trademarks used are owned by their respective companies. 1004red_RES Inc.qxd 9/13/04 2:56 PM Page 1

FATor

Windows® Admin

Microsoft® and Citrix® Client Administration

Fat or Thin, we’ve ® such as license got your Windows management, admin. RES scripting, printer and PowerFuse®, resource manage- the Management ment, and more. Framework for Windows®, performs virtually all of the administration associated Hundreds of organizations have already with Windows thin-clients, fat-clients realized that PowerFuse® is the standard (workstations), and servers, including for managing Windows networks. products from Microsoft and Citrix. Customers include some of the largest defense contractors, accounting PowerFuse® enables system administrators to manage, deploy, configure, secure, and companies, education institutions and monitor all Windows clients and servers government agencies in the world. from one central console, accessible from virtually anywhere. FREE Trial Download PowerFuse® software simplifies many tasks Download and try the power of PowerFuse® inherent to managing Windows networks today free at www.respowerfuse.com.

RES, 60 Technology Drive, Alpharetta, Georgia, USA 770-569-4RES (4737) www.respowerfuse.com

PowerFuse and the PowerFuse logo are trademarks of RES (Real Enterprise Solutions) Other product and company names mentioned herein may be trademarks of their respective owners. © Real Enterprise Solutions. All Rights Reserved. 1004red_redReport_11-15.v9 9/16/04 12:20 PM Page 15 RedmondReportOctober 2004 Cut From Longhorn, WinFS Is in Peril

❚ BY SCOTT BEKKER The Windows Future Storage (WinFS) salt, a beta commitment is something and server versions of Longhorn, technology that got cut out of Windows you can pour the whole shaker on. which are shipping on different “Longhorn” is in serious trouble, and Peter Spiro, pulled from the SQL schedules. Microsoft has delivered not just the hot water a feature might Server team to spearhead the WinFS major add-ons before, such as the encounter for missing its intended effort, will be hard pressed to keep top .NET Framework, and a series of production vehicle. developers from defecting to nearer minor ones with Windows Server WinFS faces a much greater threat. term projects with a better chance of 2003, including Windows Share- It’s entering that resource allocation being delivered. Involvement with a Point Services. But a file system is limbo that a Microsoft technology shipping project is a major mark of very deep code that affects nearly prestige at Microsoft, where the best everything else in the operating sys- developers are famous for jumping tem. The idea of providing that from project to project. technology as an add-on seems dis- TECHWatch Spiro, one of Microsoft’s elite Dis- ruptive, to say the least. Tracking the Technology Lifecycle tinguished Engineers, has something Perhaps Chairman and Chief Soft- else to worry about—a server version ware Architect Bill Gates’ large per- encounters when it’s no longer on the of WinFS. As of the Professional sonal stake in WinFS will shepherd priority list for the next major rev of Developers Conference last October, the technology to market either in Windows. WinFS was a client-only play. Cus- Longhorn server or, even further out, WinFS is an ambitious file system tomers demanded the server tool to the “Blackcomb” version of Windows. overhaul, aimed at making everything allow synchronization, according to We will be keeping a close eye on on a system searchable—from docu- Microsoft Group Vice President of WinFS. It’s a visionary, extremely use- ments to media files to structured Platforms Jim Allchin. ful idea, and we’d love to see it come information—with a single set of So now the add-on has to be to fruition. But it’s sure nothing to bet search terms. It’s something Microsoft rationalized against both the client on right now. has tried to build for a decade. WinFS was one of three main pillars of the Windows “Longhorn” client. TechWatch Meter: WinFS The other two, “Indigo” and “Avalon” survived a late August round of feature trimming that signals Microsoft is get- ting serious about delivering Long- horn. The company now says the Longhorn client will ship in 2006 with those two pillars mostly intact. Microsoft spun its decision to delay WinFS by laying out a seemingly solid roadmap for the technology. The com- pany promises a beta version of WinFS add-on technology when the Longhorn After being nixed from Longhorn, the future of WinFS is very much client ships. But if a general availability in doubt. It will likely take Bill Gates’ personal stake in the technol- ship date announcement from Microsoft ogy to save it. is something to be taken with a grain of

| redmondmag.com | October 2004 | Redmond | 15 1004red_prodreview_16-21.v10 9/16/04 12:19 PM Page 16

INSIDE: ➤ Redmond reviews two leading virtual server software contenders. ProductReview Page 32 Bring Order to Hard Drive Chaos PerfectDisk is an industrial-strength defragmentation solution.

PerfectDisk Version 6 $49.95 Workstation/$239.95 Server Raxco Software 301-527-0803 www.raxco.com

❚ BY DAVID W. TSCHANZ

The files on your hard A defragmentation utility drive are like the stars and puts files back together, galaxies that make up the which helps the operating known universe, constantly system read and use them pulling themselves apart— faster, store them quicker billions and billions of bits and maintain them with Figure 1. After PerfectDisk does its initial scan and Drive hurtling across the media in fewer resources (such as Health Report, it will give you a graphic representation of just how badly your drive is fragmented. response to the laws of CPU time, RAM and disk engineering and cosmology. space). While Microsoft’s OK, Carl Sagan I am not. operating systems ship files, hibernation files and offline defragmentation of While there’s little chance with a built-in disk defrag- directories. The software is Exchange data stores. that a fragmented disk will menting application, it is designed to defragment PDV6 can defrag hard cause your hard drive or the basic in scope and limited data files in a single pass, drives with as little as 5 known universe to implode, in functionality. consolidate free space and percent of free disk space fragmented program and organize hard disks accord- remaining on the drive. It data files are cumbersome Flexible Management ing to usage patterns. can also defrag disks of a and inevitable consequences Raxco Software’s The program’s Perfect terabyte in size or more. of using a computer. PerfectDisk Version 6 Management technology PDV6 includes boot time Fragmentation decreases a (PDV6) is a disk defrag- integrates with Active defragmentation, network computer’s performance by mentation program that Directory for flexible management, command forcing it to use extra works with Windows line support and a few resources to read and write Server 2003, Windows Installing PDV6 is other tasty bits as well. files; taking extra time to 2000 Professional or Server child’s play, requiring Installing PDV6 on a sin- locate all portions of a and Windows XP Home or ‘‘little more than the gle computer is child’s play, document or program; and Professional PCs, worksta- CD and the click of requiring little more than increasing downtime and tions and servers. PDV6 is the CD and the ability to required network mainte- touted as an industrial- a mouse. click a mouse. Simplicity nance. Fragmentation also strength defragmentation enterprise management is a sure sign of good engi- causes unnecessary wear on solution for distributed according to’’ a preset, neering. your hard drive heads and Windows networks. It adjustable fragmentation You’ll need Windows can lead to data loss. A works on every type of file level (threshold) or auto- 2000/2003 or XP for suc- seriously fragmented hard on Windows 2003/2000 mated scheduling across a cessful installation. A mini- drive makes your computer and XP PCs, including the network. It can also work mum of 64MB of RAM is feel like it’s trudging Master File Table, all with PerfectDisk for required, but at least through molasses. NTFS metadata, paging Exchange to automate the 128MB is recommended.

16 | October 2004 | Redmond | redmondmag.com | 1004red_prodreview_16-21.v10 9/16/04 12:19 PM Page 17

ProductReview

When installed, PDV6 also indicates the amount drive so refragmentation Excel, Access or any other requires 2.5MB of disk of free space available on occurs at a slower rate. program capable of read- space. the drive. If you choose Defragment ing a CSV file. You can You can easily deploy PerfectDisk then offers a Only, PDV6 will defrag use the data to help you PerfectDisk on remote defragmentation recom- only your fragmented files. make decisions about when systems using any of the mendation based on the It will not place them in any and how to run defrag- following: Active information retrieved dur- particular order based on mentation routines in the Directory Group Policy, ing its analysis. usage patterns and it future, either by automat- Windows Installer and doesn’t consolidate free disk ed schedule or manually. SMS. It also supports Two Choices space on your drive. If you An AutoUpdate Feature remote deployment using If PerfectDisk determines just need to perform a fast periodically checks Raxco’s most third-party remote that your drive needs a defrag of your data files, this support site for newer ver- deployment tools with the defrag, it gives you the is the option to choose. sions, or you can customize PerfectDisk command line option to defrag in one of it to check for updates on installation interface. two ways; Smart Network Scheduling your own update server. Placement Defrag or You can configure PDV6 to PDV6 also not only pro- First Pass Defragment Only. perform defrag routines vides its own independent When you run PerfectDisk Smart Placement Defrag using threshold-based GUI, but can also be used for the first time, the defrags your files, arranges defragmentation, wherein it as a Microsoft Management application makes a pass free space in contiguous will only defragment a drive Console—a nice feature. through your hard drive blocks and optimizes your once it reaches a certain and determines the extent files based on the frequency level of fragmentation. Industrial Strength to which the drive is frag- with which they are Alternatively, an internal PerfectDisk 6 lives up to mented. After this initial accessed. Placing files in a wizard lets you schedule its billing as an industrial analysis, the program logical order helps reduce unattended defragmenta- strength defragmentation shows you a “Drive unnecessary drive head tions that run as back- utility for both Windows Health” report, which out- movement, thereby reduc- ground operations. I was 2003/2000 servers and lines overall fragmenta- ing wear and tear and hope- particularly impressed with Windows 2000/XP work- tion, as well as the frag- fully prolonging the life of the network scheduling stations. With support for mentation levels of specific the drive itself. According to capabilities. PDV6 lets both RAID and Volume Set, files, directories, page file Raxco, Smart Placement users and administrators PDV6 can provide high and NTFS metadata. It Defrag also optimizes the easily schedule online and level defragmentation boot time defragmentation capabilities for even large runs throughout a network. and complex environments You can cancel or change with multiple storage schedules easily through the arrays and volumes. scheduling interface. A If you want more control Schedule Query Wizard of your hard drive defrag- helps you determine when ging chores, PerfectDisk is PDV6 is scheduled to run a well-suited, reasonably on any system in a network. priced solution for getting The Disk Trending tool the job done. lets you collect detailed fragmentation statistics for David W. Tschanz, Ph.D., a system over a period of MCSE, A+, regularly time, with the statistics maintains a variety of proj- collection running in the ects related to Web-accessible background on a scheduled information, training, appli- Figure 2. Run the Smart Defrag option, and PerfectDisk will defragment your hard drive and reposition data in order of most basis. The data is stored in cations and information secu- frequent use, reducing wear and tear on drive heads and slow- a comma delimited file rity. Contact him at ing the refragmentation process. that you can import into [email protected].

| redmondmag.com | October 2004 | Redmond | 17 1004red_LucidRev_pg1.qxd 9/2/04 10:26 AM Page 1 1004red_LucidRev_pg2.qxd 9/2/04 10:31 AM Page 1 1004red_prodreview_16-21.v10 9/16/04 12:19 PM Page 20 ProductReview Get a Handle on Exchange Server AppAnalyzer helps you keep an eye on server performance.

AppAnalyzer Version 3.0 $600 for a 100 mailbox package $2,500 for a five-user WebAdmin console NetIQ Corp. 408-856-3000 www.netiq.com

❚ BY GERRY O’BRIEN

Everyone has heard com- you forget to install any plaints from users about required element. This is slow e-mail, not enough one of the features that I Figure 1. AppAnalyzer’s Web-based interface makes it a snap to space in their mailboxes or liked best about generate reports on Exchange server usage and performance. problems connecting to the AppAnalyzer. It’s important mail server remotely to get an installation com- ing, like Jscript or JavaScript. Server and OLAP Services through Outlook Web pleted successfully and cor- The tasks page shown in to gather data and produce Access. Like any other rectly on the first try. It’s Figure 1 has three panes. detailed reports about your Exchange administrator, you far too costly in man-hours The upper left pane shows Exchange server. Once want to know how your to botch application instal- the tasks configured to run you’ve configured the neces- Exchange server is handling lations and then have to on this server. At a quick sary settings for generating your applications, how start over—not to mention glance, you can see which reports, AppAnalyzer begins they’re performing and what the potential for messing up tasks have been successfully collecting data based on they’re being used for so other applications or set- completed, which haven’t your chosen parameters and you’ll have a ready answer tings on your servers. Using run yet and those that have time frames. You can sched- when those questions arise. AppAnalyzer through its errors or have failed. ule tasks to start at a later NetIQ’s AppAnalyzer can Web-based interface is a The upper right screen lets date and time or run a task help. AppAnalyzer has some snap. You can run it on any you see all the Exchange immediately using the unique features to help you platform that supports servers in your organization WebAdmin Console. better understand how your HTML 4.0, or a later ver- and to connect to each one Once that data has been group is using Exchange and sion. Its Web-based inter- to verify that tasks have collected, you can view a how you can configure your face is written in been set up for that server. report to see details of the Exchange server for Microsoft’s ASP.NET using The bottom pane shows you specific Exchange feature smoother sailing. version 1.1 of the .NET statistics on the tasks that you’ve selected. framework. This lets you have been configured and AppAnalyzer processes the Careful Planning run applications on multi- executed on the server. data cube through OLAP in The installation and opera- ple platforms, because These statistics include the SQL Server and presents a tion requirements are a bit ASP.NET renders the nec- date and time of the task, graphical representation of complicated for what looks essary HTML based on number of items processed the data analysis. like a simple product. your browser’s capabilities. and the frequency of execu- NetIQ has also added Fortunately, NetIQ pro- At the very least, your tion for tasks. something that is a “must vides an excellent quick browser must support have” in today’s virus- start guide and verification HTML 4.0 and some form Serving Up Reports riddled world of e-mail. utility that will warn you if of ECMA compliant script- AppAnalyzer uses SQL AppAnalyzer can report on

20 | October 2004 | Redmond | redmondmag.com | 1004red_prodreview_16-21.v11 9/17/04 9:37 AM Page 21

ProductReview

and forward or delete mes- Using the virus filtering, sages based on their con- you can report on messages tent, scanning for elements by attachment. This lets like keywords or certain you view a report on types of attachments. selected mailboxes to Running the reporting determine the attachment functions at the appropriate file extension and name. times can also help signifi- The report also includes cantly reduce the number the sender and receiver’s e- of macro virus issues you’ll mail addresses. Figure 2. The AppAnalyzer Report Console is also Web- have to face on a daily AppAnalyzer also lets you based, so you view it in a browser window. Shown is a report basis. I run Microsoft’s ISA monitor outgoing traffic on the Information Store Sizes. Server 2000 for my compa- with the same parameters. ny’s firewall and if you have This provides you with a ties. You can also simply ever attempted to install great opportunity to watch examine the volume of e- Gerry O’Brien, MCP, MCT, content filtering for ISA the mail traffic coming into mail traffic per user. MCSD, MCDBA is a network Server 2000 to provide the and leaving your organiza- Although there are some administrator and IT instruc- same functionality, you’ll tion so you can determine significant software and tor for the CompuCollege appreciate the ease with whether or not employees installation requirements School of Business in Moncton, which you can configure are abusing the system and you’ll need to address, no New Brunswick, Canada. this option with possibly opening your Exchange Administrator Reach him at gobrien8199@ AppAnalyzer. company up to legal liabili- should be without this tool. rogers.com.

| redmondmag.com | October 2004 | Redmond | 21 1004red_Beta_22-25.v10 9/16/04 11:58 AM Page 22

Beta Man Don Jones Updates Made Easy

icrosoft Windows Update Services (WUS), the must be applied, and whether they’ll require a restart of the target computer. much-anticipated (and renamed) version 2.0 of You also get granular control over Software Update Services (SUS), is due out late what updates a WUS server will han- M dle, with the ability to choose specific this year at the earliest. But I, Beta Man, got my hands on products and update classifications— Security Updates, Critical Updates, an early version of WUS and can report that, while it won’t Service Packs, Feature Packs and so on. Here’s how it works: You create replace a high-end management tool including approving updates, on the one or more subscriptions. Each sub- like Systems Management Server central server; the replicas follow its scription has an associated schedule (or (SMS), for a free tool it is impres- lead. In Autonomous mode (the only can be run manually), and synchronizes sive indeed. mode available in the beta), each WUS updates for the products and categories SUS 1.0 provides basic, centralized server can receive updates from an you specify. Perhaps you want to get administration of Microsoft’s Windows upstream WUS server (or from security updates every night, but Update service. Essentially, SUS Microsoft), but you must approve download feature packs only monthly. downloads all of Microsoft’s updates updates on each server individually. and leaves it up to you to approve Like SUS, WUS installs and uses the Reporting and Security them for use; once you do, they’re fair Background Intelligent Transfer WUS also includes extensive reporting game for all of your clients. To get the Service (BITS) 2.0, which allows it to capabilities, something completely updates, you program your client com- download updates using the server’s lacking in SUS. The coolest is the pre- puters (Windows 2000 and later) to “spare” bandwidth. The difference is deployment check, where WUS sends that SUS uses BITS only for server-to- a request to all clients to see how many Windows Update Services client transfers, whereas WUS uses it would install an update if it were made (WUS) 2.0 for all file transfers, including server-to- available. Responses shoot up to the Version reviewed: Beta 1 Microsoft synchronizations. BITS WUS server, enabling you to get an Current status: throttles the bandwidth used by its host impact report prior to actually deploy- In development—no new dates server’s NIC to ensure that a download ing the update. This information can Expected release: doesn’t overwhelm your LAN. (It does be used to limit the daily deployment Late 2004 to early 2005 not, however, detect when WAN band- of updates that prove risky during test- width is in high demand.) If the server ing, and to alert your help desk to the wants to use the network for something potential increase in call volume. look at your SUS server rather than else, WUS will throttle down and You can also get status reports for the Windows Update site. You can release bandwidth; when nothing else is individual updates, providing much- even cut off direct access to Windows going on, WUS will ramp up and use needed feedback. Unlike SUS, which Update if you like. SUS also supports a everything it can get. pretty much just threw the update out hierarchical infrastructure, meaning there, WUS keeps track of who has yet one SUS server can pull updates from Good Grouping to install it so you can watch the roll- another, allowing you to tier your net- Another key new feature in WUS—one out progress. In the beta, this feature work to minimize WAN utilization. requested by many SUS administra- rolls deployment data up only from WUS operates in much the same tors—is the ability to create groups for one WUS server to a parent server; fashion, although it will offer two dis- your computers, and to approve updates anything deeper than that (say, three tinct server roles: Autonomous and only for specific groups. This allows you Replica. In Replica mode, you manage to group two or three test computers BETA MAN'S ROUTINE DISCLAIMER a single WUS server, and it synchro- into a pilot group, then deploy updates The software described here is incomplete nizes to multiple subordinate replica to them first for testing, for example. and still under development; expect it to change before its final release—and hope servers, perhaps located at remote You can also prioritize updates, specify- it changes for the better. offices. You perform all administration, ing that certain high-priority updates

22 | October 2004 | Redmond | redmondmag.com | 0204mcp_UltraBac 1/14/04 2:05 PM Page 1

™

No Sweat.

Do you feel all alone when a critical server needs to be recovered?

One person, with or without a technical background, can restore an unbootable server in literally a few minutes using UltraBac Disaster Recovery Pro. Protect all your servers and workstations by making UBDR Pro™ your first line of defense against costly and unnecessary downtime. UBDR Pro works by taking periodic snapshots of a server’s OS partition to a network UNC path, tape, FTP, or TSM device. To restore a failed machine, simply put in a universal UBDR Pro CD and press the power button. No setup is required. Restores can be in excess of 1000MB/minute on high-speed Gigabit networks or when using LTO2 tape. Now anyone can restore a crashed server in the absolute minimum amount of time.

UltraBac — Making disaster recovery a breeze. No sweat restoring.

