0705red_cover.v3 6/14/05 10:26 AM Page 1
Bag Big Bucks for Your Next Project Page 43
JULY 2005 WWW.REDMONDMAG.COM
IT’S GROOVE BABY! Redmond Interviews Ray Ozzie Page 34 Gimme Some Skin Comparing 3 Biometric Devices Page 28
Dump Your DMZ! > $5.95 01
• Why You’re Not as Safe as You Think Page 65 JULY
WSUS
25274 867 27 Better Name, Better Product Page 23 71 Project2 5/31/05 10:09 AM Page 1
Do you know who's inside your network?
Beyond Scan and Remove - Think Spyware Prevention
Are Spyware and other Internet threats clowning around on your network? SurfControl Enterprise Threat Shield™ gives you the last laugh. If the threat is already on a user's machine, SurfControl Enterprise Threat Shield stops it from running and removes it. What is more, SurfControl Enterprise Threat Shield prevents reinfection, is enterprise-ready, gives you centralized management, and is user tamper-proof. Put the kibosh on spyware, key-loggers, instant messaging, P2P and games before they jeopardize security or productivity.
FREE 30-day trial www.surfcontrol.com/go/shieldtrial1 or call: 1.800.368.3366
© 2005 SurfControl plc. Project2 5/31/05 10:10 AM Page 1
Get rid of spyware across your enterprise, in minutes, without leaving your desk!
Within 15 minutes from now, you can get rid of spyware across your enterprise ... and keep spyware from returning for a full 30 days ...absolutely FREE!
It's so quick and easy to deploy. Within minutes, you can have SurfControl Enterprise Threat Shield up and running on your network ... wiping your PCs free of spyware ... and keeping them spyware-free for as long as you keep Threat Shield running. All without leaving your desk.
Enterprise Threat Shield not only finds spyware that is already lurking on an existing PC or server ... it stops, and removes spyware coming in from e-mail, downloads, Web sites, IM, P2P, USB drives, mobile workers' laptops, or PDAs connecting back to the network.
Download your FREE copy of SurfControl Enterprise Threat Shield, go to: www.surfcontrol.com/go/shieldtrial1 Project2 6/14/05 2:48 PM Page 1
Do you know who's inside your network?
Beyond Scan and Remove - Think Spyware Prevention Are Spyware and other Internet threats clowning around on your network? SurfControl Enterprise Threat Shield™ gives you the last laugh. If the threat is already on a user's machine, SurfControl Enterprise Threat Shield stops it from running and removes it. What is more, SurfControl Enterprise Threat Shield prevents reinfection, is enterprise-ready, gives you centralized management, and is user tamper-proof. Put the kibosh on spyware, key-loggers, instant messaging, P2P and games before they jeopardize security or productivity.
FREE 30-day trial www.surfcontrol.com/go/threatshield 1 800.368.3366
© 2005 SurfControl plc. 0705red_TOC_3.F3 6/14/05 10:23 AM Page 1
JULY 2005 WWW.REDMONDMAG.COM
Winner for Best Computer/Software Magazine 2005 RedmondTHE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY
COVER STORY REDMOND REPORT 9 News Analysis It’s Groove A Question of Scale Baby! 10 Event Log Redmond’s newest Windows Server 2003 R2, CTO hopes to make Windows XP Edition N and more. his mark on Microsoft’s collaboration efforts, and 12 Power Broker perhaps much more. A Script for Success
Page 12 Page 34
PHOTO BY JASON GROW
FEATURES 43 Building a Better Business Case Need cash for your next big project? 13 Mobile Feature Pack to Don’t sweat it—IT managers share Upgrade Security their time-tested tips for prying open the corporate wallet. COLUMNS 47 An Open Look at Groupware 4 Chief Concerns: Doug Barney Open source groupware is better than ever, CIO Blind Spots but for those seeking to replace Exchange, some caveats apply. Jim Conley examines 21 Beta Man: Don Jones the state of open source groupware and Virtual Server Grows Up why it matters in a Microsoft shop. Page 47 53 Windows Insider: Bill Boswell What’s New in R2 15 Management Muscle 23 Your Turn 63 Mr. Script: Chris Brooke Device Management AppManager WSUS: Better Name, gives you the Better Product 65 Security Advisor: tools you need Joern Wettern to keep a firm Readers report that Microsoft’s Dump Your DMZ! grip on network Windows Server Update Services operations. (WSUS) tool is a vast improvement 72 Ten: Paul Desmond over its predecessor SUS. Steps Microsoft Should 28 Roundup Take to Improve Security Halt: Who Goes 38 Get Your ALSO IN THIS ISSUE There? Groove On Biometric 2 Redmond magazine online Groove Virtual devices offer 6 Letters to Redmond Office can more security than standalone make remote passwords. Here are three prod- 71 Ad and Editorial Indexes collaboration almost as good as ucts that go beyond the basics for being there. authentication and verification. COVER PHOTO BY JASON GROW 0705red_OnlineTOC_2.F2 6/14/05 10:04 AM Page 2
