Jim Allchin on Longhorn, Winfs, 64-Bit and Beyond Page 34 Jim

0805red_cover.v5 7/19/05 2:57 PM Page 1

4 Scripting Solutions to Simplify Your Life Page 28

AUGUST 2005 WWW.REDMONDMAG.COM

MrMr WindowsWindows Jim Allchin on Longhorn, WinFS, 64-Bit and Beyond Page 34 > $5.95 05 • AUGUST

Make Room for Linux Apps Page 43

25274 867 27 Active Directory Design Disasters Page 49 71 Project1 6/16/05 12:36 PM Page 1

Exchange Server stores & PSTs driving you crazy?

Only $399 for 50$ mailboxes;1499 for unlimited mailboxes!

Archive all mail to SQL and save 80% storage space!

Email archiving solution for internal and external email

Download your FREE trial from www.gfi.com/rma Project1 6/16/05 12:37 PM Page 2

Get your FREE trial version of GFI MailArchiver for Exchange today!

GFI MailArchiver for Exchange is an easy-to-use email archiving solution that enables you to archive all internal and external mail into a single SQL database. Now you can provide users with easy, centralized access to past email via a web-based search interface and easily fulfill regulatory requirements (such as the Sarbanes-Oxley Act). GFI MailArchiver leverages the journaling feature of Exchange Server 2000/2003, providing unparalleled scalability and reliability at a competitive cost.

GFI MailArchiver for Exchange features Provide end-users with a single web-based location in which to search all their past email Increase Exchange performance and ease backup and restoration End PST hell by storing email in SQL format Significantly reduce storage requirements for email by up to 80%

Comply with Sarbanes-Oxley, SEC and other regulations. General configuration options Searching for an email

tel: +1888 243 4329 / +919 379 3397 | email: [email protected] | url: www.gfi.com/rma Project2 6/14/05 2:48 PM Page 1

Do you know who's inside your network?

Beyond Scan and Remove - Think Spyware Prevention Are Spyware and other Internet threats clowning around on your network? SurfControl Enterprise Threat Shield™ gives you the last laugh. If the threat is already on a user's machine, SurfControl Enterprise Threat Shield stops it from running and removes it. What is more, SurfControl Enterprise Threat Shield prevents reinfection, is enterprise-ready, gives you centralized management, and is user tamper-proof. Put the kibosh on spyware, key-loggers, instant messaging, P2P and games before they jeopardize security or productivity.

FREE 30-day trial www.surfcontrol.com/go/threatshield 1 800.368.3366

AUGUST 2005 WWW.REDMONDMAG.COM

Winner for Best Computer/Software Magazine 2005 RedmondTHE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY

COVER STORY REDMOND REPORT 8 News Analysis Mr. Windows Longhorn Lite Jim Allchin, considered 10 Event Log by many as the father of Google Earth debuts in beta NT and the brains behind form; System Center Data Longhorn, talks about the Protection Manager releases future of rich clients and ahead of schedule; staggered why you should trust rollout planned for Microsoft Microsoft to power your CRM 3.0. next PC.

Page 34

PHOTO BY GEOFF MANASSE

FEATURES 40 Longhorn: Is Allchin’s Baby Worth the Wait? 12 TechWatch Don Jones takes a look at the new features that will be included in the Microsoft feeds RSS to Longhorn. new Windows operating system, slated for release in late 2006.

43 Make Room for Linux COLUMNS As Linux applications grow in 4 Chief Concerns: popularity, Windows admins Doug Barney will need to start incorporating Why I Bought them into their networks. Here a Mac are five ways to do that. Page 43 23 Beta Man: Don Jones 49 How NOT to Design Active Directory At Long Last: SQL Server 2005 Learn how to do Active Directory design right from these Page 49 real-world case studies of those who have done it wrong. 55 Windows Insider: Bill Boswell Data Protection Manager REVIEWS 60 Security Advisor: 15 Virtual Idol 25 Your Turn Joern Wettern VMware puts on a stellar LCS 2005: Business- The State of Biometric virtualization performance with its Authentication latest version of Workstation. Grade Messaging with All the Extras 64 Ten: Paul Desmond 17 Get to Know Your Network Microsoft’s instant messaging Useful Microsoft Blogs How well do you know your environment matures into an network? NetSupport DNA will enterprise-class tool. give you the complete picture. ALSO IN THIS ISSUE 28 Redmond Roundup 19 Administration En Masse Write the Perfect Script 2 Redmond magazine online User Manager Pro helps you keep Need to go deep and seize control 6 Letters to Redmond tabs on your admin tasks. of your Windows systems? One of these tools can help you perfect the 63 Ad and Editorial Indexes art of scripting. COVER PHOTO BY GEOFF MANASSE 0805red_OnlineTOC_2.v4 7/14/05 12:41 PM Page 2

RedmondAUGUST 2005 mag.com

REDMOND COMMUNITY REDMONDMAG.COM Redmond Newsletters Exclusive August Issue Content Only on Redmondmag.com • Redmond Report: Our weekly e-mail There’s a lot going on in this month’s print issue of Redmond—so much, in fact, that newsletter featuring news analysis, we’ve had to move some of our regularly scheduled articles online, alongside the context and laughs. By Redmond’s extra information we always offer on the topics we cover. Editor in Chief Doug Barney. Because of this overflow, this month our FindIT codes FindIT code: Newsletters are more important than ever. When you see them in • Security Watch: Keep current on the the magazine, be sure to enter them at the top-right latest Windows network security topics. corner of any Redmondmag.com page to jump directly This newsletter features exclusive, to content like: online columns by Contributing Editor • Chris Brooke’s August Mr. Script column on using Russ Cooper of NTBugTraq fame. Devcon.exe to disable dirty connections when the FindIT code: Newsletters computer is connected to a private network. (FindIT Code: CleanUp). Discussion and Forums This month’s Mr. Script • A detailed feature comparison chart of the scripting Post your thoughts and opinions under column by Chris Brooke tools featured in this month’s Redmond Roundup on is available online using our articles, or stop by the forums for FindIT Code: CleanUp more in-depth discussions. p. 28. (FindIT Code: PerfScript) FindIT code: Forum • Extra information on deploying and using Microsoft Live Communications Server 2005. (FindIT Code: LCSExtras) Your Turn And much more. As always, FindIT codes are one word and are NOT case sensitive. If The interactivity center of the you have any feedback regarding our FindIT code system, or anything regarding Redmond universe, where you get to Redmondmag.com, be sure to let our Web editors know at [email protected]. express your views. FindIT code: YourTurn MCPMAG.COM • MCP Radio: Interviews with DesktopStandard’s Eric Voskuil and OTHER 101COMMUNICATIONS SITES Microsoft Changes Special Operations Software’s Magnus MCP Program ENTmag.com Lindegren on how their companies MCPmag.com Editor Special Report: “A Look at the Microsoft simplify the management of GPOs. Michael Domingo Security Response Center’s Playbook” • SBS Live!: Microsoft MVP and SBS looks at the changing Scott Bekker takes you inside the expert Andy Goodman heads a landscape of the Microsoft Security Response one-hour live chat with fans of Microsoft Certified Center process. Microsoft’s Small Business Server; Program and what it FindIT Code: ENTSecCenter Tuesday, Aug. 16, 7 p.m. EDT. means to the MCP MCPmag.com Editor CertCities.com community today. Michael Domingo Also this month: News: “CompTIA Raises Exam Prices 5 • Need answers for your Windows, FindITCodes Percent Worldwide” CompTIA raises prices for its A+, Exchange, security or troubleshooting Throughout Redmond magazine, Network+, Security+ and other problems? Send your questions to you’ll discover some stories contain FindIT codes. Key in those codes at exams worldwide. [email protected] to get help from troubleshooting expert Chris Wolf in a Redmondmag.com to quickly access FindIT Code: CCExamPrice expanded content for the articles new column, Tech Line. Chris is also a containing those codes. TCPMag.com virtualization guru and welcomes your Just enter the code (note that all questions on that topic. FindIT codes are one word, and are Pop Quiz: CCNA Pop Quizzes • In this month’s Scripting Answers, NOT case sensitive) in the box at Check out free practice questions from Don Jones offers a few ideas for effi- the top-right corner of any page Transcender, Measure Up and more. on Redmondmag.com. FindIT Code: TCPquiz ciently debugging your scripts.

2 | August 2005 | Redmond | redmondmag.com | Project6 4/1/05 2:50 PM Page 1

YOUR INFRASTRUCTURE MAY PROTECT EMPLOYEES INSIDE. What protects employees outside?

She works from home. She works from the road. And she endangers the network everywhere she goes. That’s why you need Websense software—to provide security protection at the desktop and beyond. Close the security gap. Download your free evaluation today. www.websense.com/mobile3

ChiefConcerns Doug Barney

Why I Bought a Mac RedmondTHE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY AUGUST 2005 ■ VOL. 11 ■ NO. 8 have six PCs and laptops running everything from DOS Editor in Chief Doug Barney and Windows 95 to Windows XP.That is exactly why I [email protected] Editor Paul Desmond bought my son an iBook for his twelfth birthday. [email protected] I Executive Editor, Reviews Lafe Low Faithful readers know the stress my The Mac has none of these short- [email protected] Managing Editor Keith Ward family’s PCs have caused. Viruses, spy- comings. What it does have is a [email protected] ware and other inexplicable phenomenon Ferrari-like price tag. That’s easy to News Editor Scott Bekker have hit us hard. Troubleshooting my justify for the occasional birthday [email protected] Assistant Managing Editor, Wendy Gonchar own machines is bad enough. I don’t present, but it would make me gag if I Web Editor [email protected] want the burden of keeping my kids’ was running a 10,000-seat enterprise. Editor, Redmondmag.com, Becky Nagel boxes running as well. Those hassles led It’s going to take more than a few CertCities.com [email protected] Editor, MCPmag.com Michael Domingo me to shell out $1,075 for a low-end Mac television commercials touting XP to [email protected] laptop. That’s roughly double the best keep the Mac and Linux forces at bay. Editor, ENTmag.com Scott Bekker deals you can get from HP and Toshiba. Redmond desperately needs a new OS [email protected] Associate Editor, Web Dan Hong Frustration is only one reason I to keep its rivals from nipping at its [email protected] bought the Mac for my son. Exposing monstrous market share. Contributing Editors Bill Boswell him to new things is another. David Longhorn will have to be insanely Chris Brooke already has a pretty slick, late-model great, remarkably stable and better at Don Jones HP desktop with all the bells and defending against viruses and other Joern Wettern some of the whistles. He’s using it to hacks than XP and IE—the Swiss Art Director Brad Zerbel learn about encryption, scripting and cheese of software. Despite its Senior Graphic Designer Alan Tao programming—and to play lots of problems, I happen to like XP a lot. If games. He’s already embarrassing me by the rivals keep getting better, though, Publisher Henry Allain asking technical questions I can’t I might just have to buy another Associate Publisher Matt N. Morollo Director of Marketing Michele Imgrund answer. Why get him another XP non-Microsoft box. Director of Audience Marketing Janice Martin machine so he can lug it around on Senior Web Developer Rita Zurcher vacation and over to friends’ houses? What Would Make You Switch? Marketing Programs Associate Videssa Djucich Besides, the Mac—loaded with Tiger, For the enterprise, moving from Director of Print Production Mary Ann Paniccia the latest OS—is new and very cool. Windows clients is a tall order. For one, Manufacturing & Carlos Gonzalez This experience has shown me that you have to be Distribution Director Microsoft’s desktop monopoly, while able to handle incredibly solid, may not last common file formats forever. There are alternatives. Linux will like .DOC and .XLS, eventually get there—although and continue working with I’m certainly not eager to Active Directory and other Enabling Technology Professionals to Succeed replace my XP frustra- common tools. President & CEO Jeffrey S. Klein tions with what could All the Linux Executive VP & CFO Stuart K. Coppens be a bigger dose of companies are eating Executive VP Gordon Haight Linux headaches. I’m their own desktop Senior VP & Sheryl L. Katz also not too keen on dog food, and Sun General Counsel Senior VP, Human Michael J. Valenti the Scott McNealy seems to be doing Resources terminal style of com- fine running SunRay Redmondmag.com puting in which you’re terminals, but Windows The opinions expressed within the articles and other contents dead in the water with- is woven deeply into herein do not necessarily express those of the publisher. Postmaster: Send address changes to out a high-speed connec- the fabric of corporate Redmond, 2104 Harvell Circle, Bellevue, NE 68005 tion. (However, I’ve got to computing. So what would admit that having a single iden- it really take for you and tity and set of files I can easily get to your shop to switch? Tell me at from a number of devices is pretty neat.) [email protected].—

4 | August 2005 | Redmond | redmondmag.com | Project6 5/10/05 3:22 PM Page 1

:PVSXFBQPO $PVOUFS4QZ&OUFSQSJTF $FOUSBMJ[FETQZXBSFFSBEJDBUJPO

4QZXBSF UIF OFX OVNCFS POF FOFNZ GPS *5 3FBMUJNF QSPUFDUJPO !CTIVE 2ECENT SURVEYS OF )4 SPECIALISTS SHOW THAT SPYWARE 0ROTECTION4- -ONITORS DELIVER REAL TIME INFECTIONS HAVE REACHED EPIDEMIC PROPORTIONS PROTECTION TO WORKSTATIONS TO REDUCE THE CHANCE 3PYWARE IS ONE OF THE MOST SERIOUS SECURITY THREATS AND PRODUCTIVITY OF SPYWARE INFECTION &ROM THE !DMIN #ONSOLE YOU HAVE THE ABILITY TO KILLERS TODAY )TS INSIDIOUS )TS CREATORS ARE WELL lNANCED RELENTLESS AND CENTRALLY CONTROL WHAT ACTIONS ARE TAKEN WHEN THESE MONITORS DETECT REMORSELESS &OR THE CHANGE ON THE DESKTOPS 5IF CFTU TQZXBSF EBUBCBTF JO UIF ENTERPRISE COMMON JOEVTUSZ 1FSJPE 4HE DATABASE BEHIND #OUNTER3PY %NTERPRISE HAS BEEN ANTISPYWARE CANT CUT IT INDEPENDENTLY VALIDATED AS THE BEST ANTISPYWARE DATABASE IN THE INDUSTRY $PVOUFS4QZ &OUFSQSJTF 7HY #OUNTER3PY %NTERPRISE BENElTS FROM MULTIPLE SOURCES FOR ITS ,OPDL PVU TQZXBSF SPYWARE DElNITION UPDATES INCLUDING 3UNBELTS 2ESEARCH 4EAM -ICROSOFT GSPN POF DFOUSBMJ[FE AND INFORMATION COLLECTED FROM CONSUMER USERS THROUGH 3UNBELTS MPDBUJPO #OMPANY WIDE 4HREAT.ET4- 3PYWARE DOESNT STAND A CHANCE 'SFF USJBM 'JOE PVU IPX SPYWARE MANAGEMENT NBOZ NBDIJOFT JO ZPVS PSHBOJ[BUJPO BSF JOGFDUFE /08 3CAN THE REQUIRES A REAL ENTERPRISE PRODUCT WITH CENTRALIZED MANAGEMENT MACHINES IN YOUR ENTERPRISE FOR FREE $OWNLOAD THE TRIAL AT #OUNTER3PY %NTERPRISE IS JUST THAT A SCALABLE POLICY BASED WWWSUNBELT SOFTWARECOMCSERED SECOND GENERATION ANTISPYWARE TOOL BUILT FROM THE GROUND UP FOR SYSTEM AND NETWORK ADMINISTRATORS TO KILL SPYWARE QUICKLY AND EASILY

-ÕLiÌ -vÌÜ>Ài /i\ £nnn /1/- Ènnn{xÇ® À £ÇÓÇxÈÓä£ä£ >Ý\ £ÇÓÇxÈÓx£ ÜÜÜ°ÃÕLiÌÃvÌÜ>Ài°V Ã>iÃJÃÕLiÌÃvÌÜ>Ài°V

^ÊÓääxÊ-ÕLiÌÊ-vÌÜ>Ài°ÊÊÀ} ÌÃÊÀiÃiÀÛi`°Ê ÕÌiÀ-«Þ >`Ê/ Ài>Ì iÌ >ÀiÊÌÀ>`i>ÀÃÊvÊ-ÕLiÌÊ-vÌÜ>Ài°ÊÊÌÀ>`i>ÀÃÊÕÃi`Ê>ÀiÊÜi`ÊLÞÊÌ iÀÊÀiÃ«iVÌÛiÊV«>iÃ°Ê 0805red_Letters_6.v3 7/14/05 11:46 AM Page 6

Letters to Redmond

Compare, Learn, Improve Nice to see such a good article (from a purely objective point of view) about Linux desktops on a “Redmond” site [Redmond Roundup, June 2005, “Desktop Linux: Ready for Prime Time?”]. That’s just how it should be: compare, learn and make better desktops. A happy Debian Linux user, Thomas van Oostveen Amstelveen, The Netherlands

Climbing the Food Chain blamed the DMZ for issues that related The Ray Ozzie interview was excellent more to server placement and configura- One of my solutions—to what I consider the [“It’s Groove Baby!” July 2005]. You tion (network-design issues) than the main shortcomings of DMZs—is better gave him a chance to talk, and his shortcomings of the DMZ. Also, any content inspection (which could be done in insights were fascinating. Way back time you give public access to some part conjunction with a DMZ). The other actually when in the early days of Exchange, I of your network, there are going to be takes the original idea of a DMZ one step suspected that some of the development risks. A DMZ helps mitigate, but does further to provide enhanced traffic control. By delays were due to trying to incorporate not completely negate, these risks. There using IPsec mutual authentication between Notes-like features in the product. And is only so much a DMZ can do if you hosts (but not necessarily for encryption), a it seemed at the time there were some design your network poorly. computer can actually confirm that network Ray Ozzie/Notes admirers at Microsoft, As someone with a Security+ certifi- traffic really originates from the host from which turned out to be true! cation, he should know that a firewall which it claims to come. And, because you can It is great to be climbing up the food and/or DMZ should not, by itself, be use IPsec to block all traffic that doesn’t orig- chain on interviews. The fact that Red- the sole means of securing your net- inate from specific trusted hosts and uses mond magazine gives these folks some work. But, condemning the concept of a allowed ports, you can create more effective air time and not just a few chopped up DMZ as a valuable security component network isolation than what is provided by a sound bites might encourage others is absolutely ludicrous. traditional DMZ. In other words, I certainly (like the rest of the CTO team) to Jon Banks, MCSE, Security+ don’t oppose network isolation, but I believe spend some time with you. If I ran Network Security Engineer that what traditional DMZs provide in this Microsoft’s PR Department, I would Marietta, GA respect is insufficient. always be trying to put more of a I understand your initial reaction to my human face on the company, and show- Thank you for taking the time to reply to my column, but I hope you can think about the case some of the other bright folks they article. I realized that my column would be issue again and come to a more charitable have on the payroll. controversial, and it is certainly turning out assessment. Either way, I do appreciate your Also, the Art Department gets that way. feedback and I hope you will continue to points—the layout, cover shot and use The reason I question the idea of a DMZ is provide feedback about my column and other of green and the type treatment—the that I regularly review network designs and I articles in Redmond magazine. issue looks fabulous! see DMZs being used in ways that don’t Contributing Editor and Security Erik Westgard increase security. They often provide a false Advisor Columnist Joern Wettern St. Paul, Minn. sense of security and represent wide open doors into a corporate network. I see these DMZ DMZ Shortcomings design problems in small companies, as well as Whaddya Think In reading Dr. Wettern’s article [July in large, multinational enterprises. 2005 Security Advisor, “Dump Your In my opinion, there are only a few Send your rants and raves DMZ”], I found that his criticism of protocols that lend themselves to using a about stories in this issue to ?! DMZs was flawed for many reasons. The DMZ. The prime example is an SMTP [email protected]. biggest criticism that stood out as I read relay server, but SMTP is a protocol that has Please include your first and last the article was that numerous times he changed little since DMZs were invented. name, city and state.

6 | August 2005 | Redmond | redmondmag.com | Project5 7/6/05 12:42 PM Page 1

ADVERTISEMENT A bigger threat than viruses? Why disk fragmentation is poised to outpace the virus as the biggest threat to productivity

What’s really at stake drive is the performance Why do we protect against viruses? bottleneck, and anything that Think about it. A virus causes a computer to slows down disk access slows slow down or stop, rendering the system down the entire system. less usable or unusable. That impacts productivity and costs you and your Protect now or wait organization time and money. When a until it breaks? computer is infected by a virus, someone How do you handle has to clean and repair it. That too costs viruses? Do you wait until a time and money. system is infected and the Fragmentation can have a disastrous effect on system reliability. From a productivity standpoint, disk damage is done, and then fragmentation causes the same damage as a clean and repair it? Of course not. Yet that’s The industry-leading solution virus. A buildup of fragmentation will cause how many computer users and system Diskeeper®, The Number One a computer to slow down or even crash, administrators handle disk fragmentation. Automatic Defragmenter™, is designed resulting in lost productivity. And someone They wait until fragmentation has already specifically to handle fragmentation proactively has to spend time fixing it. affected productivity, then manually . Diskeeper is a true “Set It and ® defragment the system. But as with a virus Forget It” utility. Like good real-time Disk fragmentation: infection, the damage has already been antivirus software, it works in the The enemy within done. (And as soon as they finish manually background, virtually unnoticed by the users. It can be centrally managed, reducing There is one major difference: Viruses defragmenting, fragmentation begins to re- administration time to bare minimums. come from outside. Disk fragmentation accumulate.) And like good antivirus software, comes from inside. Even a newly-formatted Conscientious computer users address Diskeeper pays for itself by eliminating PC with a fresh installation of Windows the virus issue proactively by installing fragmentation-related productivity losses will be moderately fragmented. (It’s true. antivirus software and updating it regularly. and the need to repair them. Try it yourself and see.) In a corporate environment, installation and Compounding the problem is the fact updates are usually automated so as to You’re already under attack that today’s drives, as well as the files we reduce the amount of administration time. Here’s the clincher: Your systems may store on them, are larger than ever and In order to avoid productivity losses, never face the threat of a virus. Antivirus growing rapidly. As a result, disk fragmentation must be handled the software is insurance, just in case. fragmentation is a bigger threat than ever. same way—automatically. Like antivirus But your systems do face the threat of Viruses work by attacking the weakest software, an automatic defragmenter fragmentation—every day, every hour, link—the unprotected computer or the protects a system’s integrity by detecting even as you read this. before careless user. Likewise, disk fragmentation fragmentation and eliminating it it attacks the weakest link: The disk drive. impacts productivity. Are you protected? Disk drives and disk arrays, fast as they may be, cannot transfer data anywhere near Protect your systems against the threat of fragmentation. as quickly as the CPU or memory. The disk Try Diskeeper free for 30 days www.diskeeper.com/redmond4 For volume license pricing and government or educational discounts, contact your favorite reseller or call 800-829-6468 reference number 4327

The Number One Automatic Defragmenter

OVER 17 MILLION LICENSES SOLD

©2005 Diskeeper Corporation. All Rights Reserved. Diskeeper, The Number One Automatic Defragmenter, Set It and Forget It, the Executive Software logo and the Diskeeper Corporation logo are registered trademarks or trademarks of Diskeeper Corporation in the United States and/or other countries. Microsoft and Windows are either registered trademarks or trademarks owned by Microsoft Corporation in the United States and/or other countries. Diskeeper Corporation • 7590 N. Glenoaks Blvd. Burbank, CA 91504 • 800-829-6468 • www.diskeeper.com 0805red_Report_8-13.v5 7/14/05 1:56 PM Page 8

August 2005 INSIDE: Microsoft feeds RSS to Longhorn. RedmondReport Page 12. Longhorn Lite Who says you have to wait for Longhorn to get those features?

BY SCOTT BEKKER awhile, even if Longhorn doesn’t miss nally planned for Longhorn that Mainstream support ran out for more deadlines. Microsoft later decided to pull into Windows 2000 Professional at the Faced with the long lead time to Long- Windows XP include the Avalon beginning of last month. So the clock horn, Microsoft is under pressure to keep presentation subsystem, the Indigo must be ticking for Windows XP the aging Windows XP operating system communications subsystem and IE 7.0, Professional, which shipped a mere 20 improving or it’ll leave a crack for eager with its further security enhancements months later, right? Nope. competitors to slip through. It’s very sim- and tabbed browsing. There’s even talk Windows XP’s mainstream support ilar to the situation the company faced of the WinFS storage subsystem, if it will last much longer under a clause in with SQL Server 2000 during the long actually ships, being made available Microsoft’s current support lifecycle wait for Yukon. To keep SQL Server for Windows XP. policy. Main- 2000 fresh, Microsoft dribbled out new With the subsystems, given the sup- NewsAnalysis stream sup- features—items like Reporting Services port horizon for Windows XP, port lasts for and Notification Services that added Microsoft has little choice. Windows five years, or two years beyond the valuable functionality, even if they XP is going to have a larger installed release of the latest version, whichever weren’t the full-featured versions that base than Longhorn for years. Devel- is longer. XP’s mainstream support is would appear in Yukon. opers won’t target the new technologies currently slated to run until Dec. 31, The approach has been the same on for a tiny portion of the installed base. 2006—just about when Windows the Windows client side, and all indica- Search is another area of focus for Longhorn is supposed to ship. That tions are that the trend will continue. Longhorn that Microsoft is bringing to translates to a two-year grace period on Windows XP Service Pack 2 was the XP. MSN Desktop Search adds a lot of Windows XP mainstream support until most obvious example, with its Win- the kinds of functionality promised for very late in 2008. dows Firewall, new version of Internet Longhorn. (Competitive downloads Not all support cuts off at that Explorer, general security overhaul and from Google and Yahoo! provide great date; that’s just when the extended Group Policy enhancements, among searching of Windows systems right phase begins. New feature requests other things. now, too.) won’t be considered after 2008, but Plenty of things are working their way There are places that Longhorn will you’re still entitled to new security back into the Windows XP code-base go where Windows XP can’t follow. patches until late 2013. So Windows from the Longhorn development team as The Aero interfaces and the new folder XP is officially going to be around optional downloads. Other items origi- Continued on page 13 BytheNumbers

As Microsoft attempts to expand its midmarket presence with a new three-server/50 CAL package for Windows How Big Am I Now? Server System, the company is talking about its internal model for classifying customers. Check the chart below to see where you fit. Individual metrics are rough and vary depending on vertical industry and other factors, so an otherwise small company may have a midsize IT staff and an enterprise level of servers. PCs Employees IT staff Servers Organizations fitting this description worldwide Small 1-25 1-50 0 0-2 41 million (includes home offices) Midsize 26-500 51-1000 0-7 3-9 1.2 million Enterprise 501+ 1001+ 8+ 10+ 18,000

Source: Interviews with Microsoft

8 | August 2005 | Redmond | redmondmag.com | Project2 7/11/05 4:41 PM Page 1

FREE 30 DAY EVALUATION www.scriptlogic.com/missing

...can really hurt. Unless everything is patched, you’re vulnerable.

Trust the dependability and security of Patch Authority Plus™ from ScriptLogic - your prescription for comprehensive, enterprise-class patch management

Simplify the process of updating Windows desktops and servers from a central location Deploy patch updates in just two simple steps Deliver patches with greater security and less down time Protect your network with interactive or scheduled patching

> www.scriptlogic.com/missing

Evaluate a fully-functional, 30-day trial version of Patch Authority Plus and Get a FREE T-Shirt* Call 1-800-424-9411

© 2005 ScriptLogic Corporation. All rights reserved. ScriptLogic, Patch Authority Plus and the ScriptLogic logo are trademarks or registered trademarks of ScriptLogic Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademark of their respective owners. * Offer good while supplies last. Allow 4-6 weeks for delivery. Document 1 7/7/05 3:05 PM Page 1

> www.scriptlogic.com/usbdrive

Receive a 256MB USB drive, compliments of ScriptLogic!

You're just two steps away from getting your USB drive: 1 Be one of the first 200 people to download and install one of ScriptLogic's* award-winning network administration solutions. Download now at www.scriptlogic.com/usbdrive 2 Then call 1-800-424-9411 and speak with your ScriptLogic Account Executive – and we'll send you a FREE 256MB Portable USB drive!*

– Point, Click, Done.

www.scriptlogic.com/usbdrive – Call 1-800-424-9411

* Offer good on any ScriptLogic solution except for AutoShare. USB drive available to first 200 respondents that download trial version and call a ScriptLogic Account Executive. Document 1 7/7/05 3:05 PM Page 2

Don’t miss out on improved Security... Compliance... and Productivity...

You’re covered with ScriptLogic’s innovative software solutions. Our solutions not only meet your security and compliance requirements – they increase productivity at the same time!

Our leading products, including Desktop Authority®, Enterprise Security Reporter™ and Active Administrator™ empower you to: • enforce desktop, server and Active Directory security • facilitate both regulatory and standards compliance • increase productivity of the administrator and the user

Find out for yourself... visit www.scriptlogic/usbdrive and download a FREE fully functional, 30-day trial version of any ScriptLogic solution* today! And, if you’re one of the first 200 to download a trial and call us, we’ll send you a 256MB Portable USB drive – absolutely FREE!**

www.scriptlogic.com/usbdrive – Point, Click, Done. 1-800-424-9411 © 2005 ScriptLogic Corporation. All rights reserved. ScriptLogic, Desktop Authority, Enterprise Security Reporter, Active Administrator, and the ScriptLogic logo are trademarks or registered trademarks of ScriptLogic Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. ** Allow 4 to 6 weeks for delivery of USB drive. 0805red_Report_8-13.v5 7/14/05 1:56 PM Page 10

RedmondReport

A roundup of Windows- EventLog related happenings The Battle for Virtual Earth is On Every so often a PC application comes along that harnesses all the power of the latest technologies in a way that makes you sit up and take notice. The most recent of these is Google Earth, which posted as a beta last month. The 10MB download from http://earth.google.com offers aerial maps in breathtaking detail of rooftops, roads and trees. The real magic comes in the marriage of the images with street maps and databases of restaurants, hotels, gas stations and other location information. (The smooth flyover effects are pretty nifty, too). Looking down from Mt. Everest in Google Earth.