BACKUP AND DISASTER RECOVERY SOFTWARE FOR BUSINESS WWW.ULTRABAC.COM

© 2004 UltraBac Software. All rights reserved. UltraBac Software, UltraBac, UltraBac Software logo, UBDR Pro and Backup and Disaster Recovery Software for Business are trademarks of UltraBac Software. Other product names mentioned herein may be trademarked and are property of their respective companies. 1004red_Beta_22-25.v10 9/16/04 3:04 PM Page 24

Beta Man

or four tiers of WUS servers) won’t • The new WUS client hides the report correctly. It’s not clear whether Microsoft license agreements you nor- redmondmag.com Microsoft plans to address that issue mally associate with the Windows before the final release. Update Web site, providing a transpar- Don’t install WUS without The company did beef up security in ent experience. checking out what Beta Man WUS: The client only trusts content • You can schedule when updates has to say about: ● Installation, including tips and signed by Microsoft, so spoofed occur, how frequently clients check for considerations updates can’t easily sneak into the data- updates, and even schedule update ● The role of SQL Server 2000 base. The WUS client and server downloading to occur during a speci- ● Competing products, including SMS mutually authenticate one another as fied block of time. Because BITS can and ConfigureSoft’s ECM well, so your clients know they’re talk- resume a download where it left off, FindIT code: WUSbeta ing to the intended WUS server, not a large updates can even download over server trying to impersonate the offi- several days, in the block of time you to your SUS server, if you have one, cial one. Any data exchange between desire, finally installing when the and to ignore any updates which client and server is encrypted. download is complete. aren’t approved on the SUS server. The theory is, if you didn’t approve More Control What’s Missing? it, you don’t want it, so there’s no You can look forward to some new While WUS is a step in the right point in MBSA complaining that the control features in WUS, too: direction, it doesn’t include everything update isn’t installed. This feature of • Updates that don’t require a restart you might like to see. My nits include: MBSA 1.2 doesn’t work with WUS, can be installed in the background, •Microsoft built Microsoft Baseline although that’ll doubtless go away by without users’ knowledge. Security Analyzer (MBSA) 1.2 to look the time WUS releases, either in

24 | October 2004 | Redmond | redmondmag.com | 1004red_Beta_22-25.v10 9/16/04 3:04 PM Page 25

Beta Man

additional WUS support or in a new WUS post-haste. Both are free, easy to But for a free patch management version of MBSA. install and effective. Getting some solution, WUS is an impressive offer- • The SMS Feature Pack providing practice in with SUS now will help ing. Kudos to Microsoft for (finally) SUS integration also doesn’t work with prepare you for WUS, which is similar offering a robust, scalable patch man- WUS. Again, that support will doubt- and extends SUS capabilities in several agement solution that doesn’t require less come in the final release of WUS important directions. expensive per-client licenses (or or in a new Feature Pack. If you’ve got SUS already, upgrading indeed, any licenses beyond Windows • The WUS administrative console, to WUS will be a no-brainer. You’ll itself) and doesn’t need a month of like SUS, inexplicably uses an HTML get all the features you’ve probably planning and deployment. Look for interface instead of an MMC console. been wishing SUS had, plus an easy WUS in late 2004, or early 2005 if This interface also requires that IE be migration path that, even in beta, has things slip. WUS does depend on the set up to allow Active Scripting, which given me no problems. If you have a public release of Windows Update v5, in practice means you’ll need to unin- better patch management solution— so a delay in that product’s develop- stall the Enhanced IE Security SMS, ConfigureSoft’s Enterprise ment will also postpone WUS. Configuration on Windows 2003 (and Configuration Manager (ECM), or likely something similar on XP SP2). something else—stick with it. While Don Jones is a contributing editor for WUS will offer some neat integration Redmond magazine and the owner of WUS Gets It Done tricks for SMS (a la the SUS Feature ScriptingAnswers.com, a Web site for If your usual answer to, “How do you Pack already released for SMS), SMS automating Windows administration. His handle patch management?” is “Oh, is a better overall tool by far, as are most recent book is Managing Windows look, it’s coffee break time,” you tools like ECM (see our online sidebar with VBScript and WMI (Addison- should get on the stick with SUS and for more information). Wesley). Reach him at [email protected].

| redmondmag.com | October 2004 | Redmond | 25

1004red_F1Gates_26-31.v9 9/16/0412:00PMPage26 BILL2 5-YEAR PERFORMANCEREVIEW .

0

PHOTO BY SPENCER PLATT/GETTY IMAGES 1004red_F1Gates_26-31.v9 9/16/04 12:00 PM Page 27

MICROSOFT WATCHERS GIVE BILL GATES MIXED REVIEWS FOR HIS PERFORMANCE SINCE RELINQUISHING THE CEO TITLE TO BECOME CHIEF SOFTWARE ARCHITECT.

hen Microsoft Chairman Bill Gates traded his chief exec- utive officer title for the newly crafted chief software W architect role nearly five years ago, the company spin was that he would work in areas that most interested him—and best used his talents. Microsoft’s bottom line: Gates didn’t want to be so involved in the day-to-day running of the company. Turning that over to his trusted lieutenant Steve Ballmer gave Gates the time to think about future technologies and drive product development. Some at the time read something more desperate into the move. Wall Street Journal reporter David Bank argued that Gates mis- handled the U.S. government’s antitrust case against Microsoft and needed to be shunted aside. Other experts agreed with the Microsoft public relations machine, and believed Gates simply had enough of the relentless business decision-making and wanted to return to his first love: technology. Examining what Gates has actually done in the last five years shows that he has taken to his chief software architect role with gusto. He’s left obvious fingerprints on enough recent Microsoft projects and decisions to show that he is more involved in software and technolo- gy direction than those high-profile critics ever expected. He’s also more involved in pure business decisions than the skeptics predicted. Perhaps that shouldn’t be a surprise. After all, while he is no longer CEO, Gates never gave up his other Microsoft title: chairman.

Long-Delayed-Horn Gates’ primary responsibility as chief software architect is leading software development, and on no project is that more evident than Longhorn, the successor to Windows XP. “Longhorn is the first release that Bill has been intimately involved with since its inception,” says Greg DeMichillie, an ana- lyst with Directions on Microsoft who spent nine years in Red- mond as a group program manager. In June 2002, Gates was reportedly spending roughly a quarter of his time with developers shaping Longhorn. His intensive, early involvement helped push forward several priorities, including: • New graphics and UI technology, code-named Avalon

❚ BY KEITH WARD AND SCOTT BEKKER

| redmondmag.com | October 2004 | Redmond | 27 1004red_F1Gates_26-31.v9 9/16/04 12:00 PM Page 28

Bill’s Guys Since Bill Gates became chief software architect, most high-level Microsoft executives report to Steve Ballmer. Ballmer still reports to Gates, who retains the title of chairman. But as chief software architect, Gates has just four direct reports, according to Directions on Microsoft, an analyst firm that keeps close tabs on Microsoft’s organizational chart.

Bill Gates Chief Software Architect

Craig Mundie David Vaskevitch Rick Rashid Jon DeVaan Senior Vice President Senior Vice President Senior Vice President, Senior Vice President, Research Engineering Strategy Chief Technical Officer, Chief Technical Officer, advanced strategies and Business Platform Role: Oversees research Role: Drives improve- policies Role: Works with Bill and distributed systems, ments in Microsoft’s artificial intelligence, engineering practices Role: Technology, busi- Gates to drive graphics and speech ness and policy strategy Microsoft’s overall strat- recognition. across product groups egy, technology direc- for issues such as secu- tion and architecture. rity, privacy and intellec- tual property. Source: Directions on Microsoft

• Communications infrastructure for where we can take that idea of storage sives on trustworthy computing, with Web services, code-named Indigo in a very different way.” two subsequent security progress • Integration of the file system and Delivering on that vision is proving reports; spam; and preserving the database, known as WinFS difficult. Longhorn was first men- value of e-mail. These memos are Gates has long been enamored with tioned as a deliverable as early as the nothing new, of course; perhaps the the WinFS idea, also known as uni- second half of 2004, but more recently most famous is the “The Internet fied storage. At last October’s Profes- experts were saying it would ship in Tidal Wave” memo he issued on May sional Developers Conference, Gates 2007. On Aug. 27, less than four 26, 1995, just months before the declared, “Some of you here have weeks after Gates’ speech to the launch of Windows 95. The memos heard me talk about unified storage research team, Microsoft said it would serve as marching orders for thou- for more than a decade. The idea of ship Longhorn in 2006, but with only sands of Microsoft developers. taking the XML flexibility, database two of the original three pillars: One long-time hot-button is alterna- technology, getting it into the file sys- WinFS will have to wait longer still. tive input, including speech recogni- tem: that’s been a Holy Grail for me tion and pen computing. Here Gates is for quite some time.” Indeed, the idea Tech Drivers either ahead of his time or overly opti- was included in Cairo, a Gates-backed While his visions may not always mistic. Take the Tablet PC, which object-oriented, RDBMS-based OS come to fruition, among the countless debuted in November 2002. The fol- under development in the mid-1990s technical geniuses in Redmond, Gates lowing March, at the Mobility Devel- that never shipped. is the software visionary who defines opers Conference, Gates called the On Aug. 2, 2004, in a speech to the the key issues. Tablet PC “an explosive form factor, Microsoft Research team, Gates called Perhaps the simplest way to tell what because things like annotation and WinFS, “A very large investment for technology Gates deems important is reading, note taking, haven’t really us.…we need to have lots of develop- to read his periodic executive e-mails. been possible,” and spoke of vendors

ers building on top of that showing us In the last two years, he’s penned mis- selling out of their units. MICROSOFT COURTESY PHOTOS

28 | October 2004 | Redmond | redmondmag.com | 1004red_F1Gates_26-31.v9 9/16/04 12:00 PM Page 29

But the Tablet PC has yet to capture Watch. She chalks it up to “Bill’s the public’s imagination. Analyst antagonistic, take-no-prisoners atti- DeMichillie says it’s a “product that tude.” She pointed to the recent set- probably would have been killed had it tlement with Sun over Microsoft’s not been for Bill’s personal advocacy.” implementation of Java as an exam- Gates makes time for nearly all ple. Microsoft paid out almost $2 Microsoft products. Development proj- billion to bury the hatchet. ects are still subject to the legendary The Sun deal also points to how “Bill Review,” where Gates grills prod- Gates and Ballmer have settled into uct teams about their wares (“Gestapo- their assigned roles. A deal with Sun style” is how one IT consultant who’s was the technology equivalent of the worked with Microsoft described it). Eagles reunion—years of bad blood As is to be expected for a chief soft- and mutual sniping swept under the rug ware architect, and the man who with a big public announcement, and launched the division, Gates is inti- lots of money changing hands. The gala mately involved with Microsoft press conference featured business Research. He talks up its advances reg- heads Ballmer and Scott McNealy. But ularly in speeches and interviews—and to lay the technical groundwork, Gates funds it generously. Michael Fleisher, Bill with his other love—Melinda. met with Sun CTO Greg Papadopou- chairman and CEO of Gartner, said in ness, offering olive branches and in los on and off for a year. a recent speech that in the five years some cases billions of dollars to for- It’s a mistake to think Gates focuses since Gates became chief software merly bitter rivals. Where Gates solely on technology these days. The architect, Microsoft Research’s budget fought tooth and nail against every chairman remains interested in deci- has more than doubled, from $3 billion antitrust allegation, Ballmer has been sions that are almost all business, such to $6.8 billion (a figure, Gates is quick far more practical. Since the settle- as mergers and investments in com- to point out, that far surpasses IBM’s $5 ment of the U.S. Department of petitors. One example came out of the billion R&D budget). With that money Justice antitrust trial in 2001, Ballmer Oracle-PeopleSoft court battles. Ora- comes accountability: One of only four is widely credited with a more concil- cle entered into evidence a June 2003 people who report directly to Gates is iatory legal strategy that has led to e-mail from Gates to Ballmer suggest- Rick Rashid, who runs Microsoft numerous settlements. In 2003 and ing that it’s “time we bought SAP,” Research’s worldwide operations. (See 2004 Microsoft settled at least 14 and advocating a minority investment chart for his other direct reports.) class-action, trademark infringement in PeopleSoft to “bolster their inde- While Gates is constantly and aggres- and antitrust lawsuits. pendence.” The talks with SAP fell sively pushing the Microsoft technolo- “There have been a number of apart in the early stages. gy agenda, he now does so in a less legal settlements since Steve’s been Still, his main interest is product public manner. Consider that in on board,” says Mary Jo Foley, edi- development. In an interview last year 1999—his last year as CEO—Gates tor of the newsletter Microsoft with Seattle Times Reporter Brier Dud- delivered at least 31 public speeches, according to transcripts posted on his official Microsoft Web page. Last year, the number was 17. He also doesn’t speak to the press as much, declining to be interviewed for this story (along with Ballmer and every other Microsoft employee contacted by Redmond maga- zine). Ballmer, on the other hand, agreed to answer questions from read- ers for the August 2004 cover story of Redmond’s predecessor, Microsoft Certi- fied Professional Magazine.

Still Showing Business Savvy While Gates appears happy focusing on technology, CEO Ballmer has

PHOTOS BY TIM MATSUI, GETTY IMAGES (TOP), LIASON/GETTY IMAGES (BOTTOM) IMAGES LIASON/GETTY (TOP), GETTY IMAGES TIM MATSUI, BY PHOTOS changed the way Microsoft does busi- Bill Gates with his soon-to-be CEO Steve Ballmer in 1998.

| redmondmag.com | October 2004 | Redmond | 29 1004red_F1Gates_26-31.v9 9/16/04 12:00 PM Page 30

Bill Gates in 2000 with a group of mothers and their children in New Delhi after Gates announced his foun- dation awarded $30 million in grants to benefit children and students in India. ley, Gates said he spends two-thirds of and structured data using a single set ty,” Cusumano says. “Instead, [Gates’] his time in his role as chief software of search terms. It would embed data- Windows-centric strategy demanded architect. “One of the big changes base technology from SQL Server they create a version of Windows for with his job is that he’s able to become into the operating system. those devices. Windows CE and all involved in the product development While Gates championed the WinFS those versions of handheld OSs are process earlier, where before he might technology, Group Vice President for very large and clunky and not as good become involved late, which would platforms Jim Allchin and legendary as specialized OSs. That’s why they’ve frustrate him,” Dudley says. Microsoft shipper Brian Valentine had a tough time in those markets.” polled developers for their status and The example points to the downside A Sketchy Track Record gathered customer and partner feed- of Gates’ deepening involvement with But is his earlier involvement good back. The conclusion: WinFS would development. “There’s not as much for Microsoft? hold up delivery until 2007. At the intellectual variety in the company,” If you try to answer the question by time, Gates remarked that he, Allchin, Cusumano says. “They are susceptible looking at Longhorn, the picture is Ballmer and other executives were to group-think, all basically following not so rosy. After suffering several having “a lot of dialogue.” a similar line.” delays, the product will now ship with Indeed, heavy Gates involvement only two of its three original legs—a with a product’s development hasn’t Seeing the Big Picture .666 batting average may be outstand- always been a good thing. Many proj- One positive that Gates brings to the ing for a baseball player, but it’s not so ects Gates pushed passionately simply table is first-hand knowledge of hot for a software company. fell flat. “He’s always been a huge pro- everything Microsoft is doing, from WinFS is an ambitious idea, intend- ponent of alternative input—voice, Microsoft Research to the seven ed to be a file system that allows users joysticks, pen computing. But those business divisions, on down to the to search through documents, media products haven’t been that successful,” product development teams. says Barb Darrow, a veteran Microsoft This becomes clear during the “Bill watcher for Computer Reseller News. Reviews” which occur once or twice Part of the problem is Gates’ refusal a year for major products, according GetMoreOnline to look beyond the company’s Win- to DeMichillie. “The main value he ● Check out our companion story, dows-centric strategy, argues Michael adds is that he’s the only one who “What About Steve?” on how CEO Cusumano, a professor at the MIT can point out overlaps between Ballmer is faring, along with links to Sloan School of Management in Cam- groups that they might not otherwise more fodder on Gates and his role as Chief Software Architect. bridge, Mass., and author of the book know about,” he says. Microsoft Secrets. Joe Wilcox, a senior analyst for Jupiter- FindIT code: Bill2 “There’s no reason Microsoft could media Corp., agrees: “I’m convinced that not have developed a state-of-the-art if there’s a person who understands redmondmag.com OS for handheld PDAs or cellphones everything Microsoft is doing in terms of that really optimized their functionali- software, it’s Bill Gates.” GETTY IMAGES JEFF CHRISTENSEN, BY PHOTO

30 | October 2004 | Redmond | redmondmag.com | 1004red_F1Gates_26-31.v9 9/16/04 12:00 PM Page 31

especially as Microsoft faces its biggest WHERE THE MONEY COMES FROM threats ever. Linux, not only in the serv- Microsoft wrapped its fiscal 2004 in July. Here’s how the seven major divisions fared. er room, but increasingly on the desk- top, is worrying plenty of folks in Revenues Operating Income Segment (millions) (millions) Redmond. And Microsoft has been Client $11,546 $8,015 much less successful in its ventures out- Server and Tools $8,483 $96 side of operating systems and Office applications. Meanwhile profits from $10,800 $7,151 Information Worker those core products are leveling off Microsoft Business Solutions $667 ($255) (Microsoft’s Client, Server and Tools, MSN $2,216 $121 and Information Worker businesses Mobile and Embedded Devices $247 ($224) together accounted for nearly $30.8 bil- lion of Microsoft’s $36.8 billion in rev- Home and Entertainment $2,876 ($1,215) enues in fiscal 2004), forcing Microsoft to be more creative in its quest to grow. Another of Gates’ historical strengths month Gates handed over the CEO Gates has some tricky and funda- is having an understanding of not just reigns to Ballmer. mental technical decisions to make. Microsoft technology, but every com- “If he appears to have mellowed at “Any dominant company has this petitor’s strengths and weaknesses. all, it’s because he has other things in problem. You don’t want to throw And Gates still carefully tracks what his life besides Microsoft, but that away a dominant position,” Cusumano the competition is doing, as the Ora- doesn’t diminish Microsoft’s impor- says. “It would have been in cle-PeopleSoft example demonstrates. tance,” says the Seattle Times’ Dudley. Microsoft’s best interest to allow more One thing that has changed is that “Frankly, he’s earned a break. He may work around open source, [such as] Microsoft is no longer Gates’ sole not take one, but he’s earned it.” Linux and Java, and to handle multiple focus. Gates’ long-time bridge buddy “Microsoft is still clearly his prior- technologies other than its own. IBM and fellow billionaire Warren Buffett ity, although not more than his fami- has done that very well; Microsoft will has said that Gates found a rhythm to ly,” says Cusumano. “It’s good for have to do the same.” balance work, family and philanthro- him psychologically to be not so tied IBM has also done one other thing: py. Gates is not only married with to the company. It’s not healthy for It’s made lots of money consulting, three children, but also spends a someone to spend 100 percent of his another possible revenue stream for healthy amount of time on the Bill time on Microsoft stuff.” Microsoft to explore, Cusumano says. and Melinda Gates foundation, which “IBM’s software products have been has a staggering endowment of some The Road Ahead flat, [but] it makes three times that $27 billion. Interestingly, the founda- Maybe not 100 percent of his time, but money in the service business. Again, tion started in January 2000, the same Gates isn’t about to start slacking off, Microsoft has not done [that]. That’s something they may have to do 10 years in future, when the Windows market really flattens.” In his interview with the Seattle Times Gates speculated about that future. “By the time I’m 60 someone else will be doing my job … I can see at least 10 years of work yet to be done that I think I can help with. And so somewhere in my late 50s, some- one else will step up.” It will be virtually impossible for that person to have the impact on a company, or an industry, that Bill Gates has had.

Ward is managing editor and Bekker is news editor of Redmond magazine. Last year Bill Gates delivered 17 speeches, down from at least 31 in Executive Editor, Reviews, Lafe Low also

PHOTO BY JUSTIN SULLIVAN, GETTY IMAGES SULLIVAN, JUSTIN BY PHOTO 1999, his last year as CEO. contributed to this story.

| redmondmag.com | October 2004 | Redmond | 31 1004red_roundup_32-38.v11 9/16/04 12:20 PM Page 32 RedmondRoundup Virtual Servers in the Real World Server consolidation may be a necessary evil, but either Virtual Server 2005 or GSX Server can ease the pain.

