Redmondmag.com
Transcription
Redmondmag.com
Going to the Bench: Replacing Bill Gates AUGUST 2006 55 W W W. R E D M O N D M A G . C O M Windows Watch Dog 1 25274 867 27 7 AUGUST • $5.95 08 > Stephen Toulouse Takes Us Inside the Microsoft Security Response Center 26 + Beta Man Tests ISA Server 2006 14 What’s Your IT IQ? Take the Quiz and Find Out 39 Are you archiving all your company email yet? On ly $ 4 25 m 45 $ 2, ailboxes ; f 29 ma or 250 5 for ilbo xes Email Archiving Archive all company email to SQL Server And ease Exchange back-up & restoration too! Email archiving solution for internal and external email Download your FREE trial version from www.gfi.com/mrr/ ! Get your FREE trial version of GFI MailArchiver for Exchange today! GFI MailArchiver for Exchange is an easy-to-use corporate email archiving solution that enables you to archive all internal and external mail into one or multiple SQL databases, heavily reducing reliance on PST files. Now you can provide users with easy, centralized access to past emails via a web-based search interface and the ability to quickly restore emails through a OneClick Restore process. GFI MailArchiver aids your company in fulfilling regulatory email storage requirements (such as the SarbanesOxley Act). GFI MailArchiver leverages the journaling feature of Exchange Server 2000/2003, providing unparalleled scalability and reliability at a competitive cost. Use GFI MailArchiver to: Archive all incoming and outgoing company email to multiple SQL databases Significantly reduce storage requirements for email by up to 80% End PST hell by storing email in SQL format Provide end-users with a single, web-based location in which to search all their past email Allow users to restore archived emails through a OneClick Restore Help comply with Sarbanes-Oxley, SEC and other regulations. Searching for an email tel: +1 (919) 379 3397 | fax: +1 (919) 379 3402 | email: sales@gfiusa.com | url: www.gfi.com/mrr/ Seamless failover. Always connected. Keeping Users Connected. Keep your application servers zipped up and functional all of the time. Whether a single server or an entire site fails, availability to critical business applications fails, along with the productivity of users company-wide. No matter if you’re a start-up or a Global 100, server downtime will kill your business. With Neverfail, users are kept continuously connected to their applications no matter when, where, or why a failure occurs in the server environment. Neverfail delivers cluster-class disaster recovery, data protection and high availability software solutions to every size company, and at a significantly lower total cost and complexity. With automatic failover response measured in mere seconds rather than minutes, and no user or IT management intervention needed, no one covers your back better than Neverfail. Anything less is a lesser solution. Designed for Windows-based applications, Neverfail’s comprehensive suite of award-winning software solutions will help ensure that your productivity is never interrupted. To make your business a more productive — and profitable — enterprise, visit neverfailgroup.com for your FREE server analysis and take the first step to achieving true high availability. Or better yet, call or email us today to join companies all over the world who have chosen Neverfail for the most effective disaster recovery, data protection and high availability solutions in the industry. Keeping Users Connected. www.neverfailgroup.com info@neverfailgroup.com EXCHANGE • SQL SERVER • FILE SERVER • IIS • SHAREPOINT • BLACKBERRY • ORACLE • LOTUS DOMINO THE ROAD TO RECOVERY... ...leads to Acronis While many companies talk about backing up user data, at Acronis we believe that it is the recovery of data that is most important. That is why we spend so much time in development working on how to recover data faster. Features: • SnapRestore™ allows users to work while the system recovers in the background • Universal Restore allows a system to be recovered to dissimilar hardware • Full, Incremental, Differential, and file level backup We understand it’s not how fast you backup, but how fast you recover and become productive that matters. “Acroinis’ True Image solution offers an unparalleled disk imaging and disaster recovery solution that few competing vendors can match.” CRN Magazine April 2006 Download a Free evaluation at: www.acronis.com/fasteval Redmond AUGUST 2006 W W W. R E D M O N D M A G . C O M Winner for Best Computer/Software Magazine 2005 THE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY COVER STORY Emergency Response, Microsoft Style When malware strikes Microsoft code, Stephen Toulouse and the MSRC team rush in to extinguish the fire. Page 26 REDMOND REPORT 11 Adesso Looks to Mobilize Application Development A Q&A with John Landry, co-founder of Adesso Systems. 12 Beta Play Microsoft betas extend SQL Server, Visual Studio lines. 13 Keynote Strikes a Chord Ballmer talks CRM and Security at the Worldwide Partner Conference. 14 Beta Man Déjà Vu: ISA Server 2006 COLUMNS 6 FEATURES Barney’s Rubble: Doug Barney Let’s Get Small 39 Back to Basics Quiz: Are You the Master of Your Windows Domain? Are you a Domain Controller, a Tech Plugger or an IT Idiot? Find out how you rate! 46 Second Time Around Windows Server 2003 R2 and the new DFS. 55 Going to the Bench: Can Redmond’s Backups Keep ’Em in the Game? New management team must fill the void left by Gates. 21 Mr. Roboto: Don Jones Get Your Shell On 58 Never Again: Hong-Lok Li Virtual Panic 61 Windows Insider: Greg Shields Get a Grip on Those Gripes Page 55 65 Security Advisor: Joern Wettern Bit by Bit Page 46 ILLUSTRATION BY RALPH VOLTZ ILLUSTRATION BY MARK COLLINS 72 Foley on Microsoft: Mary Jo Foley The Future at Microsoft Is … Robotics? REVIEWS 17 Put Your Tasks on Automatic Automate your task management without learning a new language. 22 Redmond Roundup To Server and to Virtualize Virtualization on the server side can add up to big savings in hardware costs. ALSO IN THIS ISSUE 4 Redmond Magazine Online 8 Letters@Redmondmag.com 71 Ad and Editorial Indexes COVER PHOTO BY DANIEL SHEEHAN Redmondmag.com AUGUST 2006 RCPmag.com It’s Ballmer’s World M icrosoft President Steve Ballmer still threw a few fist pumps and spit-sprayed shouts aimed to get attendees’ attention during his keynote at last month’s Worldwide Partner Conference. But the tone throughout leaned more toward admonishing them to stick with the company’s methods for sealing deals or be on the outside looking in. Ballmer expects partners to focus on three key markets Steve for growth in the next year: unified communications, securi- Balmer ty and search. You can read the juicy details and other insights in a field report from Redmond Channel Partner Senior Editor Lee Pender at RCPmag.com. FindIt code: RCPBallmer ENTmag.com Exchange 2007 Goes Unified A ccording to ENTmag.com Editor Scott Bekker, Exchange 2007 will be one of Microsoft’s main battlefields for pushing forward unified communications. In his special report on ENTmag.com, Bekker looks at how Microsoft will be expanding its “Anywhere Access” theme by combining voice mail and fax into e-mail inboxes to give users a single location to check all messages, plus improved mobile communications. Get all the details and dig deeper into what Beta 2 for Exchange 2007 will offer at ENTmag.com. FindIT code: ENTExh2007 REDMONDMAG.COM RESOURCES Resources Enter FindIT Code >> Daily News >> E-Mail Newsletters >> Free PDFs and Webcasts >> Subscribe/Renew >> Your Turn Editor Queries News Newsletters TechLibrary Subscribe YourTurn Questions with ... Don Jones This month Redmond’s Mr. Roboto talks with us about his favorite subject—scripting. Find Don’s new PowerShell Answers column on MCPmag.com beginning in August. FindIT code: MCPShell Why scripting? Isn’t software supposed to be easier to manage? Sure, but infrastructure isn’t: The systems that make things easier to manage can take a lot of time to manage. What’s the answer to those who say, “If I need to script, I might as well hire a programmer”? The Unix admins are