As with desktop search, it’s not date to late in the second half. integration capabilities. A new yet clear where the money is, but Now the software giant is back on Small Business Edition is also on Microsoft is hot on Google’s trail. the original timetable. Release to tap specifically for users of Our Himalayan screenshot (this manufacturing is set for Aug. 8 or Microsoft Small Business Server page) notwithstanding, most of sooner, with general availability 2003 Premium Edition. the maps are not 3-D, but rather within 60 days. give an overhead view. Microsoft Professional Developers plans a version this summer Staggered Rollout for Conference called Virtual Earth with a 45- Microsoft CRM The schedule calls for Longhorn, degree angle view of the world. You can get your hands on Longhorn, Longhorn—and a little Google says it’s working on 45- Microsoft CRM 3.0 in the fourth Office 12—at the Microsoft Pro- degree views, too. So sit back quarter—if you’re one of the fessional Developers Conference and be wowed by the benefits of 4,000 organizations already next month in Los Angeles. You competition. using it, that is. Microsoft elected may recall that the 2003 version to pursue a staggered rollout for of this show was the official Data Protection Manager the next version of its customer unveiling of Longhorn and the Fake-Out relationship management product, introduction of such OS pillars as Microsoft is pulling the rare which has skipped directly from Indigo, Avalon and WinFS. Now, ahead-of-schedule release—sort version 1.2 to 3.0. Expected to be with the operating system closer of—with its new System Center released to manufacturing in to release, the details unveiled at Data Protection Manager server October, the product will be PDC 2005 will, hopefully, be a for disk-based backup and generally available throughout little more solid. With the first recovery. Originally billed as a the fourth quarter to existing Longhorn beta scheduled to be second half 2005 deliverable, customers. Widespread availability out the door well before the Microsoft narrowly missed the of 3.0 is slated for 2006. Key show, expect a lot of detail on beta delivery target this spring areas of focus in the upgrade are subsequent features. and revised its final delivery configuration, customization and — SCOTT BEKKER

10 | August 2005 | Redmond | redmondmag.com | Project1 6/30/05 10:17 AM Page 1

- 9"1, 7, -- -- "" /" "¶

iÌÊÌÊÊÌ iÊ>ÌiÃÌÊ >` i`ÃÊ>`ÊÃÌÊ««Õ>ÀÊ iÌÜÀÃp>ÊÜÌ Ê>ÊÌÕÌÛiÊ"ÕÌiÊÌiÀv>Vi°

'OOD,INK» ENTERPRISE SOFTWARE DOES WHAT NO OTHER WIRELESS MESSAGING SOLUTION CAN )T PUTS THE FAMILIAR LOOK FEEL AND FUNCTIONS OF -ICROSOFT¸ /UTLOOK¸ ON A VARIETY OF PALM/3 AND 0OCKET 0# HANDHELDSUSING ALL THE MOST POPULAR NETWORKS

7ITH 'OOD YOU CAN ALSO WIRELESSLY ENABLE #2- %20 3&! AND OTHER BUSINESS APPLICATIONS !LL WITH ENTERPRISE CLASS SECURITY ROLE BASED ADMINISTRATION AND TRUE OVER THE AIR PROVISIONING AND MANAGEMENT

iÌ Ì i v>VÌÃ Ü ÜÌ > , Li ÜÀiiÃÃ vÀ>Ì Ì° > nÇÇÎ{ÈÈÎäÈ À ÛÃÌ ÜÜÜ°}`°VÉvÀiiÌ

^ÓääxÊ`Ê/iV }Þ]ÊV°Ê`]Ê`Ê/iV }Þ]ÊÌ iÊ`Ê}]Ê>`Ê`Ê>ÀiÊÌÀ>ì>ÀÃÊÀÊÀi}ÃÌiÀi`ÊÌÀ>ì>ÀÃÊvÊ`Ê/iV }Þ]ÊV°ÊÊÌ iÀÊÌÀ>ì>ÀÃÊ >ÀiÊÌ iÊ«À«iÀÌÞÊvÊÌ iÀÊÀiÃ«iVÌÛiÊÜiÀÃ°Ê-VÀiiÊ>}iÊÃÕ>Ìi`°Ê«>"i]Ê/ÀiÊ>`ÊÌ iÊ}ÃÊ>ÀiÊ>}ÊÌ iÊÌÀ>ì>ÀÃÊÀÊÀi}ÃÌiÀi`ÊÌÀ>ì>ÀÃÊÜi`ÊLÞÊÀÊViÃi`ÊÌÊ «>"i]ÊV°ÊI/ À`Ê«>ÀÌÞÊÃvÌÜ>ÀiÊÃ`ÊÃi«>À>ÌiÞ°Ê,iµÕÀiÃÊÜÀiiÃÃÊ`>Ì>ÊÃiÀÛViÃÊ>`Ê-*ÊÃ`ÊÃi«>À>ÌiÞ°Ê7ÀiiÃÃÊVÛiÀ>}iÊ>ÞÊÌÊLiÊ>Û>>LiÊÊ>Ê>Ài>Ã° 0805red_Report_8-13.v5 7/14/05 1:56 PM Page 12

RedmondReport Microsoft Feeds RSS to Longhorn Microsoft is changing IE, the OS and RSS itself to change the way users interact with the Web.

BY SCOTT BEKKER browsing, the little technology over favorite conspiracy theory for the Microsoft took a hard look at Really which Microsoft went to the mat with moment. The company produced Simple Syndication and concluded the U.S. Department of Justice. something called Simple List that RSS is good for a lot more “RSS is key to how people will use the Extensions; and so far RSS 2.0 spec than notifying readers of a favorite Internet in the future by automatically author Dave Winer and legal delivering the information that is scholar/outspoken copyright opponent important to them,” Hachamovitch Lawrence Lessig have offered qualified said. Wearing a “Longhorn (heart sym- support. Microsoft made the extensions TECHWatch bol) RSS” T-shirt, Hachamovitch available through Lessig’s Creative Tracking the Technology Lifecycle demonstrated that Longhorn’s version Commons, which offers flexible of IE will have an RSS icon that lights copyright arrangements for creative blogger’s latest post or as a venue for up when it reaches a page that offers an work. What the Simple List Extensions news sites’ latest headlines. opportunity to subscribe to a feed. bring to RSS is freedom from the To be sure,the big unveiling of Users will be able to view the RSS feed time-ordered nature of RSS feeds. Microsoft’s new plans for RSS in the directly in the browser, and Microsoft is The current system presents the most Windows Longhorn operating system designing the process of adding RSS recent items first, with older items at the Gnomedex 5.0 conference this feeds to be as simple from within IE as fading away after awhile. What summer wasn’t the first time Microsoft adding “favorite” Web sites. promised RSS for Longhorn. Back in Those are the user interface changes, 2003, Microsoft talked about putting and they are significant. As it stands, to FunFact RSS feeds in a Longhorn desktop UI take advantage of RSS, a user has to be feature called the Sidebar. RSS, however, aware of the technology; actively seek There are an estimated 60 million was literally relegated to the side of the out an RSS aggregator; select an blogs worldwide, and the majority are screen. (At WinHEC this spring, aggregator from the dizzying array of available via RSS or similar formats. Microsoft indicated the Sidebar feature choices; and (in most cases) remember to probably won’t be in Longhorn.) launch the aggregator on a daily basis. Microsoft’s extensions do is create a way Now Microsoft has an RSS team. The Making RSS trivial to use from the for items to persist, such as Top 10 lists. Gnomedex announcement of Microsoft’s world’s most widely used browser has the Under the extensions, users might only new RSS strategy came from Dean potential to ignite end-user adoption of receive RSS notifications when an item Hachamovitch, Microsoft general man- the technology—no mean feat. None of has moved a few places in the ordered ager for Longhorn browsing and RSS. that, however, expands RSS beyond the list, or a new item has come in. The Think about that title for a second. It current paradigm, in which users extensions also add a standard place to puts RSS on nearly equal footing with subscribe to a blog or news feed and add properties, giving publishers a place receive the most recent items. to embed useful information about the Things get interesting on the back feed, item or enclosure. end. RSS 2.0 includes an extension At the same time, Microsoft is mechanism that allows publishers integrating RSS into the Longhorn and clients to define additional platform via three components. A elements. Microsoft never met an Common RSS Feed List and Common opportunity to make extensions RSS Data Store will be available to all to a standard that it didn’t applications. A user who subscribes to embrace, but put down your an RSS feed in IE can also view the same feed—without resubscribing— TechWatch Meter: RSS in Windows and the data from that feed in an RSS

12 | August 2005 | Redmond | redmondmag.com | 0805red_Report_8-13.v5 7/14/05 1:56 PM Page 13

RedmondReport

Continued from page 8 structure aren’t likely candidates for emulation. Other exclusive end-user Red Hat Directory Plays features will probably emerge in the Beta 1 and Beta 2 stages of Longhorn Nice with NT & AD testing. As with SQL Server 2005, ed Hat released its directory Red Hat Directory Server has an Longhorn should also make major service this summer, and .MSI package that can be loaded on a strides in the fundamentals (See our this old dog knows a few domain controller to allow cross- interview with Jim Allchin on p. 34) R that the older products can’t touch. new Windows tricks. It’s an old synchronization between NT or AD Administrators who ripped out their dog because it has its roots in and Red Hat Directory Server. This Windows 2000 Professional infra- Netscape’s Directory Service, means you can create an AD user and structures the day Windows XP came which went to AOL then Red Hat. have it automatically show up in out will be doing the same when In true Red Hat spirit, the Linux RHDS. Or, on Linux, change a user’s Longhorn arrives. But if you keep cur- distributor open sourced the product password, and have it automatically rent with your Windows XP updates, in two free flavors. Fedora Directory synchronize to AD. In short, this your users will wind up with a func- Server is supported only through commitment to “playing nice” with tionally much-improved operating the Fedora community. Red Hat Microsoft appears truly genuine. system over the gold code version— Directory Server (RHDS) enjoys full While the Red Hat/Fedora Directory practically a Longhorn Lite. When Red Hat support if the Red Hat server Server is a nice addition to the Red Longhorn does finally roll off the pro- it’s loaded on is under a Red Hat Hat lineup, it’s not quite as capable as duction lines, you can take your sweet time to deploy it. support contract. AD. While Red Hat Directory Server, Even if your internal PC replacement When it comes to Windows, like AD, is now multi-master for schedule calls for new PCs this year, the major new addition since the writes, Red Hat only supports writing consider this: Windows XP Profession- directory’s Netscape days is native to four nodes at once. al loaded on new PCs bought this year compatibility with Windows NT 4.0 — Jeremy Moskowitz, could ride out an entire three-year life- and Active Directory. Specifically, the Moskowitz-inc.com. cycle on mainstream support.—

aggregator, media player, photo item in a list of most popular items can time a new picture of the grandkids is software or other applications. (RSS embed such information as price or posted to a photo blog. 2.0 adds support for “enclosures,” files average customer rating. There are a lot of challenges to such as photos or audio included in the Calendaring scenarios are a major implementing RSS well. Microsoft is RSS feed.) Microsoft is also building focus for Microsoft. An attendee of a promising some of the end-user focused in an RSS Platform Sync Engine to use business conference might be able to get aspects in Longhorn Beta 1 this summer, idle network bandwidth when possible a feed of conference calendar data— and it will be interesting to see how to automatically download subscribed- receiving updates to the overall schedule, intuitive they can make the RSS parts. to RSS data and enclosures for use by other events or session location changes. The company is promising more detail any application. Without going to a site to check, the about the back-end at its Professional As an example of how broadly session location could be updated in Developers Conference in September. Microsoft is thinking about RSS, the attendee’s calendar program, such If Microsoft can keep the developer consider the scenarios the company is as Microsoft Outlook. Microsoft is community excited, the company is in a promoting. There are generic lists, also thinking about digital photo strong position to change the way the such as Top 10 songs from a music site, management scenarios, using the majority of users interact with the Web. a wish list from an online retailer enclosures for photos. For example, Instead of always driving our browsers (Amazon is on board already) or a grandparents might subscribe to a feed out to the places we want to go, our user’s ranking of favorite restaurants. that automatically downloads photos to browsers and RSS could really start In the online retailer example, each their photo viewing software every fetching what we need for us.—

| redmondmag.com | Redmond | August 2005 | 13 Project1 3/31/05 12:48 PM Page 1

Are You Preventing Exchange Server Failure, or Just Preparing for It?

Reactive measures won’t prevent a disaster, repair problems or accelerate performance.

As an administrator, you understand the mission-critical nature of the collaborative information that flows through your Exchange servers. In today's dynamic business environment, your servers are strained to the limit, and failure is not an option.

Prepared for the Worst? To protect the information flow and minimize the cost of unplanned Exchange server downtime and data loss, organizations devote enormous resources to reactive solutions such as continuous back-up, monitoring, and high-availability systems. Many organizations also implement Exchange archive solutions to comply with legal and other regulations such as HIPAA and Sarbanes – Oxley.

Reactive vs. Proactive Solutions Reactive and archive solutions only protect you if your Exchange Exchange Database Before databases are healthy. But the Exchange database is the Achilles • Degraded performance heel of the entire operation. Therefore, the key to preventing • Questionable stability • Bloated message store server failure is to implement a proactive solution that ensures • Erratic and strange behavior the health, stability, and optimization of the Exchange databases. • Multiple errors and warnings • Deleted items still intact Protect Yourself with GOexchange GOexchange, from Lucid8, is the only automated preventative Exchange Database After maintenance solution for Microsoft Exchange 5.5, 2000, and • Optimized message stores • Reduced store size by 38% 2003 that prevents disasters, repairs problems and improves • 1557 errors removed performance. GOexchange minimizes unplanned downtime, checks • 232 warnings corrected • Increased performance & stability and corrects errors, and increases performance and stability • Deleted items completely removed by rebuilding indices and reducing the size of your Exchange information stores by 30 to 55%.

See for yourself why organizations worldwide are implementing GOexchange. Download your FREE demo now at www.Lucid8.com, Go to www.Lucid8.com/GOexchange or call 425.451.2595. – review the Whitepapers and Case Studies, then evaluate GOexchange, and get a FREE t-shirt.* *see website for details 0805red_ProdRev15-20.v8 7/14/05 4:01 PM Page 15 ProductReview Virtual Idol VMware puts on a stellar virtualization performance with its latest version of Workstation.

VMware Workstation 5.0 $189 (download version), $199 (packaged version) VMware Inc. 650-475-5000 www.vmware.com

BY JEREMY MOSKOWITZ nearly the same performance as Figure 1. You can specify how much bandwidth the WAN link will I couldn’t stop watching last time. simulate (including a percentage of packet loss) between your “American Idol” this year, If VMware Workstation “teamed” virtual machines. not because I was enamored 5.0 was a contestant on of any particular contestant. “American Idol,” any one of mouse control got “stuck” and restore” feature. It takes a I watched to hear the these responses would be in the Task Manager. little longer to get going, but judges’ comments about equally valid. Let’s take a Also, I tried to rename a I haven’t encountered the each contestant. Here’s a closer look at this new tool guest while it was running. same sluggishness since I breakdown of the judges’ and see where it earns its I did this from within the deactivated this new feature. typical responses: cheers and jeers. VMware Workstation 5.0 • Randy: I don’t know. It hit console. Again, something Issue No. 3: The “team the mark in some places but it What Randy Would Say strange happened to the thumbnail” view is didn’t work for me in others. I hit a few snags as I mouse. When I pressed the unacceptable when my • Paula: That was fabulous! was testing VMware first key to rename the host’s resolution is at Your performance this round Workstation 5.0. There guest, the mouse was 1024x768 mode was better than the last! were three main issues that snapped back into the When machines are teamed, • Simon: Honestly, I don’t know hampered my experience, so guest. To successfully there’s a snazzy new thumb- what Randy and Paula see. It’s I asked other users if they rename the guest, I had to nail view of what’s going on in had similar experiences. suspend the guest, rename the other guest machines. REDMONDRATING Some had these issues it and resume. While this is a nice feature, it Documentation: 20% ____ 9 and others didn’t. Your takes up too much screen real Installation 20%______10 experience may vary. Issue No. 2: Guests com- estate when I’m presenting at ______Feature Set: 20% 9 ing out of suspension can a 1024x768 resolution. I can’t Performance: 10%______9 Issue No. 1: Occasional have sluggish performance find any way to turn it off, Management: 30% ______9 erratic mouse and Once Workstation 5.0 guests other than not to use teams. Overall Rating: 9.2 keyboard support were out of suspension, I These issues would be ______During my testing, mouse found their performance a enough to make Randy say, Key: 1: Virtually inoperable or nonexistent control became inexplicably bit sluggish. I thought it was “Yo dog, I liked it, but it 5: Average, performs adequately non-responsive. Doing the just me, but a colleague expe- didn’t always work for me.” 10: Exceptional Ctrl-Alt-Delete combo rienced the same thing. So,

With an overall rating of would snap mouse control when I’m using guests with What Paula Would Say 9.0 or higher, this product earns a Redmond Most back to my real machine, Workstation 5.0, I disable the VMware Workstation 4.5 Valuable Product award. but strangely enough, the new “background suspend was already excellent. It was

| redmondmag.com | Redmond | August 2005 | 15 0805red_ProdRev15-20.v8 7/14/05 4:01 PM Page 16

ProductReview

fast, solid and had all the with a certain percentage of is great, because it means Multiple Snapshots features I needed to get the packet loss (see Figure 1, that new guests only use the Workstation 5.0 also lets job done. Version 5.0 comes p.15). Before, you needed an space they need. Virtual PC you “fork” an installation to replete with a gaggle of expensive WAN simulator. does this well, and with a create an image. It then essential new tools and some little elbow grease, you takes that idea to the next whiz-bang features. Templates and Clones could accomplish the same logical level by letting you Microsoft’s Virtual PC has a thing with VMware take multiple snapshots Teams feature called “differencing Workstation 4.0 and 4.5. of the same image. In I have several “sets” of guests drives.” The idea is that you However, the problem short, you can “fork” an I use for demonstrations and create a baseline machine with differencing drives is underlying guest at any testing purposes. Worksta- with Windows Server 2003, twofold. First, if you inad- time, load different tion 5.0 makes it easy to start for example, then “fork” the vertently start up (and software, then do it again. therefore change) the For example, if I wanted to underlying baseline image, demonstrate how a custom- you’ll have to re-establish written Visual Basic script the guests that were linked reacted to each version of to this baseline because Office (2000, XP and 2003), their reference point will I could simply create three have changed. Workstation snapshots of the same system, 5.0 fixes this problem by then load the script and easily using templates. Once switch between each snapshot you’ve set up your baseline to repeat the demonstrations. guest, you make a template In my estimation, this is of that guest. That process one of the biggest new marks the underlying features for Workstation 5.0. baseline as read only, and It will forever change the lets you clone it. way I use VMware to Figure 2. Workstation 5.0 lets you take multiple snapshots from You can create two types conduct demonstrations. the same original baseline image. of clones. A “linked clone” makes a fork from the Odds and Ends up one bunch of guests to installation. You could then underlying baseline image There are numerous run a group of tests and use one server image to and lets you install the other odds and ends in another bunch for another demonstrate Exchange and software you need, but runs Workstation 5.0 that are group of testing. In other another to demonstrate it based on the original tremendous improvements words, you can suspend and SQL, for example. baseline image. A “full over its predecessor—and its unsuspend each group (or Instead of loading two clone” is a complete new competition. Some highlights “team” in VMware parlance) specific guest machines— image, including the include better USB support with a single click. If that one with Windows Server baseline and a specific for guest machines; a better was the extent of how Work- command-line interface to station 5.0 handles teams, it VMware’s performance in this round outshines start, stop and suspend would still be a cool feature, its previous performances. machines; a way to make but there is a lot more to it. AVI-style movie files (to Specifically, when demonstrate tasks); and an machines are “teamed,” 2003 and Exchange and guest. This gives you the add-on tool that can import Workstation 5.0 lets you another with Windows best of both worlds. It existing Microsoft Virtual PC specify how much band- Server 2003 and SQL makes it easy to use guests guest machines and spit them width to simulate between Server—you could have a that take up minimal out as ready-to-use VMware the machines in the team. baseline machine with amounts of hard drive Workstation 5.0 guest This is a fantastic way to Windows Server 2003, and space, but if the need arises machines—leaving the simulate how applications simply have two, much to move those guests to original Virtual PC guest react over WAN links, smaller guests for SQL another machine, it’s a alone and intact. including what happens Server and Exchange. This simple process. Continued on page 20

16 | August 2005 | Redmond | redmondmag.com | 0805TMSanJoseFinal.qxd 7/12/05 3:29 PM Page 1

Network and Certification Training for Windows Professionals San Jose, CA October 17-21, 2005

Over 90 sessions categorized into tracks:

Cisco Certified Microsoft Certified Microsoft Certified Network Associate Systems Administrator Systems Engineer (CCNA)/Infrastructure (MCSA) (MCSE)

Security System and Network Scripting Troubleshooting Windows/Linux Integration

PRESENTED BY:

TechMentorEvents.com 0805TMSanJoseFinal.qxd 7/12/05 3:29 PM Page 2

TechMentor Why Choose TechMentor? When you attend a TechMentor conference, you San Jose: have personal access to the most respected instructors in the industry. Since 1998, TechMentor has pro- Spread vided in-depth, technical training from world-class instructors for thousands of Windows networking Your Wings professionals. Our attendees leave fully capable to manage their networks smarter, faster and more his fall’s TechMentor goes beyond the basics— effectively. Did you know that… even beyond Windows! The premiere conference > More than 90% of TechMentor attendees say they for IT pros is expanding its offerings to cover more would attend again. T of what you do in your job every day, adding > Our instructors are also authors, giving attendees coursework on Linux and Cisco. Windows, of course, real-world information. remains at the core of what we do; but you’ve got more > The same networking experts that write for on your network than just Windows; you need to know Redmond magazine and MCPmag.com produce how to manage and secure Linux servers, routers and the content of TechMentor. your entire network infrastructure. > TechMentor is an independent organization provid- Another unique aspect of TechMentor is its certification ing objective assessments of products and vendor- preparation, offering courses to get you ready to take the neutral advice. MCSA and MCSE exams. For our San Jose show, we’ve added training for another certification essential for any administrator: the Cisco Certified Network Administrator (CCNA). If you have networking, routing or firewall Who Should Attend responsibilities, this is where you need to be. So what else is new at TechMentor? Security! Well, > Systems Administrators security isn’t new; we’ve had great security content all > Network Administrators and Managers along. The difference is that now we’ve added it to our > Network/Systems Engineers track style of training, building step-by-step to cover the > MCPs, MCSAs and MCSEs basics and working up to more advanced coverage of > IS/IT Managers and Directors higher level issues. > Security Specialists You’ll also be glad to know we’ve retained the best > Help Desk / Tech Support Professionals content from previous shows. Along with our MCSA and > IT/Network/Systems Analysts MCSE training tracks, we’ve kept the Scripting and the > Consultants Troubleshooting track, helping you resolve the thorniest problems you face in running your network. All this information and training is served up by some of Exhibit Hall the best names in the business, including Mark Minasi, Don Jones, Steve Riley, Roger Grimes, Todd Lammle, Derek Melber, Bruce Rougeau and more. All the knowl- Tuesday, October 18 edge in the world does no good if the instructor can’t Exhibit Hall Open 11:45am - 2:30pm explain it to you in a clear and entertaining way; that’s Exhibit Hall Open & Reception 4:30 - 7:00pm where our speakers shine. Consulting Hour 4:30 - 5:30pm It all adds up to the best technical conference anywhere: thorough and deep Windows information, network Wednesday, October 19 infrastructure coverage, saturation bombing of security Exhibit Hall Open 11:45am - 2:00pm topics and hard-core Linux instruction to make your network hum. If you’re ready to soar beyond the boundaries of what you thought you could do, set your sights on San Jose and join us for a week of learning that will give you a new perspective on your future. Table of Contents Instructors ...... 3 Best, Program-At-A-Glance ...... 4-5 Course Descriptions ...... 6-17 Registration and Travel ...... 18-19

Keith Ward Chairman, TechMentor Conference

2 TechMentor | Networking and Certification Training for Windows Professionals 0805TMSanJoseFinal.qxd 7/12/05 3:30 PM Page 3

INSTRUCTORS

Dan Aguilera, V.P. at GlobalNet Training, Inc, is a CCNP/CCSP and Jeremy Moskowitz, MVP, MCSE founder of Cisco Certified Voice Professional (CCVP), as well as a Certified Ethical Moskowitz, Inc. (Moskowitz-inc.com), is an independent Hacker (CEH) and Computer Hacking Forensic Investigator (CHFI), with consultant and trainer for Windows technologies. He over 15 years of networking experience. runs GPanswers.com, and WinLinAnswers.com community forums to answer tough Group Policy and Windows/Linux Integration questions. His latest book is Roger A. Grimes, CPA, MCSE:Security Practical Windows & Linux Integration: Hands-on Solutions (NT/2000/2003/MVP), CISSP, CEH, CHFI, TICSA is for a Mixed Environment (SYBEX). Jeremy frequently contributes to the author of over 150 magazine articles and 5 books Redmond magazine and is the Linux track manager at TechMentor. on Windows security. He’s a consulting favorite for some of the world’s largest companies, including Gary Olsen, MCSE, is a consultant with Hewlett- Microsoft, McAfee, Navy, Army, Verisign, and Packard’s Americas Escalation Team, which provides Bridgestone/Firestone. His sessions are highly ranked for customer support for Windows (NT/2000/2003) and all their useful advice, technical detail, and humor. other Microsoft products. Gary worked in the Windows 2000 and 2003 Rapid Deployment Programs Jeff Hicks MCSE, MCT, is a Senior Network Engineer at Microsoft. He helped develop and teach Windows with Visory Group, as well as principal consultant of 2003 AD readiness training. He has written several JDH Information Technology Solutions. He has been in Microsoft Knowledge Base articles, numerous articles and writes occa- the IT industry for over 14 years, doing everything from sionally for Redmond magazine. He authored the book Windows 2000: help desk support to project management. He is cur- Active Directory Design and Deployment (New Riders). rently a contributing editor to ScriptingAnswers.com. Steve Riley is a senior program manager in Microsoft’s Don Jones is the owner of ScriptingAnswers.com, a Security Business and Technology Unit. Steve special- contributing editor to Redmond magazine, and a colum- izes in network and host security, communication pro- nist on CertCities.com and MCPmag.com. Don has tocols, network design, and information security poli- written more than a dozen I.T. books, including cies and process. His customers include various ISPs Managing Windows with VBScript and WMI (Addison- and ASPs as well as traditional enterprise IT customers, Wesley). Don is also an independent technology consult- for whom he has conducted security assessments and risk ant, with a focus on security and automation in Microsoft- analyses, deployed technologies for prevention and detection, and centric environments. designed highly-available network architectures. Steve is a frequent and popular speaker. Todd Lammle, CCNA/CCNP/CEH/CEFI/FCC RF Licensed, popular Sybex author and trainer, has been Bruce Rougeau, MCSE, MCP+I, MCT, Citrix Certified involved in computers and networking with Fortune 500 MetaFrame Administrator, began designing and imple- companies for over two decades. He has worked for menting a three-tier architecture for an automated med- companies such as Hughes Aircraft, Xerox, Texaco, ical record system in 1998. The most recent thin-client Toshiba, Cisco, AAA, and IBM to consult on both bound- implementation was deployed using Citrix’s WinFrame ed and unbounded media technologies. Todd has shared his utilizing 1,000 Windows-based terminals and fewer than knowledge and experience in more than 40 Sybex study guides. Todd 20 PCs. Currently he works for EDS as an infrastructure Lammle is President of GlobalNet Training and CEO of RouterSim, LLC. architect focusing on networks, Web servers, thin-client computing and 32-way Intel Data Center solutions. Darren Mar-Elia is Quest Software’s CTO for Windows Management and a Microsoft MVP. Darren Greg Shields, MCSE: Security, CCEA, is a senior sys- has more than 19 years of experience in systems tems engineer with Raytheon Company. A regular con- and network administration design and architecture. tributor to Redmond magazine, Greg has developed His expertise is on large-scale enterprise implemen- extensive experience with architecting and administer- tations of Windows infrastructures in distributed and ing enterprise collaboration systems using Microsoft, data center environments. Darren has been a contribut- Citrix, and VMWare technologies. His recent projects ing editor for Windows IT Pro Magazine since 1997. He has written include architecting a multi-company, multi-site collaborative and contributed to eleven books on Windows including the Windows software development environment, deployment of an enterprise patch Group Policy Guide (Microsoft Press). He is a frequent speaker on management system using SMS, and authoring associated best practices Windows infrastructure topics. with its use. Greg is a dynamic speaker and experienced technical trainer.

Derek Melber, MCSE, CISM, MVP, is the Director of Richard Taylor is a speaker, consultant, and trainer. He Education and Certification at DesktopStandard. Derek has worked as an instructor for numerous training cen- is a nationally known speaker, trainer and author, focus- ters, a consultant for firms such as Honeywell, MCI, ing on Active Directory, Security, and Group Policy. Lockheed Martin and is an Intel systems engineer Derek’s latest works include The Group Policy Guide where he developed and implemented programs to (Microsoft Press) and his Auditing Windows Security improve factory automation systems. Rick also worked series (The Institute of Internal Auditors). for Nestlé supporting one of the largest single AD domains worldwide. He was responsible for maintaining the functionality of servers Mark Minasi is author of Mastering Windows Server in South America, the U.S. and Canada. 2003, the latest in a series of books on Microsoft networking that have sold over a million copies. He has Chris Wolf, MCSE, MCT, CCNA, is an instructor with been a columnist for several industry magazines. Mark is ECPI Technical College and a consultant with a frequent conference keynote and breakout speaker CommVault Systems, specializing in enterprise stor- and regularly garners those conferences’ highest attendee age, virtualization solutions and network troubleshoot- evaluation scores. He recently won CertCities.com’s ing. Chris is the author of Troubleshooting Microsoft “Favorite Technical Author” reader poll for the third year running. Mark is an Technologies (Addison Wesley) and co-author and con- MCSE and an MVP. tributor to a number of other books.