❚ BY DON JONES ing it’s actually running as a guest on In this Roundup Server consolidation is a big deal. BigServer2. The “do more with less” economy in which we’re living has companies Going Virtual Virtual Server 2005 wanting to rid themselves of old, Microsoft’s latest virtual server offer- $499 standard edition, supports insecure and unmanageable Win- ing, Virtual Server 2005, is expected up to four processors dows NT file servers, Linux servers in the latter half of 2004. Virtual $999 enterprise edition, supports and who knows what else. Upgrading Server will run on Windows Server unlimited processors old servers isn’t always a viable 2003 (including Small Business Serv- Microsoft Corp. option and buying new ones may not er and XP Pro). The Standard Edi- 800-426-9400 be feasible either. There’s also the tion supports up to four processors, www.microsoft.com time and expense required to migrate while the Enterprise Edition runs as files, folders and printers to the new many as 32 processors. servers and re-educate users, explain- VMware, which is owned by EMC, GSX Server ing that Server51 through Server55 checks in with GSX Server. This util- $3,025 for two processors, are going away and will be replaced ity runs on Windows Server 2000, $6,050 for four processors by the new BigServer2. Windows 2003 and certain Linux VMware Inc., a subsidiary of Enter virtual server software. By installations. VMware also has a high- EMC Corp. running multiple servers on one end edition called ESX Server, which 650-475-5000 physical box, IT can consolidate is actually its own standalone operat- www.vmware.com servers using what they have—and ing system loosely based on Linux. not spend a lot of dough. And users The theory with ESX Server is that can still access Server52, not realiz- by having a single-purpose operating system, you can squeeze more virtual machines onto one physical box. Both Virtual ➤ For more reviews, turn to Server and GSX our Product Server emulate Review section the complete set that begins on of server hard- Page 16. ware: memory, processor, IDE bus, BIOS, video, SCSI bus, network adapters and so on. Most emulated hardware simply passes through to the physical hard- ware, with that pass-through man- aged and arbitrated. Disks are a notable exception. Each virtual machine disk is encapsulated into a Figure 1. You’ll be directed to the HTML-based administration page as soon as you single file on the host operating sys- complete installation of Virtual Server 2005. tem. This makes moving virtual

32 | October 2004 | Redmond | redmondmag.com | 1004red_Scriptlogic.qxd 9/15/04 4:59 PM Page 1 1004red_roundup_32-38.v11 9/16/04 12:20 PM Page 34

RedmondRoundup

machines from host to host a piece Virtual Server 2005 also includes of cake. Just copy a configuration an ActiveX implementation of the file and all the disk files. RCC, which you can launch from Like Virtual PC and GSX Server, within the Web-based administra- SWSoft’s Virtuozzo (see “And Now tive user interface (which only for Something Completely Differ- works with Internet Explorer, by the ent: Virtuozzo Virtual Server Soft- way). The ActiveX control is pretty ware,” p. 38) lets you run multiple bare-bones and isn’t as satisfying as virtual servers on one physical box, the RCC. but that’s where the similarities end. One feature that Virtual Server SWSoft takes a completely different Figure 2. Virtual machine remote control 2005 has over GSX Server is differ- approach to virtualization, since its gives you a “desktop-in-a-window” view. encing drives. Keep in mind that all original target market was applica- virtual machine hard drives exist as tion hosting providers needing large- 2005, an MMC-based administrative single files on the host computer. A scale virtualization on Linux-based interface would have been more differencing drive is a file that out- boxes. Rather than emulating the functional and easier to use than the lines differences between an existing, hardware, Virtuozzo emulates the Web-based one. read-only virtual hard disk and the host operating system kernel. You’ll use the Virtual Machine Re- virtual machine’s current condition. mote Control Client (RCC) to work Suppose you create a virtual server Virtual Server 2005: with Virtual Server. As shown in Fig- running Windows NT 4.0. You get An Eye Toward Automation ure 2, the RCC uses a new, propri- the operating system fully installed Microsoft’s offering is based on the etary Virtual Machine Remote and then shut it down. You then cre- Virtual PC technology it acquired Control (VMRC) protocol to attach ate two differencing drives, named from Connectix. Installation of the to running virtual servers. This gives DiffA and DiffB. Both are based on release candidate on my Windows you a “desktop-in-a-window” view, the original NT 4.0 virtual machine 2003 system was uneventful, and I similar to running a virtual machine hard disk. You now create two new was quickly referred to the product’s under Microsoft Virtual PC or virtual machines, ServerA and HTML-based administration page, VMware Workstation. Performance ServerB, and instruct them to use shown in Figure 1 on p. 32. This of the RCC seemed adequate, DiffA and DiffB as their hard drives. Web-based administration is a new although less sophisticated than Any changes made to ServerA or and unwelcome trend in Microsoft VMware’s GSX Server Virtual Ma- ServerB are written to the DiffA and products. Microsoft has a perfectly chine Console. Before you can use DiffB drives, preserving the “base” good management interface in the VMRC with a virtual server, howev- NT drive. You can’t modify the base Microsoft Management Console er, you need to specifically enable it NT drive without invalidating the (MMC). In the case of Virtual Server to do so. two differencing drives, but you’ve saved disk space. Instead of having two virtual disks with a full copy of Windows NT, you have only one. Virtual Server does let you allocate the physical machine’s resources across virtual machines. As shown in Figure 3, you can specify percentage levels for processor utilization, as well as weighting information. You can reserve a percentage of the processor for a particular virtual machine and limit the processor overhead a virtual machine can con- sume. You can also specify memory Figure 3. You can specify percentages for processor utilization, reserve capacity and allocations, which is done as part of weighting for each of your virtual machines. each virtual machine’s configuration.

34 | October 2004 | Redmond | redmondmag.com | 1203mcp_AlloySoftware 11/10/03 10:53 AM Page 1 1004red_roundup_32-38.v11 9/16/04 12:20 PM Page 36

RedmondRoundup

Virtual Server 2005 has sensible based administrative interface and sepa- default settings. For example, when a rate (or ActiveX) remote-control clients. virtual machine stops, Virtual Server GSX Server lacks the differencing redmondmag.com saves its status, which helps you drive capability of Virtual Server, To learn more about the care and quickly restart it later right where it meaning two virtual machines can’t feeding of virtual servers: left off. You can configure machines share an underlying virtual disk file. ● “Virtual Servers: The Licensing to start up when the host machine That’s a shame, because older ver- Factor” gives you a quick heads-up starts, ensuring that production-level sions of VMware products did pro- on Microsoft’s attitude toward licens- virtual machines are always running. vide this capability. In GSX Server ing servers—virtual or not. Virtual Server 2005 is very well- 3.0 (and VMware Workstation 4.5), ● suited to automation. It is complete- there’s a new snapshot capability “The Computer That Never Was” offers a snapshot of the virtual server ly exposed through COM interfaces, instead. This essentially “book- landscape. meaning you can write VBScripts marks” your virtual machine’s status, (or whatever else) to create virtual and you can revert to this status at FindIT code: Virt machines, clone them, manage any time. You only have one book- them, and so on. Building that kind mark at a time, and once you revert, to start when the host starts, ensuring of automation capability into a you can’t undo the operation. that production-level virtual machines product isn’t unusual for Microsoft. GSX Server also doesn’t provide the are always available. What’s unusual is that they’ve actu- same resource-control methods as ally documented it—Virtual Server Virtual Server. You can set a virtual More Alike Than Not 2005 ships with a programmer’s machine’s processor priority to low, Besides some minor interface and guide that’s accessible even to normal or high for one of two condi- operating details, Microsoft Virtual beginning scripters. tions: When you’re interacting with it Server 2005 and VMware GSX Serv- (normal or high priority) and when er 3.0 have much in common. Both GSX Server: you’re not (normal or low priority). performed similarly on my test A Sensible Interface You can’t reserve processor priority machine; running the same number I also installed GSX Server on a for a virtual machine or set a processor of similarly-configured virtual Windows 2003 test machine. GSX maximum. Like Virtual Server, you machines at the same time with the Server provides an administrative can designate specific virtual machines same response levels. interface that will be Both provide industry- remarkably familiar if standard security fea- you’ve used VMware’s tures for administrative Workstation. As shown connections, including in Figure 4, a “Home” SSL encryption. Virtual tab provides icons to Server 2005 has an create and manage vir- administrative scripting tual machines, while interface that is disabled the list of configured by default—a welcome machines appears on change from Microsoft’s the left-hand side of previous policy of build- the window. Each vir- ing in scripting and leav- tual machine has an ing it enabled, giving additional tab that lets script-based viruses an you quickly interact easy point of entry. Vir- with any machine from tual Server also leaves the same window, as remote control access shown in Figure 5 on p. to virtual machines 38. This seems to be a disabled, putting any much more integrated potential security risks and sensible approach Figure 4. Folder-style tabs let you toggle between virtual machines for enabling it squarely than Microsoft’s Web- quickly and easily. on your shoulders.

36 | October 2004 | Redmond | redmondmag.com | 0904mcp_Ecora 8/10/04 10:45 AM Page 1

10 Reasons Why Steve Loves Ecora Enterprise Auditor

1. Needs to baseline server confi guration changes.

2. Helps him standardize server confi gurations.

3. Gets out-of-the-box security audit reports for Windows, Active Directory, Cisco, Citrix, IIS, Exchange, SQL, XP, Linux, Lotus, Oracle, Novell, and UNIX.

4. Documents confi gurations in case of disaster recovery.

5. Satisfi es Sarbanes-Oxley and HIPAA audits.

6. Identifi es confi guration changes for his entire environment.

7. Verifi es changes in Remedy.

8. Uses it to audit ITIL processes.

9. Gets personalized attention from Amy at Ecora Tech Support.

and…

10. Saves him time every day so that he can go home at a reasonable hour.

Join Steve Today!

Try Ecora Enterprise Auditor FREE

www.ecora.com/myauditor

Managing IT in the real world 1004red_roundup_32-38.v11 9/16/04 12:20 PM Page 38

RedmondRoundup

And Now for Something Completely Different: Virtuozzo Virtual Server Software

irtual Server and GSX Server both emulate a computer’s hard- Figure 5. Selecting a tab for a virtual ware, including memory, processor, and so on, so each virtual machine lets you access and control that machine appears to be a complete, standalone computer to machine within the same window. anything running inside the virtual machine. Virtuozzo, on the other hand, doesn’t emulate the hard- There was one notable difference Vware. Instead, it emulates the operating system kernel. It does sep- between the two: Virtual Server 2005 arate virtual disks for each virtual machine, and lets you allocate took roughly three times longer to resources like memory and processors to the virtual machines. The install on Windows 2003 than GSX benefit of this technique is that Virtuozzo has significantly lower Server. This is the same installation overhead than Virtual Server and GSX Server, which can spend up performance difference I’ve noted to half of the host computer’s time emulating hardware. This way, between Virtual PC 2004 and you can run many more virtual machines per physical server. SWsoft VMware Workstation 4.5. once started 5,000 Linux-based virtual machines on a giant IBM server with 16GB of RAM and a handful of processors. Tools of the Trade There’s one significant downside to Virtuozzo’s technique, though. Microsoft has announced a migration Your virtual machines must run the same operating system as the toolkit that will help migrate physical host server. You can’t run Linux virtual machines on a Windows box, servers to virtual servers, thereby easing and you can’t run Windows virtual machines on a Linux box. You can’t the consolidation process. Microsoft even run Windows 2000 virtual machines if your host server is run- has also announced a late-2004 “man- ning Windows 2003. agement pack” for Virtual Server 2005, SWsoft originally offered Virtuozzo only in a Linux version, leaving which will include additional manage- Windows virtual servers out in the cold. The company is working to ment tools. release a Windows version (expected to go into beta in late 2004), but With a head start on the virtual right now you can’t use Virtuozzo to consolidate those old NT 4.0 servers. server scene, VMware already has a Virtuozzo does have a place in the enterprise, though. If you have a family of tools available. VirtualCen- large Web farm (or need to build one), it may be more efficient to build ter is a centralized management and a single giant server that hosts a few dozen virtual Web servers, than provisioning tool that gives you con- to purchase, configure, and manage a few dozen boxes in your data trol of multiple GSX Server hosts. center. Virtuozzo also has some tools for deploying software updates This includes VMotion, a tool for to an entire batch of virtual servers, helping make server management quickly moving virtual machines en masse easier and more efficient. from host to host on the same Stor- SWsoft’s Virtuozzo is unlikely to be your first choice for server age Area Network with no down- consolidation, due to its inability to run different operating systems time. The VMware P2V Assis- within its virtual machines. However, if you’ve moved beyond the tance is designed to migrate between need for server consolidation and instead need to manage large physical and virtual servers. numbers of virtual servers for things like Web hosting, Virtuozzo is You can’t go wrong with either worth a look. VMware GSX Server or Microsoft —DON JONES Virtual Server 2005 for server con- solidation. Both give you what you Virtual Server 2005 offers a slight need. GSX Server stands out prima- advantage in resource allocation and Don Jones is a contributing editor and rily in its mature administrative naturally integrates more tightly columnist for Redmond magazine and interface and official support for with related Microsoft products, like the manager of ScriptingAnswers.com. non-Microsoft operating systems. Microsoft Operations Manager. You can reach Don at [email protected].

38 | October 2004 | Redmond | redmondmag.com | 1004red_EMC3_pg1.qxd 9/9/04 4:10 PM Page 1

Sponsored Advertising Supplement

Optimizing Exchange: Strategies for Managing the LifeCycle of E-mail Data

BUSINESS REPORTS 1004red_EMC3_wkg_pg 2.qxd 9/9/04 4:22 PM Page 1

Sponsored Advertising Supplement Optimizing Exchange: Strategies for Managing the LifeCycle of E-mail Data

By Sherree DeCovny The Personal E-mail Boxes of Employees Larstan Business Reports Run Out of Space Frequently 70%

A set of market and technological trends are creating a need for 60%

midsize organizations that currently use Microsoft Exchange as 50% their enterprise e-mail infrastructure to re-evaluate the way they 40% manage mission-critical e-mail data. This is the central conclu- sion of a white paper from Larstan Business Reports that fea- 30% tured a survey of over 200 professionals in midsize organizations 20% that have implemented Microsoft Exchange as their primary 10% e-mail platform. The survey found that: 0% Agree Disagree I There has been a huge increase in the volume of e-mail Source: Larstan Business Reports traffic and the size of attachments. While 16 percent of respondents indicated that e-mail traffic per-person (or seat) is rising by around 10 percent per year, a whopping 62 percent storage and management issues is rising. Many of these calls said that the pace of growth was as much as 20 percent. The revolve around requests to recover ad hoc messages that have remaining 14 percent of respondents said e-mail is growing at been stored as personal e-mail files (or PST files). This scenario a rate faster than 20 percent per year per seat. The increased is creating a burden for both users and IT professionals, as volume is putting stress on the existing e-mail infrastructure workers struggle to keep track of current and archived e-mail. — including storage. It is also challenging the ability to pro- vide operational support and emergency backup capabilities to I There is a fairly fragmented and un-integrated e-mail the e-mail store. management environment, which many respondents see as an issue that needs to be addressed. This manifested I Over half of respondents (52 percent) said that the amount itself in a number of ways: only 42 percent of respondents of storage needed to accommodate growth in e-mail traffic reported they have in place an enterprise-wide strategy for is growing at a pace of up to 20 percent per year. Only 22 managing email archives; 69 percent said employees person- percent of respondents indicated that the growth is 10 percent al e-mail boxes run out of space frequently. About the same or less. For many organizations this translates into a need to number of respondents (67 percent) said they are planning consolidate e-mail server and storage systems to simplify the to enhance their e-mail archiving strategy over the next 12- management of growing e-mail traffic and volume. 18 months.

I Almost two-thirds of respondents (63 percent) said that the These statistics indicate a need for organizations to develop a number of IT support/helpdesk calls related to e-mail better way to extend the message store (to avoid time spent man-

2 1004red_EMC3_wkg_pg3.qxd 9/9/04 4:28 PM Page 1

Sponsored Advertising Supplement

aging PST files) and establish new more strategic information My Organization Has Plans To Improve Its E-Mail lifecycle management (ILM) policies to store, access and recover Archiving Strategy Over The Next 12-18 Months actively used e-mail. The Larstan Business Report also found 70% growing recognition in the legal community that the enhanced 60% standing of e-mail data in legal procedures is causing organiza- tions to develop more stringent management, audit and control 50% procedures for e-mail data. 40% 30%

The findings of the Larstan Business Reports survey support the 20% conclusions of other market research and consulting organiza- 10% tions that have explored the emergence of e-mail data and sys- 0% tems as a critical element in business operations. Agree Disagree Source: Larstan Business Reports I E-mail storage requirements are climbing rapidly. Accord- ing to IDC, each user is now consuming between 5MB and 10MB in e-mail per day. Moreover, this volume expected to double by 2006. ...Consolidation Exchange has been re-engineered over the last two versions to I Consulting firm Creative Networks determined that organ- enable more advanced consolidation features. With the introduc- izations currently spend an average of nearly $200 per user tion of Exchange 2000, for example, the ability to consolidate each year to locate and retrieve lost e-mail from storage. servers was increased. When Exchange 2003 was introduced, When lost user productivity, revenue loss, and administration functionality was added to enable site consolidation, paving the and management costs are taken into account, the firm con- way for Storage Area Network (SAN) integration. cluded that companies spend more on e-mail archive manage- ment than for all technical support and help desk combined. The first step is to consolidate servers using the multiple storage groups and information stores in Exchange and to connect servers I Just over 40 percent of companies surveyed by the non- to consolidated storage via a SAN. Ultimately, this enables the profit Partnership for Public Warning admitted that the firm to enhance service levels and reduce operational costs. lack of systems redundancy and inadequate procedures for backing up data puts their organization at risk. (The New features in Exchange 2003, such as Outlook Web Access researchers surveyed 1,000 executives from ten of the coun- and Outlook Caching, make it easier to manage data and add try’s major metro areas, including New York, Washington, high availability functions such as channel failover, storage and Los Angeles, Chicago, and Miami.) “Many large companies server clustering. Remote user performance is significantly have both the budget and the resources to develop intricate improved and the need to locate Exchange servers in remote business continuity strategies. Mid-tier players also need to sites is eliminated. “This storage architecture with its central- have redundancy, back up and rapid recovery. But with fewer ized management tools is easier to manage than conventional, resources to draw from, they are looking for solutions with distributed, Exchange storage,” says Todd Donaldson, Director these features to be built into their operational systems. This of EMC Global Solutions for Microsoft Exchange. “Companies is a challenge that companies like Microsoft and EMC are can lower their storage requirements by combining a shared working together to solve,” says Howard Jones, Principal storage resource with the single-instance store feature in the Consultant with Microsoft Consulting Services. In response Exchange database.” to these challenges, EMC and Microsoft have teamed up to develop a set of technologies and methodologies that help ...Rapid Recovery organizations effectively manage the complexity of their Since e-mail is an extremely visible application, everyone in the enterprise e-mail systems. organization from the CEO down notices when it isn’t available.

Resource: New White Paper & Research on "Optimizing Exchange" available at www.emc.com/microsoftsolutions

3 1004red_EMC3_wkg_pg4.qxd 9/9/04 4:29 PM Page 1

Sponsored Advertising Supplement

Yet it can take days to recover databases that fail, get lost or The Number of Help Desk or IT Support Calls Related to become corrupted. E-Mail Storage & Management Issues Is Rising 70%

With EMC Replication Manager/SE, clone copies of Exchange 60%

can be put on fiber or ATA drives using CLARiiON ATA. Failed 50% databases can be restored from the clones through EMC software 40% utilities instead of from tape. That means the recovery time is 30% accelerated from hours or days to minutes. In addition, the clone backups are more reliable than tape. 20% 10%

All of EMC’s storage platforms conduct continuous diagnostic 0% testing to identify potential problems before they affect applica- Agree Disagree tion availability. Potential problems are escalated proactively Source: Larstan Business Reports to EMC through its phone home capabilities, service and support. Since many customers still have requirements for tape-based backups for offline data, the firm’s existing backup solution may also enables Extended Mail Stores with EMC Legato EmailXten- be used to pull backup data off the replicas and onto tape. In addi- der software and ATA disk to automatically manage stored e-mails. tion, this solution provides the foundation for a disaster recovery option for those customers requiring additional protection. Finally, this solution provides the foundation for a more compli- ant-based e-mail archiving option with the EMC Centera product ...Extended Mail Store for those firms that require more stingent archiving needs to The rapid evolution of storage requirements for Exchange has meet governance and compliance requirements. The EMC Cen- created new challenges. Administrators have to enforce mailbox tera archiving solution also manages the lifecyle of e-mail data limits so the system is manageable and performs well. Users get with EMC Legato EmailXtender software. around the mailbox limits by saving their e-mail on their desktop. Many employees put it on the file share so it can be backed up at With operational needs, this solution lowers storage requirements night, but that consumes IT resources. and management costs, and reduces security/legal risk by cen- tralizing and automating e-mail retention and deletion policies. It People often save these PST files on memory sticks and offers the option to create a virtual or “managed” mailbox size to CDROMs and take them home. That means data is dispersed in increase user productivity and eliminate the practice of self- uncontrolled environments, which introduces security risk and archiving to personal folders. By using the entry-level archiving complicates legal discovery in the event of litigation. software and CLARiiON with ATA disks, this is the lowest cost archiving solution. Microsoft utilities can be turned on to make it impossible for employees to create a PST file. However, with new archiving ...EMC E-mail Express Proven Solution Reduces TCO technology and inexpensive ATA storage, it is possible to create The EMC E-mail Express Proven Solution has been designed to virtual unlimited mailboxes. These can be used to store active integrate, automate, and consolidate decentralized systems and business records before they are eventually deleted or backed up processes related to e-mail management. Organizations that to a long-term archive. implement the solution have a better way to divert human and technical resources to core mission-critical operational activities. The EMC E-mail Express Proven Solution places the mail store For access to the full white paper, Optimizing Exchange: Strate- in a central, secure and consolidated location. It creates clones/ gies for Managing the Lifecycle of E-mail Data, visit replicas for fast restores, testing, patches and upgrades. It www.emc.com/microsoftsolutions. I

Underwritten by: For more information:

Download complete Larstan white paper on “Optimizing Exchange” at www.EMC.com/microsoftsolutions

4 1004red_F2Trenches_43-46.v12 9/16/04 12:16 PM Page 43

FROM THE TRENCHES

An Ounce of Prevention

Author Laura E. Hunter put Ben Franklin’s famous advice to the test, and found he was right again.

Disaster recovery planning can be worth a lot more than a pound of cure when your network goes down.