laughing at you right now. Scripting is an admin tool, just like a mouse or keyboard. Use it. What advantage does PowerShell have over WSH? It’s a bit easier to learn and much more consistent, so a little effort goes a long way. FACTOID 80% Chance that Vista will be released in January, according to Bill Gates. — Redmondmag.com News story “Gates: 80 Percent Chance Vista Will Make January Deadline,” July 11, 2006. FindIT Code: RNews711 REDMOND MEDIA GROUP SITES: Redmondmag.com • RCPmag.com • ENTmag.com MCPmag.com • CertCities.com • TCPmag.com • TechMentorEvents.com 4 | August 2006 | Redmond | redmondmag.com | Barney’sRubble Doug Barney Let’s Get Small M icrosoft is prepping a new wave of software that will undoubtedly bring in untold riches and strengthen the company’s grip on desktop and server operating systems, productivity suites and messaging. But this very power means that these products will define all of these categories for a decade or more to come. And these programs are all very, very large. Is that what we want? Take Vista. This OS has some 50 million lines of code, an impressive or insane number depending on how you look at it. But what’s the cost? First, there’s complexity. A product this big is difficult to build, tune, polish and, as we all know, ship! It may also be difficult to use, as feature upon unnecessary feature bombard defenseless users who just want to open a file or visit a Web site. Such complexity opens thousands upon thousands of avenues for hackers to cruise, and can make plugging these holes darn near impossible. And then there’s this little matter of hardware economics. With XP, we’re to the point where PCs are commodities—a wonderful thing as we can spoil our kids with their own machines, and the less advantaged can buy a PC for the cost of a TV. Vista changes all that with its hunger for more RAM, hard drive, CPU power and graphics. Will we see $500 Vista laptops and $300 Vista desktops in the near future? I doubt it. Who asked for such a gargantuan OS? Most folks I’ve heard from want the opposite, a lean, mean, personalcomputing machine. Which brings us to Office 2007. I have no doubt this will maintain Microsoft’s desktop monopoly, at least for Corporate America. Office 2007 integrates tightly with tools such as Groove for data sharing, and more importantly will be the front-end to dozens of mainstream ERP, CRM, supply chain and other core business apps. But this is also a whale of a program, one that flies in the face of what users have been begging for—a simpler, smaller, more stable and usable set of productivity tools. The new, improved and, of course, far fatter server tools, Exchange 2007 and Longhorn, are perhaps less of an issue. Servers these days are mighty powerful, and Microsoft server products tend to be stable, usable and popular with those that run them. But there’s this little disconnect. Microsoft’s new mantra is Web services, which to my mind means tight, component-based products that work well over networks with varying bandwidth. I’m not entirely sure how a monolithic e-mail platform that requires a highend 64-bit server (Exchange 2007) can serve as a tight, component-based product that works well over networks with varying bandwidth. Of course, I never majored in computer science, so I might not be smart enough to understand how it can do both. If you can explain how huge apps can become tight, efficient Web services, e-mail me your explanations. I’m at dbarney@redmondmag.com.— 6 | August 2006 | Redmond | redmondmag.com | Redmond THE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY REDMONDMAG.COM AUGUST 2006 ■ VOL. 12 ■ NO. 8 Editor in Chief Doug Barney dbarney@redmondmag.com Editor Ed Scannell escannell@redmondmag.com Executive Editor, Reviews Lafe Low llow@redmondmag.com Editor at Large Michael Desmond mdesmond@redmondmag.com Managing Editor Wendy Gonchar wgonchar@redmondmag.com Editor, Redmondmag.com Becky Nagel bnagel@redmondmag.com Contributing Editors Mary Jo Foley Don Jones Greg Shields Joern Wettern Art Director Brad Zerbel bzerbel@redmondmag.com Senior Graphic Designer Alan Tao atao@redmondmag.com Group Publisher Henry Allain hallain@1105media.com Editorial Director Doug Barney dbarney@1105media.com Group Associate Publisher Matt N. Morollo mmorollo@1105media.com Director of Marketing Michele Imgrund mimgrund@1105media.com Senior Web Developer Rita Zurcher rzurcher@1105media.com Marketing Programs Associate Videssa Djucich vdjucich@1105media.com Editor, ENTmag.com Scott Bekker sbekker@entmag.com Editor, MCPmag.com Michael Domingo mdomingo@mcpmag.com Editor, RCPmag.com Becky Nagel CertCities.com bnagel@1105media.com Associate Editor, Web Dan Hong dhong@1105media.com President & CEO Neal Vitale nvitale@1105media.com CFO Richard Vitale rvitale@1105media.com Executive Vice President Michael J. Valenti mvalenti@1105media.com Director of IT Jerry Frazier jfrazier@1105media.com Director, Circulation and Abraham Langer Data Services alanger@1105media.com Director of Web Operations Marlin Mowatt mmowatt@1105media.com Director, Print Production Mary Ann Paniccia mpaniccia@1105media.com Controller Janice Ryan jryan@1105media.com Director of Finance Paul Weinberger pweinberger@1105media.com Chairman of the Board JeffreyS. Klein jklein@1105media.com The opinions expressed within the articles and other contents herein do not necessarily express those of the publisher. PHOTO ILLUSTRATION BY ALAN TAO Breakthrough Technology: Maximum System Performance–Automatically NEW ® The Number One Automatic Defragmenter™ Fragmentation causes slowdowns, freeze-ups and even total system failures. As drive sizes, file sizes and CPU speeds increase fragmentation becomes more of a problem since disk drive speeds have not kept up. This results in a performance bottleneck. With data being constantly accessed, fragmentation accumulates daily and affects all servers, desktops, and storage systems. Manual defragmentation is simply not a solution. NEW Diskeeper 10 provides adaptive technology designed to wring every last drop of performance out of every computer on your network. Diskeeper 10 “Set It and Forget It”® Features • NEW! I-FAAST™ (Intelligent File Access Acceleration Sequencing Technology), boosts file access and creation speeds up to 80% (10-20% average). • NEW! Core enhancements provide fast, thorough defragmentation. • EXCLUSIVE! SmartScheduling™ customizes automatic defragmentation based on individual usage patterns. • NEW! Terabyte Volume Engine™ defrags large volumes, SANs, RAIDs and NAS, quickly and thoroughly. Ideal for all servers including • NEW! Administrator Edition provides easy network-wide configuration and deployment as well as reports on disk health, real file, print, application, SQL, web, Exchange, and domain controllers. time performance, reliability and fragmentation statistics. • NEW! Enhanced I/O Smart™ transparent defragmentation ensures uninterrupted system operation even during busy times of the day. • NEW! Native 64 bit operating systems support. Automatic defragmentation provides: increased performance, reliability, reduced maintenance, longer machine life, faster backups and faster antivirus and spyware scans. See for yourself! SPECIAL OFFER Try EVERY FEATURE in Diskeeper 10 FREE for 45 days www.diskeeper.com/red2 (Note: Special 45 day trial only available at above link) Your systems need Diskeeper, The Number One Automatic Defragmenter with over 20 million licenses sold! Volume licensing and Government / Education discounts are available from your reseller or call 800-829-6468 code 4370 White papers, case studies and articles are available at http://www.diskeeper.com/redreports ©2006 Diskeeper Corporation. All Rights Reserved. Diskeeper, The Number One Automatic Defragmenter, I-FAAST, I/O Smart, SmartScheduling, Terabte Volume Engine, “Set It and Forget It”, and the Diskeeper Corporation logo are registered trademarks or trademarks owned by Diskeeper Corporation in the United States and/or other countries. Windows is a registered trademark or trademark owned by Microsoft Corporation in the United States and/or other