October 17-21 | San Jose, California | TechMentorEvents.com 3 0805TMSanJoseFinal.qxd 7/12/05 3:30 PM Page 4

P ROGRAM- AT- A -GLANCE

CCNA/Infrastructure MCSA MCSE Monday, October 17 12:30 - 2:00pm Attended and Unattended Introduction to TCP/IP Introduction to MCSE Track and Subnetting Installs and Upgrades Derek Melber M1 Todd Lammle M2 Bruce Rougeau M3

2:15 - 3:45pm Data Access, File System, Introduction to the Cisco IOS Resource Access Todd Lammle and Printing Derek Melber M7 M8 Bruce Rougeau M9

4:00 - 5:30pm System Configuration Introduction to Cisco Switching Physical and Logical Devices Todd Lammle and Backup Strategies Richard Taylor M13 M14 Bruce Rougeau M15 Tuesday, October 18 8:30 - 10:00am Introduction to Routing Protocols Network Troubleshooting Manage Users, Computers, Dan Aguilera and Remote Access and Groups T1 T2 Bruce Rougeau T3 Derek Melber

10:15am - 11:45am Advanced Routing Protocols, Disk Management RAS and Remote Administration Part I Bruce Rougeau Richard Taylor T7 Dan Aguilera T8 T9

2:30 - 4:30pm Advanced Routing Protocols, User Management and AD Networking Concepts and Part II Troubleshooting Principles T13 Dan Aguilera T14 Bruce Rougeau T15 Derek Melber Wednesday, October 19 8:30 - 10:00am Introduction to Cisco Terminal Services and Network Security Access Lists Remote Troubleshooting Richard Taylor W1 Todd Lammle W2 Bruce Rougeau W3 10:15am - 11:45am Advanced Cisco Access Lists Performance Monitoring and Name Resolution Todd Lammle System Recovery Strategies Derek Melber W7 W8 Bruce Rougeau W9 2:15 - 3:45pm Cisco Switching TCP/IP Configuration Active Directory, Part 1 Todd Lammle and DHCP Issues Derek Melber W13 W14 Bruce Rougeau W15 4:00 - 6:00pm Managing the Router DNS Configuration and Active Directory, Part 2 Configurations and the IOS Troubleshooting Derek Melber W19 Dan Aguilera W20 Bruce Rougeau W21 Thursday, October 20 8:30 - 10:00am Introduction to Wide Area Routing and Remote Access Issues Managing and Monitoring Networks (WAN) Bruce Rougeau Performance Th1 Dan Aguilera Th2 Th3 Richard Taylor 10:15am - 11:45am Wide Area Networks Continued Network Monitor Operations Disaster Recovery and Backups Dan Aguilera and Exploring Services Derek Melber Th7 Th8 Bruce Rougeau Th9

1:00 - 3:00pm Role-Based Security and CCNA Study Session, Part I Introduction to GPOs Todd Lammle Security Templates Derek Melber Th13 Th14 Bruce Rougeau Th15

3:15 - 5:15pm Service Pack and Hotfix CCNA Study Session, Part II Advanced GPOs Todd Lammle Assessment and Deployment Derek Melber Th19 Th20 Bruce Rougeau Th21 Friday, October 21 8:30am - 10:00am The Future of VoIP IPSec Security Principles PKI and Certificates F1 Dan Aguilera F2 Bruce Rougeau F3 Richard Taylor 10:15am - 12:15pm Penetration and Forensics Certificate Strategy and Planning IIS and IIS Security F7 Dan Aguilera F8 Bruce Rougeau F9 Richard Taylor

4 TechMentor | Networking and Certification Training for Windows Professionals 0805TMSanJoseFinal.qxd 7/12/05 3:30 PM Page 5

Scripting Security Windows/Linux Integration System Network & Troubleshooting

Windows Passwords: Everything Reliability in the Real World: Building VBScript Fundamentals, Part I Don Jones You Need to Know a World-Class Windows Cluster M4 M5 Steve Riley M6 Chris Wolf

Defending Layer 8: How to Recognize VBScript Fundamentals, Part II DNS Troubleshooting: Step-by-Step Don Jones and Combat Social Engineering Chris Wolf M10 M11 Steve Riley M12

Administrative Scripting Windows Logins Revealed Tips, Tricks, and Tools for Windows Best Practices and Design Mark Minasi Server Troubleshooting M16 Jeff Hicks M17 M18 Greg Shields

Scripting with Windows Manage- Hardening Systems with SP1/SP2: Move, Recover and Repair Windows ment Instrumentation: The Basics The Best Stuff You Don’t Use Utility Databases - DHCP, WINS, T4 Don Jones T5 Mark Minasi T6 DNS, IIS and More Chris Wolf

Scripting with Windows Manage- From Reactive to Proactive: Gain Wireless Security Secrets ment Instrumentation: Advanced Todd Lammle Control Through Enterprise Process T10 Jeff Hicks T11 T12 Greg Shields

Scripting: Top Tasks for the Ethical Hacking and Forensics Patch Management Strategies That Windows Administrator Made Easy Won’t Fail: SUS, SMS, and Beyond T16 Don Jones T17 Todd Lammle T18 Greg Shields

Scripting with Active Directory Turning Over the Rocks: Where Be Gone Ye’ SpyWare: Ridding Services Interface: The Basics Viruses, Worms, and Trojans Hide IE of Spyware for Good W4 Don Jones W5 Roger A. Grimes W6 Greg Shields

Scripting with Active Directory Practical PKI Cookbook: Recipes for When WSUS Goes Bad: Services Interface: Advanced PKI Wannabees (or Needtobees) Troubleshooting Windows Update W10 Don Jones W11 Roger A. Grimes W12 Greg Shields

Scripting Tools and Utilities Debunking Security Myths Tips, Tricks, and Tools for Windows Jeff Hicks Steve Riley Network Troubleshooting W16 W17 W18 Greg Shields

Understand & Protect Your Network VBScript Debugging Death of the DMZ Don Jones Steve Riley with the Security Configuration W22 W23 W24 Wizard Greg Shields

The Art of Network Troubleshooting: Scripting with Databases and Linux Basics for Windows Admins ActiveX Data Objects Jeremy Moskowitz How to Fix Any Network Problem Th4 Don Jones Th5 Th6 Mark Minasi

Advanced VBScript Tips, Bringing Up Your First Top Terminal Services Troubles Techniques, and Security Linux Server (and How to Treat Them) Th10 Don Jones Th11 TBA Th12 Greg Shields

Creating Graphical Scripts Windows/Linux Integration: Understanding and Troubleshooting with HTAs: The Basics The Art of the Possible User Profiles Th16 Jeff Hicks Th17 Jeremy Moskowitz Th18 Darren Mar-Elia

Creating Graphical Scripts Windows/Linux Integration: Getting Down and Dirty with Group with HTAs: Advanced Authentication Services Policy Functionality Th22 Jeff Hicks Th23 Jeremy Moskowitz Th24 Darren Mar-Elia

Web Scripting for Windows Windows/Linux File/Print Troubleshooting Group Policy and Administration Integration Active Directory Replication: Secrets F4 Jeff Hicks F5 TBA F6 from the Experts Gary Olsen

Administrative Scripting Hands-On Windows/Linux Email Integration When it All Goes South: Active Workshop TBA Directory Disaster Recovery F10 Don Jones & Jeff Hicks F11 F12 Gary Olsen

October 17-21 | San Jose, California | TechMentorEvents.com 5 0805TMSanJoseFinal.qxd 7/12/05 3:30 PM Page 6

CCNA/INFRASTRUCTURE TRACK

he CCNA (Cisco Certified Network Associate) / Introduction to Routing Protocols Infrastructure track will prepare you to take Cisco’s T1 Dan Aguilera Tuesday, 8:30 – 10:00am T entry-level networking exam. Nearly every administrator has network-related duties, whether it’s firewall config- This session will discuss the basic routing protocols in uration, managing IP traffic or setting up a VPN. The use today, and how Cisco uses them in small, medium CCNA track will teach you what you need to know with and large networks. The protocols covered include static, four days of intense training. This track is led by popular default, RIP, RIPv2, IGRP, EIGRP and OSPF. Cisco trainers Todd Lammle and Dan Aguilera. Advanced Routing Protocols, Part I *TechMentor does NOT guarantee that you will obtain a certification after completing the certification tracks. You will be taught the test objectives, T7 Dan Aguilera Tuesday, 10:15 – 11:45am but successfully passing the tests involves more than just your training. This session digs deeper in the routing protocols RIP, Introduction to TCP/IP and Subnetting RIPv2 and IGRP. M1 Todd Lammle Monday, 12:30 – 2:00pm Advanced Routing Protocols, Part II This session will show you, simply and easily, how to sub- T13 Dan Aguilera Tuesday, 2:30 – 4:30pm net IP in your head in less than 5 seconds! You will learn IP shortcuts that will allow you to subnet efficiently and This session goes in-depth on the routing protocols correctly. The TCP/IP stack is the fundamental technology EIGPR and OSPF. around which the Cisco CCNA is built; this is a can’t-miss session. Introduction to Cisco Access Lists W1 Todd Lammle Wednesday, 8:30 – 10:00am Introduction to the Cisco IOS This session introduces Cisco access lists, or what is M7 Todd Lammle Monday, 2:15 – 3:45pm sometimes referred to as the “poor man’s firewall”. This session introduces you to the Cisco Internetworking Operating System and how the IOS is used to configure a Advanced Cisco Access Lists Cisco router and set IP address on interfaces, as well as W7 Todd Lammle Wednesday, 10:15 – 11:45am explain the differences between the various Cisco devices. This session builds on the introductory access list course by discussing extended and named Cisco access lists. Introduction to Cisco Switching Cisco Switching M13 Todd Lammle Monday, 4:00 – 5:30pm W13 Todd Lammle Wednesday, 2:15 – 3:45pm This session discusses switching fundamentals, including VLANS, and the basic configuration of the Switch IOS. This session picks up where the “Intro to Cisco Switching” session leaves off and discusses how VLANs, VTP and STP are configured in a network.

While all of the instructors are extremely knowledge- able; Shields, Lammle and Minasi have the talent of making dry technical info—exciting! Their enthusiasm and speaking style really helped me to get everything from the information presented. — B. Baker, WHSCC

6 TechMentor | Networking and Certification Training for Windows Professionals 0805TMSanJoseFinal.qxd 7/12/05 3:30 PM Page 7

Managing the Router Configurations and the IOS W19 Dan Aguilera Wednesday, 4:00 – 6:00pm Top Reasons to Attend This session will discuss and show you how to back up and restore Cisco IOS on a router, as well as save the configuration of a router and switch to a TFTP host. Trusted Source Redmond magazine is a trusted source of Introduction to Wide Area Networks (WAN) information on Microsoft Windows server sys- Th1 Dan Aguilera Thursday, 8:30 – 10:00am tems, along with related third-party products, This session covers the basics of Wide Area Networks technologies, and certifications. The same net- (WANs) and the various types of WANs that Cisco sup- working experts that write for Redmond maga- ports. zine produce the content of this conference. Wide Area Networks Continued No Sales Pitch! Th7 Dan Aguilera Thursday, 10:15 – 11:45am Because we’re independent and not behold- This session discusses more advanced WAN topics, en to anybody, you get to hear the other side building on the introduction to WANs class. of the technology you’re working to implement CCNA Study Session, Part I and manage—the hidden gotchas, the way it really is in deployment, the minutia the big soft- Th13 Todd Lammle Thursday, 1:00 – 3:00pm ware companies won’t tell you (unless you This session discusses various CCNA exam questions have access to their high-priced technical sup- and how to approach the difficult subnet and VLSM technologies you’ll encounter on the tests. port programs and consultants).

CCNA Study Session, Part II One-on-One Consulting Th19 Todd Lammle Thursday, 3:15 – 5:15pm Know of an expert you’d like to spend some This session will discuss various CCNA exam questions time with? No prima donnas here! Our expert and how to approach the IOS, switching, Access Lists instructors make themselves available between and WAN objectives. sessions, at lunch, and during the official Consulting Hour—your chance to get specific The Future of VoIP answers to specific questions. F1 Dan Aguilera Friday, 8:30 – 10:00am The future of Voice over Internet Protocol (VoIP) technolo- Positive Learning Environment gy is promising. When VoIP technology was first devel- Attendees don’t come to TechMentor look- oped, many were skeptical, mainly because it sounded too good to be true. Now that time has passed and the ing to mix with thousands of attendees on a technology has proven itself, it’s clear the future of VoIP is junket from work. You can expect to be among solid. You will learn the basics of VoIP and data networks, a serious, dedicated group of IT professionals VoIP deployment strategies and VoIP management and looking to expand their knowledge base, fur- security. ther their careers and add value to their organi- Penetration and Forensics zations. It’s a big reason more than 90% of our F7 Dan Aguilera Friday, 10:15am – 12:15pm attendees say they’d attend another TechMentor conference. Computer forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Penetration testing is the process of actively evaluating your information security measures. This session will impart the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence for prosecution.

October 17-21 | San Jose, California | TechMentorEvents.com 7 0805TMSanJoseFinal.qxd 7/12/05 3:30 PM Page 8

MCSA - MICROSOFT CERTIFIED SYSTEMS ADMINISTRATOR TRACK

CSAs are the front-lines, in-the-trenches workers Network Troubleshooting and Remote Access in most organizations. They’re the systems admin- T2 Bruce Rougeau Tuesday, 8:30 – 10:00am M istrators, the ones who keep the servers humming along, who manage users and groups. If you do this work, This session includes instruction on configuring and trou- and don’t have the MCSA, it’s time to get to work on bleshooting TCP/IP, utilizing ICS, VPN, and dial-up con- obtaining it, to give you a leg up on your peers, and nections. Also covered: configuring multiple languages demonstrate your expertise to the boss. The TechMentor and utilizing the language bar. MCSA track is fast-paced, presenting all the vital information necessary to prepare you for the MCSA exams. The Disk Management instruction removes all redundancy in the exam curriculum and accelerates the learning process by providing only the T8 Bruce Rougeau Tuesday, 10:15 – 11:45am information needed, without any sales propaganda. This Hardware management is the theme for this session, track is led by popular “certification slam session” instruc- including: managing basic and dynamic disks; monitoring tor Bruce Rougeau. hardware devices with Device Manager and Control Panel; optimizing server disk performance with RAID and TechMentor does NOT guarantee that you will obtain a certification after defragmentation; and monitoring disk quotas. completing the certification tracks. You will be taught the test objectives, but successfully passing the tests involves more than just your training. User Management and AD Troubleshooting Attended and Unattended Installs and Upgrades T14 Bruce Rougeau Tuesday, 2:30 – 4:30pm M2 Bruce Rougeau Monday, 12:30 – 2:00pm Learn how to manage users via local, roaming and It starts with a course overview. Then you move into per- mandatory profiles. Also on the agenda: create, modify forming and troubleshooting an attended or unattended and troubleshoot users and groups in AD via GUIs, install/upgrade of Windows XP, utilizing tools such as scripts, and tools such as LDIFDE and CSVDE. Finally, Remote Installation Services, Sysprep and Setup Manger. learn techniques for creating, modifying, resetting and Next, you’ll learn how to install and configure Internet troubleshooting computer accounts in AD. Information Services (IIS). Then you’ll move to migrating user settings and files using the Files and Setting Transfer Terminal Services and Remote Troubleshooting Wizard, ScanState and LoadState. W2 Bruce Rougeau Wednesday, 8:30 – 10:00am Data Access, File System, and Printing This session starts with configuring and troubleshooting Remote Desktop, then moves on to other areas of remote M8 Bruce Rougeau Monday, 2:15 – 3:45pm management, including Terminal Services. Other topics Learn techniques for planning, creating and monitoring a covered include usage of Terminal Services Administrative data access strategy for access to files, folders, and tools and managing and troubleshooting print queues. shares, including NTFS permissions, Share permissions, WebDav, compression and encryption. Next up: creating Performance Monitoring and System Recovery Strategies and managing printers and print jobs for local printers, W8 Bruce Rougeau Wednesday, 10:15 – 11:45am remote printers and printer sharing, and Internet printers. Other topics covered include working with file system par- Learn how to monitor your most critical resources, includ- titions using the GUI and command-line tools; configuring ing the CPU, disks, network, processes and the pagefile. and providing access to Offline files; synchronization. Other items include IIS management; automated system recovery (ASR) procedures; restoring data from shadow System Configuration and Backup Strategies copies; planning, deploying and monitoring system backups; and restoring a failed system. M14 Bruce Rougeau Monday, 4:00 – 5:30pm Learn how to install, configure, remove, troubleshoot and TCP/IP Configuration and DHCP Issues monitor devices and configure driver options for signing. W14 Bruce Rougeau Wednesday, 2:15 – 3:45pm Other topics covered include configuring hardware profiles and power management for mobile users; backing up Learn how to configure TCP/IP; manage and troubleshoot and restoring an operating system using Windows back- DHCP leases, Relay Agents, databases, scope options, up, safe mode, system restore and recovery console. Also server options, and reservations; and troubleshoot APIPA learn how to use Scheduled Tasks to schedule backups addressing and TCP/IP configuration issues. or other routine tasks.

8 TechMentor | Networking and Certification Training for Windows Professionals 0805TMSanJoseFinal.qxd 7/12/05 3:30 PM Page 9

DNS Configuration and Troubleshooting Service Pack and Hotfix Assessment and Deployment W20 Bruce Rougeau Wednesday, 4:00 – 6:00pm Th20 Bruce Rougeau Thursday, 3:15 – 5:15pm You can’t be an effective administrator if you don’t under- Another critical aspect of security is to make sure your stand name resolution, specifically DNS. Learn the ins servers and desktops are patched. This session teaches and outs of DNS, including configuration of DNS server you how to plan the deployment of service packs and hot- options, zone options, DNS forwarding, and the monitor- fixes; assess the service packs and hotfixes applied; and ing and troubleshooting of DNS. deploy service packs and hotfixes via slipstreaming, scripts and selected third-party tools. Routing and Remote Access Issues IPSec Security Principles Th2 Bruce Rougeau Thursday, 8:30 – 10:00am F2 Bruce Rougeau Friday, 8:30 – 10:00am Secure, efficient remote access is becoming more critical in these days of telecommuting. This session is all about Learn how to increase security through the use of IPSec. configuring and troubleshooting remote access, including Find out which IPSec mode to use, how to select an routing and remote access. authentication method, and how to configure IPSec authentication, encryption level and the appropriate IPSec Network Monitor Operations and Exploring Services protocol. You’ll also discover how to troubleshoot IPSec with IP Security Monitor and IPSec logging, and learn Th8 Bruce Rougeau Thursday, 10:15 – 11:45am how to plan and implement security for wireless networks. Network Monitor, Microsoft’s built-in “watcher”, can be your best friend, if you know how to use it. Learn how it Certificate Strategy and Planning works, including how to monitor and troubleshoot network F8 Bruce Rougeau Friday, 10:15am – 12:15pm issues with Network Monitor. Also: troubleshooting connectivity to the Internet, followed by an exploration of serv- Your week’s training finishes up with a discussion of plan- ice errors based on service dependency. ning, implementing and managing certificates. Learn how to deploy, manage, and configure SSL certificates for Role-Based Security and Security Templates wireless networks; plan and configure authentication; plan for digital signatures; install and configure Certificate Th14 Bruce Rougeau Thursday, 1:00 – 3:00pm Services; plan a multi-level certificate authority (CA) hier- It’s a dangerous world, both within and outside your net- archy; archive and recover keys and revoked certificates. work. To that end, learn how to plan security templates Also learn how to back up and restore your CA. based on computer role. Then use those templates to configure Registry and file permissions, account policies, audit policies, user rights, security options and system services. The next part is to deploy the templates, with GPOs and scripting. Also covered: software restriction policies; planning and implementing auditing; analyzing security configuration using the Microsoft Baseline Security Analyzer (MBSA) and Security Configuration and Analysis.

I only go to one conference a year, that one conference is always the TechMentor conference. Thank you for staying true to what this conference has always been about—a training intensive, non-vendor specific opportunity. — R. Grogan, Deloitte

October 17-21 | San Jose, California | TechMentorEvents.com 9 0805TMSanJoseFinal.qxd 7/12/05 3:30 PM Page 10

MCSE - MICROSOFT CERTIFIED SYSTEMS ENGINEER TRACK

he MCSE track is aimed at administrators or system change from one computer to another, there is the File architects with substantial (at least a year or more) and Settings Transfer Wizard, as well as the User State T Windows 2000 Server or Windows Server 2003 Migration Tool (USMT). Other topics include the new experience. This intense course will prepare you to take types of groups available in Active Directory, and how the tests necessary to obtain Microsoft’s highest-level those groups are handled by Active Directory. administrative certification. Led by well-known book author, Redmond magazine columnist and trainer Derek RAS and Remote Administration Melber, the course offers a sequential path through the test objectives you’ll be required to know. Come prepared T9 Richard Taylor Tuesday, 10:15 – 11:45am with your laptop and goggles: this course flies! This session digs deep into remote access services, covering protocols, security, RAS clients, and permissions. TechMentor does NOT guarantee that you will obtain a certification after The heart of RAS security is the RAS policy, which will be completing the certification tracks. You will be taught the test objectives, but successfully passing the tests involves more than just your training. demystified so you fully understand how to create and manage them. Other remote access topics include remote Introduction to MCSE Track administration features such as Remote Desktop and Remote Assistance. Then there’s Terminal Services for M3 Derek Melber Monday, 12:30 – 2:00pm administration, which has new names and interfaces for Windows Server 2003. Finally, you’ll delve into tools such This session will introduce the exams in a way you’ve as the MMC and adminpak. never thought of before. We will go over the exam question types, as well as strategies that you can use to help you gain the upper edge on the exams. We will also go Networking Concepts and Principles over the key study methods that have worked for so many T15 Derek Melber Tuesday, 2:30 – 4:30pm others that have successfully obtained their credentials. This session starts off with thorough coverage of IP and Resource Access subnetting. Topics include supernetting, CIDR, and subnet masking to the nth degree. Next on deck are all areas M9 Derek Melber Monday, 2:15 – 3:45pm of DHCP and DHCP design criteria, including the DHCP relay agent and DHCP scope options. Then you’ll move Permissions have gone through a radical transformation onto NAT, demand-dial routing and wireless connections, from Windows NT to Windows 2000/2003. Changes to ending with a discussion of network monitor and IP trou- how ownership is handled (or given away) and default bleshooting. share permissions give a brand new face to how resources are handled in Windows Server 2003. If you miss the key changes with the encrypting file system Network Security (EFS), you have missed one of the best improvements in W3 Richard Taylor Wednesday, 8:30 – 10:00am Windows Server 2003. When it comes to network security, there are plenty of Physical and Logical Devices options within Windows Server 2003. You’ll start off discussing old friends such as SMB signing and port filter- M15 Richard Taylor Monday, 4:00 – 5:30pm ing, which are still around. Learn how to secure authentication, as well as how to use certificates to increase net- The most important aspects of the physical and logical work communication security. The lesson then moves onto devices on a Windows computer are the hard drives. IPSec, an abyss of settings and options you’ll learn With basic disks, dynamic disks, volumes, partitions and decrypt. The new and improved Windows Firewall is also troubleshooting of disks, there’s a lot of information to on the menu. know. Don’t forget about handling drivers, driver signing, and driver rollback. Finally, we will cover disk quotas and disk defragmentation, which can help control how the Name Resolution disks are being utilized. W9 Derek Melber Wednesday, 10:15 – 11:45am Manage Users, Computers, and Groups You may have heard the rumor that WINS is no longer needed with Active Directory. Unfortunately, that isn’t the T3 Derek Melber Tuesday, 8:30 – 10:00am case. Not only is WINS still needed, DNS is a requirement with Active Directory, too. With new features and There are the standard user, computer and group creation options in Windows Server 2003, DNS is sure to have requirements, but there is so much more. User profiles you scratching your head. You’ll be presented with all the come in many flavors and control points. Roaming pro- DNS options, requirements, and recommended configura- files, mandatory profiles, controlling what’s included in a tions with Active Directory. profile; the list is rather long. Then, if you want a user to

10 TechMentor | Networking and Certification Training for Windows Professionals 0805TMSanJoseFinal.qxd 7/12/05 3:30 PM Page 11

Active Directory, Part 1 Introduction to GPOs W15 Derek Melber Wednesday, 2:15 – 3:45pm Th15 Derek Melber Thursday, 1:00 – 3:00pm To the newbie, Active Directory is first a quest to under- Group Policy Objects can be complex to understand, stand the terminology and the structural components. design, and implement. This session will cover the key Both will be covered in this session, starting with the key aspects of Group Policy Objects, including GPO prece- concepts, then move on to discussing the structural com- dence, delegation, no override, block policy inheritance, ponents of Active Directory and how they work together. filtering, and more. You’ll look at almost every aspect of Nothing will be left untouched, including domains, trees, control, including: desktop folders, desktop icons, menu forests, sites, trusts, organizational units (OUs) and more. options, control panel features, logon and authentication components, and even software distribution. Active Directory, Part 2 Advanced GPOs W21 Derek Melber Wednesday, 4:00 – 6:00pm Derek Melber Thursday, 3:15 – 5:15pm Active Directory’s too big a topic to fit into one session. Th21 The second part will present the more difficult topics, Welcome to the next level! Take a tour of advanced GPO including FSMOs, universal group caching, replication techniques and tasks in this session. You’ll create and design and organizational unit (OU) design. Next up is incorporate custom GPO settings, both with ADM tem- Active Directory security, with a discussion of delegation plates and new security settings, from the ground up. of administrative control, a benefit to anyone moving to You’ll use security templates to secure a group of comput- Active Directory. Also highlighted is how to secure domain ers, then ensure the computers always get these settings. controllers, account policies, and ensuring all authentica- Also learn how to delegate control to all aspects of GPO tions are secure. management, using the new features of the GPMC.

Managing and Monitoring Performance PKI and Certificates Th3 Richard Taylor Thursday, 8:30 – 10:00am F3 Richard Taylor Friday, 8:30 – 10:00am Although Task Manager has been around a long time, Windows Server 2003 PKI can deploy an enterprise pub- there are new features to learn. There is also the System lic key infrastructure fairly simply, but understanding the Monitor (a.k.a. Performance Monitor), ideal for baselining correct hierarchy for your Certificate Authorities (CAs) is and troubleshooting network, application or system prob- essential. Learn the correct design of PKI and your CAs, lems. You’ll also learn the ins and outs of software update as well as how to issue and manage the certificates services (SUS), and how it should work with GPOs. required for the multitude of certificate-using applications. Event Viewer is still essential for monitoring, but the audit There are plenty of new enhancements with Windows policy needs to be set up to fill the security logs. Finally, Server 2003 PKI as well, including certificate enrollment, you’ll be exposed to the Microsoft Baseline Security qualified subordination, custom certificate templates and Analyzer (MBSA), which is constantly being upgraded and more. changed to add new features. IIS and IIS Security Disaster Recovery and Backups F9 Richard Taylor Friday, 10:15am – 12:15pm Th9 Derek Melber Thursday, 10:15 – 11:45am Windows Server 2003 now has a distinct product for run- Learn how to navigate the myriad options available to trou- ning a Web server. This session will cover the new fea- bleshoot, backup, and recover from a Windows issue. tures of IIS including overlapping recycling, real-time edit- Familiar tools such as Last Known Good and NTbackup ing of the XML metabase, Application Pools, and Web are still available, as are new options and features such as Service Extensions. Also reviewed will be the key archi- Automated System Recovery and Shadow copies. For tectural changes that improve stability, security and per- Active Directory, there are the System State and authorita- formance for your Web servers. tive restores, along with other topics like the Recovery Console, tombstoning, and emergency management.

Finally able to provide immediate ROI to the company for what I learned—Thanks. — B. Seaman, Union Central

October 17-21 | San Jose, California | TechMentorEvents.com 11 0805TMSanJoseFinal.qxd 7/12/05 3:30 PM Page 12

SCRIPTING TRACK

he Scripting track will provide you with the founda- Scripting with Windows Management Instrumentation: tion necessary to administer your servers and desk- Advanced T tops more efficiently using scripts. You will start out with basic scripts that require no previous knowledge of T10 Jeff Hicks Tuesday, 10:15 – 11:45am scripting. Building on that foundation, you will work your Take your WMI scripting skills to the next level and learn way through more advanced concepts, with hundreds of about advanced WMI security topics, WMI configuration, examples and lots of opportunities to get your hands dirty WMI associator classes, and more. You’ll learn practical, building your own scripts. When you finish this track, advanced techniques such as scripting file permissions, you’ll have all the tools you need to replace those time- using alternate credentials, using WMI to manage consuming manual processes that take up so much of Exchange, SQL Server, DNS, IIS, and other products, your work day. This track is led by scripting guru, and much more. Prior scripting and WMI experience (or Redmond magazine columnist and instructor Don Jones. “Scripting with WMI: The Basics” session) strongly recommended. VBScript Fundamentals, Part I M4 Don Jones Monday, 12:30 – 2:00pm Scripting: Top Tasks for the Windows Administrator Learn the basics of managing Windows with VBScript, T16 Don Jones Tuesday, 2:30 – 4:30pm including scripting essentials, the VBScript language ele- You’ll learn how to write scripts which accomplish key ments, key VBScript functions and statements, working tasks suitable for use in logon scripts, security administra- with objects, and much more. You’ll also learn about sev- tion and auditing scripts, desktop management scripts, eral intrinsic scripting objects which allow you to manipu- domain management scripts, and more. Each sample late the Windows shell, work with files and folders, and comes with a checklist of ways in which the script can be access key network functionality. This is the ideal place to easily modified to perform related administration tasks. start your scripting education, with absolutely no prior Recommended for attendees with basic prior scripting, experience required. All other scripting sessions build WMI, and ADSI experience (or attendance in the upon the foundations learned in this session. “Fundamentals” and “WMI: The Basics” sessions).

VBScript Fundamentals, Part II Scripting with Active Directory Services Interface: M10 Don Jones Monday, 2:15 – 3:45pm The Basics See M4 description. W4 Don Jones Wednesday, 8:30 – 10:00am Learn to use ADSI to perform core, basic administration Administrative Scripting Best Practices and Design tasks such as Active Directory and local user account M16 Jeff Hicks Monday, 4:00 – 5:30pm management, bulk domain object management, local service management, and much more. Includes several Learn key best practices that make scripting more accept- scripts which use ADSI to accomplish practical adminis- able in an enterprise environment, including naming conven- trative tasks more efficiently and effectively. Prior script- tions, modular script design, source and change control, ing experience (or the “Fundamentals” sessions) strongly and much more. You’ll also learn valuable script design tech- recommended. niques that help answer the age-old question “where do I begin?” when you’re writing a new script. The session Scripting with Active Directory Services Interface: wraps up with an interactive script design workshop, allowing you to put your new design skills to work. Prior scripting Advanced experience (or the “Fundamentals” sessions) recommended. W10 Don Jones Wednesday, 10:15 – 11:45am Learn to write scripts which leverage ADSI to perform Scripting with Windows Management Instrumentation: advanced functions, including scripts which target multiple The Basics domain objects (such as computers) for other administra- T4 Don Jones Tuesday, 8:30 – 10:00am tive tasks, use alternate credentials with ADSI, modify advanced domain objects and properties, and perform Learn the essentials of scripting with WMI, the best way advance local management tasks such as file and print to retrieve and modify configuration information on remote server management. Prior scripting and ADSI experience computers. You’ll learn how WMI is built, learn about (or “Scripting with ADSI: The Basics” session) strongly tools that make WMI scripting easier and more efficient, recommended. and see several scripts that make practical administrative use of WMI. Prior scripting experience (or the “Fundamentals” sessions) strongly recommended.