❚ BY LAURA E. HUNTER

isaster Recovery plan: I’ve got one, you’ve got •WWW1: Our corporate Web server one, we’ve all got one. (You do have one, right? •MX1: Our corporate mail server, running Exchange 5.5 If you don’t, go write one; we can wait ’til you What follows is a diary of our 48-hour experience. get back.) But how often do you test the theory of how well your plan actually works? Day One, 8 a.m.: Assessment As part of our contract with our co-location L vendor, we take part in two-day drills twice a We arrive and assess the replacement hardware provided by year.D These are real-time drills, where we have 48 hours to re- our co-location vendor. As a part of our contract, we were create a fully functional network using nothing but replace- told that we would have identical replacements—we were ment hardware and backup media. For this particular drill, we asked to provide model numbers, serial numbers, the whole were concerned with rebuilding four mission-critical nine yards. The reality turns out to be slightly different. Windows 2000 servers: While our production environment is standardized on •DC1: Our main domain controller (DC) that held three Compaq ProLiant servers, our replacement hardware is all in of the five Flexible Single Master Operations (FSMO) roles the Dell PowerEdge family. on the network This is disconcerting from a technical standpoint, but we are •APP1: An application server that also functioned as a handed a copy of Microsoft Knowledge Base article 249694, DC to provide redundancy. APP1 held the other two “How to Move a Windows 2000 Installation to Different

PHOTO BY TOM SOBOLIK TOM BY PHOTO FSMO roles on the network Hardware,” and told it will work like a charm. On the other

| redmondmag.com | October 2004 | Redmond | 43 1004red_F2Trenches_43-46.v12 9/16/04 12:16 PM Page 44

hand, it’s a good reflection of reality. in-place upgrade a few more times, the replacement server to point to itself Let’s face it, what’s the likelihood you’ll various permutations of authoritative for DNS queries, we perform the have exact duplicates of your produc- vs. non-authoritative restores, then a System State restore again. While we tion hardware waiting for you at a Repair Installation once or twice for finally made it to a desktop (Huzzah!), moment’s notice? good measure. But the System State the event logs are littered with DNS So we set to work restoring our AD information seems patently unwilling errors—we overwrote a System State database onto the replacement hard- to restore onto such completely differ- that contained DNS information with ware for DC1. The short version of KB ent hardware, leaving us with Blue one that did not. “No problem,” I say, 249694 goes something like this: Screens of Death or interminable “we’ll just uninstall and re-install the 1. Install your production-level serv- hanging at various stages in the start- service and then everything will be ice pack. up process before we wipe the hard fine.” No such luck. Fdisk, try it 2. Perform an authoritative restore of drive with Fdisk and start over. again—’round and ’round we go. System State data. 3. Perform an in-place upgrade of Day One, 11 p.m.: Day Two, 12 p.m.: Win2K. VPartial Success AA Smaller Hammer 4. Re-apply any service packs and Because we have only a 48-hour window By this point we’re fairly convinced that hotfixes. to test our restore procedures, we put our attempts at a full System State The first step is pretty intuitive: The the AD restore aside and spend the rest restore are roughly equivalent to swing- service pack on the replacement hard- of the afternoon and evening restoring ing a sledgehammer at a finish nail, so ware needs to match the service pack our application data, working around we begin to look for a more finessed level on the production machine, so the lack of AD information wherever approach. After another few hours of that versions of DLLs and other system possible. Most notably, we aren’t able to trial and error, we finally devise a solu- files won’t conflict after the restore is do anything with Exchange without a tion. We need DNS to be running on finished. To make the working domain to join our restored network, but DC1 can’t be restore as smooth as Ramped up on the server to. By about the machine to run it. We install DNS possible, we also create about a thousand volts 11 p.m., having restored on the APP1 server instead, pointing volumes and partitions ‘‘of Starbuck’s espresso, most of our application DC1 to APP1 and enabling dynamic on the new hardware data, we declare the day updates. We then return to DC1 and that exactly duplicates we take another look at at least a partial success. install AD on it by running Dcpromo, the production con- the AD restore. We decide to tackle the creating a domain with the same name figuration. Once that’s AD restore with fresh as our production domain. (Again, we done, we reboot into AD Restore eyes’’ after a night’s sleep. are in connectivity isolation, so we Mode and perform a full restore of know this won’t interfere with name DC1’s System State. Day Two, 7 a.m.: resolution on our production network.) KDisappearing DNS Once we verify that AD is installed on Day One, 12 p.m.: Ramped up on about a thousand volts DC1, and that the necessary DNS AStill “Hanging” Around of Starbuck’s espresso, we take another records have been created in the DNS In staring at the hardware differences look at the AD restore. After some zone on APP1, we reboot into AD on the restore machines, I can’t shake brainstorming, we realize that one Restore Mode and attempt the restore a sinking feeling that this isn’t going to potential complication might be our one final time. But instead of restoring go quite as easily as our co-location production DNS configuration. As part the full System State, we restore the AD support rep makes it sound. Sure of a large, heterogeneous internetwork, database only, without any of the asso- enough, the first attempt leaves us our production AD infrastructure relies ciated system files to avoid landing in hanging at the final “Preparing net- on a centralized Unix BIND server for the “conflicting DLL” quagmire yet work connections…” screen on the DNS; individual offices don’t run final reboot. Because I’m occasionally Windows DNS servers within the indi- impatient during processes like this, I vidual LANs. But because the drill is GetMoreOnline choose that point to go to lunch, to taking place in connectivity isolation, For more details about performing a see if the newly restored server just so that we can bring up restored sys- metadata cleanup of a restored Active needs a little more time to finalize its tems without bringing down their pro- Directory database, read: “Active Directory From the Command Line.” settings. Forty-five minutes later? Still duction counterparts, our restored sitting on the same screen. DCs are pointing to DNS servers that FindIT code: DDrill We spend the remainder of the essentially don’t exist. afternoon retrying the AD restore We try installing and configuring the redmondmag.com with limited success. We attempt the DNS Server service. After configuring

44 | October 2004 | Redmond | redmondmag.com | 1004red_Sunbelt Hackers.qxd 9/15/04 1:33 PM Page 1

“A world-class vulnerability scanner that won’t make a hole Laura DiDio in your budget.” Senior Analyst, Yankee Group

™ Close the door on hackers.

You can’t close the door if you don’t know learning curve—point, right-click and scan. which one is open. That’s why we designed SNSI is licensed per Administrator and Sunbelt Network Security Inspector (SNSI): lets you scan unlimited IPs! SNSI won’t A low-cost, quick-install, easy vulnerability scanner make a hole in your budget, so you can afford to be proactive with- that uses a top quality, commercial-grade database of ranked out compromises. vulnerabilities. Special offer: NEW version 1.5 Prioritized Install a FREE • Multiplatform: SNSI can now scan Linux, HP-UX, Solaris, Cisco routers, and HP printers.† vulnerability demo and get your • IP Scanning: Scan by single IP address, reports provide own black “Hack range of addresses, or subnet. detailed and easy-to- My Network and • Port Scanning: Find what ports are open. • Service Scanning: See all the services follow instructions Die” T-shirt. running on your Windows systems. on how to fi x holes Check out the • New Scanning Wizard: Now it’s even easier to confi gure and monitor scans. fast, so you can offer and down- focus on the most critical security issues. Confi gurable scans: load the demo at www.sunbelt-software.com/snsired Create your own scan or use predefi ned scans such as “high risk” or the “SANS top 20.” Easy to use: The interface has a short

Sunbelt Software Tel: 1-888-NTUTILS (688-8457) or 1-727-562-0101 Fax: 1-727-562-5199 www.sunbelt-software.com [email protected]

Price: $1,495. Yearly maintenance (25%) not included. See www.sunbelt-software.com/snsi for details. †See website for specifi c platforms supported.

© 2004 Sunbelt Software. All rights reserved. Network Security Inspector and Close the door on hackers are trademarks of Sunbelt Software. All trademarks used are owned by their respective companies. 1004red_F2Trenches_43-46.v13 9/17/04 2:55 PM Page 46

a second time and re-scan for new hard- ware in Device Manager. Once the net- AD Restore Options work adapters are properly recognized, we reset the IP configuration to com- f you’re not conversant with performing AD restores, you may municate on the appropriate subnet. be unfamiliar with some of the terms used here. The System State data on a DC consists of the following information: JDay Two, 6 p.m.: Victory! • AD (the NTDS files) Finally, we have success. The server • Boot files boots with minimal fuss, and a visit to I• COM+ class registration database Active Directory Users & Computers • Registry shows all of our Organizational Units • The System Volume (SYSVOL) (OUs), computer, group and user When restoring the System State, there are a few options for how objects sitting exactly where we want to handle the restore. In Win2K, you can mark a System State restore them. All that’s left is some cleanup. authoritative non-authoritative. as either or A non-authoritative (Okay, that and letting out a few victo- restore, the default type, refers to a restore where an AD object (such ry screams in the middle of the co-lo as a user or group account) is restored to the AD database, but any room. Don’t ask about the strange looks changes made are applied after the restore. An authoritative restore that garners.) will perform the restore, but will mark the restored version of the Our final cleanup involves a quick object as definitive; no subsequent changes will be applied. trip back to DS Restore mode and ntd- For example, say you have a user object called jharrison. On sutil to perform a metadata cleanup of Thursday, the user account is accidentally deleted and needs to be the restored AD database. It includes restored from a Sunday backup. On Wednesday (after the Sunday references to some DCs we decommis- backup), jharrison’s “Department” attribute is changed from sioned a year ago that we’d simply for- “Marketing” to “Communications” when the user received a promo- gotten about. (This also serves to point tion. In a non-authoritative restore, jharrison’s user object will be out some needed maintenance on the restored with the “Marketing” department attribute, but the attribute production network, since these will be updated to “Communications” by changes replicated from “ghost” entries in the AD database another DC. In an authoritative restore, the user object’s department could lead to replication issues, and attribute will remain “Marketing,” even after regular AD replication. troubles during software installations Windows Server 2003 provides a third option: A primary AD or upgrades.) We also disable some restore. Use a primary restore when restoring the first replica of extraneous services added during the your domain data to the network, as in the case of a disaster restore, the software for which hadn’t recovery scenario where you’ve lost all DCs. If the network in this been installed at the disaster recovery article had been running Windows 2003 instead of Win2K, a pri- site. We finish up with a final service mary restore would have been appropriate. pack re-install, and are finally left with a functioning DC and AD database. — LAURA E. HUNTER Day Two, 7 p.m.: again. We then use ntdsutil to mark the us stuck on the now all-too-familiar KBurgers and Beers restore as authoritative, and restore the “Preparing network connections …” Being fortuitously close to 7 p.m. anyway, boot.ini file to ensure that the ARC screen. Our next step is to run a we call the drill a success and adjourn paths—which provide the location of repair installation. for a few beverages and greasy bar the system and boot partitions—haven’t Unlike an in-place upgrade, a repair appetizers, followed by a well-deserved been altered. By restoring the boot.ini installation re-scans the computer’s night’s rest before returning to the “real file, we’re ensuring that the OS will Plug & Play hardware and updates the world” of the daily office grind. have the correct location of the system %Systemroot%\ Repair directory. and boot partitions if System Restore Before rebooting from the restore, we Laura E. Hunter, MCSE, MCDBA, MCT, overwrites the ARC paths. remove the display adapters and NICs Security+, CISSP, is a network manager from the Win2K Device Manager so and technical trainer based near Phil- Day Two, 4 p.m.: the install will re-detect them. During a adelphia. She’s an author, editor and review- GTry, Try Again few run-throughs, we find the NIC er for Syngress Press’ series of Windows We still aren’t quite out of the woods, configuration is still incorrect after the Server 2003 MCSE exam guides. Contact though, since the next reboot leaves repair, requiring us to remove the NICs her at [email protected].

46 | October 2004 | Redmond | redmondmag.com | 0404mcp_Winternals 3/9/04 7:55 AM Page 1

.%7

 ÛiÀÞ `ivÀ>}}iÀÊ ÌÀˆiÃÊvœÀÊâiÀœÊ vÀ>}“i˜Ìð
ÊLÕÌʜ˜iÊv>ˆ° "˜ÞÊ ivÀ>}Ê >˜>}iÀ4- ΰäÊ ÜˆÌ Ê -“>ÀÌ* >Ãi4-ÊV>˜ÊÀi“œÛiÊiÛiÀÞÊvÀ>}‡ “i˜ÌÊpÊv>ÃÌiÀÊÌ >˜ÊVœ“«ï˜}Ê«Àœ`ÕVÌÃÊ Ì >Ìʏi>ÛiÊÌ œÕÃ>˜`ÃÊLi ˆ˜`°Ê7 ÞÊLÕÞÊ>Ê `ivÀ>}}iÀÊÌ >Ìʜ˜ÞÊ>ÌÌi“«ÌÃÊ̜ÊVœ“«iÌiÞÊ `ivÀ>}“i˜ÌÊޜÕÀÊÃÞÃÌi“öÊiÌÊ ivÀ>}Ê >˜‡ >}iÀÊΰäÊpÊÌ iÊ`ivÀ>}“i˜ÌiÀÊÌ >ÌÊÃÕVVii`ð

.%7$EFRAG-ANAGERFEATURES 3MART0HASE4-DEFRAGENGINEFORFASTER MORETHOROUGHPERFORMANCE /N DEMANDNETWORKDEPLOYMENTWITHOUTEND USERINTERACTIONORTHIRD PARTYTOOLS !DVANCED-ODE4-FORSAFE OFmINEDEFRAGGINGOFALLlLES FOLDERS ANDMETADATA /NEVERSIONHANDLESALL7INDOWS.4  80 AND3ERVERMACHINES !DVANCEDMANAGEMENTFEATURESINCLUDEDRAG AND DROPSCHEDULING REAL TIME SUMMARIES ANDMORE 4ESTS WERE PERFORMED ON A 7INDOWS 3MART"IND4-AUTOMATICALLYSCHEDULESCOMPUTERSASTHEYREADDEDTOTHENETWORK 3ERVERSYSTEMWITHA'"HARD DRIVE FREESPACE AND   -OBILECLIENTMODEDEFRAGSMACHINESEVENWHENTHEYREDISCONNECTED STARTINGEXCESSlLEFRAGMENTS%LAPSED TIMEFOR$EFRAG-ANAGERHM !NOPTIONALCLIENTDEFRAGSOVER7!.S THE)NTERNET ANDNON .ET")/3NETWORKS %LAPSEDTIMEFORTHEOTHERLEADINGDE 7INDOWSlLESYSTEM!0)COMPATIBILITYINALLMODESOFOPERATIONELIMINATESPOTENTIALlLE FRAGGERHM SYSTEMDAMAGE

,i«>ˆÀ°ÊÊ,iVœÛiÀ°ÊÊ
VViiÀ>Ìi°

i>À˜Ê œÀit £‡nää‡{än‡n{£x ÜÜܰ܈˜ÌiÀ˜>Ã°Vœ“

¥7INTERNALS3OFTWARE,0!LLRIGHTSRESERVED7INTERNALS3OFTWAREISAREGISTEREDTRADEMARKOF7INTERNALS3OFTWARE,0$EFRAG-ANAGER 3MART0HASE !DVANCED-ODE AND3MART"INDARETRADEMARKSOF7INTERNALS3OFTWARE,0 7INDOWS.4 7INDOWS 7INDOWS80 AND7INDOWS3ERVERAREREGISTEREDTRADEMARKSOF-ICROSOFT#ORPORATIONINTHE53ANDOROTHERCOUNTRIES 1004red_F2MMoney_48-54.12 9/16/04 12:14 PM Page 48

Changes to campaign finance laws mean a larger percentage of Microsoft political contributions now go to Democrats, but the company Following remains a force in both parties. Microsoft’s Money

❚ BY SCOTT BEKKER teven Weiss was clearly surprised as he looked over a summary of S Microsoft’s political contributions to Republicans and Democrats for this election cycle. Weiss is a spokesman for the Center for Responsive Politics (CRP), which maintains a searchable database of Federal Election Commission (FEC) records of political donors and recipients at its Web site, www.opensecrets.org. He was reviewing a report on his group’s site that rolled up contributions from individual Microsoft employees, the Microsoft Political Action Committee and soft money over the last eight election cycles. “Look at that! That’s interesting,” he mused. In the 2004 election cycle the formerly Republican-leaning company’s political contributions have undergone a massive shift to favor Democrats. When the Department of Justice antitrust case during the Clinton administration became a major threat to Microsoft’s future, Microsoft’s political giving ballooned and became reliably Republican. The 1998 election cycle saw Microsoft’s federal contributions to Republicans out- For the 2004 election cycle, at least through late August, the pacing Democrats 64 percent to 36 percent. The figures are reversed. Democrats got 61 percent of all forms of Republican share dipped to 53 percent in 2000 but bal- Microsoft political contributions and Republicans got 39 per- looned back up to 60 percent in 2002. cent. Has Microsoft had a change of political heart?

48 | October 2004 | Redmond | redmondmag.com | 1004mcp_Raxco.qxd 8/30/04 10:23 AM Page 1

Gibson Keeps ‘em Rockin’ We Keep Gibson Rollin’

When Gibson Guitar Corp. selected Perfect- defragmenter certified by Microsoft® for Disk® as their official defragmentation software, Windows® 2000 and Windows Server™ 2003, it was music to our ears. After all, Gibson guitars and fully integrated with Microsoft's Active are synonymous with artistry, innovation and Directory®. What's more, unlike those other quality. Gibson instruments are held in unparal- defraggers, PerfectDisk runs on all server ver- leled esteem by the world's top musicians and sions of Windows, even on multi-terabyte drives, coveted by music lovers everywhere. without charging you a premium. PerfectDisk And while Gibson is known for its classic defragments your disk and consolidates free styling and meticulous craftsmanship, the com- space, all in a single harmonious pass. pany is also one digitally-savvy, big daddy of Rock on. technological sophistication. That’s why Gibson Keep your disks in perfect tune. Trust counts on PerfectDisk to keep every disk in their the proven solution from the leaders in enterprise perfectly tuned and ready to roll. performance software for over 25 years... It’s not surprising that a future-focused Raxco Software. See for yourself, download company built on legendary quality would a free demo copy today at demand the world’s fastest and most powerful www.perfectdisk.com/rockon/rm. defragger. You see, PerfectDisk is the only www.perfectdisk.com/rockon/rm

® 1-800-546-9728 www.raxco.com June 8, 2004 PerfectDisk 6.0 Gibson Guitar, Gibson Pure, and Gibson USA are trademarks or registered trademarks of Gibson Guitar Corp. Microsoft, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. PerfeckDisk is a registered trademark of Raxco Software. PC Magazine Editors’ Choice Award Logo is a registered trademark of Ziff Davis Pub- lishing Holdings Inc. Used under license. All other product names mentioned herein are the trademarks of their respective owners. 1004red_F2MMoney_48-54.12 9/16/04 12:14 PM Page 50

Gates and Ballmer Short Lists Microsoft Chairman Bill Gates and CEO Steve Ballmer contributed similar amounts so far during this election cycle, but their party affinities vary considerably.

Bill Gates Steve Ballmer

Sen. Patty Murray, D-WA $2,000 Microsoft PAC (bi-partisan) $5,000 Sen. Harry Reid, D-NV $4,000 Sen. Jeff Sessions, R-AL $2,000 Sen. John McCain, R-AZ $2,000 Rep. Pete Sessions, R-TX $2,000 President George W. Bush $2,000 Sen. Patty Murray, D-WA $2,000 *Total of reported contributions from Microsoft employees and the Microsoft Rep. Jennifer Dunn, R-WA $2,000 Sen. Byron Dorgan, D-ND $2,000 Political Action Committee in the 2004 election cycle. Sen. Byron Dorgan, D-ND $2,500 Sen. Patrick Leahy, D-VT $2,000 Source: Center for Responsive Politics Sen. Patrick Leahy, D-VT $1,000 Keep Our Majority PAC $2,000 a total of $1.58 million to federal can- (Republican PAC) Rep. Jay Inslee, D-WA $1,000 didates, parties and other PACs, up Sen. John McCain, R-AZ $2,000 from its own high of $1.23 million for Bluegrass Committee $1,000 (Republican PAC) Americans for a Republican $2,000 the entire 2002 election cycle. Despite Majority (Republican PAC) adding a former Bush White House Sen. Tom Daschle, D-SD $1,000 President George W. Bush $2,000 aide, Edward Ingle, as treasurer in Sen. Jeff Sessions, R-AL $1,000 2003, the PAC has swung more Rep. Adam Smith, D-WA $1,000 Rep. Ellen Tauscher, D-CA $1,000 money toward Democratic candidates Impact America $1,000 although it still leans Republican over- Rep. Roy Blunt, R-MO $1,000 (Republican PAC) all. As of Aug. 4, contributions to fed- Wisconsin Leadership PAC $1,000 eral candidates favored Republicans (Republican PAC) by 53 percent to 47 percent. In 2002 To Democrats 28% $7,000 the PAC favored Republicans 58 per- cent to 42 percent and in 1998 it To Democrats $12,500 56% To Republicans 52% $13,000 favored Republicans by a whopping 67 percent to 33 percent. With company contributions down, To Republicans 44% $10,000 Bi-Partisan 20% $5,000 that leaves Microsoft employees— many of them millionaires—accounting TOTAL $22,500 TOTAL $25,000 for a larger percentage of the overall Microsoft contribution tab. According Source: Center for Responsive Politics. Figures current as of Aug. 4. to a custom run of FEC data conducted for Redmond magazine by the CRP, Big Three to pour more than $2.7 million into individual Microsoft employees gave a It appears so, especially at the individ- the political process in the 2002 elec- total of $1.13 million dollars in this ual employee level. Every contribution tion cycle. That money went to the election cycle, an amount rivaling comes down to the company’s interest Republican column at better than a Microsoft’s PAC. (The figure only and a candidate’s positions, but three two-to-one ratio. Microsoft does not includes contributions of $200 or more, issues are coming into play in 2004: appear to have diverted that spending an amount that triggers a requirement soft money, political action commit- into the issue-oriented 527 groups that a PAC, party or political campaign tees and employee contributions. such as MoveOn.org and Swift Boat request the donor’s name and occupa- The McCain-Feingold campaign Veterans for Truth that are partly tak- tion and report it to the FEC.) finance legislation ended the soft ing the place of soft money. As a group, Microsoft employees money loophole, which allowed The company is, however, picking overwhelmingly favor Democrats—73 unlimited contributions to political up some of the soft money slack percent of their contributions have parties. Critics charged soft money let through the Microsoft Political Action gone to Democrats, up from about 55 companies get around the law that Committee (PAC), a semi-official arm percent in the 2000 election cycle, prohibits them from giving directly to of Microsoft public policy. By mid- when employees gave a collective candidates. Microsoft used soft money August, the Microsoft PAC had given $1.45 million. Through July 5 of this

50 | October 2004 | Redmond | redmondmag.com | 1004red_F2MMoney_48-54.12 9/16/04 12:14 PM Page 51

year, employees contributed $442,635 to Democratic nominee John Kerry, the Democratic National Committee and other Democratic presidential candidates versus $187,135 to President George W. Bush and the Republican National Committee. Rationales for the employee change of heart could range from the fact the protracted DOJ battle waged by the Clinton administration is a thing of **Total of reported contributions in 2004 the past to widespread disagreement election cycle from Microsoft employees. with the war in Iraq—and everything Source: Center for Responsive Politics else that separates Democrats and Republicans.