RedmondJULY 2005 mag.com
REDMOND COMMUNITY REDMONDMAG.COM Redmond Newsletters Debuting This Month: Redmond Channel Partner Magazine Online! • Redmond Report: Our weekly e-mail As you may have heard, this month we’re launching a new, independent newsletter featuring news analysis, magazine just for the Microsoft partner community: Redmond Channel Partner. context and laughs. By Redmond’s The publication offers insight, ideas and practical advice for Microsoft partners, Editor in Chief Doug Barney and covering topics such Editor Paul Desmond. as sales strategies, FindIT code: Newsletters working with • Security Watch: Keep current on the Microsoft, using ROI latest Windows network security topics. to win deals and This newsletter features exclusive, much more. online columns by Contributing Editor In July, we’re also Russ Cooper of NTBugTraq fame. debuting the online home of Redmond Channel Partner, RCPmag.com. At FindIT code: Newsletters RCPmag.com, you’ll find: • The complete contents of the July issue of . Discussion and Forums Redmond Channel Partner • Daily news for the Microsoft partner community, including coverage of Post your thoughts and opinions under Microsoft’s Worldwide Partner conference. our articles, or stop by the forums for • Forums and other areas where you can connect with fellow partners as well as more in-depth discussions. the editors on the issues that matter to you most. FindIT code: Forum Be sure to stop by RCPmag.com in July to see everything the site has to offer. Your Turn And if you haven’t yet subscribed to Redmond Channel Partner magazine, do so The interactivity center of the today at: http://rcpmag.com/subscribe. Redmond universe, where you get to express your views. FindIT code: YourTurn MCPMAG.COM It’s “SAN for the Masses” with storage FindITCodes OTHER 101COMMUNICATIONS SITES guru Chris Wolf updating readers on Throughout Redmond, you’ll discover some stories contain FindIT what to look for in storage solutions. ENTmag.com codes. Key in those codes at Special Report: “Microsoft Licensing” Plus, Chris tackles your networking Redmondmag.com to quickly access Scott Bekker looks at Licensing 6.0 problems in “Tech Line,” a new column expanded content for the articles and whether or not you need to look for MCPmag.com readers. Also in July: containing those codes. • Mike Gunderloy dispels the myths Some of the FindIT codes for this over your shoulder for Licensing 7.0. month include: FindIT code: ENTLicSR behind the hype that is Office 12. • Don Jones’ “Scripting Answers” and • Ozzie: Read more of what cover story interviewee Ray Ozzie (p. 36) “Windows Tip Sheet” weekly. CertCities.com had to say on Groove, collaboration • Test your mettle with the return of and more. Exam Review: “The New Network+” “Pop Quiz” for the 70-290 exam. • Halt: Get more information on Andy Barkl reviews the latest version Live Chat: Microsoft MVP Andy authentication methods and other of CompTIA’s Network+ exam. Goodman and SBS Live! regulars get utilities to help secure your systems FindIT code: CCNetAB together online on Tuesday, July 19 at 7 (Redmond Roundup, p. 32). p.m. Eastern time. • OpenLook: Follow links to Groupware vendors and other TCPMag.com MCP Radio: Sean Moshir and Chris resources featured (“An Open Look Andrew from PatchLink Software Column: “Scott Morris Q&A” at Groupware,” p. 47). Every week quadruple CCIE Scott discuss the complexity of integrating Enter the code in the box at the top- Morris tackles your toughest Cisco IT compliance capabilities into right corner of any Redmondmag.com technology questions. software projects. And, Microsoft page. (Note that all FindIT codes are Find IT code: TCPQ&A reveals more details on the Microsoft one word, and are NOT case sensitive.) Certified Architecture Program.