12 TechMentor | Networking and Certification Training for Windows Professionals 0805TMSanJoseFinal.qxd 7/12/05 3:30 PM Page 13

Scripting Tools and Utilities Creating Graphical Scripts with HTAs: The Basics W16 Jeff Hicks Wednesday, 2:15 – 3:45pm Th16 Jeff Hicks Thursday, 1:00 – 3:00pm Learn to utilize both commercial and freely-available tools Learn to make script-based HTML Applications(HTAs) to make scripting faster, easier, and more efficient. You’ll that feature a complete, robust GUI. You’ll learn to use a explore script editors and see how they can make script- WYSIWYG HTML editor to create an effective GUI, and ing easier, and you’ll use a variety of script “wizards” that to leverage your VBScript skills to make your new applica- produce script code with no effort on your part. You’ll also tion completely functional. Learn to make end-user appli- learn about script encoders, script compilers, and “script cations, graphical monitoring tools, and scripts which are assistant” utilities which can help meet a variety of needs more easily used by junior administrators. Session in almost any network environment. Finally, you’ll see how includes a complete walkthrough of creating an HTA from to use IE as a tool to display highly-formatted script out- scratch. Prior scripting experience (or the “Fundamentals” put, ideal for reports and for scripts which are used by sessions) strongly recommended; prior WMI and ADSI end-users. Prior scripting experience (or the experience recommended. “Fundamentals” sessions) recommended. Creating Graphical Scripts with HTAs: Advanced VBScript Debugging Th22 Jeff Hicks Thursday, 3:15 – 5:15pm W22 Don Jones Wednesday, 4:00 – 6:00pm Learn to make your HTAs more functional and capable Learn key techniques and tips for debugging VBScripts through advanced HTA tips and techniques. Learn and making scripting a more efficient process. You’ll learn advanced formatting, how to script dynamic effects like to add debugging code to your scripts, use trace tools to tooltips, tree views, and drop-down menus, and learn how follow your script’s progress, and learn an infallible to dynamically manipulate an HTAs graphical user inter- methodology for squashing script bugs quickly, every face in response to user actions and other conditions. time. You’ll also review script creation techniques to learn You’ll learn to make more effective graphical scripts in no about methods that can help prevent bugs in the first time. Prior HTA experience (or “HTAs: The Basics” ses- place. Prior scripting experience (or the “Fundamentals” sion) strongly recommended. sessions) strongly recommended. Web Scripting for Windows Administration Scripting with Databases and ActiveX Data Objects F4 Jeff Hicks Friday, 8:30 – 10:00am Th4 Don Jones Thursday, 8:30 – 10:00am Learn how your scripting skills can be leveraged to create Learn to use databases with your scripts, making it possi- Web-based scripts for Windows administration and user ble to record information to SQL Server, Access, Excel, self-service Web sites. You’ll learn all about Microsoft text files, and other data stores, as well as read informa- Active Server Pages (ASP), and see plenty of examples of tion from any database in the enterprise. You’ll see how practical, Web-based administrative scripts. You’ll learn ActiveX Data Objects (ADO) works in a number of practi- about Web scripting security. Prior scripting experience cal administrative examples. Prior scripting experience (or (or the “Fundamentals” sessions) strongly recommended; the “Fundamentals” sessions) strongly recommended; prior WMI and ADSI experience (or appropriate sessions) prior WMI experience (or “WMI: The Basics” session) recommended. recommended. Administrative Scripting Hands-On Workshop Advanced VBScript Tips, Techniques, and Security F10 Don Jones & Jeff Hicks Friday, 10:15am – 12:15pm Th10 Don Jones Thursday, 10:15 – 11:45am Your laptop is a must for this hands-on session, where You’ll see how to make your own script-based command- you’ll put everything you’ve learned about scripting to use line tools, securely deal with passwords in scripts, learn in a series of practical script-writing exercises. With your about remote scripting and remote security issues, and instructor on-hand, you’ll apply your new scripting skills learn how to create an environment which allows adminis- and ensure that you’re ready to hit the ground running trative scripts to run while restricting potentially harmful when you get home. A virtual machine (VMWare or Virtual scripts (like script-based viruses). You’ll learn to encapsu- PC) running a domain controller is highly recommended, late your best scripts in Windows Script Components, as is a commercial script editor (evaluation versions will making them easier to use and re-use in future scripts. be provided on CD-ROM in class). Prior scripting, WMI, You’ll also learn how to easily integrate external tools and and ADSI experience is a must; this session is recom- applications (such as command-line utilities) into your mended only for those who have attended the majority of scripts. Prior scripting experience (or the “Fundamentals” the sessions in this track (or who have equivalent past sessions) strongly recommended. experience).

October 17-21 | San Jose, California | TechMentorEvents.com 13 0805TMSanJoseFinal.qxd 7/12/05 3:30 PM Page 14

SECURITY TRACK

he Security mini-track offers three days of in-depth Service Pack 1—have been out for a while, and most instruction on all aspects of Windows security. It admins have deployed them for their fixes and greater T starts off with the basics and builds in a step-by-step security. But are you using everything that SP1/SP2 fashion to more advanced topics. Learn security from offers? Well, unless “IPsec bypass,” “auditusr.exe,” “bina- three of the biggest names in the Windows security ry behaviors” and “mime sniffing” have a place in your world: Windows author and speaker Mark Minasi, security vocabulary, you’re not getting the most out of Microsoft Corp. security guru Steve Riley, and prolific your service packs. This session provides the step-by-step author and speaker Roger Grimes. ways to squeeze all of the security juice out of the SPs!

Windows Passwords: Everything You Need to Know Wireless Security Secrets M5 Steve Riley Monday, 12:30 – 2:00pm T11 Todd Lammle Tuesday, 10:15 – 11:45am Since early computing, passwords have protected user Learn how to secure your wireless LAN (WLAN) and accounts and sensitive data. Undoubtedly, your company Metropolitan Mobile Network (MMN) in both your corpo- has a password policy and some enforcement of that poli- rate and home networks. This session shows you the cy. However, most people have no idea what happens beginnings of WLAN security and benefits and drawbacks once a password is provided to the system or how strong of each security method in use today as well as the up- a given password is against a specific attack. In this ses- and-coming security versions, so you can make informed sion, how you’ll learn in depth Windows uses passwords, decisions in your WLAN security policies. Whether you including Windows password architecture, password work in a large or small—even a mobile office—this is hashing, password length and complexity analysis, pass- truly a critical course if you want to support your wireless word storage and retrieval, and the Stored User Names applications with both corporate policies and security. and Passwords feature. You’ll also explore common password guessing attacks and countermeasures. Ethical Hacking and Forensics Made Easy

Defending Layer 8: How to Recognize and Combat Social T17 Todd Lammle Tuesday, 2:30 – 4:30pm Engineering With the growth of the Internet, computer security has become a major concern for businesses, governments M11 Steve Riley Monday, 2:15 – 3:45pm and consumers. The best way to evaluate a threat in your The human element is often ignored in security. People- environment is to have an independent computer security the eighth layer of the OSI stack-can often blow a gaping professional attempt to break into your computer systems. hole in the most well-planned defense infrastructure. Learn how these “tiger teams” or “ethical hackers” employ Organizations will spend fortunes on technology and are the same tools and techniques as the intruders, but nei- still vulnerable to old-fashioned manipulation! This session ther damage the target systems nor steal information. takes you through the issues that are present when people, computers, and networks meet. In an example-filled Turning Over the Rocks: Where Viruses, Worms, and session you’ll delve into the depths of user psychology Trojans Hide and how it’s at layer 8 where all security succeeds or fails. Bonus: learn how to do it yourself! W5 Roger Grimes Wednesday, 8:30 – 10:00am Did you know there are over 30 different Registry keys Windows Logins Revealed where viruses, worms, and trojans can hide to exploit a Windows system? Roger has collected the most extensive M17 Mark Minasi Monday, 4:00 – 5:30pm list of files, folders, Registry entries, and techniques that Every day you log into our Windows systems. But what malware can use to compromise your computer. Attend really happens when you do? How DO your workstations this session and learn how to defend your systems against and domain controllers exchange logon information with- the most popular attacks. out revealing your passwords? For that matter, how are your workstations able to find DCs even on days when Practical PKI Cookbook: Recipes for PKI Wannabees the local DC’s sick? Learn how logins work, how they can (or Needtobees) not work (and how you can fix them) as well as how to better secure them. W11 Roger Grimes Wednesday, 10:15 – 11:45am Want to use encrypted e-mails with digital signatures in Hardening Systems with SP1/SP2: The Best Stuff You Exchange? Want to use PKI for Wireless authentication Don’t Use and IPSec? Attend this session to learn how to put PKI to work for you. T5 Mark Minasi Tuesday, 8:30 – 10:00am The SP Twins—XP’s Service Pack 2 and 2003 Server’s

14 TechMentor | Networking and Certification Training for Windows Professionals 0805TMSanJoseFinal.qxd 7/12/05 3:30 PM Page 15

Debunking Security Myths Bringing Up Your First Linux Server W17 Steve Riley Wednesday, 2:15 – 3:45pm Th11 Speaker TBA Thursday, 10:15 – 11:45am “Let’s see now, if we just tweak this setting here and that If you're ready to bring up your first Linux server, this is setting over there and the other setting...um, where was the session for you. You will set up some of the key com- that setting again?” Sounds familiar, huh? Security tweaks ponents of Linux, including simple DNS, simple DHCP often make you feel good because, after all, you’ve done and simple file sharing. something! Alas, tweaks are usually nothing more than pure “security theater,” designed more to satisfy poorly- Windows/Linux Integration: The Art of the Possible written auditing requirements than really making a system more difficult to attack. This session will expose 10 com- Th17 Jeremy Moskowitz Thursday, 1:00 – 3:00pm mon security myths and explain why they provide little (if What does Linux do best? And what does Windows do any) value. best? In this session, Jeremy Moskowitz presents the ins and outs of how Linux can be useful inside your Windows Death of the DMZ environment. Learn what's possible with Linux and where it fits in with your existing Windows infrastructure. W23 Steve Riley Wednesday, 4:00 – 6:00pm New business needs demand new network design think- Windows/Linux Integration: Authentication Services ing. For too long now the network has been the place where we lodge nearly all our security defenses. “We Th23 Jeremy Moskowitz Thursday, 3:15 – 5:15pm have a firewall, we’re protected” is simply no longer You're starting to get Linux desktops, and you want single true—if indeed it ever was. Attacks are getting more sign-on, but you're committed to leveraging Active sophisticated. It’s time to get smarter, to become mature, Directory to do it. If you have existing Unix or Linux, you to move beyond “best practices”—to improve the resilien- might have a tough time getting to AD unless you know a cy of our computers, our applications, and even our peo- few tricks. In this session, we'll describe and demonstrate ple. Join Steve as he pronounces, without a single how AD can be the focal point of your authentication net- PowerPoint slide, the death of traditional network design work, some tips on how to configure Linux clients, and and advocates for a new, better, and stronger way. how the SAMBA (an application which makes Linux play nicely with Windows) fits in to the picture. If you've got Linux and Windows authentication headaches, this is the Windows/Linux Integration Track session for you. Windows/Linux File / Print Integration he Windows/Linux Integration mini-track is geared to admins who are experimenting with, or using, Linux F5 Speaker TBA Friday, 8:30 – 10:00am T in their day-to-day Windows environments. The track You've heard of SAMBA, but you may have never seen it. begins with an overview of the basics of Linux, then Or, maybe you've heard of NFS, and heard it's got more moves into the Windows realm, detailing how to get Linux holes than Swiss cheese. Is it true that Windows' version and Windows to play nice with each other. Noted author of NFS is actually more secure than a plain-vanilla UNIX and speaker Jeremy Moskowitz, currently writing a book implementation? What is IPP, the Internet Printing on Linux-Windows interoperability, leads this track. Protocol, and how can it unify your printing environment? Come to this session to find out about all these file and Linux Basics for Windows Admins print integration issues. Th5 Jeremy Moskowitz Thursday, 8:30 – 10:00am Windows/Linux Email Integration Get a head start on Linux fundamentals. Meant for the beginner in Linux, this session will help you understand F11 Speaker TBA Friday, 10:15am – 12:15pm the new vocabulary of the Linux world, where things are, Today, you likely have Exchange. Great, but you might and how to perform key tasks. A special emphasis will be also have departmental servers with Linux running on describing Linux attributes in Windows terms, making Sendmail. You need a way to unify your mail structure. If it a gentle introduction to the world of Linux. your company relies on Outlook, is there a way for your Linux users to get that Outlook feel, even on Linux? In this session, you'll get a handle on how to take your existing e- mail services and make them better interoperate.

October 17-21 | San Jose, California | TechMentorEvents.com 15 0805TMSanJoseFinal.qxd 7/12/05 3:31 PM Page 16

SYSTEM AND NETWORK TROUBLESHOOTING TRACK

he Troubleshooting Track is your source for the very ly how to migrate to a new server or repair a failing one best tips, tricks, and tools to diagnose problems and while retaining full functionality for all support databases. T keep your machines humming. Bringing together world class instructors you know and trust, you will take From Reactive to Proactive: Gain Control through away real world solutions that you can immediately imple- Enterprise Process SECURITY FOCUS ment in your home network. Divided into 5 mini-tracks on Server, Security, Network, Terminal Services, and Active T12 Greg Shields Tuesday, 10:15 – 11:45am Directory troubleshooting, you’ll pick up more in every 90 Non-stop firefighting gets the adrenaline rushing, but it’s a minute session than in a full day of research. This track is primary cause of lack of sleep, lack of vacation, and lack led by popular instructor and Redmond magazine contrib- of life outside work. If you’re constantly firefighting to utor Greg Shields. keep your network up and operational, you might have more than a technical problem. In this session, we’ll Reliability in the Real World: Building a World-Class douse those flames by showing you how to set up change Windows Cluster SERVER FOCUS control and IT policy in your environment. You’ll leave with proven practices and fill-in-the-blank documents that will M6 Chris Wolf Monday, 12:30 – 2:00pm stabilize your network and give your life back. Building a shared disk cluster out of relatively inexpensive Windows servers seems like a way to get high availability at Patch Management Strategies That Won’t Fail: SUS, SMS, a reasonable price. But your good intentions might not pay and Beyond SECURITY FOCUS off in actual, measurable improvement in availability if you don’t do some planning. Learn how to do clusters the right T18 Greg Shields Tuesday, 2:30 – 4:30pm way. You don’t need a Fortune 500 budget to build a world Two years after Bill Gates declared security to be the class cluster, but you do need some practical guidance. number one priority at Microsoft, we’re still dealing with patch after patch to correct newly-discovered vulnerabili- DNS Troubleshooting: Step-by-Step SERVER FOCUS ties. This growing problem isn’t focused strictly on the M12 Chris Wolf Monday, 2:15 – 3:45pm operating system, either—nearly all Microsoft products have required some patching. With the sheer number of For many administrators, DNS annoyances have become Microsoft patches growing every year, keeping them all as common as calls from telemarketers. With Active straight is growing into an administrative nightmare. Directory’s firm reliance on DNS, compounded with count- Focusing on Microsoft’s SMS and WSUS tools, you will less network-based applications living and dying by name learn the tools appropriate for the size of your company resolution, DNS is considered by many the most critical and the methods and reporting mechanisms you need to service on the network. In this session, you’ll learn the keep your network safe. methodical approaches for diagnosing and solving DNS problems, best practices for DNS deployment, and how to Be Gone Ye’ SpyWare: Ridding IE of SpyWare for Good automate the backup and recovery of DNS servers. SECURITY FOCUS Tips, Tricks, and Tools for Windows Server Troubleshooting W6 Greg Shields Wednesday, 8:30 – 10:00am SERVER FOCUS Passwords going where? Give money to whom? M18 Greg Shields Monday, 4:00 – 5:30pm Prescriptions for how much? Who writes this stuff any- way? You don’t have to care who writes it, but you do Being a successful Windows admin is all about learning have to get it out of your network. SpyWare, AdWare and the million little “aha’s”, “gotcha’s”, and “don’t forget’s” MalWare are a growing threat to the Internet, and the you need to keep your servers happy. Being successful tools to get rid of it are immature at best. In this session, when a server’s on the blink involves even more. In this we’ll look at what’s available for exorcising it, as well as first of three tips and tricks classes, we’ll discuss the examining the mechanics of a SpyWare infection. In the details you need to diagnose a troubled server and bring it end, you’ll have learned the tricks to make yourself your back to health. own SpyWare scanner.

Move, Recover, and Repair Windows Utility Databases — When WSUS Goes Bad: Troubleshooting Windows Update DHCP, WINS, DNS, IIS, and More SERVER FOCUS SECURITY FOCUS T6 Chris Wolf Tuesday, 8:30 – 10:00am W12 Greg Shields Wednesday, 10:15 – 11:45am Why is it that setting up Windows network services can It’s the new kid on the block, but it can be downright brat- be so easy and yet moving, repairing, and recovering ty sometimes. Tame that little rug rat with this ground- them can be so difficult? Well, they don’t have to be if you breaking session on WSUS troubles and fixes. This ses- know the right way to do it. This session shows you exact- sion will go over some of the initial feedback on Windows

16 TechMentor | Networking and Certification Training for Windows Professionals 0805TMSanJoseFinal.qxd 7/12/05 3:31 PM Page 17

Update and detail the do’s and the don’ts for getting it Understanding and Troubleshooting User Profiles working properly on your network. This session will save GROUP POLICY & AD FOCUS you headaches and get your network patched…fast. Th18 Darren Mar-Elia Thursday, 1:00 – 3:00pm Tips, Tricks, and Tools for Windows Network Has there ever been a Microsoft technology more prob- Troubleshooting NETWORK FOCUS lematic than user profiles? How about roaming user profiles? This session will look in depth at the different types Greg Shields Wednesday, 2:15 – 3:45pm W18 of profiles, how user profiles work, the challenges of Sometimes the troubleshooting process gets easier as we using roaming profiles, and how you can troubleshoot and go further down the network protocol stack. Expose the resolve common profile issues. We’ll look at tools and network underbelly of the Windows operating system with techniques for troubleshooting remote profile problems this tips and tricks session. We’ll analyze and correct and best practices for ensuring a minimum of profile prob- DNS issues, client/server communication problems, rout- lems within your environment. ing foul-ups and troubles with WAN links. You’ll be sur- prised how easy it is to do the work with the right tools. Getting Down and Dirty with Group Policy Functionality GROUP POLICY & AD FOCUS Understand & Protect Your Network with the Security Th24 Darren Mar-Elia Thursday, 3:15 – 5:15pm Configuration Wizard NETWORK FOCUS There are a lot of moving parts in Group Policy. Ensuring Greg Shields Wednesday, 4:00 – 6:00pm W24 a functional Group Policy deployment means learning how Your network is under constant threat of impending attack, Group Policy is structured, how it’s processed, and where so you’ve gotta’ be smart about how you secure your things can go wrong. This session will focus on increasing servers. Released with Windows 2003 Service Pack 1, the your understanding of Group Policy internals and process- Security Configuration Wizard is a comprehensive tool for ing. You’ll get inside knowledge on the most problematic taking the guesswork out of this task. An XML-based tool areas of policy and learn how to deal with them should that can scan and lock down your server, this tool is soon they arise in your environment using the logs and tools to be your most valuable weapon against the baddies. In that are provided in the box. this session we’ll discuss how and when to use the wizard and how to extend it to keep your network safe. Troubleshooting Group Policy and Active Directory Replication: Secrets from the Experts GROUP POLICY & AD FOCUS The Art of Network Troubleshooting: How to Fix any F6 Gary Olsen Friday, 8:30 – 10:00am Network Problem NETWORK FOCUS One becomes an Active Directory expert by managing a Mark Minasi Thursday, 8:30 – 10:00am Th6 world-wide domain with dozens of sites, hundreds of Network software and hardware comes and goes, proto- domain controllers, and thousands of interconnected sys- cols grow and change, and what we do with networks tems. Think you got it bad? Try administering a domain that expands all of the time, but one thing doesn’t change: crosses all 24 time zones. In this session you’ll learn untold how often we use the words “network” and “not work” in AD secrets from HP Consultant and AD guru Gary Olsen. the same sentence. One day we’ll just plug it all in and it’ll You’ll leave with replication and Group Policy techniques just work, but for now, “to network is to troubleshoot.” In the big networks use that’ll keep your domain running. this session Mark shares the 12 immutable laws of troubleshooting any network problem. When It All Goes South: Active Directory Disaster Recovery GROUP POLICY & AD FOCUS Top Terminal Services Troubles (and How to Treat Them!) Gary Olsen Friday, 10:15am – 12:15pm TERMINAL SERVICES FOCUS F12 Every administrator has faced a DR situation in one form Greg Shields Thursday, 10:15 – 11:45am Th12 or another, ranging from recovering a single object to Since way back in 1998, Terminal Services has been an restoring an entire forest. In this session you’ll learn how integral part of the Windows operating system. We’ve had to use the “Lag Site” replication method to provide a a lot of time to play with it and a lot of time to see it break. quick online DR option and how a janitor can use In this session, we’ll look at some of the top support calls Authoritative Restore to bring down an entire forest with- from Microsoft and Citrix and work through their solutions. out a domain account. Gary will also show you the latest We’ll discuss proven practices for setting up Terminal techniques in AD Disaster Recovery to help you proac- Services in both big and small environments. Best of all, tively prevent disasters and what to do if they do happen. you’ll learn the details of how systems change when All participants in this session will receive a copy of Terminal Services is installed. Gary’s Active Directory Troubleshooting CD.

October 17-21 | San Jose, California | TechMentorEvents.com 17 0805TMSanJoseFinal.qxd 7/12/05 3:31 PM Page 18

REGISTRATION AND TRAVEL INFORMATION

Hotel and Travel Information Conference Registration

San Jose Marriott Each attendee will have access to: Conference Venue 301 South Market Street > All Courses Monday – Friday > San Jose, CA 95113 Keynote > Cocktail Reception Phone: 408.280.1300 > Improv Night at TechMentor > Peer Networking Events > Exhibit Hall > Consulting Hour with Instructors > Lunches and Morning Pastries TechMentor has negotiated a special room rate of $159 > Printed Course Notes (for registered courses only) single/double for conference attendees. Attendees must > All Course Notes Available Online book their accommodations by September 19, 2005, to > T-shirt with Completed Survey receive the discount. After that date regular room rates > Conference Bag will apply. Rooms at the special rate are available from > Demo Copy of VMware October 12 through October 24, based on availability. Early Bird Price (By September 9, 2005): $1,495 To make reservations, call 1-800-314-0935 and mention Regular Price (After September 9, 2005): $1,695 the TechMentor conference to receive your discount or enter this code TM1A online. Group Discounts American Airlines is offering discounts from any published domestic fare for travel to San Jose or surrounding When you register 4-9 colleagues from the same airports for the TechMentor Conference. Mileage mem- company at the same time, each attendee pays only bers can receive full credit for all American miles flown to $1,295 per person. Register 10 or more colleagues attend this conference. To take advantage of these dis- for only $1,195 per person. For more information on counts, please call toll-free, or have your travel agent call: group registration, please call Sara Ross at 972- American Airlines: 1-800-433-1790, reference number 506-9027 or email at [email protected]. #26H5AO. (Reservations must be made by phone to receive the discount.). Alumni Discount AVIS Rent-a-Car is offering TechMentor attendees a dis- We value our alumni! Attendees of any TechMentor Event count from October 10 to October 28, 2005 . To receive from 2001 – 2005 will qualify for an additional $100 dis- the discounted daily and weekly rates, simply call Avis at count off the registration fee (a total savings of $300 when 1-800-331-1600 and use Avis Worldwide Discount num- you register by September 9). To qualify for the discount ber D005872. please include which conference or summit you attended. This discount may not be combined with any other offer. HOW TO REGISTER Attendee Networking Forum Network with your peers before the conference begins. Online: TechMentorEvents.com Check the “Attendee Networking Forum” box when you Phone: 1-800-280-6218 (8:00am – 5:00pm PST) register and we’ll send you an email with attendee contact Fax: 1-541-346-3545 information about a week before the event. It’s a great Mail: TechMentor Registration 1277 University of Oregon way to start networking before you arrive in San Jose. Eugene, OR 97403-1277 Additionally, there will be many opportunities onsite to net- Onsite: You may register for the conference onsite. work. However space is limited and admission cannot be guaranteed. Refund and Cancellation Policy Registration is transferable with written authorization. Questions? Cancellations must be in writing and postmarked before Phone: 1-800-280-6218 (8:00am – 5:00pm PST) the cancellation deadline. Cancellations must be made by Email: [email protected] September 16, 2005 and will be subject to a $250 can- Web: TechMentorEvents.com cellation fee. Cancellations made after September 16,

TechMentor’s Federal Tax I.D. Number is 95-4758348 2005 as well as “no shows” are liable for the full registra- TechMentor Conferences are a division of 101communications LLC. tion fee.

18 TechMentor | Networking and Certification Training for Windows Professionals 0805TMSanJoseFinal.qxd 7/12/05 3:31 PM Page 19

REGISTRATION FORM

Select your desired track.

Cisco Certified Microsoft Certified Microsoft Certified Network Associate Systems Administrator Systems Engineer Scripting 1 (CCNA)/Infrastructure (MCSA) (MCSE) System and Network Security Windows/Linux Integration Troubleshooting

You will be automatically registered for each session in your selected track. However, you are able to attend ANY session offered at TechMentor. After registration, you will receive a confirmation email with instructions to go online and select the sessions you are interested in attending.

Type or print your name and address. *Required! Your email address is used to communicate with you about conference registration. You will also receive information about future TechMentor Events. Refer to our privacy policy at 101com.com/privacy.asp for additional First Name for Badge information. 2 Last Name Which certification titles do you currently hold? Please check all that apply: Title ❍ MCP ❍ MCDST ❍ MCSA ❍ MCSE ❍ MCSD ❍ ❍ ❍ ❍ Company MCDBA MCT Other None

Address Alumni Discount Previous TechMentor event attended in 2001-2005:

City State/Province City Date

Zip/Postal Code Country Attendee Networking Forum ❍ Yes, I want to participate. See page 18 for details. Phone Fax Vendor Marketing Code Promo Code BRORED Email *

Calculate your payment. ❍ Check enclosed (payable to 101communications, in U.S. dollars drawn on a US bank) Early Bird (Through September 9) $1,495 ❍ Visa ❍ MasterCard ❍ American Express ❍ Discover Regular (After September 9) $1,695 3 Alumni Discount Less $100 Card # Groups of 4 or more, please call Sara Ross at 972.506.9027 to register. Expiration Date

Cardholder Name Total Fee $ Signature To confirm your registration, a guarantee of payment is required. Remit with a check or credit card. If you need Cardholder Address (if different than above) an invoice, please call 800-280-6218 or email [email protected]. State/Province Zip/Postal Code

If you would like to use a Purchase Order to register, please contact Dena Fisher, Conference Services Coordinator at 800.280.6218 or 541.346.3537 or via email at [email protected] to make arrangements.

Send in your registration. PHONE 800.280.6218

MAIL with full payment: ONLINE TechMentorEvents.com 4 TechMentor Registration 1277 University of Oregon After October 14 please register onsite. Eugene, OR 97403-1277 Registration will be limited to space available.

FAX with credit card payment: 541.346.3545 Photocopy this form for additional registrations. 0805TMSanJoseFinal.qxd 7/12/05 4:09 PM Page 20

Network and Certification Training for Windows Professionals San Jose, CA October 17-21, 2005

Attend TechMentor and in a Week of Training You Will: > Learn how to integrate Linux into your Windows environment > Upgrade your skills to Windows Server 2003 > Improve your network security > Learn to diagnose and repair common network problems > Script like a professional > Make long-lasting professional contacts

TechMentorEvents.com

Sponsors and Exhibitors 0805red_ProdRev15-20.v8 7/14/05 4:01 PM Page 17

ProductReview Get to Know Your Network How well do you know your network? NetSupport DNA will give you the complete picture.

NetSupport DNA Pricing ranges from $26.88 (for basic inventory module) to $80.64 per user (for all optional modules) for 100 users NetSupport Inc. 770-205-4456 www.netsupport-inc.com

BY CHAD TODD pushed remotely from the Most of the time, it seems server. The installation like IT pros have too many process is very easy—I had responsibilities. We have to the server software installed handle day-to-day activities and the client piece added to like troubleshooting desktop 15 machines in about 20 and server problems. We minutes (including reboots). Figure 1. DNA tracks information on monitored computers, including also have project work like You manage DNA with what applications have been opened and how long they’ve been used. rolling out a new server farm the NetSupport DNA or updating desktops coming Console, which runs inside ment, seeing them all DNA collects an impres- off their leases. a java virtual machine (see grouped together may make sive amount of data. Each I don’t know about you, Figure 1). It will run on any them harder to manage. of the tabs in the DNA but my least favorite task of machine with Windows NT DNA supports separating Console details pane shows all is tracking software and 4.0 or higher and IE 6.0. I them into static or dynamic numerous statistics about hardware. Unless you’re in a found the DNA Console groups. You manage the the selected machine. DNA small environment and have extremely easy to use—after static group membership reports on: a lot of time on your hands, about 20 minutes, I was zip- by manually adding and • Operating system version this task can be completely ping around like an old pro. removing machines. In and serial number overwhelming. Thankfully, There are two ways to Figure 1, I created two static • Total RAM NetSupport DNA makes the discover clients. DNA can groups, Sales and Support. • DirectX version process a snap. search a range of IP You can build your dynamic • Domain or workgroup DNA not only gives you addresses or use the browse groups on the fly. DNA membership full hardware and software list for a given domain or can track the following types inventory, but also applica- workgroup. Once you’ve of computers in dynamic REDMONDRATING tion and Internet metering installed the client on all groups: Documentation: 15% ____ 8 and software distribution. machines, each one will • Windows 2000 Installation 10% ______9 ______You can also add a Web- report back to the server • Windows XP Feature Set: 35% 8 ______based help desk and and register itself under its • Machines running IE 6.0 Performance: 30% 8 Management: 10% ______9 remote-control client with domain name. You can see or higher add-on modules that you in Figure 1 that there are • Machines using Intel Overall Rating: 8.2 purchase separately. five machines registered in CPUs ______You’ll need to install both the TC domain. • Machines with more than Key: 1: Virtually inoperable or nonexistent server and client components. If there are a lot of 128MB RAM 5: Average, performs adequately You can have the client machines in your environ- • Machines with XP SP2 10: Exceptional

| redmondmag.com | Redmond | August 2005 | 17 0805red_ProdRev15-20.v8 7/14/05 4:01 PM Page 18

ProductReview

• Service pack level You can configure each • Currently logged on user package to check the • Processor and clock speed Pricing Details hardware and software • Motherboard manufac- inventory already collected You can purchase NetSupport DNA and any its related turer and model number for the target machine to modules a la carte. The ultimate price per user depends on • Availability of PCI, AGP make sure the package is how many modules you’ll need. and ISA slots compatible. This ensures • The basic inventory module starts at $26.88 each for •All installed software that you don’t install soft- 100 users The User Details tab has ware on a machine that • The inventory module and DNA remote control is $53.76 fields to enter information won’t support it or be able each for 100 users about the person to whom to run it properly. • The inventory module and NetSupport Manager is the machine is allocated for When pushing packages $69.89 each for 100 users tracking purposes. These out to an entire enterprise, • The inventory, metering and distribution modules are fields include: you may overwhelm your $53.76 each for 100 users • Employee name DNA server. To alleviate this • The above modules and DNA remote control are $69.89 • Employee phone situation, DNA lets each for 100 users numbers you assign other computers • The above modules and NetSupport Manager remote • Employee e-mail address as “warehouse” machines. control are $80.64 each for 100 users • Asset tag number The DNA server pushes • Machine serial number the application to the • Lease start and end dates shows how much time is you may want to let your warehouse machines. Those • Maintenance start and spent on each given Web employees play games machines, in turn, push it to end dates site. This is a great way to during lunch only or before the clients. This reduces the track employee productivity. and after production hours. load on the DNA server. Keeping Watch In addition to tracking I was impressed with DNA’s Besides giving you an Internet usage, DNA lets you Pushing Packages feature set. If you need a elaborate inventory of your restrict which Web sites your DNA also lets you distrib- utility to take a thorough hardware and software assets, users can visit. This is good ute software. You define inventory of your software DNA also provides Internet for blocking an occasional packages that include a and hardware assets, down- and application metering. Web site or two, but I don’t collection of files to be load DNA and give it a try. Internet metering is a great see it as an efficient method deployed. After creating a The application and way to see where your of controlling Internet traffic. package, you can have it Internet metering are employees are spending their You have to manually enter automatically pushed to nice features to help track time on the Web. For exam- each URL, which adds quite a machines or advertised for and manage employee ple, a user playing pinball on bit of labor and overhead to users to access and install productivity. All in all, his lunch break may not be the process. when needed (this is NetSupport has done a great job with this version Besides giving you an elaborate inventory of your hardware and software of DNA.— assets, DNA also provides Internet and application metering. Chad Todd, MCSE: Messaging, MCSE: Security, is the co- breaking company policy, Application metering similar to assigning and author of MCSA/MCSE but someone who plays five reports on which applica- publishing applications with Managing and Maintaining a hours of pinball is definitely tions were used during the Group Policy). Windows Server 2003 Envi- crossing the line. day and how long each was You can include action ronment: Exam 70-290 Study DNA’s Internet metering used. DNA’s application parameters in the package Guide & DVD Training Sys- reports on Web sites visited metering function also lets to automatically answer any tem (Syngress Publishing). He’s with a particular machine. you restrict which applica- user prompts required dur- the co-owner of Training Con- Although the Internet is tions can be used. You can ing installation. This lets cepts, which specializes in Win- required for a lot of busi- block an application all of you deploy software pack- dows, Exchange, ISA and Cisco nesses, employees can waste the time or only during ages without requiring any training and consulting. Reach a lot of time surfing; DNA certain times. For example, user intervention. him at [email protected].