countries. Diskeeper Corporation • 7590 N. Glenoaks Blvd. Burbank, CA 91504 • 800-829-6468 • www.diskeeper.com Letters@Redmondmag.com Office Dinosaurs a Plenty In June, contributing editor Mary Jo Foley in her Foley on Microsoft column (see “Office Dinosaurs Unite”), openly admitted to having an aversion to Microsoft’s idea of the “digital work style” and the constant connectedness it brings. It appears that many of you, ironically steeped in technology everyday, share her sentiments. The following handful of letters illustrate some of your views: Huns of Technology As one who’s lived in an SCA [Society for Creative Anachronism] household, though not as a card-carrying anachronist, I have to say SCA folks are, in general, far more technically adept. They don’t need an apology and are probably flattered by being mentioned at all in Foley’s column, and I’m sure many will write, or send their minions. SCAtians are very DIY types, which makes them a good fit for today’s mercenary-like IT world. At least out of costume. Call them the Huns of technology. All joking aside, what Foley says is true, we really don’t see a functional reason to upgrade beyond Office 97—with the possible exception of Outlook 2003. My folks are not planning to use XML features any time soon, and SharePoint would create a huge new training challenge. We’re still having trouble getting across how to use network drives. What Microsoft has not done, that would really help, is to implement document management and versioning in the file system. SharePoint doesn’t count. We don’t need a Web server (e.g. additional infrastructure) to do basic document management tasks, just a few extra bits in the file system. As they say “keep it simple.” Thanks to Mary Jo for starting a very enlightening discussion! Rich Snow Boston, Mass. Life Without Microsoft I, too, feel that there’s far too much connectedness in this modern pastiche of society. Frankly, once past Office 97, I have little interest in more Offices. I do databases, for most of my pro life that means Access, and the last thing I want to do is to re-learn, again, a new database just so that Microsoft can have I am not against Microsoft but I have a life that does not include it! a revenue stream. I am not against Microsoft but I have a life that does not include it! Angus Creighton Richmond Hill, Ontario, Canada No Fancy Shmancy I’m with Foley on this one. I despise the notion of being “always available.” What happened to personal time? When did my job jump from 44 hours a week to 168 hours a week? I don’t mind not knowing about something until the next day. If people are going to die or we’re going out of business, my home number is available. Nor do I want to run the latest fancy version of Office. I only reluctantly upgraded to Office XP when I also reluctantly upgraded to Windows XP. The only time I gladly upgraded Office was when I went from Office 95 to Office 97. The version of Office 95 I was running at the time was designed for Windows for Workgroups 3.11 and that probably had something to do with it. I have a cell phone because my department requires it. Before that, I had a 8 | August 2006 | Redmond | redmondmag.com | pager. I liked the pager. You could take a look at it and decide if it was something you needed to handle right away or not. With a mobile phone, you get hijacked. Whether you’re standing in line at the grocery store, washing your hands in the bathroom or driving down the interstate, if you answer your phone, you’re expected to immediately switch from whatever mode your brain was in to “work” mode. You’re at the mercy of your co-workers, family, friends and vendors. That’s a situation I would really rather not be in. Keep up the fight! I doubt Microsoft or the business community in general will slow down its “progress,” but it’s good to know I am not the only one who likes to take things slowly. Jason R. DePriest, GSEC, GCFW Memphis, Tenn. 10 Years Behind Forget it. I’m with Mary Jo. I don’t have a cell phone, Blackberry, laptop, wireless, GPS, etc. either. I do have a big screen TV and surround sound, however (it’s a guy thing). But I digress … Our entire office is still running Office 97 so I guess we are 10 years behind. Yet there seems no reason to change, especially considering the cost involved. Half of the office is still on Windows 98 because I can’t get them to upgrade to XP. I have one copy of office 2003 for conversion purposes and it seems to suffice. Office 2007? Forget it! Name Withheld by Request Mentor, Ohio When information comes together, comes together, your software software puts puts your you at the top of the thefood foodchain. chain. of Information lives at companies that run EMC® software. As one of the world’s largest software providers, we help companies of all sizes store, manage, protect, and share information. We can do the same for you—across applications, across platforms, across oceans. Information lives at companies that run EMC software. As one of the world’s largest software providers, we help companies of all sizes To learn more about how the full range of EMC software can help you and your company move up in the world, visit software.EMC.com. store, manage, protect, and share information. We can do the same for you — across applications, across platforms, across oceans. To learn more about how the full range of EMC software can help you and your company move up in the world, visit software.EMC.com 2 EMC, EMC, and where information lives are registered trademarks of EMC Corporation. © Copyright 2006 EMC Corporation. All rights reserved. EMC2, EMC, and where information lives are registered trademarks of EMC Corporation. All other trademarks used herein are the property of their respective owners. © copyright 2006 EMC Corporation. All rights reserved. RedmondReport August 2006 INSIDE: ISA Server 2006: Similar to 2004, but worth a look-see. Page 14 Adesso Looks to Mobilize Application Development A Q&A with John Landry, co-founder of Adesso Systems. BY ED SCANNELL n 1995, shortly after IBM Corp. purchased Lotus Development Corp., IBM chairman Lou Gerstner appointed Landry vice president, technology strategy. His mission: evaluate disruptive technologies from edge companies so IBM could fit them into some of its more prominent corporate strategies. But that wasn’t enough disruption for Landry. That same year, during the first joint IBM-Lotus sales and marketing meeting, Landry unexpectedly came on stage dressed as Eva Peron to entertain the group while Gerstner, his new boss sitting in the front row, perhaps wondered what he had got himself into in entrusting so much responsibility to Landry. Over the past several years Landry has helped launch a number of small software companies, most touting products that threatened to derail IT law and order. His latest venture, Adesso Systems, is no exception. The technology allows IT developers to create, customize, and deploy distributed and mobile applications as quickly as low-level Web applications. Landry sat down with Ed Scannell, Redmond editor, this time in men’s clothes, to discuss his venture. big economic trends such as cheap storage and connectivity, although sporadic connectivity. We already did that in Notes, which was based on a replication technology. So given that I know where all the bodies are buried in replication architectures in general, we decided the right architecture for this is a replication model and to build it on a fully distributed database architecture that sits on top of existing database management systems. The distributed logic can run on top of existing platforms but not be part of the existing platform, allowing us to move information around in ways not possible before. Redmond: Where did you get the idea for Adesso? Landry: The initial idea was to build an architecture that exploits some of the Do you find that many users and developers are ready to implement this sort of distributed approach? Given distributed is a tough concept I What is the secret sauce involved in the distributed logic? We have essentially mapped the global unique identifiers [GUIDs] into those [underlying] databases so we can identify what data is underneath. We can’t depend on the naming the database gives us. So hooking up to something like Oracle and SQL [Server] Express is fairly trivial for us. With this distributed database layer you are able to deal with phones and PDA databases, laptops and desktops, all of which can participate equally in this distributed architecture. for people to think about, we tried to extract out just the things they really need to build apps. In our definition that includes tables, forms, views, filters and components. The idea is to provide a design capability that allows you to very rapidly build apps that take advantage of a distributed architecture right out of the box. If I build an expense report system on Saturday, I can replicate it out to all users on Sunday. Others claim they can do something similar to this. What is unique about Adesso? For us, doing distributed is not just a matter of moving the data, it is a matter of also synching and replicating the design, access control rules, schema, and content control rules of the database. And this has to happen just moments before the data is moved. That is where it gets really hard. What tools are you making available for developers? We have gone extreme on this. The tool is also distributable, it is part of the product. So if the administrator gives you rights to design an application, or just part of an application, with the tool built in you can create or change the design of something quickly and synchronize those changes to all users of that application. They receive those changes the next time they synch in. One of the goals is to make distributed mobile architectures as easy to build as an Excel spreadsheet. Developers can fly at any level [of the architecture] they need to so a rookie user can build a | redmondmag.com | Redmond | August 2006 | 11 RedmondReport simple app and experienced developers can build and extend it out with C# DLLs or whatever they are using. This product appears to do some of the things that Microsoft’s WinFS file system was intended do? It does. Think of this as WinFS today. At its core [WinFS] is a hybridization of database technology with files. The idea [with Adesso] is to let the distributed data base functions be attached to the file system meaning I can correlate a file with a record in the database that Adesso is managing. Have you shown this to Ray Ozzie at Microsoft? Ray likes it a lot. We have a good relationship with Microsoft and it’s getting even better. You’re essentially talking about marrying structured and unstructured data with this product? Yes. Using what we call crackers, we can “crack” the metadata out of files and map it to the relational database. We can then use the Views capability in the product on that data to organize, sort and sequence it, as well as use that data as a vehicle to synchronize intelligently. The idea is to have an intelligent distributed file system hooked into distributed database functions. Will you be positioning this as something that can compete in the composite apps market? Yes. Any app you build in Adesso, you can then take pieces of that application like a form, view, or plugin and turn them into components and export them into any other application. The more apps you make the more components you have and the easier it is to assemble applications. In some cases you can put together a sophisticated business app in 30 minutes. What is Adesso’s business model? How will you sell this, direct or through partners? This will be a big Web play. The development platform we are giving away. You can download it off the Web and start developing apps right away. If you want to put that application back up on the Web where other developers can access it and blend it in with theirs. They can go through our Web site [Adesso Now Environment] to do that. You can also host the application you created there. We will charge you to do that. That is how we will monetize our intellectual property to make money for ourselves and the developers. The idea is to offer the development environment, hosting environment, and billing environment all in one. We’ll even send you the check every month. The idea is to let all flowers bloom. Ed Scannell (escannell@redmondmag.com) is editor of Redmond magazine. Beta Play Microsoft betas extend SQL Server, Visual Studio lines. L ost among the speeches by Microsoft’s Ray Ozzie and Bob Muglia on the company’s software and services vision at TechEd, and the latest demos of key technologies including Windows Live, was the beta release of several products. Perhaps chief among them was the Community Technology Preview (CTP) of SQL Server Everywhere and Visual Studio Team Edition for Database Professionals. The CTP release of SQL Server Everywhere is a subset of the fullblown version of SQL Server and is being positioned as a way for admins to provide an organized data store for client systems when they’re offline. Offering an example of its use at the conference, company officials said an NewsAnalysis application could use SQL Server when it’s connected to a network and then switch over to a local data store that’s provided by SQL Server Everywhere when a user leaves the network. The added product can also be used purely in mobile situations by serving as a data storage platform for Windows Mobile and Pocket PC developers to build on. The first beta release, however, will not support Windows Mobile, although it will when the finished version is shipped later this year. The product, which will be offered for free, supports databases holding up to up to 4GB of information. It will work with Windows XP SP2, Server 2003 and the recently shipped Vista Beta 2. “This looks like it will be useful for those enterprise guys with SQL Server and who have a few important mobile 12 | August 2006 | Redmond | redmondmag.com | applications they need to support. But I don’t see it as a big play in most enterprises. It will go after a niche market,” said Mike Drips, an independent consultant to several large companies in the San Francisco area. Visual Studio Team Edition Microsoft also showed off Visual Studio Team Edition for Database Professionals, promoting it as a way for programmers to collaboratively build database applications. This release takes the company one step closer to “Orcas,” the next major release of Visual Studio that ties together SQL Server 2005, Windows Vista and Office 2007. In the meantime, this latest release will serve to supply database architects, developers and administrators with a foundation for undertaking tasks such RedmondReport Keynote Strikes a Chord Ballmer talks CRM and Security at the WWPC. I n perhaps the least surprising Microsoft product announcement of the year, CEO Steve Ballmer finally talked publicly about Microsoft Dynamics CRM Live, a hosted version of its Customer Relationship Management (CRM) application at last month’s Worldwide Partner Conference in Boston. “This is the single most inevitable announcement in the history of Microsoft,” Ballmer bellowed to several thousand conference attendees. He said the upcoming service will be operated and managed by Microsoft from within its Windows Live data centers, and claimed it will offer business partners and developers another way to address the CRM requirements of their users. Microsoft will use the same code base as the on-premise and partner-hosted versions of Microsoft CRM. The news came as something of a relief to those who expected the company to scrap most of the existing CRM code base and build or buy other technology. Company officials said they plan to evolve the current code and offer true multi-tenancy, allowing multiple customer instances of CRM to run securely on the same infrastructure. The product will also share the same meta-driven configuration tools now used in all versions of Microsoft CRM, so business partners can develop prepackaged applications once and deploy them across multiple environments. Ballmer said CRM Live will be tightly integrated with Microsoft’s Windows Live and