2 | July 2005 | Redmond | redmondmag.com | Project6 4/1/05 2:50 PM Page 1
YOUR INFRASTRUCTURE MAY PROTECT EMPLOYEES INSIDE. What protects employees outside?
She works from home. She works from the road. And she endangers the network everywhere she goes. That’s why you need Websense software—to provide security protection at the desktop and beyond. Close the security gap. Download your free evaluation today. www.websense.com/mobile3
© 2005 Websense, Inc. All rights reserved. Websense is a registered trademark of Websense, Inc. in the United States and certain international markets. 0705red_Chief_4.vfinal 6/14/05 9:38 AM Page 4
ChiefConcerns Doug Barney
CIO Blind Spots RedmondTHE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY JULY 2005 ■ VOL. 11 ■ NO. 7 o the IT community, the CIO is the pinnacle, an Editor in Chief Doug Barney all-knowing master of technology and business. I wish [email protected] Editor Paul Desmond it were always true. But as smart as most CIOs are, [email protected] T Executive Editor, Reviews Lafe Low [email protected] political intrigue and bureaucratic inertia have some top tech Managing Editor Keith Ward [email protected] execs paralyzed. They simply don’t know enough about what’s News Editor Scott Bekker [email protected] happening beneath them to truly make the right decisions. Assistant Managing Editor, Wendy Gonchar Web Editor [email protected] Editor, Redmondmag.com, Becky Nagel To put it succinctly, CIOs have a intranets or .NET hostage through CertCities.com [email protected] Editor, MCPmag.com Michael Domingo huge blind spot. It’s not totally their simple inaction. [email protected] fault. Managers are only as good as the Inaction has only gotten worse during Editor, ENTmag.com Scott Bekker information and trust gained from the budget crunch IT has faced in [email protected] Associate Editor, Web Dan Hong their subordinates. recent years. “No money” is a great [email protected] And too often, staff-level IT pros have excuse to do nothing. Contributing Editors Bill Boswell little—or no—interest in keeping their Recognizing the problem is the first Chris Brooke CIOs informed. step toward a solution. CIOs must look Don Jones Software jockeys, hardware wonks around and peer deeply into what they Joern Wettern and network geeks all have their own don’t know. And they should consider Art Director Brad Zerbel self-interest. They want a relatively 360-degree reviews where staffers cri- Senior Graphic Designer Alan Tao easy life (as easy as IT can be), and they tique the CIO and hopefully offer a tip want to protect that life and control or two. Finally, CIOs shouldn’t become Publisher Henry Allain their destiny. That means keeping the too detached from the technology— Associate Publisher Matt N. Morollo Marketing Manager Michele Imgrund CIO in the dark. losing your chops may mean losing the Audience Development Manager Janice Martin Unfortunately, many CIOs have respect of your technical troops. Senior Web Developer Rita