18 | August 2005 | Redmond | redmondmag.com | 0805red_ProdRev15-20.v8 7/14/05 4:01 PM Page 19

ProductReview Administration En Masse User Manager Pro helps you keep tabs on your admin tasks.

User Manager Pro $499 for five seats ($19 for each seat after five) Lieberman Software Corp. 800-829-6263 www.liebsoft.com

BY RICK A. BUTLER those who love the Ask a hundred IT magi convenience of a single what sort of wizardry they dashboard: User Manager use to get their jobs done Pro. So, enough talk of and you will undoubtedly magi and spells. Let’s talk get a hundred different about the tool. answers. Most of those same administrators Jump in to Setup probably have countless You can get User Manager spells and incantations at Pro set up very quickly. Install their disposal to handle the software on a server and everything from mass begin a discovery—whether Figure 1. User Manager Pro gives you a single dashboard from which to manage your systems. password changes to you run that through AD or importing and exporting NetBIOS—and pull in your not correspond to how you track down in a sea of data in Active Directory machine list. have your network laid out, cubicles and computers. by the way. You’re not User Manager Pro’s strength comes from its bound to your physical net- Reporting and Add-Ons ability to slice up administration tasks based work topology for adminis- User Manager Pro also trative processes. Once you has some great reporting on the groups of machines you have defined define your groups, you can capabilities. Two of the with the tool. begin managing them en reporting features I liked masse as you need to. were file reporting, where to aligning policies on a You select the nodes from Ever lose a machine? You you could locate versioned thousand or more machines the list that corresponds to know it’s on the network files all across your man- at once. the number of licenses you and you can talk to it, aged group, and automating Personally, I’m the type have, and you’re ready to but you have no earthly reports through the tool’s of admin who likes a tool- go. There are no client idea where it is physically scheduling capability. box full of single-use tools components or agents to located in the building. and scripts for my day-to- install on the machines (You mean I’m the only one REDMONDRATING day work. There are other you’re going to manage. on the planet to ever lose a Documentation: 20% ____ 8 administrators who prefer machine? Right.) Installation 20% ______9 ______the monolithic approach. Go with the Groups One feature of User Feature Set: 20% 7 Performance: 20%______8 They’d rather have one User Manager Pro’s Manager Pro that I Management: 20% ______7 tool and one interface to strength comes from its especially liked was physical help them do all their ability to slice up adminis- identification. Simply Overall Rating: 7.8 day-to-day administration tration tasks based on the turn it on and the machine ______tasks from one über station. groups of machines you will sing you a little tune Key: 1: Virtually inoperable or nonexistent Lieberman Software Corp. have defined with the tool. through its PC speaker, 5: Average, performs adequately 10: Exceptional has just the solution for Those groups may or may making it a lot easier to

| redmondmag.com | Redmond | August 2005 | 19 0805red_ProdRev15-20.v8 7/14/05 4:01 PM Page 20

ProductReview

User Manager Pro has you can really see what this (For all you script hounds script. That makes some- an add-on feature called versatile tool can do. out there, and you know who thing like User Manager the Random Password you are, you should all be Pro even more attractive. It Generator that helps you Something About familiar with Dr. Scripto. If simplifies complex processes, generate and apply unique Scripting not, stop by Microsoft’s which can also help you passwords. You could use Realistically, there is little TechNet Script Center standardize those processes. this, for example, to lock that this product can do that where the good doctor will In short, Lieberman down all your local admin a nice collection of VBS be roaming about: http:// Software’s User Manager microsoft.com/technet/ Pro is a pretty powerful tool [User Manager Pro] simplifies complex scriptcenter/default.mspx.) for those looking for a processes, which can also help you standardize However, not every admin monolithic administration has the time and the control station. Functionally, those processes. inclination to become a there isn’t much to this tool scripting mage. That means that couldn’t get done accounts. This is nice scripts couldn’t get done. if you need to get things through some good solid because it mitigates risk of In fact, you can change all done en masse, a tool like scripting, but having it all exposure though a compro- the Local Administrator User Manager Pro is a right in front of you makes mised password, which is a passwords for all machines tremendous help. What if, life that much simpler.— feat in of itself when your in an Organizational Unit for example, you had to password is something like with just six lines of Visual slice up an OU or weren’t Rick A. Butler, MCSE+I, 7d#45!1Be89. Basic code. You can batch allowed to monkey with is the Director of Information I did find the interface for script changes to any Group Policy Objects for Services for the United States User Manager Pro a bit number of machines and the domain? Scripting Hang Gliding Association. tough and chewy at first. orchestrate your changes will still work, but it will You can hit him up at It’s not particularly elegant, in ways limited only by be much harder to define [email protected] but once you get past that, your imagination. the common element in the once he lands.

Continued from page 16 operating systems. You not know is that many Machine Software for One fact of life—and a would run them contained VMware Workstation 4.5 the Technical Professional.” minor caveat—with within older guest operating owners are eligible for a free The new features VMware Workstation 5.0 is that systems. For that task, upgrade. And who wouldn’t has added to version 5.0 the guests have a slightly dif- VMware has always want to do that? certainly support that ferent format than those in performed exceptionally billing. VMware Worksta- Workstation 4.5. In other well. If that’s all you’re The Final Vote tion 5.0 is a rising superstar words, guests created on doing—using VMware to VMware Workstation has in the virtualization world, Workstation 5.0 aren’t support a legacy NT 4.0 or evolved beyond its originally and the one to beat on the compatible with Workstation road to virtual stardom.— 4.5 (or GSX Server 3.2) VMware Workstation has evolved beyond its unless you create the guest in Jeremy Moskowitz, MCSE, “legacy mode.” Then, of originally conceived use. MCSA, founder of Moskowitz course, you won’t have access Inc. (Moskowitz-inc.com), is to all the snazzy new features. Windows 95 application on conceived use. It isn’t just an an independent consultant Overall, though, considering an end user’s machine— application compatibility and trainer for Windows its new and enhanced fea- there might not be any tool for end users’ desktops technologies. He runs GPO- tures, VMware’s performance immediate benefit to anymore. It is hands down answers.com, a community in this round outshines its upgrade to the new version. the best tool for performing forum to answer tough Group previous performances. This is where Simon live presentations, testing Policy questions. His latest book shrugs his shoulders and software compatibility issues is Group Policy, Profiles, and What Simon Would Say thinks out loud, “Well, I or running multiple (and IntelliMirror for Windows The original reason to knew you could do that. A different) operating systems 2003, Windows XP, and use VMware was to run solid performance as always, for any reason. Windows 2000 (Sybex). applications that had com- but what else would I VMware bills Workstation You can contact him at patibility issues with modern expect?” What Simon may 5.0 as “Powerful Virtual [email protected].

20 | August 2005 | Redmond | redmondmag.com | Project2DESKTOP3TANDARD?2EDM%&PDF 6/7/05 11:12 AM Page 1 0-

,%!34 02)6),%'% #/-0,)!.#% )3 ./7 ). 9/52 (!.$3

)NTODAYSCORPORATEENVIRONMENT ITSNOTANOPTION$ESKTOP3TANDARDS'ROUP0OLICYSOLUTIONS TAKEYOUBEYONDBUILT IN7INDOWSSECURITYMANAGEMENT GIVINGYOUTHEPOWERTOLIMITRIGHTSANDPRIVILEGESTO THELEASTREQUIREDFORAUTHORIZEDTASKS2EDUCETHECOMPLEXITYOFMANAGINGYOURDISTRIBUTEDDESKTOPENVIRON MENTWHILEINCREASINGSECURITYANDCOMPLIANCE&INDOUTHOWATWWWDESKTOPSTANDARDCOM

DESKTOPSTANDARD» 'HVNWRS6WDQGDUG&RUSRUDWLRQ$OOULJKWVUHVHUYHG MANAGEWITHSTANDARDS Project1 4/4/05 10:45 AM Page 1

7 i ÃÞÃÌiÃ }} `Ü`Ü]] µÕVÞ LÕViLÕVi L>Vt

,iVÛiÀ Õ« Ì £ää¯ v ÞÕÀ VÀÌV> `>Ì> Õ« Ì ä¯ v>ÃÌiÀ ÜÌ 7 ,iVÛiÀÞ >>}iÀ Ó°ä°

7Ì iÜ ,iVÛiÀÞ >>}iÀÁ Ó°ä] }iÌÌ} ÞÕÀ ÃÞÃÌiÃ >` `>Ì> L>V Ã v>ÃÌiÀ >` i>ÃiÀ Ì > iÛiÀt ,iVÛiÀÞ >>}iÀ Ó°ä iÝÌi`Ã «ÜiÀvÕ ,iVÛiÀÞ *ÌÒ «ÀÌiVÌ LiÞ` Ì i «iÀ>Ì} ÃÞÃÌi Ì «ÀÌiVÌ «ÀiVÃiÞ Ì i wiÃ ÞÕ V Ãi ÞÕÀ ÃÃVÀÌV> ÃiÀÛiÀÃ] `iÃÌ«Ã] >` ÌiLÃ° 7 i > ÃÞÃÌi LiViÃ ÕLÌ>Li À ÕÃÌ>Li] Ã«Þ À Ì L>V Ì > Ü }` ÃÌ>Ìi° 9Õ½ ÀiÃÌÀi Ì i ÃÞÃÌi Ì «iÀviVÌ i>Ì Õ« Ì ä¯ v>ÃÌiÀ Ì > ÜÌ VÛiÌ> iÌ `Ã] ÜÌ ÕÌ Ã} À ÛiÀÜÀÌ} >Þ Û>Õ>Li `>Ì>° 9Õ V> ÀiÃÌÀi i ÃÞÃÌi >Ì > Ìi] À Ì ÕÃ>`Ã v ÃÞÃÌiÃ ÃÕÌ>iÕÃÞ] vÀ > ViÌÀ>] ÀiÌi V>Ì° / >Ì «ÀÌiVÌ iÝÌi`Ã Ì Li V«ÕÌiÀÃ iÛi Ü i Ì iÞ >Ài `ÃViVÌi` vÀ Ì i iÌÜÀ] LiV>ÕÃi Ì i iÜ ->ÀÌÝ 7â>À`Ò >ÜÃ Li ÕÃiÀÃ Ì µÕVÞ >` i>ÃÞ ÀiVÛiÀ Ì iÀ Ü ÃÞÃÌiÃ Ì i wi`° 7 i ÃÞÃÌiÃ v>] LÀ} Ì i L>V ÀiVÀ` Ìi ÜÌ ,iVÛiÀÞ >>}iÀ Ó°ä°

,i«>À° 7HATS .EW IN 7INTERNALS 2ECOVERY -ANAGER "ROADER RECOVERY CAPABILITIES ,iVÛiÀ° s 0ROTECTION FOR MORE THAN THE /3 s 2ECOVERY 3ETS NOW FOR SYSTEM FILES PROGRAM FILES USER SETTINGS AND USER DATA VViiÀ>Ìi° &LEXIBILITY IN PROTECTION WITH CUSTOM 2ECOVERY 3ETS s 5SING THE NEW 2ECOVERY 3ET %DITOR ADMINISTRATORS CAN DEFINE CUSTOM 2ECOVERY 3ETS TO INCLUDE OR EXCLUDE FILES DIRECTORIES FILE EXTENSIONS REGISTRY KEYS AND VALUES

4RUE NETWORK FLEXIBILITY s 2ECOVERY -ANAGER PROVIDES COVERAGE FOR ANY SYSTEM THAT CAN BE REACHED BY 4#0)0

2ECOVERY PROTECTION AND SELF SERVICE FOR MOBILE 0#S s 2ECOVERY 0OINTS CREATED EVEN WHEN NOT CONNECTED TO THE NETWORK AND STORED LOCALLY ON THE MOBILE 0# s 3YSTEM ADMINISTRATOR CAN ENABLE SELF SERVICE RECOVERY FOR MOBILE 0# USERS FROM THEIR LOCAL 2ECOVERY 0OINT AND SELF HELP FOR LOST FILES

!DVANCED MANAGEABILITY s 3MART"IND© PROVIDES THE ABILITY TO BIND AN !CTIVE $IRECTORY NODE TO A 2ECOVERY 0OINT SCHEDULE s 2ECOVERY -ANAGER NOTIFIES SYSTEM ADMINISTRATORS BY EMAIL OF KEY EVENTS IMPACTING COMPLETION OF 2ECOVERY 0OINTS

%NHANCED SECURITY s 2ECOVERY -ANAGER ENCRYPTS DATA MOVED ACROSS THE NETWORK BETWEEN 2ECOVERY -ANAGER HOSTS AGENTS AND BOOT CLIENTS

-IGRATION 7IZARD TO FACILITATE MIGRATING FROM 2ECOVERY -ANAGER TO 2ECOVERY -ANAGER

i>À Àit £nää{änn{£x ÜÜÜ°ÜÌiÀ>Ã°V

¥7INTERNALS3OFTWARE,07INTERNALSAND7INTERNALS2ECOVERY-ANAGERAREREGISTEREDTRADEMARKSOF7INTERNALS3OFTWARE,0 2ECOVERY0OINT 3MART&IX7IZARD AND3MART"INDARETRADEMARKSOF7INTERNALS3OFTWARE,0 !CTIVE$IRECTORYISAREGISTERED TRADEMARKOF-ICROSOFT#ORPORATIONINTHE53ANDOROTHERCOUNTRIES 0805red_BetaMan23-24.v4 7/14/05 3:15 PM Page 23

BetaMan Don Jones At Long Last: SQL Server 2005

t appears that the long wait for SQL Server 2005—the tool, effectively replacing Query Analyzer as a standalone utility. successor to Microsoft’s renowned SQL Server 2000— The fact that queries can now co-exist will be well worth it. SQL 2005 promises to be a with administrative information in indi- I vidual tabs (see Figure 2, p. 24) is a huge polished, powerful product with significant new features improvement. The team behind Man- agement Studio has done a bang-up job. that directly address the growing maturity of Microsoft Another major change is that SQL 2005 now includes the .NET Common database administrators and developers. Language Runtime (CLR) as a core SQL 2005 also breaks new ground As the name implies, the Workgroup with respect to Microsoft’s typical Edition is intended for small depart- product testing and release cycles. After ments and workgroups. It increases two beta cycles, Microsoft skipped Beta processor support to two, pushes the 3 and may not put out a Release Candi- RAM limit to 3GB (all that Windows date of SQL 2005. The database is with AWE memory extensions will instead progressing through a series of support) and removes the database size Community Technology Previews restrictions. However, SQL 2005 (CTPs). The June 2005 CTP at Workgroup will only be released for TechEd was the first time Microsoft 32-bit Windows. Standard Edition sup- made a preview available to the general ports four processors, has no memory public. The company also formally or database limits, and will be released announced an early-November final in both 32-bit and x64 editions. Figure 1. SQL Server 2005 will sport a release for SQL 2005. I wonder how The Enterprise Edition adds parallel tabbed interface and a built-in query tool. many marketing folks Microsoft had to indexing and partitioning capabilities sedate to keep them from renaming it and removes the processor limit. It’s part of the SQL Server engine. This SQL Server 2006. intended to run on Enterprise Editions means you can write SQL Server of Windows, although that’s not a objects—like triggers and stored SQL Server 2005 requirement. Enterprise also adds procedures—in managed .NET (code-named Yukon) online indexing, online page and file languages like VB.NET and C++, Version Reviewed: Beta (during the restoration and faster database avail- in addition to SQL Server’s native June CTP) ability during recovery scenarios. Both Transact-SQL (T-SQL) language. In Current Status: Beta the Standard and Enterprise editions fact, Microsoft developed SQL 2005, support database mirroring and failover version 2.0 of the .NET Framework and Expected Release: Week of Nov. 7, 2005 clustering for high availability. Visual Studio 2005 in parallel with mas- SQL 2005 Standard and Enterprise sive interaction between the respective editions run on all server editions of development teams. They’re practically Windows 2000 or later with the three aspects of one über-product. Under the Hood exception of Windows Server 2003 There will be quite a range of differ- Web Edition. (For full details see Administrative Assets ent editions of SQL 2005: Express, http://microsoft.com/sql/evaluation/ From an administrator’s perspective, Workgroup, Standard and Enterprise sysreqs/2005/default.mspx.) SQL 2005 rocks. Database mirroring— (plus evaluation editions, a developer SQL 2005 makes a great first a new quasi-replication feature—is edition and select others). The impression (see Figure 1). The new Express Edition replaces the old SQL Server Management Studio is a BETAMAN’S ROUTINE DISCLAIMER Microsoft Database Engine (MSDE). welcome evolution of the old SQL The software described here is incomplete It supports one CPU, 1GB of RAM, Enterprise Manager console. It has a and still under development; expect it to change before its final release—and hope it 4GB databases and there’s no native tabbed interface (now why can’t Internet changes for the better. 64-bit edition. Explorer get that?) and a built-in query

| redmondmag.com | Redmond | August 2005 | 23 0805red_BetaMan23-24.v4 7/14/05 3:15 PM Page 24

BetaMan

intended to keep a “hot spare” server rebuild, create and drop indexes without the server, they can take a more ready to go. In fact, it works a lot like taking the table being indexed offline. end-to-end approach. RAID disk mirroring, with the “mirror” You can also perform restore operations In the past, many companies had to database continuously updated and online, which improves availability of employ client developers as well as spe- ready to step in should the principal SQL Server. Only the data actually being cific database developers. SQL 2005 fail. It’s like clustering in several ways, restored is unavailable. brings those two roles much closer together. The insanely tight integration with Visual Studio 2005, which will launch simultaneously with the database, makes SQL 2005 a full development environment. It will truly make developers more productive. SQL 2005 offers significant, demon- strable performance improvements across the board, coupled with major improvements in manageability, availability and scalability. The new editions, particularly the small business- or departmental-friendly Workgroup Edi- tion, will make SQL 2005 accessible to a much broader range of businesses. Throw in the vastly improved development environment created by the tight integration with Visual Studio 2005 and you’d have a tough time finding reasons not to move to SQL 2005. Microsoft has had a long time to look at how SQL Figure 2. Queries and administrative information can now co-exist in individual tabs. 2000 was used in businesses of all sizes, and they’ve clearly applied some of those but is configured per-database, mean- Security also had a big overhaul in lessons to the design of SQL 2005. ing each database could potentially SQL 2005. SQL Server logins now Cost will probably be the biggest hur- have a different mirror server, or that have password policies—a feature dle to deploying SQL 2005. Most organ- one “hot spare” could act as a mirror conspicuously absent from earlier izations that purchased SQL 2000 with for multiple “principal” servers. It still versions. You can make permissions more Software Assurance (see “SA Exposed,” supports regular Windows Cluster granular, and specify an independent set Redmond, April 2005) did so years ago, Service as well, but database mirroring of credentials for any given database and won’t be getting a new version for actually provides a redundant copy of module. SQL 2005 also supports native free as they probably expected. the data, which Cluster Service does in-database encryption, making it easier Pricing aside, there’s no good reason not (as Cluster Service protects against to protect sensitive data from physical not to get SQL 2005 up and running hardware failures—not data failures). attacks against the database files them- very soon. While the lion’s share of new Another nice touch is that SQL 2005 selves. Client/server communications are features and improvements is targeted provides a dedicated administrative encrypted by default, and you can set the toward developers, administrators have connection, ensuring that you can always server’s policies to reject unencrypted definitely not been left out in the cold. connect to the server—even if SQL communications. Server Agent has snatched up the only Don Jones is a contributing editor for available connection on a recovering, The Integration Advantage Redmond magazine and the founder single-connection server (a common Microsoft’s big competitive advantage of ScriptingAnswers.com, a Web site for scenario). This special connection is right now is the integration of automating Windows administration. available only through the SQLCMD the .NET CLR within the SQL His most recent book is Managing command-line utility, but you can use it 2005 engine. By letting developers Windows with VBScript and WMI at the server console or remotely. Speak- work within a single managed (Addison-Wesley). Reach him ing of recovery, SQL 2005 now lets you language from the client through to at [email protected].

24 | August 2005 | Redmond | redmondmag.com | 0805red_YourTurn_25-26.v7 7/14/05 3:30 PM Page 25

Redmond’s readers test YourTurn drive the latest products. LCS 2005: Business-Grade Messaging with All the Extras Microsoft’s IM environment has matured into an enterprise-class tool, but it packs in more features than most users really need.

BY STEVE ULFELDER mond weren’t bashful about dropping had [it] up and running in about four The speed and convenience of instant hints that integration would be a pri- weeks, and that’s including testing.” messaging (IM) has been irresistible mary focus of the next release. At the other end of the installation for business users. For years, they’ve As expected, you can weave LCS 2005 spectrum is Jason Griffith, a network used it to keep in constant contact deeply into Office. This is both a blessing administrator at the West Virginia with remote colleagues, but they’ve and a curse—it brings additional func- Department of Agriculture. With stirred up a hornet’s nest for their tionality, but also potential installation palpable frustration, Griffith says, “I employers in the process. and administration headaches. Besides have been a beta tester for Istanbul [the The unregulated flow of data and the constant threat of spyware and adware We tried to push a project forward to help invasions with consumer-oriented IM services like Microsoft, AOL and collaboration between our teams on the Yahoo! give nightmares to network call center floor. administrators and security managers. J. Casalino, Senior Network Engineer, Select Portfolio Servicing So IT pros were intrigued when a flock of corporate-grade IM products basic IM, LCS 2005 supports peer-to- Microsoft code name for LCS 2005]. I hit the market a couple of years ago. peer audio, video, application-sharing wanted to install the address book Among them was Microsoft’s Live and data collaboration. If Redmond service. It won’t install—it gives an Communications Server (LCS) 2003. readers’ use is any indication, most ‘RPC server unavailable [message].’” LCS 2003 was a major step in the right businesses are focusing on fine-tuning While he did eventually complete the direction over Exchange IM, adding basic internal IM practices and proce- installation, Griffith chafes at what he must-have features like encryption, dures, and taking their time to implement views as a dearth of documentation and LCS 2005’s more advanced features. resources to help administrators get Microsoft Live Communications LCS up and running. Server 2005 Up in an Instant—Mostly See “LCS 2005 a la Carte” for pricing Readers’ opinions vary widely on how Are You There? Microsoft Corp. easy it is to get LCS 2005 up and run- Any potential installation issues aside, ning. “The installation was very easy,” LCS 2005’s advanced features have 800-426-9400 says Brian Monroe, a network systems been well received—with Presence www.microsoft.com engineer at Maumee, Ohio-based Control winning especially high Therma-Tru Corp., which has about 600 marks. “When you IM someone, you users. Monroe recently upgraded his can see if that person is actually avail- optional archiving and logging and company from LCS 2003 to LCS 2005. able to respond or if they’re in a meet- standards-based protocols. Monroe believes one reason for the fast ing,” says Christopher Hollenbeck, However, many felt the product’s big install is because Therma-Tru also runs messaging administrator at Belcan payoff would come when Microsoft Microsoft’s Systems Management Server Corp., a Cincinnati IT engineering made it more tightly integrated with 2003, which helped him push out the and staffing firm. both Windows Server 2003 and the client components. “LCS 2005 was easy Hollenbeck also appreciates the sup- Office 2003 suite. The folks in Red- to get up on the client side,” he says. “We port for multiple message types, like

| redmondmag.com | Redmond | August 2005 | 25 0805red_YourTurn_25-26.v7 7/14/05 3:30 PM Page 26

YourTurn We use Presence Control in a variety of Microsoft Office applications. audio, video and text. “The voice chat features. Some of that is likely due to feature is a bonus,” he adds. the overall skepticism among IT pros Andrew Barrett, Security Engineer, Like Hollenbeck, Andrew Barrett, an and users over what some still view as a U.S. Department of Agriculture’s Risk information security engineer for the productivity-draining chat toy. Management Agency U.S. Department of Agriculture’s Risk “We tried to push a project forward to Management Agency, says Presence help collaboration between our teams definite bonus,” says Hollenbeck. “The Control has won many converts. “We on the call center floor,” says J. Casali- presence feature has been well worth use that feature in a variety of Microsoft no, a senior network engineer at Salt the switch.” Belcan previously used the Office applications, including Project, Lake City, Utah-based Select Portfolio Jabber IM service. Outlook, Word, Excel and SharePoint,” Servicing. “But the managers pushed he says. “We’re very happy with how it back, complaining that … employees Sticking with LCS 2003—for Now connects our organization.” were wasting time on IM. In fact, some As a practical matter, companies tend to Another of LCS 2005’s more intriguing of the managers went so far as to ask stick with tried-and-true applications features is public IM connectivity. This our help desk to physically uninstall the until they have clearly outlived their licensed service offers a single client that IM client from workstations.” usefulness—long after vendors would like connects your internal LCS users with Were the workers at Casalino’s them to migrate to the hot new releases. outside users of the Big Three consumer company truly wasting time instant That’s certainly the case with LCS 2005. IM services—MSN Messenger, AOL messaging with LCS 2005? He doesn’t Several Redmond readers eventually IM and Yahoo! Messenger. You need believe any of his managers plan to move from the 2003 Service Pack 1 and a separate license quantified that, nor did they Log on to release to LCS 2005, but to use this feature, but public IM have any anecdotal evidence Redmondmag.com they’re certainly in no hurry. to read more about connectivity appeals to many network to support their misgivings. deploying and ASG, a Naples, Fla., software and security managers because it “I think 85 percent of it was using LCS 2005. and services firm, investigated encrypts data, reduces the number of [managers’ own discomfort] FindIT code: an upgrade to LCS 2005, but clients on the desktop and can log and with the technology. Chat- LCSExtras “put it on hold,” says Manager archive IM sessions. ting is regarded by the of Network Services Tyler general public as a social tool rather Bonyman. He says the primary reason for Keeping It Real than a business tool,” he says. “So we wait the planned upgrade was remote security. Most companies are just using LCS and continue allowing one-liner e-mails Previously, ASG had no way to encrypt 2005 for straightforward IM, and not to flow through the overburdened and secure laptop users’ IM sessions. delving too deeply into its advanced e-mail system.” The company recently solved that Belcan is gradually prob- problem when it rolled out Microsoft’s I really found this to be a great tool for our ing some of LCS 2005’s Internet Security and Acceleration Server more advanced capabili- 2004, says Bonyman. “With ISA, we company. It’s reduced phone calls … and ties. “The ability to inte- require our own private certificate,” he e-mails users send for quick questions. grate application control says. “We put it on the laptops. Then Brian Monroe, Network Systems Engineer, Therma-Tru Corp. and white-boarding … is a [remote] users just authenticate when they log on. That sends them to the LCS 2003 server and encrypts [IM] traffic.” Many readers express relief at having LCS 2005 a la Carte enterprise-grade IM that nestles so easi- ive Communications Server Standard Edition is priced at $787 per server ly into Office and the rest of their exist- plus $31 per seat, and uses the Microsoft Data Engine, the company’s no- ing Microsoft infrastructure. The L cost database manager. It supports up to 15,000 users (that’s 50 percent bottom line on LCS 2005, according to more than LCS 2003) and can only be used in a single-server configuration. most Redmond readers, seems to be, LCS 2005 Enterprise Edition, which costs $3,154 per server plus $31 per “Thanks for giving us secure IM. We’ll seat, necessitates SQL Server 2000. This high-level edition supports up to check out the other zillion features 100,000 users, and can be deployed in two-tier, multiple-server configurations. when we get around to it.”— Live Communications Server 2005 Service Pack 1 is a free update that lets users connect with other public IM services (under a separate license); provides better Steve Ulfelder is a freelance technology and defenses against IM spam; adds support for Microsoft Communicator 2005; and automotive writer. You can reach him at provides additional application programming interface “hooks.” — S.U. [email protected].

26 | August 2005 | Redmond | redmondmag.com | Project1 6/2/05 1:01 PM Page 1 0805red_Roundup28-33.v6 7/14/05 5:11 PM Page 28 RedmondRoundup Write the Perfect Script Need to go deep and seize control of your Windows systems? One of these tools can help you perfect the art of scripting.