Office Live services. Microsoft plans to debut the product in North America sometime during the second quarter of 2007, and will offer it as a range of different services on a monthly subscription basis. There will be no limit to the number of users the system can support. Redmond will initially target the product at small businesses. Coopetition Call Also in his keynote address, titled “The Winning Choice,” Ballmer said Microsoft would engage in coopetition with partners and developers, meaning the company would work with, and compete against, them in areas Microsoft has identified as major opportunities. He asked attendees to support Microsoft’s efforts and to “place a bet” on the company and to get trained on its strategic technologies. “Search and portal, unified communications and security” are the areas where partners will have to choose Microsoft or competitors, Ballmer said. “Those three businesses we want to build together.” Ballmer acknowledged it might not be comfortable for partners to choose. In the security arena, for example, customers will face a choice of working with companies like Symantec or McAfee, or with Microsoft. “Will you choose to work with us or your traditional partners?” Ballmer asked at the conference. Ballmer promised a full-court press on security as Microsoft introduces standalone security products for the first time. In the past, Ballmer noted, Microsoft’s security efforts focused on hardening the core products. “Really this year, we will enter the security market in full force,” Ballmer said. — E.S. as change management, testing, offline database projects and deploying databases. Company officials said they hope to ship the finished version by the end of the year. Microsoft bolstered its Dynamic Systems Initiative (DSI) by making publicly available its System Center Operations Manager 2007 beta, the follow up to Microsoft Operations Manager 2005. Operations Manager is the first System Center product to use the System Definition Model (SDM), which can help deliver service-oriented management for Exchange, SharePoint and Active Directory, plus line-ofbusiness applications. During his TechEd keynote Ozzie showed off Microsoft Dynamics AX Version 4.0 , which allows corporate developers to create business mashups, the ability to blend Web-based services into rapid custom solutions that work across “disparate systems and information silos,” Ozzie noted. He said the new product’s server and services capabilities can be accessed directly from Outlook and through RSS. Version 4.0 is essentially a suite of products to help streamline business processes across a number of server-based applications and services such as financial information, customer relationships and the supply chain. The new release offers developers the chance to use Web services to weave together structured and unstructured data from several sources to create a single workflow. This makes it easier for developers to gain a complete view of their business processes. — E.S. | redmondmag.com | Redmond | August 2006 | 13 RedmondReport BetaMan Déjà Vu ISA Server 2006 is similar to its predecessor, but there’s enough new stuff to make it worth a look. W hen I first loaded Internet Security Acceleration Server 2006 (ISA 2006), I thought I might have grabbed my old ISA 2004 CD by mistake. The two versions look identical. If you’ve been following Microsoft’s firewall, you’ve probably gotten used to seeing drastic changes between versions. That’s not the case this time around. ISA 2006 Version Reviewed: Beta 2 Current Status: Beta 2 (early-2006) Expected Release: Late ’06/early ’07 That first impression changed once I spent a few days digging into ISA 2006. This is a refined upgrade that adds enough functionality to warrant a close look by IT shops now running ISA 2004. Microsoft put a lot of work into improving server publishing with ISA 2006. Publishing servers is the process of making the servers on your internal network or in your demilitarized zone (DMZ) available to Internet clients. This is tricky business, because you must walk a fine line between opening enough ports to allow access while not increasing your vulnerability. It is on this fine line that ISA 2006 really shines. Launch the correct wizard, fill in the required information and ISA creates a rule set for you. No more worrying about which ports to allow. ISA 2006 includes wizards for publishing the following: • Exchange Web Clients—such as Outlook Web Access (OWA), RPC/HTTPS, Outlook Mobile Access (OMA) and Exchange ActiveSync • Mail Servers running RPC, IMAP, POP3, SMTP or NNTP • SharePoint Sites • Web Sites You can also publish non-Web/mail server protocols such as DNS, FTP, SQL, MMS, Telnet or RDP. There are 117 built-in protocols to work with, or you can create a custom rule for any protocol if you know the port number. When publishing servers you can choose to restrict access to authenticated users or allow all users full access. ISA 2006 supports the following types of authentication: • Radius: Lets ISA grant domain authentication without having to join the ISA server to the domain. • LDAP: Lets ISA authenticate users via LDAP without a Radius server and without joining the domain. You specify the domain controllers to use, and whether you want to secure communications with LDAPS (Secure LDAP). • Single Sign-On: Lets users authenticate once with ISA 2006, then access any number of servers behind it without having to re-authenticate (seamlessly moving between SharePoint sites and OWA, for example). • Forms-based authentication: Now lets you customize forms. There is also a new level that uses a passcode/password combination, where the passcode is for ISA 2006 authentication and the password is for authentication delegation. • Two-factor authentication: ISA 2006 uses forms-based authentication and a client certificate for improved security. • Delegation: ISA 2006 can delegate 14 | August 2006 | Redmond | redmondmag.com | credentials using NTLM or Kerberos authentication. • Digital certificates: ISA 2006 can assign digital certificates to a specific IP address on a network adapter. ISA sports other new publishing features as well. When publishing Exchange servers, it asks which version of Exchange you’re running and will only create rules for the features supported in that version. The wizard supports Exchange 5.5, 2000, 2003 and 2007. You can also publish a web farm (groups of servers offering the same data). In this case, ISA 2006 functions as a load balancer and distributes traffic across all machines in the farm. Figure 1. ISA 2006 lets you view and log traffic as it passes through your firewall. Next month we’ll look at some of the other, more granular new features like content compression and bandwidth control. — Beta Man has gone under cover to give you some of the earliest and most unflinching takes on important software under development at Microsoft. ProductReview Put Your Tasks on Automatic Automate your task management without learning a new language. AutoMate 6 Network Automation Inc. Professional Edition: $995 per machine Enterprise Edition: $2,995 per machine Multiple machine packs and volume discounts available 213-738-1700 www.networkautomation.com BY BILL HELDMAN Here’s a simple question: Why isn’t there a Visual Studio-like interface for scripting tasks? Why isn’t there something that lets me set variables, interact with systems (whether they’re logged in or not), run programs, post and retrieve information from databases, perform file transfers, connect to disparate systems using terminal emulation, interact with Microsoft Excel and all sorts of other REDMONDRATING Documentation: 15% ___ 10 Installation: 10% _______ 10 Feature Set: 35% ________ 9 Performance: 30% ________ 9 Management: 10% ______ 9 Overall Rating: 9 ________________________ Key: 1: Virtually inoperable or nonexistent 5: Average, performs adequately 10: Exceptional Receiving a rating of 9.0 or above, this product earns the Redmond Most Valuable Product award. cool admin tricks? Why does the life of a system administrator have to be so darn