Zurcher become too removed from the action Marketing Programs Associate Videssa Djucich to know the difference. Part of the An Ozzie Encore Director of Print Production Mary Ann Paniccia problem is that CIOs attempt to You may have noticed the sharply Manufacturing & Carlos Gonzalez control a huge range of technologies, dressed gentleman on our cover. Distribution Director each of which is staggering in New Microsoft CTO Ray Ozzie may complexity and choice. The bigger be the most technically accomplished issue is that CIOs are dis- employee in Redmond, tracted by business aside from Bill himself. issues, which IT staffers Ozzie worked on the very Enabling Technology Professionals to Succeed are only too happy to first spreadsheet, built President & CEO Jeffrey S. Klein take advantage of. Many Lotus Symphony, wrote Executive VP & CFO Stuart K. Coppens CIOs prefer the execu- Notes and started two suc- Executive VP Gordon Haight tive washroom and hob- cessful software companies Senior VP & Sheryl L. Katz nobbing with big wigs to from scratch. General Counsel Senior VP, Human Michael J. Valenti visiting the trenches. But there’s a lot more Resources The result of this sorry we can learn from Ray. Redmondmag.com situation is that technical cream does- Check out the full interview on The opinions expressed within the articles and other contents n’t rise to the top. Instead, fiefdoms Redmondmag.com and Ozzie’s blog—in herein do not necessarily express those of the publisher. Postmaster: Send address changes to have emerged. Just as mainframers particular his thoughts on why rich Redmond, 2104 Harvell Circle, Bellevue, NE 68005 fought the PC hordes, telecom groups clients make sense: www.ozzie.net/blog. have resisted all too successfully the As always, send your thoughts, logic of voice over IP, and program- good, bad or indifferent, to mers have held new projects such as [email protected].
4 | July 2005 | Redmond | redmondmag.com | Project23 6/15/05 12:05 PM Page 1
1« Ì ÞÕÀ iV «>ÌV iö
- >Û i«Ã ÞÕ VÕÌ >Þ «>ÌV >>}iiÌ Ì>Ã `Ü Ì Ãâi°
ÌÀ`ÕV} iÜ - >Û iÌ *ÀÒx >` - >Û -iVÕÀÌÞ }iÌÃÒx° Ì >ÕÌ>Ìi` «>ÌV >>}iiÌ ÃÕÌà >Ài >`i` ÜÌ >ÜiÃi iÜ V>«>LÌià i i >Vi` Ài«ÀÌ} Ì >Ì }Ûià ÞÕ Õ«ÌÌ iÕÌi iÌÜÀ ÃiVÕÀÌÞ ÃÌ>ÌÕà ÜÌ i>ÃÞÌÀi>` V >ÀÌà >` }À>« ð *ÕÃ] Ì iÞ Ìi}À>Ìi Ãi>iÃÃÞ ÜÌ ÕÀ Õ«V} >ÌëÞÜ>Ài «À`ÕVÌ] - >Û iÌ Ò -«ÞÜ>Ài° Û>Õ>Ìi Ì i vÕÞ vÕVÌ> ÌÀ> ÛiÀà v - >Û iÌ *ÀÒx À - >Û -iVÕÀÌÞ }iÌÃÒx Ì`>Þt 6ÃÌ ÜÜÜ°
/Ü iÜ Àii>Ãið à >Û°V] V> nää® ÈäÈ££ À i> Õà >Ì vJà >Û°V° ` `ÃVÛiÀ Ü Ãi vÀ >}iÌL>Ãi` À >}iÌiÃð - >Û V> } Ìi ÞÕÀ >`°
à Õà >LÕÌ ÕÀ iÜ ->Àà «>ÌV >>}iiÌ ÃÕÌt
-iVÕÀi 9ÕÀ 6Ã°Ò - >Û `ÀÛià «>ÌV >>}iiÌ ÃÕÌà vÀ Ì iÃi `ÕÃÌÀÞ i>`iÀÃ\ 0705red_Letters_6.F 6/14/05 10:01 AM Page 6
Letters to Redmond
The Spaghetti Incident? What is the over-worn saying about the Chinese ideogram for “crisis” being a combination of “danger” and “opportunity”? Scott Bekker’s commentary on “Why Longhorn Still Matters” [Red- mond Report, April 2005] seems to focus entirely on the “oppor- tunity” side of Microsoft’s looming mega-upgrade.