BY BILL BOSWELL The scripting environments included to generate code for accessing a data- At some point in your career, you’ll in this roundup all support one or both base and AdminScriptEditor has a grow impatient with fancy graphic of the native Windows script inter- feature for generating Access and SQL interfaces and yearn to take more con- preters—VBScript and JScript. This Server database connection code. trol of your systems. You’ve heard how means we did not include tools like • All the editors let you edit multiple scripts can unlock your computer’s Komodo from ActiveState. If you write files at once, but only AdminScriptEdi- secrets. So you open Notepad and scripts using Perl, Python, PHP, Ruby tor, PrimalScript and OnScript support type—Wscript.Echo “Hello World!” or Tcl, you might want to consider split-screen editing of the same file. Pri- Double-click the file in Explorer, and Komodo as well. malScript and OnScript support a single you’re rewarded with the popup in split and ASE supports a four-way split. Figure 1. Suddenly, you’re a scripter. Code Warrior • Code re-usability is a great conven- Before you know it, you’re scouring A script editor’s features generally fall ience. OnScript, AdminScriptEditor and newsgroups for sample scripts and into four discrete categories—editing PrimalScript let you browse through a searching for help on syntax and func- aids, coding aids, debugging aids and dis- library of code snippets and inject them tions. You’re subscribing to RSS feeds tribution aids. When it comes to compar- into the current script. ASE provides for every scripting Web site and blog ing usability, a simple list of features can’t extensible wizards for injecting code to you can find. Most importantly, you access Registry keys, Active Directory Figure 1. Just by realize Notepad is a pathetic tool for typing a simple objects and so on. PrimalScript Profes- doing serious scripts. message into sional can compare two files and show If you tend to keep your scripts short Notepad, you’ve you the differences, a nifty way to find entered the world and you don’t want to spend much of scripting. glitches in similar scripts. money, you might be satisfied with a sim- • If you share responsibility for updating ple script editor like Notepad (see side- tell the whole story, though. Here are a scripts, you’ll like the way PrimalScript bar, “Simple Script Editors”). To be truly few examples of how these four compare: integrates into SourceSafe, Microsoft’s productive writing large or complex • All of the editors let you comment on version control developer utility, so you scripts, though, you’ll need an editor that blocks of text with a toolbar button, but can enforce version control. provides a complete scripting environ- only AdminScriptEditor (ASE) puts this • AdminScriptEditor can save scripts in ment. You’ll pay a few extra bucks,but the feature in a properties menu. HTML format so you can post the code savings in time and frustration and the • AdminScriptEditor and PrimalScript on a Web site while retaining syntax level of control you’ll have over your let you use “code folding,” a technique coloring. ASE also lets you constrain Windows systems make this an excellent for collapsing regions of code so you the editor window to a given number of investment. An integrated scripting envi- can focus on one section at a time. columns, which helps avoid word wraps ronment provides an array of features OnScript takes a different approach by when cutting and pasting lines. designed to simplify the development offering an Outliner that displays the • PrimalScript can record, play and and testing administrative scripts. names of functions and subroutines, but store macros, as well as assign macros to For this roundup, we considered four not arbitrary regions of code. specific keys. of the leading scripting environments: • AdminScriptEditor and PrimalScript The list of small but significant differ- • AdminScriptEditor 2.2 Pro Professional edition have wizards to ences goes on and on. Keep in mind • OnScript 1.1 simplify creating Active Directory that this is a highly competitive market. • PrimalScript 4.0 Services Interface (ADSI) code. If a product lacks a particular feature, • VbsEdit/JsEdit 2.0 PrimalScript Pro has a database browser you can bet it will be included in the

28 | August 2005 | Redmond | redmondmag.com | 0805red_Roundup28-33.v6 7/14/05 5:11 PM Page 29

next version. Here’s a more detailed look at some of the functional categories you’ll find in all four of the scripting environments reviewed here.

Debugging Support As you write longer and more complex scripts, it will be harder to troubleshoot errors. At some point, you’ll want a debugger to help you figure out why a particular script won’t run correctly. AdminScriptEditor and OnScript use Microsoft’s Script Debugger, which lets Figure 2. PrimalScript’s integrated debugger streamlines the process. VbsEdit also 1: Virtually inoperable In this or nonexistent has an integrated debugging tool. Roundup 5: Average, performs REDMONDRATING adequately 10: Exceptional you set breakpoints and step through the code one line at a time. OnScript opens OVERALL RATING the debugger, then jumps right to the AdminScriptEditor 2.2 offending line that’s causing the error. Documentation 10%

Feature Set 40% $99 for single license, $75 per Debugging 20% Value Adds 10% PrimalScript and VbsEdit have inte- Interface 20% license for 10 licenses, $2,499 grated debuggers (see Figure 2) that for unlimited license make troubleshooting a more seamless iTripoli Inc. experience. Both editors display the 866-263-0774 values assigned to variables during 99989 8.8 debugging, but only PrimalScript lets www.itripoli.com you view the variable values while you step through the code. PrimalScript 4.0 $169 for Standard Edition Language Support $249 for Professional Edition As the names imply, Adersoft’s VbsEdit $329 for Enterprise Edition and JsEdit are limited to editing files in SAPIEN Technologies Inc. their respective languages. The remain- 707-252-8700 ing editors support a variety of file 88898 8.2 types, including XML, CSS, INI and www.sapien.com batch files. PrimalScript has the broadest language OnScript 1.1 support. In addition to the languages $75 for Desktop Edition mentioned above, it supports Macrome- $150 for Network Edition dia Flash ActionScript, an array of Web XLnow files and many programming languages and frameworks like .NET. 41-32-637-0271 77777 7.0 OnScript supports HTA files, which www.onscript.com is a common way to put a graphical interface on a script. It also supports VbsEdit/Jsedit 2.0 Perlscript and Pythonscript. $30 for single license AdminScriptEditor focuses on VB- Adersoft Script, KiXtart and AutoIT, but plans to support HTML and ASP files (including 33-14-028-4249 HTA) in its next major release. 46566 www.adersoft.com 5.4 KixTart is a scripting language developed by Ruud van Velsen that has wide com-

| redmondmag.com | Redmond | August 2005 | 29 0805red_Roundup28-33.v6 7/14/05 5:11 PM Page 30

RedmondRoundup

munity support. (In fact, AdminScript- Editor began life as a KiXtart editor.) AutoIT is a specialized language designed to simplify GUI-based programming for large numbers of machines.

Context-Sensitive Help All of these scripting environments have online help, except for VbsEdit. Where you’ll really need the help is fig- Figure 4. The popup syntax help in VbsEdit. A similar feature is available in all the scripting uring out how to use the functions in a environments included in this roundup. particular scripting language, how to use the properties and methods in class, which limits the usefulness of its IntelliSense, and comes into play when automation objects accessed by a script, popup help. VbsEdit’s help items pro- you create a COM object, then use it and how to wring the most functionality vide the most information, including later in the script. The editor displays a out of major scripting interfaces like not only the syntax, but the purpose of menu of available methods and proper- ADSI and Windows Management the object class as well. ties for that particular COM object and Instrumentation (WMI). This is where lets you complete the code with a selec- you really get your money’s worth from COM Code Completion tion from the menu. an integrated scripting environment. There’s one feature that’s even more Because IntelliSense is trademarked, For example, all of the editors have inte- useful than syntax help—COM code AdminScriptEditor calls this feature grated help for VBScript. PrimalScript completion. This is patterned after a ScriptSense. PrimalScript calls it Pri- Microsoft trademarked term called malSense, and OnScript simply calls it Simple Script Editors Even serious scripters should pay attention to these simple script editors. They provide a quick and easy environment for making changes. Notepad2 This freeware Notepad replacement is small, fast, highly useful and comes with its own source code if you want to do any customization. The product is free, but donations to Amnesty International are requested.

Figure 3. You can get to special help for GVIM (Graphical VI iMproved) VBScript functions from the property menu in AdminScriptEditor. Even if you’ve never used VI, you’ll appreciate this tool’s amazing range of features and speed. Although the GVIM menus expose a wide variety of features, lets you search an “Information Nexus” the true power comes from a command-line interface that accepts a dizzying for help on a particular function. array of commands. You can extend those with a phalanx of add-ons contributed OnScript and VbsEdit have the Microsoft by a fanatical band of “vimmers.” GVIM is free, but if you want to support devel- VBScript 5.6 help file integrated into opment, a sponsorship costs 10 Euros. Donations to needy children in Uganda their editor, so all you need to do is press are also requested. F1 to open the Help file. AdminScriptEd- itor lets you right-click a VBScript func- Crimson Editor tion and choose a help feature, which If you want lots of features but prefer the functionality of a GUI-based editor, opens a window displaying the syntax and you’ll like Crimson Editor. Crimson Editor sports a handsome and useful editing giving examples (see Figure 3). window, extensive language support, a tabbed interface for editing multiple files, Each of the editors also has language- fast and simple macro recording, a fantastic array of text display tools and hotkey sensitive, popup-syntax help (see Figure support for every feature. Crimson Editor is freeware with a suggested sponsor- 4). This helps remind you of a function’s ship donation of $10 a year for personal use and $30 a year for professional use. required elements. OnScript doesn’t — B.B. fully expand the syntax of a selected

30 | August 2005 | Redmond | redmondmag.com | Project3 5/13/05 11:10 AM Page 1 NTAVO Thin Client Terminal NTAVOStart Your VirtualThin Office Client Weight Terminal Loss Program Start Your Virtual Office Weight Loss Program

75% Lower TCO Than Standard PCs Starting at $149

Secure thin client access to any application. NTA Virtual Office™ advanced thin-client terminals are ICA, RDP, and PXE capable and support server-centric computing in any enterprise environment. Access Windows, Linux, UNIX, and mainframe applications. No client applications to load and no hard drive to fail. More options at lower costs than competing products. Used by leading companies worldwide. From Devon IT.

Visit ntavo.com 1.888.524.9382 [email protected]

© 2004 Devon IT, Inc. NTA Virtual Office is a trademark of Devon IT, Inc. All other products and trademarks referred to are property of their respective owners. 0805red_Roundup28-33.v6 7/14/05 5:11 PM Page 32

RedmondRoundup

COM code completion. VbsEdit has no documentation and therefore doesn’t need to concern itself with trademark issues. Not all the COM code completion features are equal, though. Consid- er the following lines of VBScript code:

Dim objExcel, objWorkbook, objSheet1, objSheet2 Set objExcel = CreateObject ('Excel.Application") Set objWorkbook = objExcel.Workbooks.Add() Set objSheet1 = objWorkbook.

When you type the period in the final line, you’d want to see a menu of available methods and properties for the Workbooks class. Only VbsEdit and PrimalScript actually provide a menu. The other scripting tools should have this feature in their next release.

Object Type Library Browsing The real secret of power scripting is making good use of the vast array of automa- Figure 5. The Object Type Library browsers in PrimalScript (left) and tion objects in Windows. You can search OnScript (right). the Platform Software Developer’s Kit (SDK) to learn about these, but often the documentation doesn’t include truly use- use because it doesn’t sort the classes The Scripting Guys at Microsoft ful samples. And, of course, you won’t alphabetically and includes many class- provide a ScriptoMatic utility. This HTA learn about third-party automation es that aren’t useful for scripting. utility lets you select a WMI class and objects in the Platform SDK. OnScript has a nifty feature that lets inject code to display the properties of the Three of the editors (the odd guy out you insert sample code from a selected class for all instances on a target machine. is VbsEdit) have a feature that lets you object’s property listing. All of these editors have a similar browse the locally stored registered AdminScriptEditor simplifies the feature. OnScript straps ScriptoMatic automation objects and select properties process even more. You can load a onto its interface and lets you insert the and methods from a tree. For example, selected class in the viewer, then use a output code into an open file. let’s say you’re using ADSI in a script to Search feature to find a particular PrimalScript has a menu item for query Active Directory and display a property or method (see Figure 6, exploring WMI classes and injecting user’s last logoff time. You know that opposite page). This search feature enumeration code. VbsScript does ADSI uses the Active DS Type Library makes it easier to figure out which something similar with a toolbar menu. and that user attributes are stored in an properties of a selected class might be object class called IadsUser. You can use useful in a given script. a type library browser to view the prop- GetMoreOnline erties of the IadsUser class and find the WMI Scripting Take a gander at a detailed feature spelling and syntax for the LastLogoff You can’t really take advantage of the comparison chart and download some property (see Figure 5). power of scripting in a distributed free scripting tools. If you look closely, you’ll see that environment until you learn how to FindIT code: PerfScript although both editors have a tabbed access WMI from within your scripts. window to get at the type library WMI has a well-deserved reputation browser, PrimalScript is a bit harder to for being difficult to master. redmondmag.com

32 | August 2005 | Redmond | redmondmag.com | 0805red_Roundup28-33.v6 7/14/05 5:11 PM Page 33

RedmondRoundup

Win32_DiskDrive " & _ "WHERE Size > 60000000000")

For Each wmiObj In wmiColl WScript.Echo wmiObj.DeviceID WScript.Echo wmiObj.Manufacturer WScript.Echo wmiObj.MediaType WScript.Echo wmiObj.Partitions WScript.Echo wmiObj.Size Next

End Line The list of features for PrimalScript, OnScript, AdminScriptEditor and VbsEdit/JsEdit are quite similar, plus this is an extremely competitive market. So when you see a new feature in one, you can expect to see something similar in the others before long. AdminScriptEditor has a certain elegance about how it presents its features and options, from the simplified library browsing and WMI scripting to its context-sensitive help with examples. PrimalScript is right up there as well, with a thoughtfully conceived help search, extensive language support and an integrated debugging tool. OnScript has some handy troubleshooting and help features, including a slick outlining tool for examining scripts Figure 6. AdminScriptEditor’s Type Library Browser has a Search feature that helps you in process. It also integrates with look up properties by name or partial name. Microsoft’s debugging tool and brings you right to the troublesome line for AdminScriptEditor takes WMI sup- correction. VbsEdit features a helpful Figure 7. AdminScriptEditor’s WMI wizard port to the next level. You can not only integrated debugging tool. Both shows the property selection option. select a WMI class, you can select OnScript and VbsEdit integrate with the individual properties from within that Microsoft VBScript help file as well. to make your evaluation. All of these are class (see Figure 7). You can also set VbsEdit and JsEdit are limited to stable, solid products that deliver conditionals to limit what instances of working in their respective languages, considerable value.— the class will be included in the however, and lack context-sensitive help. output, such as specifying a minimum Each of the integrated scripting envi- Contributing Editor Bill Boswell, MCSE, freespace when listing disks. Here is a ronments covered here have trial down- recently joined Microsoft Consulting sample script inserted by the wizard: loads with generous evaluation periods. Services as a full-time consultant. He’s the Set wmiColl = Try each one for a while to see which author of Inside Windows Server 2003 GetObject("WinMgmts:root/cimv2") best fits your needs before evaluating and Learning Exchange Server 2003, ._ solely on budget or list of features. both from Addison Wesley. Contact him at ExecQuery("Select * FROM That’s the best and most accurate way [email protected].

| redmondmag.com | Redmond | August 2005 | 33 0805red_F1AllchinQA.v6 7/15/05 9:29 AM Page 34

Mr.Mr. WindoWindo w w

34 | August 2005 | Redmond | redmondmag.com | 0805red_F1AllchinQA.v6 7/15/05 9:29 AM Page 35

Jim Allchin, considered by many as the father of NT and the brains behind Longhorn, talks about the future of rich clients and why you should trust Microsoft to power your next PC. BY DOUG BARNEY

im Allchin, Microsoft’s group vice president of platforms, may be running a multi-billion dollar business, but at heart he freely admits, “I’m just a geek.” JReporting directly to CEO Steve Ballmer, Allchin is responsible for Windows client and server; the next-generation client and server, code- named Longhorn; and the entire Windows Server System. No wonder 7:30 a.m. to 7:30 p.m. is a typical Allchin office day. Allchin wasn’t always a geek. He was once a professional musician, though the professional part is debatable. Allchin says when his food stamps ran out, he’d eat Cheerios with no milk. But software was in his blood. He earned a Ph.D. in computer science and turned his attention to networking, serving as the principal architect for Banyan VINES. In his 15 years at Microsoft, Allchin has earned a reputation as a straight shooter who admits when Microsoft makes mistakes. But he’s also a fierce competitor who pushed the integration of IE with Windows 98 to thwart Netscape inroads, a move that earned Allchin a center seat at the U.S. government’s anti-trust case. Later, Allchin implied that open source was “un- American,” and was skewered repeatedly by Linux fans across the world. Today, Allchin is focused on quality. He avoids travel and prefers to spend “think days” in his lab looking at software. Ironically, that obsession with quality almost kept Allchin away from Redmond. Unimpressed with MS-DOS, early Windows and OS/2, it took him a year to agree to come to Microsoft. A Work in Progress Redmond: How will the new visualization and organization capabilities in Longhorn change the way end users interact with their computers? Is Microsoft copying the Mac in this regard? Allchin: Longhorn will make it easier for people to organize their information and data in ways that are much more visual and natural than today. Today people are just flooded with information and it’s so hard to sort through to find what’s really important and relevant to them. It’s not just the Web. It’s pictures, songs, docs, e-mails, spreadsheets and so forth. When you search for something today, you get a list of files, and you’re not sure if what you get back is really useful. One approach we are using is to visualize what is in a file or folder using the actual content within the files, instead of more static icons which just relate to the file type. It takes icons to a whole new level. For example, file icons become “snapshots” of the document and folders can visually show ows these snapshots even when a folder is not open, to help a user differentiate o ws the content. Instead of seeing the icon for Microsoft Word, you see the first page of the document. So the user gets instant visual cues about the information contained in the files.

PHOTO BY GEOFF MANASSE | redmondmag.com | Redmond | August 2005 | 35 0805red_F1AllchinQA.v6 7/15/05 9:29 AM Page 36

Mr. Windows Another issue deals with organization. Today you have Safe, Simple, Sexy one choice: folders. And unless you make multiple copies Redmond: What’s going to be the ‘I’ve gotta of the files (which creates a whole new set of issues), you have that!’ technology in Longhorn? can only have that file in one folder. Our solution is to cre- Allchin: I asked this question of some IT managers when I ate virtual folders and allow users to query for information was in New York last fall.And the answer had nothing to do based on content or attributes. with fancy features. They want security, reliability and easier So, in Longhorn we’re attempting to provide users help deployment. That was it. They said that would be enough for in addressing the information overload them. They wanted to save money. Our problem. When we add capabilities like No. 1 priority with Longhorn is nailing this, we look to our customers for what the fundamentals—security, reliability, they want and need and to our research deployment, migration and so on. group for innovative technologies that Consumers will of course benefit from can address those needs. It’s not about that in addition to businesses. I think looking at competitors. what consumers will love most about it is It’s important to note that Longhorn that it’s cool. I mean it’s really cool. It is still a work in progress. The first beta looks cool, it’s easier to use, more is due out this summer and will influ- powerful and we think there will be some ence many decisions about Beta 2, as cool new applications taking advantage well as the final product. of the new platform capabilities. We’re even working with hardware vendors on Redmond: I have a Windows XP making hardware not only work better laptop. There are a lot of ways but look sleeker and fit better into the that it’s infinitely better than the environment, whether that be the living Windows 98 desktop I ran six “Is there more code [in room, the office or in a mobile scenario. years ago. But sometimes it Longhorn]? Yes. But it is We talked about what we’re doing with hangs or drags in an inexplicable better code, it is better- data visualization, but in the end I think way that means it’s just as slow people will want Longhorn just for the as the old machine. How much organized code and it is quality of the fundamentals. Safe, simple potential is there for faster starts better-tested code.” and sexy. Just remember that. and better performance on the Longhorn client? Faith in Engineering Allchin: I’m obsessed with quality, which of course per- Redmond: In a survey done by our magazine, a formance is a big part of. I think we did a lot to improve large majority (about 70 percent) of respondents quality in Windows XP, and even more with Windows XP believe that the complexity of Microsoft’s SP2 and Windows Server 2003 SP1. I’m proud of the work operating systems makes them more vulnerable. we’ve done so far. But yes, we can do even better. With Is Longhorn going to add to or reduce the Longhorn we’re focusing obsessively on the fundamentals. complexity of the OS? Problems on XP could be us, but often it’s third-party Allchin: Complexity doesn’t have to mean more vulnera- code that prevents normal operation of the system in some bilities. In fact, I think the record is on our side even today way. My view is that we need to prevent this from happen- that we have fewer issued updates. And complexity doesn’t ing to the maximum degree possible. In Longhorn, this is a have to mean harder to use, either. In fact, a car today is key focus for us. We are creating isolation layers so that much more complex than the cars I drove when I grew applications cannot negatively affect the system the same up—yet they are much simpler to drive and safer! I believe way as before. the same is true with software. One thing I’ve wanted for a long time is ‘instant on.’ I do believe you have to continually improve your quality Longhorn will support S4 hardware, so the PC can go bar. Certainly, we are in the middle of doing a major re- into a very low power state so it seems off, and the engineering of our engineering ‘factory’ today. Engineering resume time is very fast—in most cases, one to two Excellence is like a religion now. Get it right the first time. seconds. In terms of other performance issues, we’re We asked a team from our research group to join Windows doing something called ‘SuperFetch,’ which means that that was focused, among other things, on automated testing Longhorn will keep track of the files and data most likely tools. People are good at testing, but computers are much to be accessed and store it in RAM rather than on slower faster and better at it. These tools don’t catch issues after the disks—even under heavy system loads. In addition, we’re fact; they catch problems in the code via source analysis, ensuring that disks are automatically optimized without a such as the buffer overruns that cause security vulnerabilities, user having to do anything. before they get checked into the source control system. All

36 | August 2005 | Redmond | redmondmag.com | Project6 2/15/05 11:46 AM Page 1

Fr: saying Microsoft Exchange will always be available

To: saying it with absolute confidence

EMC CAN HELP YOU IMPROVE CONTROL OF MICROSOFT EXCHANGE THROUGHOUT ITS ENTIRE LIFECYCLE. Our information storage and management solutions give you the power to improve the availability, efficiency, and flexibility of Microsoft Exchange, while reducing risks and costs. You gain an information infrastructure proven to work in the most demanding situations — from consolidation and e-mail archiving to Exchange 2003 upgrades. To learn more, visit www.EMC.com/microsoftsolutions. Or call 1-866-464-7381.

Find an authorized EMC Velocity2 Partner at www.EMC.com/velocity.

Mr. Windows

developers have to run a suite of automated tests and pass The 64-Bit Question them before they can add code. We call these quality gates. Redmond: How can 64-bit change the computing The results have been fantastic—we’re reducing the landscape? amount of time it takes to produce a test version of Win- Allchin: The shift to 64-bit is just huge. The shift from 16- dows by orders of magnitude, which speaks to the higher bit to 32-bit was huge. We had 10 years of 16-bit, 10-years quality of the code and how we’ve reduced interdependen- of 32-bit, and the next decade is going to be all about 64- cies between different parts of the system. bit. With the 16- to 32-bit shift we had some hiccups We have a group of architects, some of the best engineers around compatibility, moving from segmented memory in the world, working across the development team to spaces to linear address spaces, plus we had one UI for 16- strengthen the underlying architecture of the system. bit Windows and another for NT.The transition to 64-bit They’ve used tools from our research group to trace the will be much smoother, which may be why it’s not getting layers in the code. We can then move code around to dif- as much attention as the shift to 32-bits did. The 64-bit ferent modules, in effect componentizing the system, machines run 32-bit apps and generally they run them which makes development simpler. This type of isolation faster. At some point, all new machines will be 64-bit, first will make a big difference in terms of allowing us to focus on the server and then on the client. It’ll just happen. It’s our testing and find bugs like security vulnerabilities inevitable. In fact, we believe the transition to 64-bit will before they ever get into the main build. I truly believe happen faster than most people expect. We think x64 will we’re innovating the way software is built like no one else. see the fastest adoption of any new processor architecture. Is there more code [in Longhorn]? Yes. But it is better Once the machines are present I think you’ll see over the code, it is better-organized code and it is better-tested next decade lots of interesting uses of the additional address code. We’re more disciplined than we’ve ever been. space—not just on servers, but on the client as well.

Redmond: What’s the status of the WinFS project? Redmond: Windows Server 2003 is stable, Allchin: Work continues and we’re on track to deliver the secure and scalable. What new frontiers are there first beta of WinFS when we launch Longhorn. to explore? Allchin: Windows Server 2003 is a product I’m very proud of. We’re getting a great response to it from our enterprise “We clearly thought customers. One of my favorite features is role-based too small in the past. deployment, where we configure settings automatically How about a PC for based on whether it’s going to be a file/print server, an Exchange Server and so on. This really was just a begin- every person?” ning though. We’re going to go farther with this scenario- based approach. For example, we have the Small Business Redmond: Microsoft’s long-held vision has been Server now, and we’re working on a server for medium- a PC on every desk, which in the industrialized sized businesses. We’ll tailor administration to those com- world has largely been realized. How do you panies and the types of problems they need to solve. bring that vision to lesser-developed countries Another big focus area is automation—super wicked intel- with far less income? ligence to make servers run themselves, self-diagnostic, Allchin: I could joke and say that you’re right … we clearly self-healing and so on. Then there will be massive paral- thought too small in the past. How about a PC for every lelization with multi-core. person? Seriously, that is a new dream of ours. PCs will One of the most exciting areas is the interconnection of continue to morph into amazing devices and I think this servers with services, or federation, so that servers at dif- dream is something that we should aspire to. ferent companies can work together. The world is Last year we introduced Windows XP Starter Edition, becoming more interdependent; it’s a global economy which is a localized Windows offering targeted at first- with lots of suppliers located everywhere you can imag- time computer users in developing technology markets. ine. Companies have already put some of their business We worked in partnership with international governments interactions online, and it’s all happened at an incredibly to create these. These versions of Windows have cus- fast pace. But still, inter-enterprise work is quite hard to tomized feature sets and a lower price-point. We’re also do today. For example, say you want to share a document making it easier to have shared computers as this is often with a partner. Today you e-mail it back and forth.But how people get their first experience with a PC; for exam- there’s no way to maintain control of it, to make sure ple, at school or in an Internet café. We know that in rural they don’t forward it, etc. Plus, what if you’re both edit- villages this may be the way we can first help people who ing it; who has the latest version? There’s lots of room are worried about weather affecting their crops or when for improvement and I’m excited about the work we’re they need medical advice or help. doing here.

38 | August 2005 | Redmond | redmondmag.com | 0805red_F1AllchinQA.v6 7/15/05 9:29 AM Page 39

It’s the People, Stupid have some work to do to align companies around a holistic Redmond: What are the biggest challenges for approach to creating compelling and immersive experiences the Windows platform from both a technical and for businesses and consumers alike. competitive perspective? Allchin: The world keeps changing and Windows keeps Redmond: How will virtualization technologies changing. It is a journey. Today, our next step is to nail change the way computers are deployed and security and safety. And even though I know there will licensed over the next few years? always be ‘bad’ people in the world, we need to help our Allchin: Virtualization technology comes in many types. customers protect themselves. We also need to continue on Any OS that supports virtual memory is doing ‘virtualization’ our re-engineering process and the work we’re doing on of memory. Today, generally it allows customers to run multiple server or desktop operating systems on one computer, meaning they can be much more cost-efficient in their hardware deployment. I hear it discussed primarily for server consolidation. For example, Virtual Server 2005 enables customers to use one piece of server hardware to run one copy of Windows Server 2003 to host business applications, other instances of Windows Server for infrastructure capabilities such as file serving, and still others to run test or development environments. The resulting benefit is hardware cost savings through consolidation and more complete utilization. Patch Strategy Redmond: The monthly patch cycle has been in force now for about 18 months. What’s working “We’ve put technology first for too and not working with that process? long. We have to start with people.” Allchin: In the 18 months since we moved to a predictable monthly release schedule, customer response has been very the architecture of the code. This will let us be more agile, positive. We made the move to a monthly update cycle ship more innovation and do it with even higher quality. because a lot of customers told us that updating needed to From a competitive perspective, I believe that the focus of be more reliable and predictable. Since we made this the industry needs to change. It’s interesting that you change, we’ve seen a 400 percent increase in Windows mentioned ‘technical challenges.’ I don’t think our biggest Update usage and an increase of over 320 percent in challenges are technical. If you look at the progress of Automatic Updates usage. So I think the monthly update the industry over the past 25 years, the advancements in cycle has been quite successful. I think our transparency technology have just been staggering. But there comes a and consistency has been quite appreciated. point when more technology isn’t enough for people. I’ve In November of last year, we started an Advance Notifica- been doing some work with Joe Pine, one of the authors of tion Program for enterprise customers. Three business days The Experience Economy, and I think he has it right—the next before we release a monthly security bulletin we publicize wave of economic growth is about experiences. What am I the maximum number of bulletins, maximum severity rating trying to do or accomplish with technology and how much and products affected. This helps IT administrators plan am I enjoying it? How well is technology helping me their resources accordingly for the following week. The connect to my passions? We’ve put technology first for too information we provide is general in nature so that it doesn’t long. We have to start with people. That’s how companies disclose vulnerability details that hackers can get a hold of will be able to differentiate themselves. If you sell PCs based and put customers at risk. Overall, the process is going really on technical specs, they all start to look the same. But if you well, but we’re continuing in our efforts to make updating as combine hardware, software and services into unique offer- painless as possible. For example, Longhorn will require ings that people want and can only get from you, then you’ve fewer reboots to apply patches so we believe IT and con- got a leg up on the competition. We are following this sumers will be able to update their machines in a more silent philosophy with Longhorn, and I’ve been encouraging our and unobtrusive way. partners to do the same. Our biggest challenge is how we I should be clear, though, that our goal is to reduce the connect with people on a personal level. How do we make number of updates while at the same time making any them see the PC and devices as more than just tools but updates reliable, silent and automated to deploy. essential to a productive and enjoyable life? Our ecosystem is a large one, with a lot of players. I wouldn’t have it any other Doug Barney is editor in chief of Redmond magazine. He can way, because I want our customers to have choice, but we be reached at [email protected].

| redmondmag.com | Redmond | August 2005 | 39 0805red_F2AllchinSB.v5 7/14/05 4:02 PM Page 40

Longhorn: BY DON JONES Is Allchin’s Baby Worth the Wait?