Who Is Microsoft Backing? Bill Gates, at least, seems to have no fear of Democrats. Of the $22,500 in political contributions he made, more than half went to Democrats. Microsoft PAC Shares the Wealth Steve Ballmer, on the other hand, Microsoft’s Political Action Committee was once a lopsided affair, favored Republicans by nearly a 2- giving heavily to Republicans. So far in 2004, the PAC is distributing to-1 ratio. They agreed on one thing: money nearly evenly to candidates from both parties. each gave a personal contribution of $2,000 to Bush and nothing to Kerry Cycle Democrats Republicans Total given (see “Gates and Ballmer Short Lists” to federal on preceding page). candidates The Microsoft PAC followed a sim- ilar tack, giving $5,000 to Bush but 1998 33 percent 67 percent $212,000 nothing directly to Kerry’s campaign. 2000 But the PAC was even-handed with 41 percent 59 percent $820,999 respect to the two major political par- 2002 42 percent 58 percent $743,201 ties, giving $30,000 to the Republican National Committee and $30,000 to 2004 47 percent 53 percent $857,000* the DNC Services Corp. Other recip- ients of Microsoft PAC money aren’t *Through Aug. 4. Source: Center for Responsive Politics so well known. They range from Every Republican is Crucial PAC, Keep Our Majority PAC, Pete’s PAC Microsoft PAC: (affiliated with Sen. Pete V. Domenici, A Formidable Fund in D.C. Cycle Total spending R-NM), Rely on Your Beliefs and, of The Microsoft PAC began distrib- 1994 $32,441 course, the Washington Fund. (For a uting serious money in the 1998 full list, go to Redmondmag.com and cycle as the antitrust case heated 1996 $49,518 enter FindIT code Elect.) up. Since then the political action It’s worth noting that the Microsoft fund has become among the 1998 $267,500 PAC built itself from almost nothing most formidable in Washington. to among the most formidable in Total spending shows payouts 2000 $1,221,730 Washington in just eight years. In from Microsoft PAC to federal 1996, Microsoft gave $43,500 to fed- candidates, other PACs and non- 2002 $1,235,926 eral candidates. In the 2004 cycle, as federal candidates. of late August Microsoft had given 2004 $1,583,328* $857,000. That amount ranks it 42nd *Through Aug. 4. Source: Center for among all of the several thousand Responsive Politics, FEC records PACs in contributions to federal can-

| redmondmag.com | October 2004 | Redmond | 51 1004red_F2MMoney_48-54.12 9/16/04 12:14 PM Page 52

Who Is Microsoft Funding for President? Put Bush and Kerry in a straight On the other hand, while Bush had dates and the Democratic National match-up, and Bush has the clear no serious Republican contenders Committee on the other side and a edge. The Microsoft PAC and com- for the nomination, Kerry didn’t different picture emerges: pany employees contributing indi- lock up the nomination until the vidually combined to give: election contribution cycle was half over, and there is a strong “any- body but Bush” sentiment among Democrats nationally. Combine Microsoft PAC and employee giv- ing to Bush and the Republican National Committee on one side to Source: Center for Responsive Politics data, all Democratic presidential candi- analysis by Redmond magazine

didates, according to CRP. No other Microsoft’s Washington office and a What Does Microsoft Want? company in the computer/Internet former Clinton White House staffer. Terzano says Microsoft’s aim is to sector is even close to matching “We put a lot of resources in terms of support candidates whose interests Microsoft’s largesse, according to the making sure that we were most helpful align with those of Microsoft and the group. Siebel Systems is second at to key legislators on legislation like IT industry. “We’re contributing to $277,500 and Intel third at $188,364. the spam bill.” the overall political process, which is Microsoft’s lobbying filings with the a good thing,” Terzano says. “What Other Avenues of Influence Senate show some of the other issues the Microsoft PAC has traditionally Microsoft does have avenues of influ- about which the company done is given to incumbent candi- ence other than political contributions. approached the White House, dates who have been helpful to the Any savings Microsoft could have got- Congress and numerous federal company or the sector overall,” citing ten from its reduced soft money expen- agencies. Many of the contacts trade and spyware as examples. The ditures have been offset by Microsoft’s involved influencing government company supports candidates, “who lobbying budget. After spending about procurement in the software indus- have taken a genuine interest in these $6.5 million each year on lobbying in try, sort of a government sales call. hard, complex technology issues that 2001 and 2002, according to records Company lobbyists also ap- are often emerging.” filed with the U.S. Senate, Microsoft proached the government repeatedly Critics of Microsoft say the compa- cranked up its spending to $8.7 million about visa regulations for foreign ny’s spending in Washington supports in 2003—a 34 percent jump. workers, tax issues and rules govern- one main purpose—maintaining the “There was some difficult work ing the WiFi spectrum. Windows monopoly that the Bush being done in 2003 around specific Government records on a compa- Administration’s DOJ declined to technology issues like spam,” says ny’s public affairs spending are like break up. “A PAC of just $1 million or Ginny Terzano, a spokeswoman in getting a glimpse of a few of an octo- $2 million is considered huge in pus’ tentacles sticking out of a cave. Washington,” says Ed Black, president Outside observers say Microsoft is and CEO of the Computer and GetMoreOnline sophisticated at other types of influ- Communications Industry Association. ence that do not require reporting, “That’s a pittance for Microsoft to pro- See exactly who got what. such as sponsoring policy forums, tect its monopoly.” ● At Redmond magazine’s request, the contributing to key political figures’ Microsoft certainly got a big assist Center for Responsive Politics com- piled listings that show how much pet charities, supporting like-minded from some of its friends on the Hill money the Microsoft PAC doled out think tanks and attempting to ignite in March when the European to dozens of organizations, as well as grassroots support through efforts Commission (EC) ordered a record how much various candidates and like the Microsoft Freedom to $613 million fine against Microsoft groups received from Microsoft Innovate Network Web site. Terzano for European antitrust violations. As employees. notes that Microsoft donated nearly soon as Microsoft CEO Steve FindIT code: Elect $1 million in software and technical Ballmer reacted by bashing the support services to both the Europeans’ decision, a chorus of redmondmag.com Democratic and Republican conven- U.S. representatives and U.S. sena- tions this year. tors took up Microsoft’s standard.

52 | October 2004 | Redmond | redmondmag.com | 1004red_Surfcontrol RF.qxd 9/13/04 2:40 PM Page 1 IT DOESN’T SCAN E-MAILS…

IT INTERROGATES

THEM.

• Installs in minutes • Automatic updates • Stops e-mail threats • Reliable, Scalable and Fast

SEEK AND DESTROY SPAM WITH SURFCONTROL RISKFILTERTM. The daily onslaught of spam, porn and viruses calls for a sophisticated and lethal weapon. Armed to the teeth with 15 layers of filtering protection, RiskFilter goes beyond spam to give you back your time, your productivity and your network. Fully optimized out-of-the-box and into-the-rack, this finely tuned, scalable security appliance wastes no time and shows no mercy. Neither should you.

DECLARE WAR ON SPAM NOW. Join forces with a local SurfControl reseller and order your evaluation unit today at surfcontrol.riskfilter.com.

SurfControl is a registered mark and RiskFilter is a trademark of SurfControl, PLC. © 2004 SurfControl, PLC. All rights reserved. 1004red_F2MMoney_48-54.12 9/16/04 12:14 PM Page 54

Lobbying Totals Donor Dossier: Microsoft Lobbying Expenditures, 1997-2003 Jeff Raikes Calendar Lobby Year Total

If any one executive is 1997 $2,120,000 Microsoft’s public face to the 1998 $3,740,000 Democratic Party, it’s Jeff Raikes, group vice president 1999 $4,860,000 for the Information Worker 2000 $6,360,000 business. Among the 28 top execu- 2001 $6,560,000 tives on Microsoft’s high-pro- 2002 $6,500,000 file Business Leadership Team, Raikes is not only the most 2003 $8,740,000 generous political contributor, Source: Center for Responsive Politics, he also swims against the U.S. Senate filings Republican tide among that group by contributing almost exclusively to Democrats. On a Web page, Microsoft’s According to Federal Election Freedom to Innovate Network collect- Commission records, Raikes ed quotes from 33 members of the contributed $57,500 in the 2004 U.S. House and Senate, all supporting election cycle through early Microsoft’s position against the EC August. The overwhelming fine. A comparison of those quotes majority of that—$44,000—went straight to Democrats. In the non- against Microsoft PAC contributions Democrat column, Raikes gave $10,000 to the Microsoft Political for the last three election cycles shows Action Committee, which has been splitting its contributions that 31 of those elected representatives almost 50-50 between the parties for this election. Another Raikes’ got money—between $1,000 and contribution to an even-handed PAC was $1,500 to the Major $30,000—from the Microsoft PAC. League Baseball Commissioner’s Office—Raikes has a minority Quin Monson, an assistant profes- stake in the Seattle Mariners. The only overtly Republican contribu- sor of political science at Brigham tion is $2,000 to Curt Bromm, a Republican seeking to represent Young University, says the Freedom Raikes’ native state of Nebraska in Congress. to Innovate example leaves open the How legitimately Democratic is the one-time Apple Computer question of cause. “You can show the employee and Stanford graduate? He is the only Microsoft employ- correlation. Is it the fact that they ee to make a reportable contribution of more than $200 to parti- made the donation and then made san lightning rod Hillary Rodham Clinton. Other notable contribu- the statements? Or have they culti- tions in the 2004 election cycle: $23,000 to the Democratic vated a friendship because the sena- National Committee Services Corp. and $5,000 to the Democratic tor was already predisposed toward Congressional Campaign Committee. He’s listed on Democratic Microsoft’s positions?” presidential nominee John Kerry’s Web site among major business Donors are motivated either by ideol- executives officially endorsing the Kerry-Edwards ticket. ogy or the desire to gain access to politi- Raikes is known to journalists for tirelessly putting the best face cians, Monson says. “You can pretty on company problems, from embarrassing Easter eggs in software clearly classify Microsoft as an access- to various flare-ups in antitrust cases. Combine those PR skills with type donor. What they’re really getting his Democratic credentials and Microsoft has a real asset if Kerry for their money is access to politicians. wins in November. Should Microsoft need the attention of a All they really want is to be able to make Democratic White House, Raikes would be perfectly positioned to their case. You get listened to when place the call. you’re part of the donor list.” — SCOTT BEKKER Scott Bekker is news editor for Redmond magazine and editor of ENTmag.com.

54 | October 2004 | Redmond | redmondmag.com | 1004red_Tech ad.qxd 9/15/04 4:22 PM Page 1

FREESPECIAL Reports in our Tech REPLibraryORT

Featured eBook of the Month, Sponsored by Quest

Visit the MCPmag.com Tech Library for in-depth, technology specific reports for IT managers and professionals. These free reports are available in PDF format and cover topics ranging from Group Policies to Exchange Server 2003. You can also download free white papers and view webcasts from top industry vendors.

Check it out today! MCPmag.com/techlibrary 1004red_F2dumpIE_56-61.v11 9/16/04 11:59 AM Page 56 TIME TODump IE?

❚ BY DON JONES INTERNET EXPLORER IS THE SWISS CHEESE Internet Explorer is a of software—it’s full of holes. Holes in software are never hacker’s dream. Can good, but when the browser is so integrated with the OS you (and should you) drop it right now? as to be as one—you’ve got problems. Add to that the sheer ubiquity of the Microsoft browser, and it’s no won- der IE has become the hackers’ No. 1 playground. Now we’re beset by increasingly com- the weeks it took to deliver an actual fix mon—and dangerous—security vulner- for the recent Download.Ject Trojan. abilities. We knew IE was integrated Not to say an integrated browser is with Windows, but we didn’t have any all bad. To a developer, an integrated idea how integrated it was. Even browser is cool because it gives you a Microsoft doesn’t seem to have a firm built-in HTML rendering engine. grasp on IE’s internals, judging from You can then write apps that use HTML, knowing that the OS can render that HTML for you. IE can begin to take over the regular Win- dows Explorer shell and, in fact, has become so tightly integrated with Windows Explorer that it’s a bit diffi- cult to see where the shell ends and the browser begins. The downside is a real downer. With a regular Web browser, a security vul- nerability might let someone crash the browser. With an integrated Web browser they can crash the whole operating system. The tight ties to Windows means that the slightest IE security issue becomes an OS-wide panic. It’s not just IE, either: Windows Media Player, Outlook Express, and even DirectX, are all, in my opinion, overly integrated and give hackers too much access to core PC functions. But corporate users don’t spend a lot of time playing with DirectX-based

games, listening to Windows Media PETER LACALAMITA BY ILLUSTRATION

56 | October 2004 | Redmond | redmondmag.com | RedmondAdvert_FINALqx4 9/14/04 3:36 PM Page 1

ADVERTISEMENT Security Event Management for the Rest of Us Monitoring your servers isn’t sup- posed to be a challenge. That’s why ServerVision is different. It makes server and event log monitoring fast and easy, so you can manage your Increase server Windows servers without frustration. uptime without ServerVision gives you powerful mon- wasting YOUR itoring with automated actions and time. Server alerts based on criteria you set, and Monitor Software you can use it as a low-cost intrusion DONE RIGHT! detection tool. to work), ServerVision monitors the Easy, powerful server and You can view services running, event security profile of your Windows com- event log monitoring: Get a logs, disk space, memory and per- puters. It automatically checks for rele- quick view of server status, pri- formance, without having to sift vant updates at set intervals, so you oritized event logs, disk space, through a mountain of details. The don’t have to remember to manually memory, CPU performance, GUI is simple and wizards help to get scan computers. and more—all without having things done fast. ServerVision allows ServerVision’s performance moni- to sift through a mountain of you to centrally monitor the health, toring can capture performance data at details. And setting it all up is a security, performance, and availability any interval, and can cover days, weeks snap with our straightforward of all your Windows machines (servers or even months. Sophisticated user interface and wizards. or workstations). Like MOM smoothing lets you see the underlying (Microsoft Operations Manager), you Automated responses and trends, and you can change the time get access to all aspects via an MMC alerts: Create automated values on particular areas of interest snap-in, or remotely via a web-based actions such as running a pro- for more granularity. For example, you interface. The MMC snap-in can be gram, rebooting a system, or might collect CPU utilization, net- used when working locally on the restarting a service—as well as work traffic and web server usage data machine and can monitor a remote sending you alerts—based on for a week, at 10 second intervals, and system over the network. events or thresholds you define. then display a chart of the information To monitor remote systems, use the for the whole week. Detailed analysis reporting: deployment wizard within the MMC The security event log is the thing Create detailed reports on snap-in to deploy ServerVision onto you want to pay specific attention to. event logs, performance, serv- another system. You can create auto- It allows you to collect, analyze, corre- ices, and more. mated actions such as running a pro- late, and respond to security threats in gram, restarting a service, or rebooting Configurable trend analysis: a fast friendly way. Many admins do a system—as well as sending you Create and view performance not even crack open the manual for alerts—based on events or thresholds trends, in intervals from min- ServerVision, and as a matter of fact, it you define. You can also set up custom utes to months. was built with that in mind. Who responses that can be active perma- Easy on your budget: Pricing reads manuals these days anyway? nently, or only for set times on set starts at $50 per server. Free Sunbelt Software Tel: 1-888-NTUTILS days, and a response can be built from trial: Download a copy at (688-8457) or 1-727-562-0101 multiple response actions. Fax: 1-727-562-5199 www.sunbelt-software.com www.sunbelt-software.com ServerVision monitors all logs, /redsv1. [email protected] including the additional logs supported by Windows 2003/.NET. If a response includes sending e-mail, complete event details are included in the e-mail. To as soon as is practical, in order to mini- minimize security threats to a server, mize the “attack surface” on a comput- the server should be current with any er. Integrating with the free version of patches that are released. Once an HFNetChk (it must be installed on any © 2004 Sunbelt Software. All rights reserved. ServerVision is a trademark of Sunbelt Software. All trademarks used are owned by update is available, it should be installed monitored system for this functionality their respective companies. 1004red_F2dumpIE_56-61.v11 9/16/04 11:59 AM Page 58

Player, or checking e-mail with Out- look Express. They do spend a lot of time in IE, and the more they surf the more they’re vulnerable to its eccentric- ities. That’s why more than a few corpo- rations, not to mention individual users, are looking at alternatives—any alterna- tive—to the built-in browser.

Browsing the Alternatives Figure 1. Firefox’s tabbed browser beats the heck out of Alt+Tabbing Despite dire predictions from Net- between a clutter of browser windows. scape (now a unit of America Online, which, weirdly, continues to bundle Be aware that some of these simply promised integrated pop-up blocking IE with its software), the market for throw a new cosmetic face on Win- in a forthcoming version (which must non-Microsoft browsers didn’t go dows’ built-in IE objects, meaning irritate the folks who run the MSN away. It sure as heck got small, you’re still using IE. Others are com- Web site, a notorious pop-up villain). though, with Microsoft now com- pletely self-contained and count as For most other functions, it’s all the manding around 95 percent of the true alternatives. same. While alternative browsers market, according to some sources. don’t support ActiveX controls, they But the times, they are a-changin’. San Pros and Cons do support a plug-in model based on Diego Web metrics company Web- of Straying From the Pack the original Netscape Navigator’s SideStory recently reported IE losing Forgetting security for a moment, model, and there are compatible 1 percent of that market, the first time there are functional reasons to con- plug-ins for technologies like Flash. IE has stumbled. IE is now down to 94 sider another browser. One of the Many legitimate, commercial Web percent. Who’s gaining? Mozilla. best is tabbed browsing, something sites have eschewed ActiveX in recent The open-source code base of the you’ll love once you try. Firefox’s years because of that technology’s Netscape browser, Mozilla offers a cou- tabbed browsing shows each Web worsening reputation as a virus and ple of browsers. Mozilla 1.7 is its base page in a separate tab (see Figure 1), Trojan vector. product (1.8 is in beta as of this writing); allowing you to quickly flip among You’re obviously going to miss out Firefox (currently at 0.9) is the next- pages all within one window. Ctrl+ on some functionality if you switch generation browser. Both are available clicking a hyperlink opens a new tab, browsers. Anything ActiveX-based from www.mozilla.org. Netscape also keeping your desktop nice and man- won’t work, nor will sites that use offers 7.1 of its venerable browser based ageable. You can close tabs individu- client-side VBScript for dynamic on Mozilla code. It’s available from ally and add a group of tabs to a HTML. Someone sitting in an ivory www.netscape.com, but you’d better single bookmark for later reference. tower might suggest that not having hurry: It’ll be the last Netscape-branded Any group of bookmarks can be VBScript and ActiveX is a good thing browser AOL produces. opened all at once, with one page per and that visiting sites that use them is There’s also the well-known Opera tab. It’s intoxicating. a bad idea anyway. True, but if that Web browser, currently at version Most of the third-party browsers Web site happens to be your internal 7.53, available from www.opera.com. build in searching. You can select from procurement Web site, not visiting All of the Mozilla an array of other isn’t really an option. products, including search options that Netscape’s browser, Internet Explorer is the plug into Firefox, Does “Non-Microsoft” are completely free. Swiss cheese of software— such as Amazon, Really Mean “Secure”? Opera offers a free, ‘‘it’s full of holes.” eBay, Yahoo and No software is secure in the absolute advertising-support- more, providing sense of the word. Mozilla has issued ed browser as well as a $40 version robust’’ searching right from the tool- more than a few patches for its sans ads. And those are just the Win- bar. Opera supports similar functional- browser, as has Opera. For example, dows browsers (see online extras for ity: Typing “g browser” in the address Mozilla issued a patch that stops the more on browsers for other OSes). bar will search Google for “browser.” browser from allowing an attacker to While these are the major contenders, Pop-up blocking is also built into execute applications on a Windows others exist: Search Download.com most alternative browsers. Many IE system—something we’re used to for “Web browser” and you’ll get 356 users are already installing tools like dealing with in IE. results, many of which are small-foot- the Google Toolbar to handle annoy- With this in mind, part of the reason print, self-contained Web browsers. ing pop-up ads, and Microsoft has that browsers like Mozilla are more

58 | October 2004 | Redmond | redmondmag.com | 1004red_Wave.qxd 9/14/04 9:16 AM Page 1

Wave Technologies

Your learning plan, personalized.