complicated? (OK, that was actually several questions.) It may seem like a simple question, but there’s a lot more to it than you might think. It would be great if there was a program that instantly brought you a plethora of visual task scripting capabilities. Better still if it were organized in such a way that it was intuitively obvious what you needed to do, without flying out of town to a week-long training class or having to learn a specialized, complicated language. Yet it would still have to be powerful enough to meet all of your task creation, scheduling and deployment needs. Network Automation has done all this with AutoMate 6. AutoMate is a handy tool with a well-designed methodology for easily creating and automating any system task you could imagine. Figure 1. Setting up a variable with AutoMate’s wizard-driven interface. Step by Step Let me give you an example of how AutoMate works, using a simple programming task as a point of reference. A programmer’s first effort is typically a piece of code that generates the message Then I was taken to a second interface called the Task Builder. The Task Administrator and Task Builder are the only two interfaces you’ll need throughout your task building efforts. You can keep track of your tasks in Task AutoMate is a handy tool with a well-designed methodology for easily creating and automating any system task you could imagine. “Hello World.” Using AutoMate to recreate the process of coding the Hello World message would mean setting up some kind of variable and launching a popup. First, I used a wizard to create a new shell for a task. I simply highlighted the task and selected Steps from the Task Administrator menu. Administrator and massage them in Task Builder. Once I had created the shell for the “Hello World” example, I went to the Variables section of the Task Builder Available Actions pane. There I created a variable called “MyVariable” and added the string “Hello World” (see Figure 1). | redmondmag.com | Redmond | August 2006 | 17 ProductReview Figure 2. Once you’ve gone through all the options, you can run your task. Next, I selected Dialogs and Message Box from the Available Actions pane and created a popup window (a “Message Box” in Windows developer parlance). This window would display the contents of my variable. By hitting the Run button, I was able to successfully run this quick little task (see Figure 2). If I had created a more extensive task, I’d be able to run it through its steps, set breakpoints at given intervals and debug my automated script. This kind of task scripting helps you tap into the underlying power of exist- ing Windows code. You’re really just using a simple “select your steps and fill in the blanks” technique. You don’t have to sacrifice a thing in terms of power or capability, though. With either the Professional or Enterprise version of AutoMate, you can do almost everything you would want to do from a programming standpoint. It will help you with file manipulation, securing tasks through encryption, administrator notifications, even utilizing secure FTP. The Enterprise version adds terminal emulation, SNMP capabilities and audit level logging. With both versions, you can use a variety of methods to set up administrator notification. ProductReview Automating on Autopilot There were only a couple of very minor annoyances I came across while using AutoMate. When you create a new task, you have to click the Steps button or right-click the task and select Steps in order to launch the Task Builder. Toggling between Task Administrator and Task Builder could be a source of confusion. The Available Actions pane is not alphabetically sorted right out of the box. When you choose to sort the list alphabetically, however, it displays all AutoMate’s intense automation capabilities are invaluable. You don’t have to learn an entirely new language in order to get it to build the tasks. the available selections in a line instead of grouping them in like categories as it does when they’re unsorted. Why can’t a person easily put the list into alphabetical order? I don’t really see this sorting issue as a major problem. Once you start using the system, you’ll easily memorize the location of the various actions you want anyway. AutoMate isn’t the cheapest tool on the block. You purchase licenses by the machine, so if you want to deploy tasks to a large number of computers throughout an enterprise network, you could get into the tens of thousands in software costs—even with the volume discounts. On the plus side, I really like the ability of AutoMate 6 to use sounds and include recorded text playback. This could be very useful if you need to record training material so users have some sort of human guidance as they surf through a newly deployed program. The speech is computer generated, so use it sparingly or it could become annoying. Overall, AutoMate’s intense automation capabilities are invaluable. You don’t have to learn an entirely new language in order to get it to build the tasks. AutoMate 6 is BASIC compatible, but you’ll probably never need to actually go in and maneuver any code. Also, you can easily modify any of its numerous setup options. AutoMate 6 lets you create tasks quickly and on the fly for your Windows computers. If you want the robustness of a full-task scripting program without the hassle of working within a formal programming paradigm, AutoMate 6 is an outstanding tool. — Bill Heldman (bheldman@ comcast.net) is an instructor at Warren Tech, a career and tech ed high school in Lakewood, Colo. He’s a contributor to Redmond, as well as to a number of books for Sybex, including “CompTIA IT Project+ Study Guide.” Push Your E-mail. Trash Your Middleware. Using Exchange ActiveSync® technology licensed directly from Microsoft. Now available for the world’s most popular smartphones. RoadSync provides secure, wireless and direct push synchronization of Corporate Outlook® E-mail, Calendar, Contacts & Attachments—all in one affordable, scalable and easy to manage package. • No middleware server • No service or subscription fees • No cradle or desktop sync software • Secure data transmissions and remote wipe • Full reliable attachment support for Word, Excel and PowerPoint® files with Documents To Go by DataViz • Office mobility without compromise Learn how you can eliminate the hassles associated with mobile e-mail. Coming Soon for Windows Mobile 2003 Download a free Office Mobility Kit and receive a 30 day trial. Save time, money and increase your productivity today. Call 1.800.733.0030 or visit www.dataviz.com/redmond | redmondmag.com | Redmond | August 2006 | 19 Mr. Roboto Automation for the Harried Administrator | by Don Jones Get Your Shell On B y now you’ve probably heard about Windows PowerShell—Microsoft’s new automation buddy. If you haven’t installed it yet, you really ought to log on to www.microsoft.com/powershell and get rolling. Now you’re probably thinking, “Great. Yet another scripting language to learn.” Well, not exactly. Sure, PowerShell has a scripting language, just like the good ol’ Cmd.exe shell. The difference is that you’re not required to script to make the PowerShell useful. In fact, by default, PowerShell won’t even run scripts. PowerShell is indeed a total replacement for the old Cmd shell. Fire up PowerShell and you can run Dir, Net Share, Copy and all your other favorite command-line utilities. Of course, PowerShell isn’t just a replacement for Cmd. It’s much better. For example, need to know what Service Pack a particular computer is running? Just run: Get-WMIObject –class Win32_Operat ingSystem –namespace root\cimv2 –computer DON-PC –property ServicePackMajorVersion NeedHelp? What Windows admin task would you like to see automated next? Send your suggestions directly to Don at don@sapien.com. You can also send them to editor@redmondmag.com, just be sure to include Mr. Roboto in the subject line. Assuming DON-PC is the computer’s name, entering those commands will get you the information you want. Wait a minute—that’s not really any easier, is it? It might seem quicker to use another