I hear a lot of “ifs” to the likes of, by up-all-night caffeine-fueled pro- “If no new killer 64-bit applications ... grammers who quit the moment their Phones suck up all those valuable new system stock vested years ago. resources.” But don’t forget that’s after: I hardly imagine that performance the Windows networking as its men- (a) the customer has been forced to pur- improvements rank highly on any tioned, but also as a remote desktop chase the latest-and-greatest new PC Microsoftie’s list—except for marketing, client that fired right up and allowed us hardware, (b) the system is now forced of course—when it’s clearly at odds with Ctoo managempute ourrs Windows farm and Evo- to run the resource-hogging new the laziness and inefficiencies that ever- lution, the open source equivalent of faster hardware and abstracted, high- Outlook. I configured the Exchange level programming allow and with the connector and five minutes later had resource-hogging No.1 security goal. full Outlook-like control. If you can tol- —Eric Wallace erate the big red N, I would recom- Portland, Maine mend NLD over SuSE (plus NLD includes YaST as well). My only qualm NLD Advantage is: Why did Novell have to move “Desktop Linux: Ready for Prime around some menu items?! I hated hav- Time?” [June 2005] is a good roundup ing to find where they were moved to. of what we at work discovered too. SKeeperve russ, eupdatedtc. on Linux desktops GUI (remember NT 4.0 moving the Seems we all prefer SuSE due to its from time to time! —Jason Stanke video into kernel mode?) and (c) the simplicity compared to the others, plus Indianapolis, Ind. inevitable slowness added by a billion YaST, the greatest tool ever. Recently, a new security checks—we can’t ignore couple of us tried the Novell Linux In-Depth Security that “pillar” of Longhorn. After all, it’s Desktop (NLD) knowing full well it Excellent “Picking the Right Firewall” Microsoft’s “highest priority”! Sadly for was SuSE underneath. I would say it is article by Joern Wettern in this month’s most of us techies, we probably won’t every bit as good as SuSE by itself but issue [May 2005]. I get a chance to see the faster hardware the NLD has a few advantages. Namely found his article very ever run a program that’s not straining informative and thor- its resources, because our companies ough. In a time when won’t pay for the hardware, software we are constantly bom- and operating system upgrades until YOUR barded with security they’re desperately needed anyway. What are the toughest issues products that promise And yet the x64 rewrite of XP and you face as an IT professional? to secure our networks,
Server 2003 is available today, for those Tell us what bugs you and TURN it is nice knowing who’ve got the hardware. Sure, it isn’t a keeps you up at night. We’ll what’s important and total rewrite of the OS code—but as the use your comments in a future what to look for when it comes time to last Microsoft code leak proved and feature article. Just send them picking the right firewall. dozens of Microsoft blogs reaffirm to [email protected]. I truly look forward to more in-depth daily, no code the company releases security articles from Mr. Wettern. today is free of the spaghetti strings of —Robert Alonso incomprehensible bug fixes keyed out redmondmag.com Weston, Fl.