Longhorn is so chock-full of code-names that it’s difficult, objects, registry keys, file paths or whatever. WinFX is likely if not impossible, to figure out what’s what. WinFX, Indigo to incorporate even more granular security, meaning for the and Avalon all sound terribly important, but they don’t first time, you’ll be able to tell Windows what specific give you a clue as to what they will do. Until we get a applications can do or even if they can execute and run in look at Longhorn’s first public beta (expected later this the first place. Now that’s control. summer), though, those code-names are all we’ve got. It’s unclear right now whether WinFX will be an all-new Bill Gates says most of Longhorn’s new features are still API or whether it will just be wrapped around the existing secret, and that the beta release will be the first time Win32 APIs. After all, many of today’s .NET Framework they’re previewed. I’ll take a longer look in my Beta Man classes are just wrappers around underlying Win32 code. column shortly after the beta ships. Microsoft’s oft- postponed final release of the next iteration of Windows is Avalon and Indigo now due in late 2006 (Vegas is taking bets for 2007). Avalon is the code-name for the presentation subsystem class libraries in WinFX—in other words, the components of The Next Version of Windows (Longhorn) Windows that create the user interface. These are analogous with today’s Graphics Device Interface Plus (GDI+).Avalon Version Reviewed: Technology Preview supports Tablet computing and other input devices,an Current Status: Beta expected in August 2005 all-new imaging and printing infrastructure, and more. Expected Release: Late 2006 Developers will be able to use fancy new XML formats to create robust user interfaces and will have complete 3-D support for drawing cool-looking screens. With as much fuss about what is not making it into Whenever you read Microsoft documentation about Longhorn as what is—WinFS, the Monad scripting shell, Avalon, one term always crops up: XAML. This stands for and a host of other features originally slated for the first Extensible Application Markup Language (pronounce it release have been dropped in order to ship on time—let’s “ZAM-EL”).On the XAML Web site (www.xaml.net), you’re take a look at a few of the pieces of Longhorn that will be told that “organizations will no longer be required to support present (at least according to the plan du jour). … HTML, Flash and PDF.” Instead, you’ll just use XAML, which supports 2-D and 3-D imaging, animation, documents WinFX to the Rescue and more. Feed a XAML file to Avalon and “poof”—you’re WinFX (pronounced “Win Ef Ex,” just like it’s spelled) looking at the completed image or document. stands for Windows Framework. This is the new Application XAML intrinsically supports text, hyperlinks, common Programming Interface (API) upon which Longhorn will be Windows controls, 2-D and 3-D graphics and animation, built. Longhorn will continue to support, for purposes of fixed format documents (à la PDF), flow format documents backward-compatibility, the Win32 API we currently have. (like a Word document), data binding, styles, video, audio— Looking ahead, though, WinFX represents an all-managed, it’ll even tell you how to vote in the next election. OK, all-new API that’s really the first major overhaul of the maybe not that last bit. Windows APIs. At its simplest, XAML provides a format for defining The “all-managed” part of that description is key. WinFX user interfaces—in other words, how your applications will is, in fact, built upon the .NET Framework, which consists of look. However, Microsoft has far loftier goals that include managed code that runs within a Common Language making XAML the end-all, be-all of portable-rich docu- Runtime (CLR is a sort of virtual machine not unlike what ments. Adobe does not appear to be shaking in its boots. Java uses). While developers already dig .NET, the major Convincing the world to stop using PDF and Flash in benefit for administrators is that the Framework and WinFX favor of a Microsoft-created standard will be tricky at best. were built with security in mind from the beginning. The Indigo is the code-name for a new unified programming old Win32 APIs upon which Windows is currently built model for building connected systems. Essentially, Indigo definitely weren’t all that aware of security. extends the existing .NET Framework with additional The Framework provides complete security management. APIs that let your applications communicate securely, You can decide what any individual bit of code is allowed reliably and in a transactional fashion across the Web. The to do, even down to accessing particular Active Directory intent of this new programming model is to be compatible

40 | August 2005 | Redmond | redmondmag.com | 0805red_F2AllchinSB.v5 7/14/05 4:02 PM Page 41

outside the Microsoft realm, providing interoperability We’re also getting integrated support for Really Simple and compatibility with generic Web services. Syndication (RSS), an XML format that lets you receive Here’s the big news about Avalon and Indigo, though— news, headlines and story synopses right on your desktop. both will ship for WinXP and Win2003, as well as being Longhorn will feature a common RSS “feed” list, an built into Longhorn. This frees up developers to create integrated RSS data store and an integrated RSS engine to Avalon/Indigo applications, even if their customers aren’t pull and synchronize feeds. This is essentially what IE 4.0 immediately moving to Longhorn. This is one of the first was supposed to do with its “channels,” a technology that has instances of Microsoft providing significant forward long since gone the way of Microsoft Bob. RSS is growing in compatibility between different versions of Windows, and popularity, so it’s nice to see Microsoft taking note. the company should be applauded for that move. Both Not surprisingly, Longhorn will have a new version of Avalon and Indigo are currently in Beta 1 for WinXP and IIS (version 7, to be precise). Today, ASP.NET runs as a Win2003. Both require Visual Studio 2005 and the beta plug-in to IIS. Under IIS 7, ASP.NET will be integrated release of the .NET Framework version 2.0. into the IIS core, in much the same way that the .NET Avalon and Indigo aren’t solving new problems. They’re Framework is implemented within the SQL Server 2005 solving old problems in new ways. Because they’re based on engine. So, you can certainly expect better performance. the .NET Framework, there’s a generation of developers From a security standpoint, Microsoft is breaking IIS 7 who will have a fairly short learning curve. into a zillion modules, each of which you can remove. I’ve heard IIS 7 is running on Win2003 boxes, but whether Looking Back to Microsoft will ship it for Look Ahead Avalon and Indigo aren’t solving Win2003 or save it for Longhorn Fortunately, Microsoft has new problems. They’re solving old (client and server) has not yet developed WinFX to exist side- problems in new ways. been decided. by-side with Win32 and Avalon The last big bit to mention is to exist alongside GDI+. That means everything you have Metro, Microsoft’s new document format and “print path.” (with a few exceptions, as Longhorn will have tighter In some ways, it’s similar to PDF, and in other ways akin to a default security settings) should work fine. print spool format (meaning that when you print, everything That’s no mean feat on Microsoft’s part, especially given winds up in Metro and is then sent to the Spooler service for their desire to reinvent major portions of Windows that transmission to the printer). It’s also similar to PostScript in have remained essentially unchanged since the days of that it is a page-description language. Windows NT.That level of redesign and rewrite usually Metro is a completely new document format. It’s tied to means major compatibility issues. With the parallel “new an all-new printing engine being developed for Longhorn beside the old” architecture that Longhorn is exhibiting, that promises better performance and features. Longhorn both new and old should run without a hitch. will support both the Metro print path and the current Looking beyond Longhorn, you can definitely see a time GDI-based print path. when Win32 and its related baggage will be discontinued, To take advantage of Metro,you’ll need Metro-compatible though. Market demands and pressures will determine the printer drivers (conveniently called a “MetroDrv”). timing of this shift. Microsoft decided against a dual-driver model that would I would also expect Longhorn to be the last 32-bit have supported both Metro and GDI. You’ll have to get version of Windows. With Intel and AMD both producing drivers for both print paths if you want to use both (to be 64-bit processors, and releases of Windows coming about clear, most WinXP/Win2003 GDI-based print drivers will five years apart, it’s a safe bet that five years after Longhorn work just fine in Longhorn). For forward-compatibility, ships there won’t be many 32-bit processors left. Whatever Microsoft will provide what amounts to a Metro-GDI version of Windows Microsoft develops eight to 10 years translator to let WinXP/Win2003 systems use Metro drivers, hence might only need to exist in a 64-bit version. the Metro print path and a subset of Metro functionality. The final release of Longhorn isn’t expected until the Other Elements end of 2006 at best. There’s no reason not to download Some other tidbits about Longhorn have leaked out, the Longhorn beta when it arrives and start taking a look. giving us somewhat of a clue as to what else is in store. Remember, when it finally ships, WinXP will be more than First, we know that we’re getting a revised Internet five years old and certainly ready for replacement.— Explorer, although at this point we don’t know how revised. Originally, Longhorn’s IE was the next one we Don Jones is a contributing editor for Redmond magazine and expected to see. Microsoft decided to ship an interim the founder of ScriptingAnswers.com, a Web site for automating IE 7.0, which should be in beta by the time you read Windows administration. His most recent book is Windows this. What Longhorn will do beyond IE 7.0 remains Administrators’ Automation Toolkit (Microsoft Press). Reach to be seen. him at [email protected].

| redmondmag.com | Redmond | August 2005 | 41 Project4 7/6/05 12:35 PM Page 1 0805red_F2Linux43-47.v5 7/15/05 9:32 AM Page 43

Make Room for

Linux Apps BY JEREMY MOSKOWITZ

As Linux applications grow in popularity, Windows admins will need to start incorporating them into their networks. Here are five ways to do that.

inux desktops are gaining in popularity. While it’s want to run on your Windows desktop. Even if you still not too common to see shops replacing Win- don’t want the application to run on your Windows dows desktops with their Linux counterparts, there desktop, you may at least want to run it alongside your Lis certainly an increased desire to interoperate. Windows desktop. That collaboration takes many forms. You might need There are multiple ways to run Linux apps; the five most to exchange data, such as Microsoft Office documents, common are presented here. In most cases, you won’t need with someone using an alternative office productivity to deploy all of these strategies. But, depending on your suite. Perhaps there’s a compelling Linux application you needs, you might need to deploy one or more of them.

| redmondmag.com | Redmond | August 2005 | 43 0805red_F2Linux43-47.v5 7/15/05 9:32 AM Page 44

Make Room for Linux Apps

Here’s a rundown of some ways software that can properly exchange A better option is to simply run to get Linux applications to your the files you need. On the Windows OpenOffice or StarOffice on your Windows users: side of things, you’ll usually want to Windows clients and use the native • Use apps that are built to run on create documents with Office and file formats of these applications. both platforms send them off to share. But Microsoft That’s right: both OpenOffice and • Run Unix tools and commands on doesn’t make a Linux version of StarOffice have Windows binaries and Windows Office, so if you’re a Linux user you run just fine on Windows. This may • Remotely connect to a Linux machine have to make some choices. not always be possible, as your compa- • Emulate a Linux environment Linux users have two main office ny is likely already deeply entrenched • Emulate a whole machine and run suites to choose from: OpenOffice and in Microsoft Office and not likely to Linux inside it StarOffice. Both suites have basic switch anytime soon. compatibility with Microsoft Office, OpenOffice and StarOffice aren’t Method 1: Use Apps That Call so they can read and write native doc- the only popular Linux applications Both Windows and Linux Home ument files coming from Microsoft that run under Windows. In fact, the What do you do when other business Office. However, the key word here is Linux camp has made it very easy for units or partners are running Linux basic. My testing shows serious for- Windows folks to check out a range of popular Linux software, which also happens to run on Windows. It’s called the OpenCD Project. The OpenCD comes as a standard ISO file which can then be burned directly as a CD-ROM by just about all CD burning software. Once you have the final CD in hand, you’ll find a little something for everyone: productivity apps (like OpenOffice); design, painting and graphic manipulation apps (like TuxPaint and GIMP); networking, browsing and remote-control tools (like TightVNC and Firefox); multimedia and sound manipulation applications (like Audacity); utilities (like 7-zip); and games (like LBreakout). In all, it’s a potpourri of free stuff that runs on Linux and Windows and is guaranteed to properly exchange native file formats.

Method 2: Run Unix Tools and Commands on Windows One great thing about Unix and Linux is the abundant availability of command-line tools, often through batch scripts. And, while there is some variance among the different forms of Linux (and a little bit more from Unix Figure 1. Cygwin, top, and SFU 3.5 have a similar command set. Here you can see to Linux), pretty much all the base them both displaying the man (manual) pages for the ls (list) command. command-line tools and their options are the same. This means you can usu- and you need to exchange files with matting issues with moderately ally take a script that is working today them? You could save the documents complex Word docs (like a resume) and in Mandrake and run it on Gentoo, in a common format, like a text file, moderately complex PowerPoint files. Red Hat or SuSE. but the rich features inside the docu- In other words, true file interoperability It turns out that you can also run it ment would be gone. Better to use isn’t quite there yet for serious use. on Windows with none, or very few,

44 | August 2005 | Redmond | redmondmag.com | 0805red_F2Linux43-47.v6 7/15/05 2:52 PM Page 45

changes. The magic happens when VNC is the closest cousin to here.” The idea was simple: a you load one of two tools that can Terminal Services. With both VNC computer “over there” with a lot of port the Linux command-line over and Terminal Services (which uses horsepower does all the heavy to Windows. They are Cygwin the RDP protocol), (pronounced sig-win) and Microsoft’s you’re really seeing Both OpenOffice and StarOffice have Windows Services for Unix 3.5 (SFU). You can “screens” of infor- binaries and run just fine on Windows. load either (or both, if you so choose) mation come across, on Windows 2000 or Windows XP and you can move clients, or your servers. the mouse and keyboard and have computing. The computer “over SFU 3.5 uses the Korn shell, or ksh those sent along through the pipe as here” doesn’t have to have a lot of shell. While many Linux folks still call well. VNC is nice because a) it’s free horsepower; all it needs to do is actu- ksh home, the Bash shell, which Cyg- and b) additional services allow it to ally output the display. Because of win relies on, is getting more common run on Linux, Windows, Mac this, X terminology became a little among Linux power users. and more, making it a great multi- wacky. The machine you’re sitting at In Figure 1 (opposite page), you can platform remote control and remote is the X server. The machine you’re see both Cygwin and SFU 3.5 computing solution. Because you’re connecting to is called the X client. displaying man (manual) pages for the just sending over screen, keyboard The client (the machine you’re ls (list) command. and mouse information, VNC connecting to) is the one telling the works with just about every Linux server (the machine you’re on) what Method 3: Remotely Connect application, with one big exception— to display. This separation of X to a Linux Machine those using sound, which isn’t server and X client made a lot Just as you’d use Terminal Services to supported in VNC yet. of sense in the olden days, when remotely control a machine in the Win- The other way to remotely connect buying a Unix machine with enough dows world, there are ways you can to a Linux machine is via “X”. X is horsepower to perform both X remotely control a Linux machine. The the original way to display graphics client and X server functions was two main ones are VNC and X. remotely from “over there” to “over very expensive. GIFM< N?8K PFL :8E ;F Af_e>ifm\ejk\`e1E@

I<; ?8K KI8@E@E> 8E; :

KXb\I?'*, I\[ ?Xk C`elo

PflËcc c\Xie i\Xc$nfic[ jb`ccj fe c`m\jpjk\dj% 8e[ n_\e pfl jlZZ\\[ pflËcc \Xie k_\jb`ccj# k_\ZfeÔ[\eZ\# Xe[ Zi\[\ek`Xcj kf ^f n`k_ `k%

I\^`jk\i efn ]fi ZcXjj\j è pfli Xi\X1 :Xcc ($/--$)I<;?8K fi ^f kf nnn%i\[_Xk%Zfd&kiXèè^

ª 3FE )BU *OD "MM SJHIUT SFTFWWFE i3FE )BUw BOE UIF 3FE )BU i4IBEPXNBOw MPHP BSF USBEFNBSLT PS SFHJTUFSFE USBEFNBSLT PG 3FE )BU *OD JO UIF 64 BOE PUIFS DPVOUSJFT -JOVY JT B SFHJTUFSFE USBEFNBSL PG -JOVY 5PSWBMET "%464 0805red_F2Linux43-47.v5 7/15/05 9:32 AM Page 46

Make Room for Linux Apps

But today, buying a PC with enough Method 4: Emulate a CoLinux is an interesting piece of horsepower isn’t beyond most Linux Environment software. By default, it runs GUI- peoples’ budgets. That allows the One way to get Windows machines to less, but it’s possible for coLinux to client and server to run on the same run Linux is to feed it a bunch of Win- successfully run a full GUI environment. It also has fairly good network- If you’re considering running a virtualized Linux guest under ing support, allowing you to use the Windows, VMware Workstation is really the best choice. network card already inside your machine. It also has several tricks up its sleeve, like accessing the C:\ drive machine. The X client can be running dows executables that simply run of the host machine to pass files back “over there” but you can be “over Linux. That’s the idea behind coLinux. and forth between Windows and here.” To that end,if you can run an X CoLinux (short for “Cooperative coLinux. CoLinux is well worth a server on your Windows machine Linux”) is a cleverly modified Linux look if you need to run the occasional “over here,” you’ll be able to connect kernel that runs as a Windows applica- Linux application. to machines “over there.” This is tion. Once it’s running, it produces a handy for apps that have both client display like the one in Figure 2, below. Method 5: Emulate a Whole and server components. The advantage here is that once Machine and Run Linux Inside It Microsoft has partnered with Start- coLinux is running, you can use The best way to maintain a true Linux Net Communications to offer a free basically any Linux program you like. environment inside your Windows machine is to emulate an entire machine, then run Linux inside it. That’s how VMware Workstation, VMware’s GSX and ESX servers and Microsoft’s Virtual PC and Virtual Server work. In Figure 3 (opposite page), VMware Workstation 5.0 is booting up Fedora Core 3 as a guest. With Virtual Server 2005 SP1 (currently in beta), Microsoft will support Linux guest machines when the host machine runs Virtual Server 2005. While that might help you in the lab GetMoreOnline

Log on to Redmondmag.com and follow the links to the vendors and products mentioned in this article.

FindIT Code: RoomForLinux redmondmag.com

Figure 2. CoLinux is an implementation of Linux that runs right within Windows. with application compatibility testing, it won’t help your users directly. version of X server. The constraint The drawbacks are that coLinux is That is, Virtual Server 2005 only runs with this version, however, is that it fairly clunky to set up, and it’s limited on Windows 2003—and it’s unlikely only works if the X client application to only two specific Linux distribu- your desktop or laptop users have you want to use is on the same box. tions: Debian or Gentoo. If your Windows 2003. Cygwin, discussed earlier, also has application doesn’t play well with Loading a Linux guest inside add-on X server compatibility, and either of these Linux distributions, Virtual PC 2004 will work, but be no restrictions as to where the X coLinux probably isn’t a good candi- aware that it’s not supported. And client is running. date for you. unfortunately, Microsoft’s latest

46 | August 2005 | Redmond | redmondmag.com | 0805red_F2Linux43-47.v6 7/15/05 2:52 PM Page 47

Finding Harmony You never know when you’ll need to start running Linux applications. Sometimes it’s easy—just find an application that also runs on Windows, and you’re in business. Sometimes, getting there is a bit harder—you’ll have to find a way to run that Linux application remotely, or bring that Linux application to you. However, one thing’s for certain: Linux is here to stay, and it’s a good thing there are options for Windows and Linux to play nicely together. —

Jeremy Moskowitz, MVP, MCSE and founder of Moskowitz Inc. (Moskowitz- inc.com), is an independent consultant and trainer for Windows technologies. He runs GPanswers.com and WinLinAnswers.com, community forums to answer tough Group Figure 3. VMware Workstation can run many Linux distributions as a guest within Policy and Windows/Linux Integration Windows; in this case, it’s running Fedora Core 3. questions. His upcoming book is Practical Windows & Linux Integration: Hands- announcement about Virtual Server ering running a virtualized Linux on Solutions for a Mixed Environment. 2005 with SP1 doesn’t apply to guest under Windows, VMware You can reach Jeremy via e-mail at Virtual PC 2004. So if you’re consid- Workstation is really the best choice. [email protected]. Project3 7/5/05 11:21 AM Page 1

GetGet Ready.Ready. Get Get Set.Set. GetGet Certified.Certified.

INDIVIDUALS

COMPANIES CUSTOM SOLUTIONS TRAINERS/EDUCATORS

MeasureUp is your one-stop certification destination.

Get to the finish line with MeasureUp! As a Microsoft Certified Practice Test provider, we have the inside track. Prepare for certification with online Register now to win a courses and practice tests. Get discounted practice tests Free Xbox! and exam vouchers for less. CIW • Cisco • CompTIA • Microsoft MeasureUp has: Novell • Oracle • PMI • SCP • Sun • Practice Tests To get the best practice tests available at • Online courses 20% off, and to register to win a • Pearson VUE exam vouchers free Microsoft Xbox, visit MeasureUp • Test Pass Guarantee at www.measureup.com/redmond.

"WOW! Great exam simulators and prompt support! The questions address every exam objective but best of all, the 'HELP' files force you to think. Instead of just supplying you with an answer to memorize, they 'guide you' towards finding the answers. I can certainly see why Microsoft recommends these simulators."

— Steve Shaw, MCT/MCSE. MeasureUp is a Dice Company. 0805red_F2Architek49-52.v5 7/15/05 12:05 PM Page 49

Learn how to do Active Directory design right from these real-world case studies of those who have done it wrong.

BY GARY OLSEN

orking in customer support for HP Ser- vices, one of theW world’s biggest computer support companies, I’ve seen some pretty messed-up Active Directory hitect (AD) designs in my time. In many cases, the design disaster was the work of the nefarious “consultant” who was conveniently unreachable once the network was broke. But even if the AD architect was available, a perception problem exists that can hamper efforts to repair the damage: Some believe that once the AD design is complete and implemented, it’s set in stone. That’s false: Although it can take significant time, effort and money, implementing a new design is usually possible—and sometimes required, if the root cause of the problem is the design itself. Active DirectoryWhat follows are actual cases I’ve worked on over the past few years (the names have been changed to protect the guilty). As you read, keep in mind that it’s important to examine the design principles involved in each case and not get too hung up on the technical details.

Living with Limits This customer was a retail business with more than 1,000 stores. They hired a well- known company to design the AD structure and the supporting network (DNS, DHCP and so on). Although HP didn’t do the design, we had the support contract. The design called for every store to have its own domain, complete with two domain

How NOT to Arc | redmondmag.com | Redmond | August 2005 | 49 0805red_F2Architek49-52.v5 7/15/05 12:05 PM Page 50

How NOT to Arc hitect Active Directory controllers (DCs), a DNS server, a domains). It would have worked, You may argue that Microsoft should WINS server and a DHCP server. because there would be about 350 child eliminate the 800 domain restriction, All this was designed to support domains for each regional “parent.” but a forest with 1,000 domains and about four users per store! There was But given the relatively small four users per domain makes no sense. no IT staff in the stores; everything number of users, there’s no reason Disaster recovery in this environment was supported from company head- they couldn’t have used a single would be a nightmare. Large global quarters. The AD design had 1,000 domain. They had a centralized IT corporations are getting by with four child domains off of a single parent administration model, high-speed domains, and Microsoft itself is moving domain, as shown in Figure 1. links to all the stores, and no reason to a single domain due to disaster recovery and security reasons. If proper design by competent architects had Root been done in the first place, this problem would never have happened.

The Broken Tiebreaker A global company—let’s call it the Acme Corporation—has headquarters in New York. It hired a reputable etc 1 2 345678 company to provide consulting advice Child Domains (x1,400) on its migration from Windows NT to Windows Server 2003. In designing the AD site topology, it wanted a Figure 1. The original forest design featured a single parent/root domain and 1,400 child three-tiered structure, shown in domains. Some domains had as few as four users. Figure 4 (opposite page). In this setup, It made no sense to have a domain at all for a multiple domain model. the slower links connect the lower-tier for four users, and almost immediately Given those factors, a single domain sites, while the faster links connect the they started having replication prob- design made the most sense. second-tier sites and the two core sites lems. I told them early on that this This was what we suggested, and at the top tier. The core sites are wasn’t a good design, but they didn’t what they ultimately ended up doing Chicago and Milwaukee, with Mil- care. This is what their consultant (Figure 3, opposite page). They built a waukee being a disaster recovery site. came up with, and by golly, they were single domain infrastructure, migrated The design should be fairly simple to going to use it. the users, computers and groups to the implement by creating site links: two We gradually worked through the new domain and tore down the old. sites in each link with the higher link problems, until one day it all Besides AD being happier and much costs (representing sites with lower- came crashing down. The retailer had easier to administer, it led to a huge bandwidth connections) at the lower been happily cranking out domains reduction in hardware, going from level and the lowest cost in the link like hotcakes when they realized more than 1,000 servers to a handful. (sites that have the most bandwidth) things were coming unglued: replica- Moral of the story: We live in a containing the two core sites. It would tion was broken, authentication failed, world of limits; this is one of them. look similar to Figure 5 on p. 52. business-critical apps didn’t work. You get the picture. What happened is that they hit the AD ceiling on domain creation, which Root is a hard limit of 800. The customer engaged Microsoft engineers to help them eliminate enough domains in the right sequence to get them working Child Child Child Child again, but they were stuck at the 800 A B C D domain limit. One possible solution, shown in Figure 2, would have been to divide the Sub Sub Sub Sub Sub Sub Sub Sub domains up into four regional child A B C D E F G H domains under the parent, then divide the 1,400 store domains under the Figure 2. Adding another level of domains in the forest would have avoided the domain regional domains (becoming grandchild limitation, but still created many more domains than necessary.

50 | August 2005 | Redmond | redmondmag.com | 0805red_F2Architek49-52.v5 7/15/05 12:05 PM Page 51

replication from the hub sites to the second tier and then out to the third tier. Then, to add insult to injury, the tiebreaker system didn’t even work. I’d never even heard of this tiebreaker, so I contacted a respected Single Domain AD engineer at Microsoft; he’d never heard of it either. If they proceeded with the migration using this topology design, they would be repairing it very soon. I proposed a solution that followed some basic OU OU OU OU OU OU replication rules and solved the potential problem. Those rules are: • Force the KCC to replicate the way you want it. The more freedom you Organizational Units (OUs) x 1,400 (one per store) give the KCC to figure out the topol- Figure 3. The solution was to create a single domain and create Organizational Units ogy, the less likely that replication will (OUs) that took the place of the 1,400 former child domains. go the way you want it. • Each Site Link should only have two But rather than using solid, time- company couldn’t verify that the sites, except the core (top level) link, tested design principles, Acme came tiebreaker system worked; it seemed which may have more. up with the most bizarre solution to be random. • Cost should be planned to force imaginable. It involved an incredibly So, the company was basing its replication into the hub, following the obscure tiebreaker rule described on entire replication topology on a physical network from slowest to page 166 of the Distributed Systems fairly complex three-tier design, and fastest links. Guide of the Windows 2000 Resource hoping that when all the sites were • Do not use scheduling unless Kit, that says if the Knowledge lumped together, the KCC would absolutely necessary. It’s actually Consistency Checker (KCC) has two somehow figure out how to force the possible to create a schedule that site links to choose from and both are equal cost, it will break the tie by building a connection to the site with the most domain Tier 1 25 Chicago controllers in it. If both sites have Milwaukee the same number of domain controllers, it selects the site based on alphabetical order. Acme put all the sites in a single site link and depended on this tie- Tier 2 50 breaker rule for the KCC to sort Singapore Tokyo out all the sites and replication in a three-tier topology. In examining Las Vegas Figure 5, consider the case of

replicating from Chicago to another Sydney site. If all sites are in one site link, they have the same cost, schedule Bangalore

and replication frequency, instead of Jakarta 100 the different costs shown in the

figure. All sites are thus lumped Beijing together, and because they all have Tier 3 one DC, replication goes in Seoul Phoenix Boise alphabetical order, from the Chicago hub to Amsterdam, then Figure 4. This three-tiered topology shows the replication path. Replication first Bangalore, Beijing, Berlin, Boston and happens at the lower-cost (better bandwidth) sites, and moves through the higher-cost so on. In addition, in its testing, the (lower bandwidth) sites.

| redmondmag.com | Redmond | August 2005 | 51 0805red_F2Architek49-52.v5 7/15/05 12:05 PM Page 52

How NOT to Arc hitect Active Directory would prevent any replication. Make groups. In addition, it had a separate The Knowledge sure to test any schedule you create. fund-raising arm that had to be in This customer eventually imple- its own forest for legal and business Consistency Checker mented the design in Figure 5 and reasons. That meant they would have The Knowledge Consistency proceeded with a very smooth migra- at least two forests. Checker (KCC) helps replication tion. The health check we did after The company was also deploying topology remain stable throughout the migration yielded no errors in Exchange and wanted one organiza- an Active Directory domain. In the AD environment. tion so that everyone would have an essence, it makes sure that Morals of the Story: @corp.org e-mail address. That would changes made at one domain • Design the site topology very make it impossible to tell from the controller are successfully pushed narrowly; don’t give the KCC any outside world whether the account to all other DCs in a domain’s sites, “wiggle room.” was in the non-profit or fund-raising so that they all contain the same • Step back and see if it makes sense. segment of the organization. information. Making this replication • Validate everything in a good test The two IT groups—because they run as smoothly as possible is criti- environment before putting the design were at each other’s throats, let’s call cal to making sure site connections into production. The fact that the them the Hatfield IT group and the aren’t overwhelmed with replication information, which can clog up the network like hair in a drain. That’s Seoul Bangalore why it’s important to determine Berlin site cost links: sites with lower- Beijing Jakarta bandwidth connections can’t handle 10 0 10 0 10 0 the same volume of replication 10 0 Singapore Oslo information as sites with bigger 10 0 Tokyo pipes. Sites with smaller pipes get a Sydney 10 0 10 0 higher cost, since it’s more time- consuming to push updates to 50 50 Amsterdam them, and vice versa. 50 Milwaukee — KEITH WARD Chicago

London 50 wanted to give up the Enterprise 10 0 Boston 50 50 50 Munich Admin account, which has ultimate authority over the forest. This Las Vegas 10 0 distrust went back more years than 10 0 most of them had been employed at 10 0 10 0 the company, and we were stuck Omaha Paris in the middle. No matter which Richmond configuration we picked, one group Phoenix Boise would end up angry with us. We finally called a meeting with all Figure 5. This is the site link design the company went with, which allows for smooth interested parties, including adminis- replication of Active Directory data. trators, lower level managers and two design didn’t work in the test environ- McCoy IT group—had created their business division directors. I told them ment raised a flag in this case. We were own autonomous NT domains. The they couldn’t leave until we resolved able to solve problems before they McCoy group only had about 20 this matter because we couldn’t move brought down the production network. users. As we conducted the assess- forward without a decision. • Don’t be afraid to get a second opinion. ment, these groups put pressure on us I had our Exchange consultant as to the forest design. The Hatfields explain the steps necessary to get a Blood Feud wanted a single forest in addition to single Exchange organization to serve A small non-profit organization was the fund-raising forest, while the three forests, including SMTP for- designing its migration to Windows McCoys wanted their own forest in warding, Free-Busy synchronization, 2000 from NT, and got locked in a addition to the Hatfield’s forest and Calendar synchronization and so on. debate over how many forests it the fund-raising forest. It would be enough of a challenge to should have. There were only a few The situation became quite heated, do it for two forests, let alone three; thousand accounts, but the IT depart- because the two IT groups didn’t trust there were a lot of moving parts that ment was split between two business each other. Neither organization Continued on page 57

52 | August 2005 | Redmond | redmondmag.com | Project1 6/14/05 10:30 AM Page 1 Project8 2/15/05 12:31 PM Page 1 0805red_WinInsider57-59.v7 7/15/05 9:35 AM Page 55

WindowsInsider Bill Boswell Data Protection Manager

here’s a chore we all hate. It’s a chore that has to get also configure schedules and throttles and compression to make DPM replica- done, and done right, and done every day, but it tion across a WAN even friendlier. brings no happiness, no satisfaction of a job well done. T DPM Storage Requirements This chore is the dental flossing of information technology. A DPM server needs at least two drives: one for the operating system and one for You know the chore I’m talking about. But that’s just the start. DPM maintains the DPM storage pools and assorted Backups. an exact replica of a protected volume, a housekeeping files. These drives must be Yes, I know backups are absolutely crit- replica refreshed hourly with changes recognized by Logical Disk Manager as ical and I never shirk my duty to do them from the source servers. So if a RAID separate physical devices—an actual every night. But when was the last time array goes to the rings of Saturn at 4:30 spindle, RAID array or LUN on a you saw a smile on someone’s face in a p.m., you can restore every change to SAN—and not simply two partitions on cubicle piled with tape cartridges, calen- every file right up to the last hourly the same device. dars with little colored dots on the days refresh of the DPM replica. A DPM server can use the following and a stack of phone messages from off- DPM also works with the Volume types of storage for storage pools: site storage service bureaus who haven’t Shadow Copy Service (VSS) to main- • Directly attached storage (DAS) been able to find a critical tape? tain a list of previous versions of files in using IDE, SCSI or SATA drives Most of all, I hate the phone call that the DPM replica. If you get “the call” • Fibre Channel SAN starts off, “I was doing something with about a lost or fractured file, it just • iSCSI device (must have Windows my H drive and now I can’t find …” takes a minute to pluck the previous Hardware Certification) I really hate that phone call. Don’t you? version from the DPM replica (Figure You’ll need considerable drive space I also don’t like training end users in 1) and put it back into the production on the DPM server. The total amount branch offices to mount tapes because file system. Even better, you can simply of storage depends on the volume of there’s no local IT staff. Not only do stand out of the way and let the end data you’re protecting and the number they hate the chore even more than I user select the previous version using a of changes made to that data between do, it’s my job hanging in the balance if simple-to-understand extension to the tape backups. Microsoft recommends the backup fails, not theirs. So every Explorer interface. setting aside from two to three times morning, I peer through the backup But the pièce de résistance, as we say in the total size of all the volumes you’re logs looking for the dreaded “Waiting southern New Mexico, is the ability of protecting with DPM. for tape …” message. DPM to act as a central repository for There are several reasons for allocating But as the great Bob Dylan once said, branch office backups. The replication so much space. First off, DPM maintains the times they are a changin’. protocol used by DPM is designed to be an exact, uncompressed replica of each Microsoft has released a beta of a friendly to WAN connections. You can protected data volume or share. Changes product that promises to make nightly tape backups as much of an anachronism as booting from 5-inch floppy drives. The product is called Data Protection Manager, or DPM.