Earning your certification should be based on your preferences, not ours.

That’s why Wave created a revolutionary new type of training that’s personalized to fit into your demanding schedule, has more learning tools and helps you manage your study so you learn more. For the first time you can experience a comprehensive training program without traveling or disrupting your home and work schedule.

Wave’s innovative web-based programs deliver hands-on labs on real equipment, virtual classes led by certified instructors, exam-like self-assessment tests, and more, to your browser screen 24x7—anywhere in the world.* Outstanding subject content, expert mentor support, and a unique GUI program manager that allows you to plan and manage your learning based on the pace that you set are just a few of the features that prepare you to excel on your exams and in the workplace. Visit our website or call us to discuss your next certification.

Toll-free at 800.828.2050, or www.wavetech.com. *Requires high-speed internet capacity. 1004red_F2dumpIE_56-61.v11 9/16/04 11:59 AM Page 60

secure is that there are fewer deploy- supporting plug-ins, provide absolute- etary configuration file. Personally, ments. Attackers prefer to have a good ly no support for ActiveX, which from I’ve always been a little skittish about opportunity, so in many cases they a security standpoint is one of the registry. Having my configuration simply ignore marginal products. You Microsoft’s bigger mistakes. information in one place just seems to can be sure that if Mozilla had a 95 There is one area in which the be tempting fate. But the registry is percent market share, we’d see more alternative browsers (at least, the the enabling technology behind Sys- than a few patches cropping up. Mozilla family) commit the same sin tem Policies and Group Policy. That But that’s not what led the U.S. Com- as Microsoft: Trusted Certification IE goes to a certain portion of the reg- puter Emergency Readiness Team Authorities (CAs). I have a long- istry for its configuration information (CERT) to announce, in June, a recom- standing gripe with the number of makes it possible to centrally manage mendation that users stop using IE. CAs that Microsoft has arbitrarily IE through registry-manipulating While the advisory, posted on the decided that I trust, without provid- technologies like Group Policy. In CERT Web site (www.kb.cert.org), ing any information on how trustwor- short, you’re not going to be configur- relates to a specific IE vulnerability, the thy these CAs are or what procedures ing Firefox via Group Policy anytime advisory states that there are a “number they use to verify the identities of the soon. The decision to deploy an alter- of significant vulnerabilities in tech- organizations and people they issue cer- nate browser is a decision to relin- nologies relating to the IE domain/zone tificates to. I’ve always recommended quish centralized control. That said, security model, the DHTML object paring that list down to the CAs you’ve you may not find yourself yearning for model, MIME type determination and personally investigated and decided to centralized control. Without complex ActiveX. It is possible to reduce expo- trust. Sadly, alternate browsers ship Security Zones and a dozen other set- sure to these vulnerabilities by using a with a similar, extensive list of trusted tings, allowing users to configure their different Web browser, especially when CAs built in, although it’s still some- own browser preferences might not be browsing untrusted sites.” In the eyes of what shorter than the all-encompassing so scary. The Firefox options dialog is CERT, IE’s architecture is at the heart list included with the current IE. pretty straightforward (this is a ver- of its security problem, not just that sion back from the current release, but millions of copies are in use. The most Super-Sized Browser the newest version looks similar). compelling thing an alternative browser Manageability and Deployment Even the Advanced section’s 14 set- offers, therefore, is an alternative archi- Sure, non-IE browsers may offer tings can’t hold a candle to IE’s overly tecture, one less tightly integrated with increased security, but when it comes to option-laden Advanced tab. Windows. implementation, there are downsides. Deployment is another issue. Unfor- The patch issued by Mozilla is For example, if you’re not using System tunately, most of these alternative the first and only entry Policies or Group browsers are distributed as executable for that browser in the The most compelling Policy to centrally files, rather than the easier-to-deploy CERT database. Opera manage IE and MSI packages that work so well with doesn’t show up at all thing an alternative you’re not using Group Policy’s IntelliMirror features. In in CERT’s records, nor ‘‘browser offers is an an auto-discover- fact, of the most popular third-party does Netscape 7.1. A alternative architecture. able proxy server browsers—Opera, Firefox, Mozilla and search of CERT’s vul- like Microsoft ISA Netscape—none were available as an nerability advisories for Internet Server, then ’’enterprise manageability MSI. Of course, you could use MSI Explorer returned more than 80 isn’t a concern for you. Unfortunately, if repackaging tools for easier deployment results. Clearly, an alternative archi- you are using those features, you’re prob- through SMS, Group Policy or some tecture offers some promise. ably going to lose them. Nothing but IE other tool, but it’s a shame that these So does simplicity. The Mozilla supports the Microsoft-centric “proxy vendors haven’t realized the market browsers (including Firefox and Net- discovery” mechanism that so many potential and made their products more scape) use a simple checkbox to turn companies rely on to auto-configure accessible to corporate IT departments. off JavaScript and Java. That’s it, on or Web browsers. With other browsers, off. IE has a similar capability, but it’s you have to manually configure the tied to a complex system of zones. proxy settings the first time out, and GetMoreOnline While JavaScript might be disabled users may have to reconfigure laptop set- ● IE issues relating to Windows for the Internet zone, an attacker who tings when they’re away from the office. ● Alternative browsers sends you an HTML file and gets you And because most alternative FindIT code: Browsers to execute it locally can attack from browsers run on more than one oper- the more highly trusted Local zone, ating system, none make extensive use which by default has everything of the Windows registry. Instead, they redmondmag.com enabled. Alternative browsers, while tend to store information in a propri-

60 | October 2004 | Redmond | redmondmag.com | 1004red_F2dumpIE_56-61.v11 9/16/04 3:07 PM Page 61

How Do You Ditch an but not using IE will make you less tion with the Windows operating sys- “Integrated” Browser? likely to get those attacks into your sys- tem, making them far less likely to be Ever remove IE with the Add/ tem in the first place. an entry point for a severe, system- Remove Programs function? You damaging attack. can’t. In fact, you can never rid your Alternative Medicine hard drive of IE because it is com- Alternative browsers may not offer Contributing Editor Don Jones is the pletely integrated into Windows. perfection, but they offer plenty of owner of ScriptingAnswers.com, a site for Microsoft made that point while features, though with less managea- Windows administrators learning to auto- defending lawsuits over IE. bility. Their security is stronger at mate administrative tasks through script- Today, the best you can do is to stop this point, but haven’t really been ing. His latest book is Managing using IE. You can start by using the tested. At the very least, though, Windows with VBScript and WMI “Program Access Defaults” applica- these browsers offer far less integra- (Addison-Wesley). tion that comes with the latest ver- sions of Windows to block access to IE. This will, however, only stop IE’s user interface from running; the Hit a home run with management underlying functionality, which is With the new GFI FAXmaker 12 fax server used in a number of Microsoft man- agement console (MMC) snap-ins and other applications, will continue to execute. However, if your users aren’t Only $1250 using IE to browse Web sites, they’ll for 50 users, be much less likely to get nailed by the $2495 next vulnerability. Which brings me to the real ques- for 250! tion: Can you live without IE? I try to use Firefox as my main browser, but I find myself firing up IE from time to time out of sheer necessity. My Web site uses Google AdSense to display context-sensitive ads to my users. The AdSense administration site works only with IE, which, if you think about it, is ironic given the competition Google is starting to face from Gates and Co. A number of companies have built DOWNLOAD YOUR FREE TRIAL FROM WWW.GFI.COM/FX intranets around IE, meaning they’ll have to continue using it until those sites can be redeveloped. Given today’s IT budgets, that might never happen. Fax server for Exchange Server & SMTP servers A number of commercial Web sites rely utterly on IE, which is something GFI FAXmaker for Exchange/SMTP is an advanced fax server that integrates directly with Exchange Server and other mail servers and offers users easy faxing those companies may want to seriously from Outlook, Outlook Web Access or other email clients. reconsider in light of signs of waning • New FAXmaker 12 connector works via SMTP popularity for IE (not to mention its • Supports Brooktrout, ISDN and modem cards increasing age). • Supports DID/DTMF routing Unfortunately, there are a number of • 4 fax lines as standard, expandable to 32 ways that IE can “get ya,” even if • No schema updates or installation on Exchange necessary you’re not using it as your Web brows- • Supports Exchange 2003/2000/5.5 and other SMTP servers simultaneously • Fax archiving to SQL Server er. IE is basically a gigantic COM • More than 75,000 installed worldwide object; it can be instantiated and con- • Used by companies like Microsoft, Ericsson, Siemens and Volkswagen trolled by ActiveX controls, applica- tions and scripts written in VBScript or JScript. Not using IE will not make you invulnerable to IE-based attacks, tel: +1 888 243 4329 / +1 919 388 3373 | email: [email protected] | url: www.gfi.com/fx

| redmondmag.com | October 2004 | Redmond | 61 1004red_YourTurn_62-65.v11 9/16/04 12:22 PM Page 62

INSIDE: ➤ Expert tips for Redmond’s readers test migrating to SharePoint 2003. YourTurn drive the latest products. Page 65 SharePoint Gets (Mostly) Top Marks Once clear of the administrative learning curve, users give SPS 2003 high marks for ease of use and integration features.

❚ BY STEPHEN SWOYER pluses and minuses, SPS 2003 comes SharePoint Portal Server 2003 By Microsoft standards, SharePoint out solidly in the black. $3,999 per server; $71 per CAL Portal Server (SPS) 1.0 wasn’t exactly a The consensus among users we barn-burner, so the company had high surveyed is that SPS 1.0 lacks many Microsoft Corp. hopes for SPS 2003, a revamped version common usability features and fre- 800-426-9400 of the portal and team collaboration quently requires the intervention of www.microsoft.com environment released last year. Based IT personnel to perform mundane on the experiences of early adopters, the tasks, such as the delegation of users new iteration just might catch fire. or content owners. SPS 2003 boasts tight integration That’s a significant problem given its predecessor required IT interven- with Office 2003, a revamped user that SharePoint is intended to make it tion to accomplish these tasks. interface (UI), new features that help easy for users to share and collaborate David Goebel, a SharePoint users more easily navigate SharePoint on documents by publishing them to administrator with the California sites and SQL Server integration. The internal Web sites that they create on Unemployment Insurance Appeals product does present a somewhat the fly. The product also includes Board (CUIAB), paints a somewhat steep administrative learning curve, knowledge management and docu- less rosy administration picture. He and upgrading from SPS 1.0 is no ment management features. recently completed an upgrade from chip shot due to a lack of migration SharePoint Portal Server 1.0 to SPS tools and new .NET underpinnings. Staffing and Training 2003 on a four-way Dell Xeon box But the experiences of several adopt- Maintenance—particularly with respect supporting 900 users. While he is ers suggest that, after adding up the to staffing requirements—is one area indeed the only administrator over- in which adopters can wring signifi- seeing CUIAB’s SPS 2003 migration cant cost savings out of SPS 2003 vis- effort, he has his hands full. à-vis its predecessor. “Typically IT “There are a ton of admin screens gets it up and running and hands over for settings, security, etc. I’ve been the keys,” says Mauro Cardarelli, a working with them for the past six consultant with systems integrator months and I still don’t know exactly Knowledge Management Inc. “SPS how many admin screens there are does not require dedicated [IT human] and where they’re all located,” says resources.” Because data can be split Goebel. “Administration [in SPS among many different owners in the 2003] is a fairly difficult task.” SPS 2003 model, he says, “the time While SPS 2003 may present a sig- spent updating content is only a small nificant learning curve for administra- fraction of job responsibilities.” tors, the opposite is the case for end David Lowe, a consultant with sys- users, says Jeff Centimano, a principal tems integrator and Microsoft Gold consultant with system integrator Certified Partner Intellinet, agrees. Levi, Ray & Shoup Inc. “Training—

PHOTO BY JAY MATHER SPS 2003 allows IT organizations to or lack thereof—is my favorite thing As the only admin minding a 900- “delegate adding users and content about SharePoint. With absolutely no person SharePoint 2003 imple- mentation, David Goebel has his down to the department, division or training at all a user can navigate the hands full. even the user level,” he says, whereas basic functions of SharePoint and find

62 | October 2004 | Redmond | redmondmag.com | 0504mcp_GeeksOnCall 4/13/04 10:33 AM Page 1 1004red_YourTurn_62-65.v11 9/16/04 12:22 PM Page 64

YourTurn

what they need,” he says. “With a and share attachments—are seamlessly high marks for its integration with quick 30-minute lunch and learn ses- integrated into Outlook, such that AD, noting the two tie together easily sion we have empowered customer some users aren’t even aware they’re and that SPS is flexible in terms of staff with enough knowledge to post using a separate application, Lowe what information it can pull from the content, contribute to discussions, and says. In the same way, he notes, SPS directory. “For instance, it has the even modify basic Web Parts.” Web 2003 installs a “Shared Workspace” ability to pull from not only the entire Parts let users build and customize task pane in Excel 2003, Word 2003 directory but also from select contain- Web pages in SharePoint sites. and other Office appli- ers like an Organiza- It does take a high degree of coordi- cations, which enables It takes a high tional Unit,” he says. nation to realize the full benefit of users to collaborate and degree of coordination Knowledge Manage- SPS 2003, however. “Proper planning share documents “with ‘‘to realize the full benefit ment’s Cardarelli, for at installation time with your infra- little or no interaction his part, insists that structure team, DBA, Web design with the IT staff.” of SPS 2003. SPS 2003’s best new team, content owners and a profes- Lowe is smitten with SPS 2003’s feature is a no-brainer: “[The] SQL sional consultant will ensure your IT revamped Web Parts infrastructure. ’’Server backend—it adds scalability department is not spending time up- Web Parts is built on top of ASP.NET and allows IT folks to see and access dating the portal,” Lowe says. and provides a .NET object model all the data directly.” Kenton Gardinier, a senior consult- that contains classes that derive from ant with IT staffing specialist Conver- and extend ASP.NET classes, Lowe Migration Experiences gent Computing, says IT must also says. Users can add Web Parts at run- and Lessons Learned solicit input from business users dur- time, assuming that they have permis- Based on feedback from users who ing the SPS planning phases, to sion to do so, and enable a variety of have done so, organizations mulling ensure that business needs map to scenarios, such as: SPS 2003 upgrades should expect to technical requirements. “Business •The creation of sites and pages encounter a hitch or two. units and IT must work closely to- •Management of the site user roster CUIAB’s Goebel, for example, says gether on most issues, including sizing •Storage of Web Part customiza- his ongoing SPS 2003 migration has the solution, developing the user tions, including shared and personal been “difficult,” mainly because of interface, setting user expectations, property settings the absence of built-in migration integrating outside sources of infor- •Administration of site backups and tools. “Testing the migration process mation and much more,” he says. storage limits and then getting the new portal to •Assignment of users to customiz- match the look and feel of our exist- Integration Galore able site groups ing portal has taken six months,” he Users and consultants alike laud the Lowe is also keen on SPS 2003’s new says. “We’re going to simulate the tight ties between the revamped “My Site” feature. My Site provides a entire upgrade process multiple times SharePoint product and Office 2003, repository—clearly accessible from the until we can execute the upgrade with- including tighter coupling with Out- SharePoint UI—in which users can out a problem.” look 2003 and Word 2003. One store content and control who can Some users reported issues with upshot of this is that many SharePoint access it. “This makes it quite simple Microsoft’s downloadable migration features—such as meeting workspaces for non-technical users to contribute to tools, “Spin” and “Spout”—or, more the portal without even knowing the properly, SPIN.EXE and SPOUT. complex posting action taking place in EXE—which are designed to automate GetMoreOnline the background,” he says. “This per- the process of exporting data from Learn about: sonal site has a private storage area for SharePoint 1.0 and importing it into ● Features that SPS 2003 users would personal content and work in progress, SPS 2003. Spout exports the version like to add or improve as well as a public storage area for easily history of legacy SharePoint sites into ● Issues ranging from bandwidth to sharing the projects and documents XML or flat file formats, while Spin storage requirements they are working on.” The personal site imports SPS Areas or Windows Share- FindIT code: SPS2003 includes some AD profile information, Point Services document libraries. For providing information to others about many users, the tools work as adver- redmondmag.com each user’s role. tised. But others complain of lengthy Indeed, Gardinier gives SPS 2003 import/export times and Microsoft’s

64 | October 2004 | Redmond | redmondmag.com | 1004red_YourTurn_62-65.v11 9/16/04 12:22 PM Page 65

YourTurn

own USENET groups are littered with the carcasses of Spin and Spout migra- tion efforts that somehow went awry. SPS Migration Tips These tools, while undeniably im- portant, don’t address a range of auro Cardarelli, a consultant with systems integrator Knowledge migration issues, such as the require- Management Inc., offered these best practices for those migrat- ment that organizations re-code their ing from SharePoint Portal Server 1.0 to SPS 2003, but the tips SharePoint 1.0 Web Parts for SPS can also apply to day-to-day SPS administration. 2003 and its new .NET underpin- • Develop and implement maintenance procedures for your nings (see “SPS Migration Tips”). As MSQL Server databases, such as defragmentation, transaction log backups and a result, says Lowe, the dreaded “P” index management. word—planning, and plenty of it—is • Pre-allocate database sizes to minimize the number of times the databases critical to the success of any large will have to expand. SharePoint migration. “All tools, in- • Use separate volumes for data and transaction logs. Allocate approxi- cluding Microsoft’s Spin and Spout, mately 13 percent to 15 percent of the data volume’s size to the transaction have issues,” he says, suggesting— log volume. ever philosophically, “It’s a great time • Consider disabling document versioning. to do a serious purge of your content — STEPHEN SWOYER and documentation.” ROI to be had. For example, says Car- effectively, with minimal interven- Security darelli, once an IT organization tion from IT, resulting in productivi- Users give SPS 2003 high marks for implements SPS 2003 and brings its ty gains for both groups. security, with Cardelli pointing specifi- personnel up to speed on its new man- Cardarelli identifies several common cally to the use of IIS authentication agement features—no mean feat, as SPS 2003 ROI benefits, starting with and role-based security as solid fea- we’ve seen—it’s a mostly turn-key more efficient information reuse. Users tures. But he also has a few nits to pick. environment. In this respect, he says, often waste large chunks of time One is that users can see some links IT can effectively “hand-off” SPS searching for documents and other they don’t have access to and get a pop- 2003 to business users. resources on local or network file up requesting credentials. “Microsoft “We help clients split data owner- shares. In an SPS 2003 environment, says it is for performance, but most find ship responsibilities, based on content. the same searches take just seconds, it very annoying,” he says. The interface is so easy to use it truly thanks to SharePoint’s integrated Similarly, Goebel says that he’s both becomes a community-run tool,” Car- search facility. SPS 2003 can also help pleased and a little overwhelmed by darelli says. “There is no burden on reduce e-mail traffic by eliminating the SPS 2003’s security fea- any one person or round-robin exchanges that occur tures. “There’s a lot of All in all, SPS 2003 group to maintain the when a user is looking for a document security all over the adopters say that the portal. The [total cost that addresses a particular issue. Final- place and it takes time ‘‘revamped SharePoint is of ownership] is mini- ly, features like the SharePoint to figure out where mized through the easy “Announcements List” (which provides what I’m looking for is.” a worthy upgrade. administration and the a channel for broadcasting information Lowe points out that, at the portal natural dissection of content.” to users), along with standardized tem- level, you can only set security on an Of course’’ you can’t get any ROI plates, can bolster corporate branding area, not the document library or file from new software if employees efforts by ensuring consistency of cor- level. “But in fairness, the product’s a won’t use it. At CIUAB, the original porate messaging. collaboration tool and [is designed SPS fared pretty well in that respect. All in all, SPS 2003 adopters say to] lend itself to sharing of informa- “Users really like it for the most part that the revamped SharePoint is a tion,” he says. and use it regularly,” Goebel says. worthy upgrade to the occasionally Given SPS 2003’s surfeit of user- frustrating SPS 1.0. In Search of ROI friendly features, such as MySite and Most SPS 2003 adopters haven’t Shared Workspace, he expects the Stephen Swoyer is a freelance technology commissioned return-on-investment follow-up will be a smash. Such fea- writer based in Athens, Georgia. He can studies, but expect there’s substantial tures allow users to collaborate more be reached at [email protected].

| redmondmag.com | October 2004 | Redmond | 65 1004red_Insider_66-70.v9 9/16/04 12:17 PM Page 66

Windows Insider Bill Boswell Master and Command Line

f GUI and the command-line interface (CLI) were You’ll want to enable automatic name completion, so you can type professional wrestlers, GUI would be a hugely muscled, the first few characters of a long masked warrior who enters the ring accompanied by directory or file name, then press I the Tab key to cycle through all the “GUI the Hero” theme music. CLI stands in the opposite matching items in the folder. This option is enabled by default in corner, looking grim and puny. GUI is the obvious crowd Windows 2003 and XP. Win2K uses the asterisk key, which is not as flex- favorite, but when the bell rings, mouse to do copy-and-paste opera- ible as the Tab key. Enable automat- there’s little doubt about who will pre- tions, but you can minimize the num- ic name completion with the Tab vail. CLI is clever, nimble and knows ber of steps. Click and hold the left key by entering a couple of Registry how to break all the holds GUI brings mouse button at the start of a block of changes using the reg command to bear. Two minutes into the first text, highlight the block, then release as follows: round, GUI is pinned for the count. the left mouse button and right-click reg add As it turns out, a Windows server run- anywhere in the highlighted text to "hklm\software\microsoft\command ning Windows Server 2003 has nearly place it in the clipboard. (If you need processor" /v CompletionChar /t all the CLI utilities needed to do every- to use the keyboard, press the Alt key, REG_DWORD /d 0x9 /f day administrative chores. You rarely tap the space bar, press E-M to start reg add need to use a terminal server client or marking, hold down the Shift key, "hklm\software\microsoft\command one of those fancy- move the cursor to the processor" /v PathCompletionChar schmantzy Adminpak To quickly create end of the line, then /t REG_DWORD /d 0x9 /f workstation tools. Just press Enter.) keep an open console an account for testing, In the same window, Shifting From prompt on your desktop ‘‘you can’t beat the NET select the Fonts tab and CLI to GUI and Back and follow along as I USER command. shift from raster fonts If you want to open a My Computer show you some of my to Lucida Console GUI window from the command favorite administrative utilities. fonts’’ and choose a size that’s comfort- line, simply enter: able to read but puts as many charac- start Configuring a Comfortable ters as possible on a single line. Select The focus of the window is set to the CLI Environment the Layout tab and set the Window current folder. Similarly, if you find an If you spend lots of time at the console Size to a width and height that makes executable in Explorer you want to run window, you might as well make things maximum use of your screen. For comfortable for yourself. Open a con- example, on my 1400x1050 laptop dis- sole window, then right-click the upper play, I use a 12 point font with a left corner (or the title bar) and select 170x70 setting for the console window Defaults from the flyout menu. Don’t so it covers the display completely. select the Properties option. Any Click “OK” in the console changes you make using this option are Properties window to save your only applied to console windows with changes. Close the console window the same name in the title bar. and open a new one to see the new You’ll want to cut and paste quickly default settings. Enter a command or from the command line to graphical two, then press F7. This lists the last utilities, so enable the QuickEdit 100 commands you’ve issued in that mode as shown in Figure 1. (This console session. Select an item from option is enabled by default in the list to perform the command Figure 1. Enabling QuickEdit mode facilitates cut-and-paste Windows 2000 Server, but not in again. Pressing F3 displays the last operations between the command Windows 2003.) QuickEdit requires a command you entered. line and graphical utilities.