tool instead of typing all those commands, but this is where PowerShell really starts to shine. That’s much less typing. Want to see what commercial software products are installed on your target machine? Gwmi Win32_Product –co DON-PC That’s super simple. In fact, all you really need to know is what WMI classes (like Win32_Product and Win32_OperatingSystem) are available for you to use. PowerShell will be happy to list them all. Just run Gwmi –list (just add –computer to check a remote computer’s classes). Of course, if you actually start scripting with PowerShell, you can bundle up even more complex statements, If you actually start scripting with PowerShell, you can bundle up even more complex statements, control output formatting and more. First, you don’t need the –class argument name, because –class is the first argument Get-WmiObject takes (just run Help Get-WmiObject to check). The default namespace is already root\Cimv2, so you don’t need to specify that. Also, PowerShell supports aliases, which are like nicknames for commands. Run Get-Alias to see them all. Notice that Gwmi is aliased to Get-WmiObject. So now we’re down to this: Gwmi Win32_OperatingSystem –com puter DON-PC –property ServicePackMajorVersion You get the same result with less typing. But hold on, it gets even better. You only need to type enough of each argument name to distinguish it from any other arguments. Try this: Gwmi Win32_OperatingSystem –co DON-PC –pr ServicePackMajorVersion control output formatting and more. You’ll see more PowerShell coming your way in future months. Remember: even if you have no interest whatsoever in scripting (despite that being a somewhat shortsighted, career-limiting view these days), PowerShell is an excellent interactive, on-demand tool for Windows administration. PowerShell’s strength isn’t limited to just Windows, either. Exchange Server 2007, Systems Center Operations Manager 2007 (the new name for MOM) and most future Windows Server System products will base their entire administrative architecture on PowerShell. That makes PowerShell a onestop shop for running your entire Windows enterprise.— Don Jones (don@sapien.com) is a contributing editor for Redmond magazine. He’s currently working on the book, “Windows PowerShell: TFM” (www.sapienpress.com). | redmondmag.com | Redmond | August 2006 | 21 RedmondRoundup To Serve and to Virtualize Virtualization on the server side can add up to big savings in hardware costs. virtual machine, running on a powerful “host” server capable of simultaneously running a half-dozen or more (sometimes many more) virtual servers. VMware GSX Server and ESX Server VMware is the oldest player in the virtualization market. It has two tools for server virtualization—GSX Server and ESX Server. Both have essentially the same goal, which is to recreate a hardware environment in which you can “install” Intel-compatible operating systems and software. For each virtual machine, VMware creates a virtual keyboard, memory, hard drive and any other resources typically associated with a physical machine. The nature and extent of these resources are dependent on the host machine’s actual physical peripher- In this Roundup REDMOND 1= Virtually inoperable or nonexistent 5 = Average, performs adequately 10 = Exceptional RATING TING L RA RAL OVE VMware ESX Server $1,000 Standard Edition $5,750 Enterprise Edition (price per two processors) ] [20% ion mat Auto ] [20% ion ntat ume 0%] Doc e [2 anc orm Perf %] 0 2 ty [ ibili Flex ] 20% ity [ abil age Man BY DON JONES Server virtualization has evolved steadily since our last close look (see the October 2004 Redmond Roundup, “Virtual Servers in the Real World”). Perhaps the biggest news in the virtualization world these days is that Microsoft will include its “Hypervisor” virtual computing technology in Windows Server. This software layer will also work closely with processor-based virtualization technologies forthcoming from Intel and AMD. The Hypervisor technology will essentially replace Microsoft’s Virtual Server 2005, while easing the migration path for existing Virtual Server 2005 users. That day is at least a year away by even the most optimistic estimates. The need for server-class virtual computing, however, is growing stronger by the day. There are several distinctions between server virtualization and workstation virtual computing, which includes products like Microsoft Virtual PC and VMware Workstation (see “Living in a Virtual World,” July 2006). While the workstation products are good for software testing, server-class virtual computing is geared for production environments. One of the primary goals of server virtualization is server consolidation. The idea behind server consolidation is reducing the number of physical boxes in your data center without reducing the number of logical servers. In other words, you can still run that old Windows NT 4.0 machine you need to in order to run a mission-critical legacy application, but it won’t need dedicated hardware. Instead, it will operate on a VMware Inc. (an EMC Corp. company) 650-475-5000 www.VMware.com 9 9 8 8 7 8.2 7 9 8 8 9 8.2 8 5 9 8 9 7.8 Microsoft Virtual Server 2005 R2 Available as a free download Microsoft Corp. 800-642-7676 www.microsoft.com Virtuozzo for Windows $1,250 per processor SWsoft Inc. 703-815-5670 www.virtuozzo.com 22 | August 2006 | Redmond | redmondmag.com | RedmondRoundup als, memory, hard drive and so on. For example, a physical machine with a 10GB hard drive could not run a virtual machine with a 15GB hard drive. Figure 1. VMware’s Resource Map view gives you a look at physical resources available for your virtual servers. While the goals are similar, there are major operational differences between GSX and ESX. You can install GSX Server over Linux or Windows. ESX Server is itself an operating system and installs on “bare metal.” The idea behind ESX Server is to create a dedicated virtual hosting machine that does nothing but host virtual machines. There’s an obvious performance benefit with a single-purpose OS like this, but it has its downsides as well. For example, you can’t make ESX Server a member of your Active Directory domain. Nor can you manage it with traditional Windows management tools (although VMware does provide robust management tools for ESX Server). GSX Server provides slightly less robust performance, but it runs on top of Windows, which simplifies management. You can use familiar tools to manage your Windows or Linux-based virtual machines. You’ll appreciate that VMware’s product line works in a consistent fashion. The tabbed user interface in VMware Workstation, for example, lets you work with multiple virtual machines simultaneously. On the server side, the administration client for GSX Server is nearly identical. Another nice touch is that VMware has created a VMware Technology Network, or VMTN. You can acquire virtual appliances through the VMTN. These are essentially pre-built virtual machines you can download and start using immediately, just as if you purchased a preconfigured server from an OEM. Options include Web and application servers, database servers, operating systems and so on. Companies providing these virtual appliances include StillSecure, Oracle, Zeus, Zimbra and Ubuntu. VMware is introducing a new product on the server side that will change its lineup a bit. VMware Server was just released. VMware is positioning Server for “users new to server virtualization.” It comes across as a “GSX Server Lite,” particularly because it’s free. VMware Server will eventually replace GSX Server in the product lineup, and is clearly a response to Microsoft incorporating Hypervisor into Longhorn. It will provide an easy Figure 2. Virtual Server gives you a complete status view for your virtual machines, including I/O activity and process or status. migration path to ESX Server when your needs grow. It will support up to four virtual machines per processor core versus ESX’s eight per core. Because VMware Server is replacing GSX Server, you’ll be able to purchase technical support, even though the base product will