Disk-to-Disk At its most basic, DPM is a disk-to-disk backup solution. You get the speed and flexibility of doing an initial backup to disk, where you can let changes accumulate until a quiet time on the week- end when you can do a tape backup. If you hate backups as much as I do, this is starting to sound appealing, yes? Figure 1. The DPM Administrator Console showing a replica of a protected volume.

| redmondmag.com | Redmond | August 2005 | 55 0805red_WinInsider57-59.v7 7/15/05 9:35 AM Page 56

WindowsInsider

that replicate to the DPM server version of SQL Server 2000 and SQL a feature sometimes used in conjunc- initially land in a transfer log, and this Server 2000 Reporting Services and all tion with Services for Unix. log can grow quickly with lots of the current service packs and hotfixes. • Clustered file resources (Look for incoming changes. When I first saw this pile of files, I this feature in future versions.) Additionally, VSS squirrels away thought DPM was too big a monster to • Databases such as SQL Server, Oracle changes to the DPM replica and uses this mess with. But whoever crafted the or the Exchange store (This capability is historical content to make point-in-time setup program really earned that com- in the works but won’t be available in the copies for use in file and folder recovery. puter science degree. Every file goes in initial release.) DPM ordinarily takes three point-in- exactly the right spot, each service gets • Operating system drive (There are time copies each working day and can configured in exactly the right way and ways to do bare metal restores, but they store up to 64 copies, so if you give the the administrative console (Figure 2 take a little planning.) DPM storage pool sufficient space, you shows the Reporting interface) is Network traffic to and from the DPM only need to do a tape backup every 21 simple and intuitive. Great stuff. server is not encrypted. If you want to working days (about once a month.) The operating system on the DPM protect the data stream, use IPSec. Keeping weeks and weeks of backup server must be Windows Server 2003 data on spindle can get a little risky, so SP1 or higher. DPM can be installed Previous Version Retrieval you’ll want to make sure that the array on a NAS server if the server uses One of the sweetest DPM features is the holding the DPM storage pool is as fault Windows Storage Server 2003. DPM way it works with VSS to support direct tolerant as possible. You’ll also want to cannot be installed on a domain recovery of files in real time. Microsoft monitor the disks for impending failures controller and should not be installed calls this “end-user recovery” although, and spin up replacements immediately at on an application server. in this context, the end user might very the first sign of trouble, just as you would DPM can protect data on file servers well be a help desk technician or backup for your live data. You can do your tape running Windows 2000 SP4 (with the operator rather than the actual file user. backups more often to minimize the risk. latest security rollup) and Windows DPM exposes the previous versions 2003. The agents can be installed from with a client package called DPM Server Requirements the DPM server. DPMShadowCopyClient.msi. The and Limitations Installing the end user recovery package installs a tabbed extension in Microsoft recommends that the DPM feature in DPM requires a small Explorer called Previous Versions. server have a 1GHz CPU or better, at change to the Active Directory schema. Each file that changes between least 1GB RAM and a little more than This change adds a new object class point-in-time copies will have a list 1GB of space to hold the DPM and a couple of attributes that map of historical copies in this Previous executables and database files (apart source shares on protected volumes Versions tab. from the storage you need for the with target shares at the DPM replica. When a previous version is selected, replicas and VSS differential files). There are several data sources that VSS aggregates the unchanged blocks DPM comes on four CDs. In addition DPM can’t protect: from the main DPM replica with con- to the DPM files, you get a tailored • Volumes that enforce case sensitivity, tent it stored in a set of differential files. If the user deletes a file rather than simply changing it, the file is recovered by viewing previous versions of the original folder. The DPM shadow copy client will remove the original Windows Server 2003 shadow copy automatically, which simplifies deployment. The DPM client will automatically check for local VSS copies at a file server along with checking for content at the DPM server.

Protection Groups You can configure DPM to protect an entire volume, specific folders and sub- Figure 2. The Reporting interface of the DPM Console is simple and intuitive. folders on a volume, or contents of a

56 | August 2005 | Redmond | redmondmag.com | 0805red_WinInsider57-59.v7 7/15/05 9:35 AM Page 57

How NOT to Arc hitect WindowsInsider Active Directory Continued from page 52 could fail or cause delays in updates. One administrator commented that “People would not care about a power outage if they could get their e-mail,” underscoring the importance of an efficient e-mail system to their organization. Others agreed. This problem, then, wasn’t a technical issue at all: it was a management issue. The Hatfield IT group didn’t want an enterprise admin from the McCoy IT group messing with their environment, and vice versa. Thus, we dealt with the problem from a management, rather than a technical, standpoint. We recommended establishing a set of policies governing the enterprise administrator; if the admin violated those policies, that was a management issue that could Figure 3. Protection Groups gather multiple data sources into a single replica pool. easily be resolved with a reprimand or share point. You can aggregate multiple The final product is expected to ship in other measures, including dismissal. data sources into a single replica pool the latter half of 2005. The pricing has Everyone agreed and we ended up called a Protection Group. Figure 3 yet to be established, but early indica- with a single forest for the Hatfields shows an example. tions are that the cost of deploying and McCoys, plus the fund-raising All members of a Protection Group DPM could be recovered in very short organization’s forest. share the same replication interval and order based on the simplicity of real- Moral of the story: Choose admins VSS point-in-time copy frequency. If a time file recoveries and the reduction with care. Microsoft recently noted that particular department wants more in number and complexity of full tape one of the top reasons customers called frequent point-in-time copies to pre- backups. I’m impressed with the beta for disaster recovery support was “acci- serve data changes, you can support and I’m looking forward to putting it dental deletion of objects,” in which this need by putting its volume or through its paces over the next few admins accidentally (or not) whack user share into a separate Protection Group. months. I hope you do the same. accounts. Its No. 1 solution for this A single DPM server can host many [Ed. note: This is Bill Boswell’s last problem was to “be careful who you give Protection Groups. Windows Insider column for Redmond admin privileges to.” There’s a small architectural limitation magazine, as he has decided to pursue It’s like being a parent. If you can’t trust to using Protection Groups. A other opportunities. His column has been your teenager to drive safely, don’t try to volume and its folders can belong a reader favorite for years, and his invent a car that won’t ever go over the only to one Protection Group. For combination of superior writing skills speed limit, won’t start if it detects example, if you put the Engineering and ability to make technical topics alcohol or won’t run a red light. You have folder from a volume into Protection understandable is unmatched in the to train the teenager, and the same is true Group 1, then the Finance folder on industry. The entire staff of Redmond with domain administrators. In either the same volume must also go into magazine wish him the best in everything case, if he can’t handle the responsibility, Protection Group 1. As DPM gains he does in the future.—Keith Ward, take it away.— traction in data centers, I expect that Managing Editor]— we’ll start to architect our storage Gary Olsen, MCSE, is a consultant with HP with this limitation in mind. Contributing Editor Bill Boswell, Services, supporting Windows NT and Win- MCSE, is the principal of Bill Boswell dows 2000 and consulting on Active Directo- Cost and Availability Consulting Inc. He’s the author of ry design and deployment. He has authored DPM is in wide beta right now and a Inside Windows Server 2003 and several Microsoft Knowledge Base articles, copy can be downloaded from Learning Exchange Server 2003, both and the book Windows 2000: Active http://microsoft.com/windowsserver from Addison Wesley. Contact him at Directory Design and Deployment.He system/dpm/download/default.mspx. [email protected]. can be reached at [email protected].

| redmondmag.com | Redmond | August 2005 | 57 Project1 7/13/05 2:34 PM Page 1

Network and Certification Training for Windows Professionals San Jose, CA October 17-21, 2005

Over 90 sessions categorized into tracks:

Cisco Certified Microsoft Certified Microsoft Certified Network Associate Systems Administrator Systems Engineer (CCNA)/Infrastructure (MCSA) (MCSE)

Security System and Network Scripting Troubleshooting Windows/Linux Integration

PRESENTED BY:

Download the brochure at TechMentorEvents.com Project24 6/15/05 12:41 PM Page 1

Concerned about broken links in files during data migrations? LinkFixerPlus™ is the first software application that automatically fixes broken links in Excel and other files caused by data migrations!

re you performing a data Word, PowerPoint, Autodesk Advanced Features: migration due to server AutoCAD, HTML, Adobe PageMaker, Aupgrades, server consolidations InDesign and PDF files, in batch, • Perform data migrations or new storage servers? Or are you including the files they point to, and of Excel, Word, performing folder reorganizations or the links to those files are PowerPoint, AutoCAD, server name changes? Are you automatically maintained! You can HTML, PageMaker, concerned about broken links caused even find and repair broken links in InDesign and PDF files, already by these changes? What if there was batches of files that have been in batch, without causing a way you could find and fix broken moved. Imagine not having to links automatically, eliminating the manually find or fix broken links due broken links. extra time and cost associated with to data migrations ever again! • Automatically fix broken manually fixing them? links in files that have LinkFixerPlus is the solution you already been moved. Well with LinkFixerPlus you can! need to report, find, manage and LinkFixerPlus is the first application repair links in many different types of • Generate broken link that automatically maintains links in files whether you are working with reports and detailed files when conducting a data dozens of files on a desktop computer parent and child file migration. With LinkFixerPlus, you can or thousands of files during a data reports. move or rename Microsoft Excel, migration.

Request your free 30-day evaluation copy of LinkFixerPlus from: www.linkfixerplus.com. E-mail us

Copyright © 2005 LinkTek. All rights reserved. LinkFixerPlus is a trademark of LinkTek at [email protected] or call +1-727-442-1822. Corporation. Patent-Pending. All other products mentioned are trademarks of their respective holders. 0805red_SecAdvisor_60-61.v5 7/15/05 9:37 AM Page 60

SecurityAdvisor RobertaJoern Wettern Bragg The State of Biometric Authentication

iometrics hold the promise of high security and ease Different Strokes Take Sony, for example, which sells its of use, because they depend on some intrinsic physical Puppy Fingerprint Identity Token to corporate customers. The company claims characteristic, such as a fingerprint or retina pattern, B that the token’s false acceptance rate is for authentication. While vendors of biometric hardware less than .001 percent when configured to comply with federal security standards. In have been touting these advantages for years, many products other words, only in one out of every 100,000 cases does the device accept a couldn’t match the claims. fingerprint that it should reject. Com- After years of unfulfilled promises, Biometric authentication methods have bined with a mechanism that blocks the biometrics products are finally entering to be more accurate than identification use of the device after a few unsuccessful the mainstream. Let’s assess how viable methods. attempts, it’s no surprise that the Sony some common solutions really are and Until recently, biometric authentication Puppy looked like a good solution to how they can help you secure your wasn’t reliable enough to trust. For exam- logon problems for one of my clients. computing environment. ple, in a well-known 2002 case, Japanese Even Microsoft (for whom I’ve done Biometric devices can fulfill one of two cryptographer Tsutomu Matsumoto work in the past) has released biometric functions: identification or authentica- demonstrated how most fingerprint devices, such as the Microsoft Finger- tion. When performing identification readers on the market at the time could print Reader, and encourages home functions, they mainly improve the ease be fooled by using a plastic mold and users to secure Web passwords with a of use of an access control mechanism. some gelatin. This finding, widely publi- fingerprint. Note that the product page Today, most companies use devices like cized at the time, served as a wakeup call on Microsoft’s Web site states that “the that to make it easier for employees to to the industry. Fingerprint Reader should not be used identify themselves—placing your hand Since then, fingerprint recognition and for protecting sensitive data such as on a palm reader is often quicker and other biometric technologies have financial information or for accessing more convenient than digging out an advanced to the point that they can’t be corporate networks.” access card or typing a username. easily fooled. Still, you should read the That may be a surprising statement fine print on vendors’ claims about from a company trying to sell you a bio- Making Mistakes possible weaknesses; one rather grue- metric device, but Microsoft is properly Biometric equipment used primarily for some example is an IBM white paper advising you about when the Fingerprint identification requires something else for that estimates it can take as long as 15 Reader may not be an appropriate solu- authentication, such as a PIN. If you use minutes after a finger has been severed tion. A device designed to protect a biometrics to identify a user, but not as before its sensor no longer recognizes home user’s Web site passwords from the only means of authentication, you the finger. other family members doesn’t need to give it some margin for error. The soft- And despite the advances, biometric meet the same security standard as a ware may conclude from an iris scan that devices must still be tuned to reduce device enabling access to a corporate there’s a 90 percent probability that the both the false rejection and false network. The Microsoft Fingerprint person in front of the camera is you, but acceptance rate. You want to minimize Reader isn’t appropriate for corporate that may be good enough to identify you the number of instances where a security for the same reason most other and prompt you for a PIN, which then user’s biometric identification isn’t biometric solutions today aren’t. Security performs the authentication. This is recognized (false rejection). More is not only a function of the biometric good, because you wouldn’t want to trust importantly, you have to ensure that an scanning mechanism; it’s also impacted a technology that authenticates you and impostor isn’t identified as a legitimate by how biometric and other information grants you access to company resources user (false acceptance). Biometric is stored and how data flows from the based on a 90 percent probability that hardware and software today performs device to the operating system. Being a you are indeed who you claim you are. well in this respect. consumer product, it likely wasn’t devel-

60 | August 2005 | Redmond | redmondmag.com | Project6 1/6/05 5:17 PM Page 1

Unfortunately, you can’t dream • Microsoft By day three, your way to certification. • Cisco

Jack was finally 1 TM • Oracle Our accelerated programs, featuring our exclusive 3 /2 step method, enjoying his makes learning fast and effective. In less than two weeks, you’ll • Sun return to your job empowered with the knowledge, confidence • Linux

IT training. and certification you need to advance your career…and your life. • CISSP

• CEH To find out more about our all-inclusive certification programs,

call 800-698-5501 or visit www.trainingcamp.com. • CompTIA

Enter the special promotion code “HELP” and receive a 20% • UNIX

discount on select courses. • Forensics 0805red_SecAdvisor_60-61.v5 7/15/05 9:37 AM Page 62

SecurityAdvisor

oped according to the same security the Windows logon with handwriting Using a USB memory stick with a fin- standards to which other Microsoft style recognition is convenient and gerprint reader to encrypt everyday busi- products, such as operating systems, should provide protection against casual ness documents that you take home is must conform. While Microsoft hasn’t attacks. However, I don’t consider it an probably adequate protection. On the elaborated about why its device shouldn’t adequate solution for Tablet PCs with other hand, using a fingerprint reader to be used in a corporate environment, the sensitive data that needs protecting. log on to Windows or store the password reason is probably not the biometric IBM was a pioneer in incorporating you use to access your bank account is hardware, but rather how data is trans- fingerprint readers in some of its not; even the best fingerprint readers ferred between the device and the pro- ThinkPads. Lenovo, the new manu- today occasionally make mistakes. To gram that stores and processes user facturer, continues to include these guard against this, insist on devices that credentials for Web sites. devices in selected laptop models. can provide two-factor authentication, Toshiba uses another type of biometric The ThinkPad fingerprint scanner requiring a fingerprint and a PIN for authentication for its Tablet PCs.Recog- communicates with a TPM (Trusted example. You may think that insisting on nizing how tedious entering a long pass- Platform Module) chip located on two factors for authenticating users may word with a stylus in “tablet” mode can the motherboard. A TPM chip can undermine one of the main appeals of be, the company provides a Tablet Access store information more securely than biometrics, which is relieving users from Code Logon utility. This program software, as well as secure the hardware having to remember and type user names appears at logon and prompts the user to channel between the operating system and password. Most users, though, can write a code, such as a signature or sym- and fingerprint reader. easily remember a four-digit PIN, and bol, with the tablet pen. It then compares ThinkPads also take advantage of the through combining two separate authen- the writing style with samples that the ability to use BIOS passwords to tication methods you can achieve a high user previously recorded. require authentication when starting level of security. What makes this utility unique is that the computer or accessing the hard it doesn’t just compare whether the drive. This means you can configure Not Quite There Yet writing results match; it also analyzes the TPM on a ThinkPad to use a I strongly encourage you to become writing style, such as stylus acceleration fingerprint instead of a password to familiar with biometric authentication and pressure, which tends to be unique unlock the computer. The TPM can products available today. Before spend- for each person. Unfortunately, Toshiba also encrypt and store Windows user ing too much time researching such provides few details about this type of names and passwords and provide them solutions for your company, though, biometric authentication. Whether the to Windows at logon, provided the user carefully consider the cost of adminis- program uses sound biometrics or not, has been authenticated by the TPM tration. Most products available today the Tablet Access Code Logon utility is and fingerprint scanner. The included provide little centralized administration, problematic from a security perspective software interacts with the Windows are fairly expensive and create an entire- because of how it connects with the logon process, replacing some of ly new category of help desk calls. As operating system. It uses handwriting Microsoft’s files. promising as the technologies behind recognition to decrypt a user name and While the ThinkPad’s biometric capa- biometrics look, none of them is quite password combination stored on the bilities are outstanding, it has the same ready for easy, enterprise-wide deploy- computer and supplies it to Windows. limitations as most biometric devices that ment. This should happen in the Long- Toshiba’s Tablet PC documentation are used for Windows authentication— horn timeframe. Until then, most contains no information about how the database of fingerprint samples is fingerprint readers, handwriting analysis these credentials are stored or how maintained locally. This means you have and other forms of biometric authenti- they’re supplied to Windows at logon. to separately train every computer you cation should be used as a convenience This is a problem, because while may use to recognize your fingerprints. for users in environments that only have replacing the native Windows logon This is a far cry from a true corporate minor security requirements.— mechanism can be done securely, writ- solution, which would be able to authen- ing programs that interface with or ticate users regardless of which computer Joern Wettern, Ph.D., MCSE, MCT, replace the Windows logon routines is used to provide a fingerprint. Security+, is the owner of Wettern Network are notoriously difficult to write. This, Solutions, a consulting and training firm. combined with the lack of technical Two-Factor Authentication He has written books and developed train- documentation, provides little confi- Today’s biometric security methods and ing courses on a number of networking and dence for using the program in a secu- devices can be a viable solution for the security topics. Wettern can be contacted at rity-conscious environment. Securing protection of relatively low-value data. [email protected].

62 | August 2005 | Redmond | redmondmag.com | 0805red_Index63.v4 7/15/05 3:04 PM Page 63

RedmondResources ADVERTISING SALES AD INDEX Advertiser Page URL Henry Allain Matt Morollo DesktopStandard 21 www.DesktopStandard.com Publisher Associate Publisher Devon IT 31 www.ntavo.com 949-265-1556 phone 508-532-1418 phone Diskeeper Corporation 7 www.diskeeper.com 949-265-1528 fax 508-875-6622 fax EMC Corporation 37 www.emc.com [email protected] [email protected] GOexchange by Lucid8 LLC 14 www.goexchange.com Good Technology 11 www.goodtechnology.com Northwest East IBM 42 www.ibm.com No. CA, OR, WA, Alberta, British AL, CT, DE, FL, GA, KY, LA, MA, MD, LinkTek 59 www.linktek.com Columbia, Saskatchewan ME, MS, NC, NH, NJ, NY, PA, RI, SC, Measure Up 48 www.measureup.com TN, VA, VT, WV, Quebec, Ontario, Europe Network Automation 53 www.networkautomation.com Bruce Halldorson Network Instruments 47 www.networkinstruments.com Northwestern Regional Sales JD Holzgrefe Manager Eastern Regional Sales Manager PrepLogic C3 www.preplogic.com 209-473-2202 phone 804-752-7800 phone Quest Software C4 www.quest.com 209-473-2212 fax 253-595-1976 fax Red Hat 45 www.redhat.com [email protected] [email protected] Scriptlogic 9 www.scritplogic.com Sunbelt Software 5,54 www.sunbelt-software.com West/Mid West IT Certification & SurfControl C2 www.surfcontrol.com Training—USA, Europe AK, AR, AZ, So. CA, CO, HI, ID, IA, IL, Al Tiano TechMentor San Jose 58 www.techmentorevents.com IN, KS, MI, MN, MO, MT, ND, NE, Advertising Sales Manager, IT The Neverfail Group 27 www.neverfailgroup.com NM, NV, OH, OK, SD, TX, UT, WI, WY, Certification & Training The Training Camp 61 www.trainingcamp.com Manitoba, Pacific Rim, Australia, New 818-734-1520 ext.190 phone Zealand, India, Pakistan Websense 3 www.websense.com 818-734-1529 fax Winternals 22 www.winternals.com [email protected] Dan LaBianca Western Regional Sales Manager EDITORIAL INDEX ENTmag.com &TCPmag.com 818-674-3417 phone Company Page URL Tanya Egenolf 818-734-1528 fax 7-Zip 44 www.7-zip.org [email protected] Account Executive 760-722-5494 phone ActiveState 28 www.activestate.com 760-722-5495 fax Advanced Micro Devices Inc. 41 www.amd.com Production [email protected] Kelly Smith Adersoft 28-30, 32 www.adersoft.com Associate Production Coordinator Adobe Systems Inc. 40 www.adobe.com 818-734-1520 ext.164 phone America Online Inc. 13, 25, 26 www.aol.com 818-734-1528 fax Apple Computer Inc. 4, 35 www.apple.com redmondadproduction@ Gentoo Foundation Inc. 44 www.gentoo.org 101com.com GIMP 44 www.gimp.org Google 8, 10www.google.com Hewlett-Packard Co. 49 www.hp.com IBM Corp. 60, 62 www.ibm.com Corporate Headquarters: 9121 Oakdale Ave., REDMOND magazine, 16261 Laguna Canyon Intel Corp. 41 www.intel.com Ste. 101Chatsworth, CA 91311, Road, Ste. 130, Irvine, CA 92618. The infor- www.101com.com mation in this magazine has not undergone any iTripoli Inc. 28-30, 32 www.itripoli.com formal testing by 101communications and is Jabber Software Foundation 26 www.jabber.org Media Kits: Direct your Media Kit requests to distributed without any warranty expressed or Matt Morollo, Associate Publisher, implied. Implementation or use of any informa- Lieberman Software Corp. 19, 20 www.liebsoft.com 508-532-1418 (phone), 508-875-6622 (fax), tion contained herein is the reader’s sole Mandriva 44 www.mandrivalinux.com [email protected]. responsibility. While the information has been Microsoft Corp. 4, 8, 10, 12, www.microsoft.com reviewed for accuracy, there is no guarantee 13, 16, 17, 19, Reprints: For all editorial and advertising that the same or similar results may be 20, 23-26, reprints, contact Valeo IP at 888-VALEOIP or achieved in all environments. Technical 28-30, 32, e-mail: [email protected]. inaccuracies may result from printing errors, 34-36, 38, new developments in the industry and/or 40, 41, 43-47, 49-52, 55-57, List Rentals: To rent REDMOND’s or other changes or enhancements to either 60, 62, 64 101communications’ publications postal, tele- hardware or software components. marketing or e-mail lists, please contact our list REDMOND magazine (ISSN: 1081-3497, Mozilla Organization, The 44 www.mozilla.org manager: Worldata, 3000 N. Military Trail, USPS: 0015-657) is published monthly by NetSupport Inc. 17, 18 www.netsupport-inc.com Boca Raton, FL 33431-6375, 1-800-331- 101communications LLC, 9121 Oakdale Ave., 8102, www.worldata.com Ste. 101, Chatsworth, CA 91311. Periodicals New Breed Software 44 www.newbreedsoftware.com postage paid at Chatsworth, CA 91311-9998, Novell Inc. 44 www.novell.com CONFERENCES and at additional mailing offices. Annual OpenCD Project, The 44 www.theopencd.org TechMentor Conferences: contact Al Tiano, subscription rates for U.S. $39.95 (U.S. Sales Manager, 818-734-1520 ext. 190, funds). Postage for Canada/Mexico $15 (U.S. Red Hat Inc. 13, 44 www.redhat.com [email protected]. The Data Warehousing funds); and International $25 (U.S. funds). SAPIEN Technologies Inc. 28-30, 32 www.sapien.com Institute: contact Diane Smith, Exhibit Sales, Subscription inquiries, back issue requests, 206-246-5059 ext.108, Denelle Hanlon, Publi- and address changes: Mail to: REDMOND Sony Corp. of America 60 www.sony.com cation and Sponsorship Sales, 206-246-5059 magazine, 2104 Harvell Circle, Bellevue, NE Sun Microsystems Inc. 4, 44 www.sun.com ext.102, [email protected]. FCW 68005, e-mail [email protected] or call TightVNC Software 44 www.tightvnc.com Events and Conferences: contact Lucy Coo- (866) 293-3194 for U.S. & Canada; (402) 293- ley, Events Director, 703-876-5081, lcooley@ 3194 for International, fax (402) 293-0741. Toshiba America Inc. 62 www.toshiba.com 101com.com. Syllabus Conference and POSTMASTER: Send address changes to VA Software Corp. 44 www.vasoftware.com Exhibition: contact Anne Morris, Exhibit Space REDMOND magazine, 2104 Harvell Circle, or Sponsorship, 818-734-1520 ext.219, Bellevue, NE 68005. Canada Publications VMware Inc. 15, 16, 20, www.vmware.com 46, 47 [email protected]. Mail Agreement No: 40039410. Return Undeliverable Canadian Addresses to XLnow 28-30, 32 www.onscript.com © 2005 by 101communications. All rights Circulation Dept. or DPGM 4960-2 Walker Yahoo! Inc. 8, 25, 26 www.yahoo.com reserved. Reproductions in whole or part Road, Windsor, ON N9A 6J3, Canada. prohibited except by written permission. Copyright 2005 by 101communications LLC. Mail requests to “Permissions Editor,” c/o All rights reserved. Printed in U.S.A. This index is provided as a service. The publisher assumes no liability for errors or omissions.

| redmondmag.com | Redmond | August 2005 | 63 0805red_Ten_72.v3 7/14/05 3:30 PM Page 64

Ten: Useful Microsoft Blogs TEN By Editor Paul Desmond ([email protected])

Amid the Internet blog din you can find a few gems, including Exchanging with these, many of which are written by Microsoft employees Gerod Gerod Serafin’s WebLog, “A day in sharing inside dope and insightful tips. the life of an Advisory Support Engineer (Exchange),” is a good place Kitchen Sink Blog Web site, where users can track or for some inside Exchange skinny. If you want to keep up on various post software updates. Serafin offers up practical, albeit Microsoft products, or you’re just not sporadic, tips on how to implement sure where to start, check out, “The Jerry Maguire Meets specific Exchange functions. Industry Insiders; Insight from the heart Exchange of the IT industry.” Here you’ll find a Its oh-so-cute name— “You Had Windows Server cornucopia of info in different product Me at EHLO”—belies the highly Division areas, from security to Exchange, Active technical and useful content of this A rotating cast of Microsoft characters, Directory and SQL Server, along with a blog penned by various members of anchored by Ward Ralston and Patrick smattering of management-level content. the Microsoft O’Rourke, offer a steady stream of tips Mainly it’s pointers to other articles, Exchange team. on the Windows Server Division updated roughly once or twice per week, You’ll find every- WebLog. Suitable for anyone from a so it won’t overwhelm you. thing from an Windows Server admin to a journalist exhaustive entry on hungry for news. SBS Diva memory tuning to Susan Bradley is a self-described articles on topics All Things Being SQL “wacko SBSer” but she’s also an SBS like OWA customization and this Mat Stephen’s “All things SQL MVP. Her E-Bitz blog—“The Official mouthful of an entry: Values in Server” blog is a collection of news, Blog of the SBS Diva”—is full of leads unmergedAttributes and msExchUn- including patch releases, pointers to and educational insights. The prolific MergedAttsPT attributes and your other thought-provoking material, diva comments on news events, dispels ADC replication. Renee Zellweger submissions from readers and how-tos common misconceptions, proffers would be honored, I’m sure. covering topics such as event handling licensing advice and occasionally strays in SQL 2005 Server Integration from “pure” SBS coverage, opining on Exploring IE Services and deriving data feeds from topics including voice over IP. No fancy name here, but IEBlog third-party databases. Stephen, who is a is nonetheless a crucial source of info Microsoft IT Pro Evangelist, is also a Security in a Flash on Internet Explorer security updates good writer in his own right, as his Donna Buenaventura is about as and new features. Topics range from piece on business intelligence “without prolific as the SBS Diva, with as many the supremely serious (how to disable the blah, blah” attests. as five or six posts per day. Her the Javaprxy.dll, to prevent the latest Donna’s SecurityFlash blog consists security vulnerability) to the extremely Security Insiders mostly of pointers to other stories and useful (how to create pages that print Time is of the essence when it security alerts, serving as a useful correctly) to the aesthetically pleasing comes to security, so every little compendium of security tidbits. She (implementing rounded page corners bit of advance warning helps. As also keeps the Calendar of Updates with IE). Communications Manager for Security Response at Microsoft, Meet Mr. SQL Server Stephen Toulouse is in a rather unique GetMoreOnline Tom Rizzo,director of SQL position to help. Along with Mike Go to Redmondmag.com for links to Server product management at Reavey, operations manager for the all of the blogs listed here, and feel free Microsoft, checks in every week or two Microsoft Security Response Center to highlight your own favorite blogs with quick and dirty synopses of SQL (MSCR), he and a rotating cast of using the online comments section. Server-related announcements, includ- characters offer interesting back- FindIT code: TenBlogs ing releases of new tools, event high- ground behind security goings-on, lights, tips and links to relevant including Patch Tuesday updates. redmondmag.com content, such as a timely piece on XML You’ll also find early tips on patches support in SQL Server 2005. and other security tools.—

64 | August 2005 | Redmond | redmondmag.com | Project6 6/28/05 2:55 PM Page 1 Project11 7/8/05 11:02 AM Page 1

8/2005/Redmond Pack rats beware! Keep only what you need with

espective holders. espective Quest Archive Manager for Exchange. Now there's a way to store only the critical e-mail and documentation generated in your organization—some of which may prove to be invaluable in the future. Archive Manager for

e are trademarks or registered trademarks of Quest trademarks or registered e are Exchange empowers you to differentiate between the data you want to keep and the data you don’t.

Quest Software brings you a cost-effective solution that captures, indexes, and automates archiving of messaging data to meet your retention, storage, and compliance needs. Enable e trademarks or registered trademarks of their r e trademarks or registered your organization to reduce risk, improve security, and retain critical business knowledge.

Learn how to keep your data safe with Quest—Microsoft's 2004 Global Independent Software Vendor Partner of the Year.

e, Inc.All rights reserved. Quest and Softwar ———————————————————————————————————————————— Visit www.quest.com/packrat and download the technical brief: Implementing Best Practices for Exchange Storage Management ©2005 Quest Softwar Software.All names ar other brand or product ————————————————————————————————————————————

Application Management | Database Management | Infrastructure Management