66 | October 2004 | Redmond | redmondmag.com | 1004mcp_Sunbelt Spam.qxd 8/30/04 10:47 AM Page 1

’ And end-users Your life shouldnt. iHateSpam always get email for Exchange lets you control spam according to the needs of from the people your company and users — not to mention your needs. Spam in their own for Microsoft Exchange 5.5, 2000 and 2003 detection easily better than 90% — right out of the box: Contacts folder. Constantly updated spam engine: Field-tested, You can “configure powerful spam detection engine. Filtering based it and forget on tunable parameters: Use our it” for easy, default engine or customize with your effective own rules or blacklists. Customizable “hands-off” treatment of spam: Delete it, route it to a spam man- designated mailbox, put a custom message in the subject, agement. Set up or even quarantine it to a spam folder in the end-user’s mailbox. takes minutes, not Filter at the server — no client software needed: Set flexible hours or days. server-level policies for groups or single users. Low false positives: Control aggressiveness of spam detection with simple threshold settings. Set server or user-level whitelists.

SPECIAL OFFER: Try a FREE demo and get a “SPAM SUCKS” t-shirt: www.sunbelt-software.com/IHRED

Sunbelt Software Tel: 1-888-NTUTILS (688-8457) or 1-727-562-0101 Fax: 1-727-562-5199 www.sunbelt-software.com [email protected]

© 2004 Sunbelt Software. All rights reserved. iHateSpam is a trademark of Sunbelt Software. All trademarks used are owned by their respective companies. 1004red_Insider_66-70.v9 9/16/04 12:17 PM Page 68

Windows Insider

from a command prompt, just drag the icon to a console window. The com- mand line populates with the full path to the executable. Just press Enter and you’re off to the races. A faster alternative to this drag-and-drop trick is to install the CMDHere.inf utility from the Resource Kit. This places a CMD Prompt Here item in the property menu for a folder. To install the utili- ty, simply right-click the icon and select Install from the flyout menu. You could also follow the instructions in Knowledge Base 320148, “Start a Command Prompt in a Folder in Windows 2000.” Send the output of a CLI utility to a file using the “>” operator to store it for future use. For example, the “net- diag /v” command outputs a lengthy and detailed report on the status of all network interfaces. Pipe the out- Figure 2. The Tasklist /svc command lists services running under put to a file as follows: various processes. netdiag > netdiag.txt If you write technical documentation, path and so on, but it unfortunately the object to a new OU with it’s often handy to shove the output of places the user account in the default DSMOVE and delete the object a CLI utility directly into the clipboard User container. You probably want to with DSRM. so you can paste the results directly create your accounts in a specific into a word processor document. Organizational Unit (OU). For this Managing Local Services Windows 2003 has a utility called Clip you can use the DSADD command To see the running processes on a that you can use in XP (but not in Windows 2003. (If you manage a local machine, don’t open Task Win2K) to capture screen information Win2K domain from an XP desktop, Manager. Use TASKLIST. (In into the clipboard. The syntax is: you can use DSADD to manage Windows 2000, use TLIST). To netdiag | clip Active Directory accounts.) include the process owner and CPU Here’s a DSADD command that utilization in the listing, use Managing User creates an account for a user named TASKLIST /v. I also like TASKLIST and Group Accounts Mickey Mouse in an OU named /svc because it shows top-level executa- It pays to build a script to create new Phoenix in a domain called bles and the services running under user accounts so you can easily popu- Company.com: them. Figure 2 shows an example. late the account attributes without dsadd user "cn=Mickey Once you find the name of a serv- typing a lengthy set of command-line Mouse,ou=Phoenix,dc=Company,d ice using Tasklist, you can stop and arguments. To quickly create an c=com" -samid mmouse -disabled start the service using the NET account for testing, you can’t beat no -pwd * START and NET STOP com- the NET USER command. Here’s This creates the account, enables it mands. For example, to stop the the syntax: and prompts you to enter and con- Browser service, enter: net user testuser1 Pass%5Word firm the user’s password. The net stop browser /add /domain DSADD command is also useful for The SC utility has more features for The NET USER command has creating OUs, groups, contacts and controlling services. You can use SC other command-line switches for other objects. You can change to stop, start or change the status of a adding a full name, home directory object settings with DSMOD, move service. SC is a full replacement for

68 | October 2004 | Redmond | redmondmag.com | 1004red_Insider_66-70.v10 9/17/04 11:14 AM Page 69

Windows Insider

the Services.msc console. For exam- process list from server named classes Win32_Process and ple, to stop then disable the Browser W2K3-S1, enter: Win32_Service. To see a list of avail- service, enter: wmic /node:w2k3-s1 process list able aliases, enter “wmic /?” and use sc stop browser brief the alias as a parameter for WMIC. sc config browser start= disabled To get a quick list of running servic- For example, to see the status of the (In the second line, the space after es (in contrast to the processes that drives on a local machine, enter: the “start= ” entry is deliberate. host them), enter: wmic diskdrive list full You’ll get a syntax error if you don’t wmic /node:w2k3-s1 service where have a space.) state="running" list brief One FOR Command for All A more powerful tool for managing To see if the W3SVC (World Wide It’s common to change settings on services and just about anything else Web service) is running on a Web remote servers using the Computer on a Windows server or desktop is the server: Management console. The console Windows Management Instrument- wmic /node:w2k3-s1 service where packs a lot of functionality into a sin- ation Console (WMIC). Here’s an name="w3svc" list full gle MMC interface, but it takes a example that uses WMIC to get a If the State entry for the W3SVC long time to load and needs several quick list of the running processes: service indicates it has stopped, use mouse clicks to get to the useful wmic process list brief WMIC to start the service using information. It’s also difficult to get a The first time you launch WMIC, it this syntax: complete, simple-to-use printout spends a while configuring itself. After wmic /node:w2k3-s1 service where from the Computer Management that, it launches very quickly. You can name="w3svc" call startservice console. You can get a full listing of use WMIC to get information from WMIC uses terms like “process” all current system statistics printed in remote servers. For example, to get a and “service” as aliases for WMI comma delimited format using the

| redmondmag.com | October 2004 | Redmond | 69 1004red_Insider_66-70.v9 9/16/04 12:17 PM Page 70

Windows Insider

SYSTEMINFO command as follows: Here’s an example that dumps the interface with a primary and second- systeminfo /fo csv > Common Name (CN) of each object ary DNS server and a primary and systeminfo.csv in an OU called Server: secondary WINS server: The “/fo csv” switch tells Systeminfo csvde -d netsh interface ip set dns local to format the output in a single, ou=servers,dc=company,dc=com -l static 192.168.0.1 comma-delimited line item. This may cn -f serverlist.csv netsh interface ip add dns local seem simplistic, but here’s where your The resulting spreadsheet has two 192.168.0.2 command-line knowledge pays off. The columns, one with the full netsh interface ip set wins local extended batch language in Windows Distinguished Name (which you can static 192.168.0.5 has a command called FOR that lets delete) and one with the bare flat name netsh interface ip add wins local you quickly create looped commands. of the servers, which you can then use 192.168.0.6 For example, the following statement as an input to the FOR command. You can use Netsh to quickly and loops through each line in a text file easily change the settings for called Serverlist.txt, runs Systeminfo to Managing Local Windows 2003 and XP network get the statistics for the designated Network Configuration bridges, the Windows Firewall, server, and stores the result as individ- Windows has a phalanx of little CLI Remote Access Services (RAS) and ual lines in a comma-delimited file. tools for listing various network LAN routing. You can also dump the for /f %i in (c:\serverlist.txt) do configuration items, but the utility entire set of network settings for all systeminfo /s %i /fo csv /nh >> with the most comprehensive set of interfaces to a flat file to import to systeminfo.csv features is the Network Shell, or another server or back to the same The “f” switch tells FOR to loop Netsh. I use this gem all the time. server after it has been rebuilt. through the designated file and assign For example, consider what it takes The Netsh utility exists on Win2K, each line to a variable called “%i.” to change the static IP of a server but the Windows 2003 and XP ver- (The letter choice is using GUI tools. It sions have a nifty Diag option that arbitrary.) The double NET VIEW simply takes a grand total of lets you do quick-and-dirty trou- angle brackets (>>) tell eight mouse clicks just bleshooting, like pinging every server SYSTEMINFO to queries the Browser to get to the TCP/IP configured to be a DNS, WINS, append each output line ‘‘database, which is Properties window, Proxy or Gateway along with any to the target file, rather not authoritative. then several more clicks server configured in Outlook Express than overwriting the file and keystrokes to set as a mail and news server. each time. The result is a spreadsheet the address’’ and the gateway and still that contains a comprehensive set of more clicks to save the changes. Setting Priorities parameters for every server in the list. Here’s the same operation done If you’ve spent most of your career You can get a quick file of server with a single command: using GUI tools, it takes a while to names in your network by piping the netsh interface ip set address local get accustomed to CLI utilities. Once result of the NET VIEW command static 192.168.0.100 255.255.255.0 you master them, though, you’ll to a file: 192.168.0.254 0 spend a lot less time doing grunt net view /domain:company > The sequence of numbers in the work. That will give you the free c:\serverlist.txt expression is “Address, Mask, Gateway time you need to use your GUI tools Use a text editor to remove the and Interface Metric.” The word for something valuable, like playing extraneous entries from the file, then “local” refers to the first word of the the latest version of Halo. feed it to the FOR command. default network interface name, Unfortunately, NET VIEW simply “Local Area Connection.” If you have Contributing Editor Bill Boswell, queries the Browser database, which two or more network interfaces, you’ll MCSE, is an independent consultant, is not authoritative. If you want a need to spell out the entire name. I trainer and founder of The Windows truly comprehensive list of servers recommend shortening the names to Consulting Group. He’s the author of within a domain, turn to AD. something like NET1, NET2 and so Inside Windows 2000 Server and Assuming you put your server objects on. You can also use Netsh to change Inside Windows Server 2003, as well in a separate OU, you can dump the the DNS and WINS interface config- as the upcoming Inside Exchange contents of the OU to a comma- uration. The following lines configure Server (Addison-Wesley). Contact him delimited file using the Csvde utility. the default “Local Area Connection” at [email protected].

70 | October 2004 | Redmond | redmondmag.com | 1004red_Tips_71.v9 9/16/04 12:24 PM Page 71

Tips&Tricks Derek Melber Gaining Group Control

ou know how the story goes—power users don’t like •Link GPOs that use the Restrict- ed Groups policy to OUs that con- domain administrators to control their computers, tain only the target computer so they remove any domain administrative groups accounts. If the GPO is designed for Y clients, but configures servers, the from their local groups. This is a common ploy of adminis- server services might fail. •Type in the group name if you trative staff too, to kick out other domain administrators need to refer to a local group. For example, if you need to input the from any local groups on their per- from the local computer or from a Power Users group, you will need to sonal computers. domain. This setting doesn’t append type it in, since you might not be able “So what’s the problem?” you may to the existing user and group to browse for it. ask. The problem lies with control over accounts that have membership in the •If you need to refer to a domain a computer that is part of an Active group. Instead, it first removes any that you don’t have access to from the Directory domain. If the Domain account in the group, then adds the browser option, use the following Admins group isn’t a member of the new list. If the policy is implemented syntax: \. local Administrators group on a com- and the list is blank, it will leave the With real names, it might look some- puter, then administrative staff have no group without any members. thing like this: braincore\derekm. immediate control over that computer. •This group is a member of. This •Be mindful that pre-SP4 Windows Similarly, other groups and users might setting provides a text box for you to 2000 domain controllers have a bug need to have membership in the local enter all groups in which the specified associated with leaving the Members Administrators group on each comput- group should have membership. The section blank. For more information, er—to update applications remotely, groups listed must meet the group refer to Knowledge Base article install security updates or obtain docu- nesting rules for the domain function- 810076. mentation information for the system. al level you’re working with, as well as Controlling local groups has never Never fear, Group Policy is here! standard group nesting rules. For been so easy and powerful. Group Policy Objects (GPOs) pro- example, you can’t configure a local vide a solution for controlling groups, group to have membership in a global Derek Melber runs and operates www. especially local groups, on any com- group. In addition, configuring this auditingwindows.com, the first dedicated puter in the AD domain. The solution option won’t remove current mem- Web site for Windows auditing and is to use Restricted Groups. Restrict- berships for the group; it will just cre- security. He’s written an e-book series on ed Groups gives you two options for ate additional memberships. If the Group Policy, available at http://mcp controlling the membership of policy is implemented and the list is mag.com/resources. You can reach Derek groups, enabling you to ensure that blank, it will leave the current group at [email protected]. the Domain Admins group has mem- memberships in place, and not pro- bership in the local Administrators vide any additional memberships. group on every computer in the When configuring the settings in the Tip Box domain. The settings for Restricted Restricted Groups, consider these tips: Don’t create a policy to configure the Groups is located under the Comput- •Use one or the other of the above members of a group in two different er Configuration| Windows- two settings across all GPOs, not GPOs. This won’t merge the GPOs together—it will only take the last Settings|Security Settings. both. For example, one GPO might GPO configured. If a GPO at the Following are the two settings for say to make Group1 a member of domain level states that Group1 every group listed under Restricted Group2, but a different GPO states should have Group2 as a member and Groups in a GPO. that Group2 should only have mem- a GPO at the OU level states that •Members of this group. This set- bers including Group2. This causes a Group1 should have Group3 as a member, only Group3 will be a mem- ting provides a text box for you to conflicting setting, which will most ber when the GPOs finish applying to enter all members of the group, likely result in Group1 not having the computer. including user and group accounts membership in Group2.

| redmondmag.com | October 2004 | Redmond | 71 1004red_script_72-74.v10 9/16/04 12:22 PM Page 72

Mr.Script Chris Brooke Easy Database Creation

reetings, friends; Mr. Script at your Now, you need to create tables to hold your data. Before you can do that, you must map the datatypes used service! Like the magazine, this by Access to the datatype values used by the ADODB column has a new name. We tossed engine in our script, shown in Table 1. Now that you G know how to set up the various fields, use Script 2 to cre- around “Dr. Script” and I really, really ate the database table. Script 2: Create the table. wanted to be “Captain Script,” but in the Set objConn=CreateObject("ADODB.Connection") objConn.Open _ end we settled on “Mr. Script.” "Provider=Microsoft.Jet.OLEDB.4.0; " & _ Whatever the name, the mission’s the same: to bring you "Data Source=c:\MyData.MDB" a variety of scripts to make your administrative life easier and to answer your scripting questions. The way I see it, objConn.Execute "CREATE TABLE MyTable(" & _ the latter should trump the former. If I receive a question "RecID COUNTER ," & _ from a reader—particularly one that’s especially relevant "Computername TEXT(15) ," & _ to a recent topic—then I’m honor-bound to put aside any "IPAddress TEXT(15) ," & _ "Created DATETIME ." & _ previous ideas and respond to said question. Because, as "Notes MEMO)" the saying goes, if one person asks a question, many oth- ers are thinking it. Again, pretty straightforward. Just make sure you So, rather than discuss Active Directory migration tasks specify text field lengths that are long enough for any that can benefit from scripting, as planned (I promise we’ll eventuality. return to this subject later), I instead will respond to Finally, you can use Script 3 to put data into the new Kevin Jones, who asks this question about a topic I database. addressed some months ago in my column on using Script 3: Populating tables with your data. AcitveX Data Objects (ADO) in a scripting environment: Const adOpenStatic=3 I was wondering if there’s a way to script creation of ODBC Const adLockOptimistic=3 data sources on Windows XP workstations. We’re installing a new Set objConn=CreateObject("ADODB.Connection") association management package that requires three data sources Set objRS=CreateObject("ADODB.Recordset") on each client machine. Even a locally run script that I could run objConn.Open _ through RDS would save a considerable amount of time. "Provider=Microsoft.Jet.OLEDB.4.0; " & _ When I read his question, I experienced one of those "Data Source=c:\MyData.MDB" forehead slapping “aha!” moments. Of course you want to objRS.Open "SELECT * FROM MyTable" , _ do that. Moreover, you certainly want to know how to objConn, adOpenStatic, adLockOptimistic script creation of the databases, too. How could I have left out even a passing reference to such an obvious aspect of objRS.AddNew ADO scripting? I have no excuse. Please forgive me. objRS("Computername")="Server1" I shall try to redeem myself by demonstrating both, objRS("IPAddress")="192.168.1.10" objRS("Created")=Now starting at the beginning: Creating a database from objRS.Update scratch. Script 1 creates the database file. In this case, it objRS.Close creates an Access .MDB. objConn.Close Script 1. Create the database file. Set objConn=CreateObject("ADOX.Catalog") And so on, and so on. We can do this all day long, cre- objConn.Create _ ating multiple records inside multiple tables inside multi- "Provider=Microsoft.Jet.OLEDB.4.0; " & _ ple databases. Not bad, eh? In fact, we could stop here "Data Source=C:\MyData.mdb" and build some really powerful scripts that get data from and/or place data into a variety of databases. This is Not much to it, is there? You now have an empty .MDB because we can always connect to the data by directly file in the root of C: (or wherever you may wish to place it). specifying the Jet provider in the connection string.

72 | October 2004 | Redmond | redmondmag.com | 0904mcp_Training Cmp 8/16/04 1:37 PM Page 1

By day three, Unfortunately, you can’t dream • Microsoft your way to certification. • Cisco

Jack was finally 1 TM • Oracle Our accelerated programs, featuring our exclusive 3 /2 step method, enjoying his makes learning fast and effective. In less than two weeks, you’ll • Sun return to your job empowered with the knowledge, confidence • Linux

IT training. and certification you need to advance your career…and your life. • CISSP

• CEH To find out more about our all-inclusive certification programs,

call 800-698-5501 or visit www.trainingcamp.com. • CompTIA

Enter the special promotion code “HELP” and receive a 20% • UNIX

discount on select courses. • Forensics 1004red_script_72-74.v10 9/16/04 3:09 PM Page 74

Mr. Script

However, as we discussed in the task is easy, yet fraught with danger. we created above is stored in the August issue, connecting via a At its simplest level, a DSN is just registry under HKEY_ CUR- Data Source Name (DSN) is so a registry entry. Exactly where it is RENT_USER\Software\ODBC\ much more elegant. Plus, to truly stored in the registry depends upon ODBC.INI\ MyDSN. answer the question that prompted whether it is a System DSN, User When you use the ODBC applet this little foray, we need to write a DSN and so on. So, for instance, a in the control panel to create a script to create the DSNs. This User DSN pointing to the database new DSN, all it does is create these registry entries. In the course of normal operations, it’s probably better that you use the ODBC applet when creating DSNs— you’re less likely to make a mistake.