6 | July 2005 | Redmond | redmondmag.com | Project6 5/10/05 3:22 PM Page 1
:PVSXFBQPO $PVOUFS4QZ&OUFSQSJTF $FOUSBMJ[FETQZXBSFFSBEJDBUJPO
4QZXBSF UIF OFX OVNCFS POF FOFNZ GPS *5 3FBMUJNF QSPUFDUJPO !CTIVE 2ECENT SURVEYS OF )4 SPECIALISTS SHOW THAT SPYWARE 0ROTECTION4- -ONITORS DELIVER REAL TIME INFECTIONS HAVE REACHED EPIDEMIC PROPORTIONS PROTECTION TO WORKSTATIONS TO REDUCE THE CHANCE 3PYWARE IS ONE OF THE MOST SERIOUS SECURITY THREATS AND PRODUCTIVITY OF SPYWARE INFECTION &ROM THE !DMIN #ONSOLE YOU HAVE THE ABILITY TO KILLERS TODAY )TS INSIDIOUS )TS CREATORS ARE WELL lNANCED RELENTLESS AND CENTRALLY CONTROL WHAT ACTIONS ARE TAKEN WHEN THESE MONITORS DETECT REMORSELESS &OR THE CHANGE ON THE DESKTOPS 5IF CFTU TQZXBSF EBUBCBTF JO UIF ENTERPRISE COMMON JOEVTUSZ 1FSJPE 4HE DATABASE BEHIND #OUNTER3PY %NTERPRISE HAS BEEN ANTISPYWARE CANT CUT IT INDEPENDENTLY VALIDATED AS THE BEST ANTISPYWARE DATABASE IN THE INDUSTRY $PVOUFS4QZ &OUFSQSJTF 7HY #OUNTER3PY %NTERPRISE BENElTS FROM MULTIPLE SOURCES FOR ITS ,OPDL PVU TQZXBSF SPYWARE DElNITION UPDATES INCLUDING 3UNBELTS 2ESEARCH 4EAM -ICROSOFT GSPN POF DFOUSBMJ[FE AND INFORMATION COLLECTED FROM CONSUMER USERS THROUGH 3UNBELTS MPDBUJPO #OMPANY WIDE 4HREAT.ET4- 3PYWARE DOESNT STAND A CHANCE 'SFF USJBM 'JOE PVU IPX SPYWARE MANAGEMENT NBOZ NBDIJOFT JO ZPVS PSHBOJ[BUJPO BSF JOGFDUFE /08 3CAN THE REQUIRES A REAL ENTERPRISE PRODUCT WITH CENTRALIZED MANAGEMENT MACHINES IN YOUR ENTERPRISE FOR FREE $OWNLOAD THE TRIAL AT #OUNTER3PY %NTERPRISE IS JUST THAT A SCALABLE POLICY BASED WWWSUNBELT SOFTWARECOMCSERED SECOND GENERATION ANTISPYWARE TOOL BUILT FROM THE GROUND UP FOR SYSTEM AND NETWORK ADMINISTRATORS TO KILL SPYWARE QUICKLY AND EASILY
-ÕLiÌ -vÌÜ>Ài /i\ £nnn /1/- Ènnn{xÇ® À £ÇÓÇxÈÓä£ä£ >Ý\ £ÇÓÇxÈÓx£ ÜÜÜ°ÃÕLiÌÃvÌÜ>Ài°V Ã>iÃJÃÕLiÌÃvÌÜ>Ài°V
^ÊÓääxÊ-ÕLiÌÊ-vÌÜ>Ài°ÊÊÀ} ÌÃÊÀiÃiÀÛi`°Ê ÕÌiÀ-«Þ >`Ê/ Ài>Ì iÌ >ÀiÊÌÀ>`i>ÀÃÊvÊ-ÕLiÌÊ-vÌÜ>Ài°ÊÊÌÀ>`i>ÀÃÊÕÃi`Ê>ÀiÊÜi`ÊLÞÊÌ iÀÊÀiëiVÌÛiÊV«>iÃ°Ê Project2DESKTOP3TANDARD?2EDM%&PDF 6/7/05 11:12 AM Page 1 0-
,%!34 02)6),%'% #/-0,)!.#% )3 ./7 ). 9/52 (!.$3
)N TODAYS CORPORATE ENVIRONMENT ITS NOT AN OPTION $ESKTOP3TANDARDS 'ROUP 0OLICY SOLUTIONS TAKE YOU BEYOND BUILT IN 7INDOWS SECURITY MANAGEMENT GIVING YOU THE POWER TO LIMIT RIGHTS AND PRIVILEGES TO THE LEAST REQUIRED FOR AUTHORIZED TASKS 2EDUCE THE COMPLEXITY OF MANAGING YOUR DISTRIBUTED DESKTOP ENVIRON MENT WHILE INCREASING SECURITY AND COMPLIANCE &IND