Table 1: Mapping Access datatypes to datatype-similar ADO values. Access ADODB Datatype Value Autonumber COUNTER Date/Time DATETIME BOOLEAN YESNO Text TEXT(x) Numeric Long INTEGER Integer (decimals not allowed) Numeric Double FLOAT (decimals allowed) Memo MEMO

However, if, like Kevin, you need to create DSNs via scripting, do so with the same reverence with which you approach any task regarding

PrimalScript the registry—with the understand- ing that you could do irrevocable damage to your computer if you make a mistake. Next month, I’ll walk you through a script for safely

AINTcnlge,Inc. Technologies, SAPIEN creating DSNs.

Contributing Editor Chris Brooke, MCSE, is director of enterprise technol- ogy for ComponentSource specializing in development, integration services and network/Internet administration. Send questions or your favorite scripts to [email protected].

74 | October 2004 | Redmond | redmondmag.com | 1004red_secadvisor_75-77.v15 9/16/04 12:23 PM Page 75

Security Advisor Roberta Bragg 5 Steps to Certificate Bliss

oday we’re inundated with sermons evangelizing cer- Windows passwords are. We need to implement smart cards.” tificates as the universal answer to all things security. IT Manager Sven: “That will Want to get rid of the risk of password-based logon? improve security, but I have a limited T IT budget. Investing in smart cards will Use certificates and/or smart cards. Want to protect com- pretty much kill other IT initiatives for the year.” munications over the Internet? Use SSL certificates or John: “Well, what are our options? You know as well as I do that IPSec-based VPNs. And when using implemented, they can provide rock- Microsoft products need all the help IPSec, you’d better use certificates for solid security; done wrong, they’ll be as they can get. I don’t want to have to authentication, because that’s more weak as a three-character password. notify our customers that their credit- secure. And the list goes on. Given the deceptive ease of implemen- card numbers may have been exposed.” To adopt these solutions you need tation, you may not think a certificate IT Pro Diane: “The issue of cus- to either purchase certificates from a project requires major planning. That tomer data security can be better public Certification Authority (CA), would be a mistake. Here are five plan- addressed by implementing my propos- or build your own Public Key Infra- ning steps to follow before implement- al from three months ago. Microsoft structure (PKI). Both options are ing a certificate structure. passwords and password policies can be now incredibly easy—so easy, even strengthened beyond the capabilities of your boss could do it. But purchasing 1. Determine if Certificates Are the password cracking schemes avail- certificates can be rather expensive, the Best Solution able today and into the near future. We as can hiring a consultant to assist In some cases, certificates may be the just need some policy changes, user you with an in-house PKI, or pur- only solution to your security prob- training and password auditing capabil- chasing and implementing your own lem. If, for example, you want to ities. This will cost far less than imple- third-party CA products. implement 802.1x authentication menting smart cards across the board.” using Protected Extensible Authenti- Sven: “Diane’s right, John. We Microsoft Makes It Easy cation Protocol (PEAP) and can do a better job of managing Enter Microsoft certificate services. Microsoft’s Internet Authentication password-based authentication. But we Microsoft is very good at making the Service (IAS) server, you’ll need, at need to start with sound security policies incomprehensible simple by virtue of minimum, a certificate for IAS. Like- and practices, and we need the teeth to the wizard. If you’re running Win- wise, you can’t outfit your Web server enforce them. Will you help us there?” dows 2000 Server or Windows Server for SSL without a server certificate. John: “Well, I’m not convinced, 2003 it’ll take you just a couple of You’ll also need certificates—lots of but I’m willing to consider your pro- minutes to bring up a CA and start them—in order to use the native posals. I want a report on my desk issuing certificates. If you have a smart card support built into Win- tomorrow on how to bolster pass- Win2K or Windows 2003 domain, dows 2003 and Win2K. word security. Send me another make sure that server is a domain But certificates are most definitely copy of your prior proposal on cus- member, and you’ve instantly empow- not the solution for every security tomer information security as well.” ered easy use of certificates through- need. Before rushing in, determine Whatever the ultimate decision, at out the domain. Before you know it what’s driving the call for certificates, least the reasons for the proposal are you’ll have more certificates crawling so you can decide whether they are being discussed. How else can you around in your network than there are the best solution. If it’s a manage- determine the best course of action if ticks on a red-bone coon hound. So ment initiative, for example, have a you don’t know what the goals are? what’s wrong with that? More certifi- talk with the manager who wants cates equals more security, right? changes. I can imagine such a con- 2. Buy or Build? Wrong. Certificates could eventually versation going something like this: Several items must be considered become as maligned in the IT commu- C-Level Decision-Maker John: when deciding whether to purchase nity as passwords. When correctly “I’m tired of hearing about how weak or produce certificates. Make the

| redmondmag.com | October 2004 | Redmond | 75 1004red_secadvisor_75-77.v17 9/17/04 10:35 AM Page 76

Security Advisor

right decision based on: securely? What if you have an immedi- • Budget ate need to secure wireless access? • Certificate requirements Properly implementing a PKI will take GetMoreOnline • Current network infrastructure time. In this case you may want to pur- We’ve assembled links to additional • Number of certificates required chase the certificate(s) in the near-term, Microsoft resources on this topic: ● A Webcast on planning a PKI • Current deployments while at the same time developing and infrastructure for Windows 2003 • Future plans hardening your PKI plan for the future. ● An overview of PKI design process If you need only one certificate, you ● A number of articles addressing PKI may be tempted to buy one. But if 3. Planning ● A list of CA resources you’ve already invested in PKI, Whatever you decide, you’ll need to FindIT code: PKI shouldn’t you just issue one of your do some serious planning. own? Not necessarily. A public Web site, for example, should have a com- Purchased Certificates redmondmag.com mercial CA as its signer, while an Should you go the commercial route, • Certificate purchase and hand-off intranet site usually works better with there’s a host of procedures you’ll need for implementation. one from your in-house CA. to implement, including assigning • Certificate distribution and installa- If you need multiple certificates, you responsibility for: tion, using automated methods where may decide it’s time to deploy your own • A comprehensive certificate man- possible and keeping accurate records. PKI. It’s certainly easy and cheap agement plan that includes the reasons • Tracking certificate expiration enough to do with Microsoft products, certificates are purchased, how they’re dates, renewing certificates, or expiring but are you ready to devote the time actually used and who has responsibili- them and recording changes. and energy into learning how to do it ty for their management. • Certificate revocation. 1004red_secadvisor_75-77.v17 9/17/04 10:35 AM Page 77

Security Advisor

In-House Rollout CA hierarchy will be used. securest path possible for deployment The development of in-house certifi- • Specify an audit methodology and and maintenance. cates services using your own PKI practice before deploying. should be 80 percent planning and 20 • Research best practices for harden- 5. Deploy and Maintain percent implementation. The steps ing both CA computers, processes and Once you’ve planned your work, work you’ll need to take include: certificate usages—then build them your plan. You’ve got a number of • A detailed analysis of certificate use into the architecture of your PKI. steps to do, all of which must be done within your organization. Determine in the correct order—and don’t forget the use that provides the most benefit 4. Select the CA Vendor that security is iterative. Maintenance is and implement that first. If you decide to buy third-party cer- the most important phase of the • An analysis of available PKI skills tificates, return to the analysis and process, after planning. among your personnel. planning stage. Yes, this step is in the • Create a committee—representing correct order. You should thoroughly Roberta Bragg, MCSE: Security, CISSP, IT, general management and employ- study your needs and requirements Security+ and contributing editor for Red- ees—to develop policies and proce- concerning certificates before select- mond magazine, owns Have Computer dures for design, implementation and ing a vendor. Whether you’re pur- Will Travel Inc., an independent firm spe- maintenance. chasing a single certificate, cializing in information security and oper- •Review committee work to make third-party CA or implementing ating systems. She’s series editor for sure it covers areas including pro- Microsoft’s CA, you should be look- McGraw-Hill/Osborne’s Hardening series tecting root and subordinate CAs, ing for the vendor that suits you— and author of the first book in the series, how certificates will be issued, not for the solution that a specific Hardening Windows Systems. Contact revoked and renewed, and whether a vendor supplies. Then determine the her at [email protected]. 1004red_redmond.com ad 9/15/04 4:27 PM Page 1

MAG.COM

BOOKMARK IT TODAY! 1004red_AdIndex_79.v6 9/16/04 4:49 PM Page 79

RedmondResources AD INDEX Advertiser Page URL Alloy Software 35 www.alloy-software.com AutoProf 25 www.autoprof.com Ecora Corporation 37 www.ecora.com EMC Corporation 39-42 www.emc.com Famatech LLC 69 www.famatech.com Geeks on Call 63 www.geeksoncall.com GFI Software 10, 61 www.gfi.com GoExchange 18,19 www.goexchange.com IBM 9 www.ibm.com/middleware/process ADVERTISING SALES InstallShield 7 www.installshield.com Henry Allain, Matt Morollo, MCPmag.com Tech Library 55 www.MCPmag.com/techlibrary Publisher Associate Publisher Net Support 21 www.netsupportsoftware-inc.com 949-265-1556 phone 508-875-6644 ext.18 phone Network Appliance C2, 1 www.netapp.com 949-265-1528 fax 508-875-6633 fax Network Instruments 77 www.networkinstruments.com [email protected] [email protected] OnDemand Software 24 www.ondemandsoftware.com PrepLogic 76 www.preplogic.com West East Quest Software C4 www.quest.com HI, AZ, UT, TX, NV, CO, NM, OK, MN, IA, MO, AK, LA, WI, IL, MS, MI, Raxco 49 www.raxco.com CA, NE, KS, ND, SD, WY, MT, ID, IN, OH, KY, TN, AL, GA, ME, NH, Redmondmag.com 78 www.Redmondmag.com OR, WA, AK, BC, Alberta, VT, MA, RI, CT, NY, PA, NJ, DE, Saskatchewan, Manitoba, Pacific MD, WV, VA, NC, SC, FL, Quebec, RES Inc. 14 www.respowerfuse.com Rim, Australia, New Zealand, India, Ontario, Europe Sapien Technologies 74 www.sapien.com Pakistan JD Holzgrefe, Scriptlogic 33 www.scriptlogic.com Dan La Bianca, Eastern Regional Sales Shavlik Technologies C3 www.shavlik.com Western Regional Sales Manager Sunbelt Software 13, 45, www.sunbelt-software.com Manager 804-550-0169 phone 253-595-1976 fax 57, 67 818-674-3416 phone SurfControl 2, 53 www.surfcontrol.com 818-734-1528 fax [email protected] [email protected] The Training Camp 73 www.trainingcamp.net Ultrabac Software 23 www.ultrabac.com Wave Technologies 59 www.wavetech.com IT Certification & Production Training—USA, Europe Websense, Inc. 5 www.websense.com/spyware/3 Kelly Smith, Winternals Software 47 www.winternals.com Al Tiano Associate Production Advertising Sales Manager, IT Coordinator Certification & Training 818-734-1520 ext.164 phone EDITORIAL INDEX 818-734-1520 ext.190 phone 818-734-1528 fax Company Page URL 818-734-1529 fax redmondadproduction@ [email protected] 101com.com EMC Corp. 32, 34, 36, 38 www.emc.com NetIQ Corp. 20, 21 www.netiq.com Online Sales—ENTmag.com Microsoft Corp. 11, 12, 15, 22, 24-32, 34, www.microsoft.com and TCPmag.com 36, 38, 43, 44, 46, 48, Tanya Egenolf, 50-52, 54, 56, 58,60-62, Adverstising Sales Manager 64-66, 68-72, 75-77, 80 760-722-5494 phone Raxco Software 16, 17 www.raxco.com 760-722-5495 fax SWsoft 38 www.sw-soft.com [email protected] This index is provided as a service. The publisher assumes no liability for errors or omissions.

Corporate Headquarters: 9121 Oakdale CONFERENCES requests to “Permissions Editor,” c/o Red- Periodicals postage paid at Canoga Park, CA Ave., Ste. 101Chatsworth, CA 91311, TechMentor Conferences contact Al Tiano, mond Magazine, 16261 Laguna Canyon Road, 91304-9998, and at additional mailing offices. www.101com.com Sales Manager, 818-734-1520 ext. 190, Ste. 130, Irvine, CA 92618. The information in Annual subscription rates for U.S. $39.95 [email protected]. this magazine has not undergone any formal (U.S. funds). Postage for Canada/Mexico Media Kits: Direct your Media Kit requests testing by 101communications and is distribut- $15 (U.S. funds); and International $25 (U.S. to Matt Morollo, Associate Publisher, 508- The Data Warehousing Institute contact ed without any warranty expressed or implied. funds). Subscription inquiries, back issue 875-6644 ext. 18 (phone), 508-875-6633 Diane Smith, Exhibit Sales, 206-246-5059 Implementation or use of any information con- requests, and address changes: Mail to: (fax), [email protected]. ext.108, Denelle Hanlon, Publication and tained herein is the reader’s sole responsibility. Redmond Magazine, 2104 Harvell Circle, Sponsorship Sales, 206-246-5059 ext.102, While the information has been reviewed for Bellevue, NE 68005, e-mail RED@lists. Reprints: For all editorial and advertising [email protected]. FCW Events accuracy, there is no guarantee that the same 101com.com or call 866- 293-3194 for U.S. & reprints of 100 copies or more, and digi- and Conferences contact Lucy Cooley, or similar results may be achieved in all envi- Canada; 402-293-6851 for International, fax tal (Web-based) reprints, contact RSi- Events Director, 703-876-5081, lcooley@ ronments. Technical inaccuracies may result 402-293-0741. POSTMASTER: Send add- Copyright 651-582-3817 or cwj@ 101com.com. Syllabus Conference and from printing errors, new developments in the ress changes to Redmond Magazine, 2104 rsicopyright.com Exhibition, contact Anne Morris, Exhibit industry and/or changes or enhancements to Harvell Circle, Bellevue, NE 68005. Canada Space or Sponsorship, 818-734-1520 either hardware or soft-ware components. Publications Mail Agreement No: 40039410. List Rentals: To rent this publication’s e-mail ext.219, [email protected]. Return Undeliverable Canadian Addresses to or postal mailing list, please contact Redmond Magazine (ISSN: 1081-3497, Circulation Dept. or DPGM 4960-2 Walker 101direct, the List Services Division of © 2004 by 101communications. All rights USPS: 0015-657) is published monthly by Road, Windsor, ON N9A 6J3. Copyright 101communications: 1-877-4-101 direct (1- reserved. Reproductions in whole or part pro- 101communications LLC, 9121 Oakdale 2004 by 101communications LLC. All rights 877-410-1347); www.101direct.com. hibited except by written permission. Mail Avenue, Ste. 101, Chatsworth, CA 91311. reserved. Printed in U.S.A.

| redmondmag.com | October 2004 | Redmond | 79 1004red_Ten_80.v8 9/16/04 12:23 PM Page 80

Products We Wish Microsoft Would Deliver TEN By Paul Desmond

The Microsoft ney longs for the days of word pro- Windows Credit Card cessing programs like Xywrite that, Naked Low, low interest rates help you stom- even with their funky keystroke com- It’s time for Windows to strip down to ach high, high software prices. Red- bos, were somehow simple to use. its skivvies. Roger Clifford, a network mond Rewards program lets you earn Word, on the other hand, has a mind admin in Alaska, says Microsoft could points toward professional services for of its own, constantly changing for- create an OS “that boots in 10 seconds help with things like—oh, I don’t matting and fonts on unsuspecting and never slows down or freezes” if not know—patching? (Kudos for this idea editors who are just trying to get for “useless features that slow down the to Wesley Bielinski, a network adminis- some work done. Make it stop! OS, crash the machine and create trator in Evanston, Ill.) unnecessary security holes.” Contribut- Better ing Writer and Network Manager Manager Backup Laura E. Hunter (see p. 43) wants a Minder Redmond Contributing Editor Bill server OS stripped of its GUI, browser Colorful graphs and complex charts Boswell envisions data mirroring and and “all the other pretty things” that with adjustable vectors, deltas and ROI enterprise-wide data management belong only on clients. Redmond Execu- calculators keep business executives with speedy, object-based archiving tive Editor of Reviews Lafe Low says busy for hours—so IT staff can get real that addresses full-scale as well as you should be able to start with the work done. Optional Meeting Avoid- file-sized recoveries. Robert Oswalt, basics and build by adding modules ance Module populates Outlook calen- an admin at a church in Fort Worth, “that all work and integrate seamlessly, dars with talk of data purges, server Texas, wants a simple way to back with zero hassles.” reboots, IDS tuning and more—con- up his server to a DLT drive. I just vincing evidence that you are far too want to back up My Documents “Something, any- busy to attend most any meeting. without having to think about it thing, for which I (Props to Alex Ayotte, a system analyst every … single … day. am not a beta tester.” in Tallahassee, Fla.) So sayeth Christopher Bell, of Man- Integrated chester, U.K. After a less-than-pleas- George Anti-Everything ant experience with XP SP2, Chris Jetson Voice Whaddyagot—viruses? We kill that. wants Microsoft to develop its own Recognition System Spam? No problem. Adware, mal- internal testing system covering alpha, I suppose we could explore some busi- ware, spyware, post-nasal drip? Yep, beta, gamma, pre-release, release—the ness uses for this, but let’s be honest: yep, yep. We’ll kill it all, dead, dead, gamut—so he doesn’t have to. Who What we really want is a machine that dead. It’ll all be integrated with Win- said the Brits have no sense of humor? hears “Steak, medium rare” and bolts dows and it’ll just work, from the get- for the kitchen to womp up some din- go, I swear. You won’t even notice it. The Bill Gates ner—without expounding on what a Reimbursement “crazy day” it had. Outlook Machine for Idiots Here’s how it would work: Word for Ever send an e-mail pointing to • Enter all time spent on Windows Dummies insightful ponderings in an attached updates, patches, new ways of doing Redmond Editor in Chief Doug Bar- document—only to forget to attach things that are different but not necessar- the document? I’ve done it 642 times ily better and clearly nothing you need. as of noon today. Wouldn’t it be nice • Enter value of your time per hour. if Outlook scanned outgoing mes- • Machine calculates value of time redmondmag.com sages for a predefined keyword— wasted. We found no shortage of opinions something crazy like “attach”—and • Bill Gates issues you a check and from the folks we polled on this topic. Go online to read the best of the rest. slapped you upside the head when mails it with an apology. FindIT code: TenProducts the word cropped up in a message with no attachment? Yes, it would. Desmond is editor of Redmond magazine.

80 | October 2004 | Redmond | redmondmag.com | 0904mcp_Shavlik 8/17/04 10:34 AM Page 1

Get patched in 30 minutes

or less with security solutions

built to protect you for years.

Simple. Secure. Scalable. Shavlik HFNetChkPro.

Multiple platforms. Mobile computers. Remote networks. DMZs. It’s a complex world.

Fortunately, security patch management is simple with Shavlik HFNetChkPro. It’s the

industry standard patch management tool that’s now available with proven agent

technology. Download our Free version at www.shavlik.com, call (800) 690-6911 or

Now available email us at [email protected]. And discover how Shavlik and its partners can keep your with proven agent technology. workstations and servers patched no matter how complicated your world becomes.

Secure Your Vision.

Shavlik Partners in Technology: 1004mcp_Quest.qxd 8/30/04 10:38 AM Page 1

WINDOWS MANAGEMENT .All emark More performance.

10/2004/MCP More efficiency. More proof. other brand or product names are trademarks or registered trademarks of their respective holders. trademarks of their respective trademarks or registered names are other brand or product trad is a registered Microsoft Corporation in the United States and other countries. of Microsoft ©2004 Quest Software, Inc.All rights reserved. trademarks of Quest Software trademarks or registered are Quest and Software

When it comes to Exchange management,what more do you need? Finally,you can get the most comprehensive set of solutions for Exchange—and the largest team of experts—from a single vendor:Quest Software. With the acquisition of Aelita Software,Quest simply brings more to the table.Now you can simplify,automate,and secure your Exchange environment and migrate with ZeroIMPACT™ on end users. But don't take it from us. Take it from our customers. ———————————————————————————————————————————————————————— “Using Quest solutions,we can deliver timely reports across the enterprise and save money while recovering 60% of an administrator's time.” — International Truck and Engine ———————————————————————————————————————————————————————— “Quest let me see Exchange like I had never seen it before. We’ve significantly increased our understanding of performance management in Exchange.” — Super-Sol ———————————————————————————————————————————————————————— “Thanks to Quest,Exchange performance has improved dramatically,and Exchange-related user complaints have been totally eliminated.”— The Phoenix ————————————————————————————————————————————————————————————— “We reduced the amount of junk e-mail from 10,000 to about 5,000 messages in one week.This reduced the load on our servers and the storage required.”— NTES Limited —————————————————————————————————————————————————————————————

Exchange investment with centralized analysis and diagnostics. Enhance Get your free white paper by Kieran McCorry. customer service.Improve troubleshooting efficiency.Maximize the overall Best Practices for Exchange Storage Management performance of your Exchange environment.Simply put,we give you more www.quest.com/ExchangeProof for Exchange management and migration. And we can prove it.

Quest Management Suite for Exchange improves performance, reduces administrative costs, secures critical business information, and optimizes the return on your investment. Dramatically simplify your Exchange administra- tion. Slash your storage needs. Enforce corporate policy. Optimize your

| Active Directory | Exchange | Windows |