be free. Overall, VMware’s offerings are tops in terms of manageability. All of its products support NIC teaming, virtual machine clustering (including the ability to have different cluster nodes on different physical hosts), support for SANs, SAN path failover, hot migration of running virtual machines (called VMotion, which lets you move a virtual machine to a different host while the virtual machine is running), centralized management for multiple users (via VirtualCenter) and more. Microsoft Virtual Server 2005 R2 Virtual Server 2005 is Microsoft’s latest and greatest server-class virtualization product. It will also be the last. Recently updated to R2, it will soon fade away as its capabilities are rolled into Windows Server through Hypervisor. Microsoft has already announced the newest member of the System Center family (which includes future versions of both SMS and MOM) called System Center Virtual Machine Manager. This will be a centralized management solution for data center virtualization that will ship in late 2007 or early 2008. Getting back to Virtual Server 2005, one of the biggest changes to R2 is x64 host support. This lets it run a crazy amount of virtual machines. With a four-way, dual-core x64 box holding an incredible 128GB of memory, I was able to easily run a dozen virtual machines with almost no disk activity. With the virtual machines’ disks loaded into RAM, it was an amazing experience. It reflected a level of per- | redmondmag.com | Redmond | August 2006 | 23 RedmondRoundup formance that until then, I had only been able to achieve with VMware ESX Server (which again is a dedicated operating system). The only limitation with Virtual Server R2 is that the guest operating systems (those running on the virtual machines) can only be 32-bit. With R2 also comes official tech support for running Linux virtual machines. Virtual Server has always been able to run Linux as a guest operating system, but now Microsoft will help you if you have any problems while doing so. R2 also has a few other useful updates, like PXE boot capabilities for virtual network adapters and a Virtual Server Migration Toolkit (for moving physical machines into virtual machines). My chief complaint with Virtual Server 2005 has always been its entirely Web-based administrative interface. I find it clunky and much less efficient than VMware’s Windows-based interface. It’s extremely odd that Microsoft Monitor your network & servers 24/7! Only $ 495 for 10 $ 1 IPs; for 50,275 IP s! NEW: VERSION 7 OUT NOW! Automated monitoring and alerting of all your critical server issues GFI Network Server Monitor allows administrators to monitor the network for failures or irregularities. GFI Network Server Monitor is easy to use and supports monitoring for: Network and servers for software or hardware failures Status of services HTTP content, including web page content Mail servers (includes advanced checks for Exchange Server) Database servers (supports both SQL Server and MS Access as database backends) Disk space, services and processes on servers and on users workstations Internet link and SMTP gateways GFI Network Server Monitor manager UNIX/Linux services (via SSH) IMAP, POP3 & SMTP; using special checks which mimic actual network administrator actions! Download your FREE trial version from www.gfi.com/rnsm/ tel: +1 919 379 3397 | fax: +1 919 379 3402 | email: sales@gfiusa.com | url: www.gfi.com/rnsm/ 24 | August 2006 | Redmond | redmondmag.com | wouldn’t deliver a Windows application while their competition does. Microsoft missed the mark on this one and R2 doesn’t change it in any way. What Virtual Server lacks in an administrative interface, it makes up for in its scriptability and automation. It has a robust Component Object Model (COM) interface and comes with a plethora of VBScript examples that show you how to automate everything involved in virtual machine provisioning and management. Virtuozzo for Windows Virtuozzo is a slightly different breed of virtualization. Rather than creating virtual machines with private virtual hardware resources, Virtuozzo virtualizes the host operating system. In other words, when you install Virtuozzo on Windows Server 2003, your virtual machines all run Windows Server 2003. This provides significantly less flexibility, but has other advantages. You can’t, for example, host legacy Windows NT machines in Virtuozzo while you’re simultaneously hosting a Windows 2000 Server machine. On the other hand, by not virtualizing the hardware, Virtuozzo provides significantly better performance for virtual machines. This lets you run a couple dozen virtual machines on a single host server. You could even run more. The recommended maximum limit is 50. Therefore, Virtuozzo is perfectly suited for something like consolidating a Web farm onto one or two massive host servers. It would also be good for providing “dedicated” servers to Web server hosting customers. Each virtual machine essentially has a private copy of the host operating system from which to build. This helps keep resources separate. The robust management tools make it easy to administer the Virtuozzo environment. It’s easily on par with VMware. In fact, Virtuozzo also supports cross-host migration of virtual machines, virtual machine templates, No More Interrogations – Just the Facts! Download Enterprise Security Reporter They’ll never second-guess you again. Enterprise Security Reporter™ is an agent-less, fast, comprehensive discovery and reporting solution for analyzing file security, group memberships and other security settings on Windows servers. Discover Centrally audit security settings from Active Directory and Windows servers across your enterprise. Report Utilize turnkey reports or create your own with our intuitive Wizard-based report designer to view the security configuration of your Windows environment. Analyze Compare two discovery “snapshots” to detect changes in security that have occurred. Notify Schedule reports to be delivered via any SMTP-based e-mail system. Relax You have all the answers with Enterprise Security Reporter. DOWNLOAD a FREE, fully functional trial version at www.scriptlogic.com/passthetest ©2006 ScriptLogic Corporation. All rights reserved. ScriptLogic and the ScriptLogic logo are registered trademarks of ScriptLogic Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. www.scriptlogic.com 1-800-424-9411 Point. Click. Done! RedmondRoundup Figure 3. The Virtuozzo Management Console lets you handle tasks like cloning, starting and running your virtual servers. cloning and physical-to-virtual migration tools. You can allocate resources— like memory—between virtual machines to help fine-tune performance. Like the other solutions reviewed here, Virtuozzo offers x64 support, meaning it can take advantage of the enormous amounts of RAM you can pack into an x64 server. Virtuozzo’s underlying technology is impressive. Access to kernel-based resources, for example, passes through an abstraction layer that ensures if one virtual machine crashes, it won’t take the rest of the system down as well. The bummer for Virtuozzo is simply its lack of flexibility for running different operating systems on the same host. Granted, that’s not its goal, but many Windows enterprises are looking at server consolidation as a slick way to reduce hardware costs and overhead while continuing to run legacy applications and older versions of Windows. Virtuozzo can’t really help with that, but if you have a number of homogenous servers you need to consolidate, Virtuozzo’s worth a good look for its performance and manageability. The Virtualization Verdict Today’s virtualization products are increasingly mature and robust. VMware’s GSX Server (and to only a slightly lesser degree, the new VMware Server) takes the cake for its combination of manageability and flexibility. You can’t ignore Virtuozzo, but because it can’t run multiple different operating systems, you’ll find it suitable for a smaller range of server consolidation and virtualization scenarios. Microsoft’s Virtual Server 2005 is powerful, but its Web-based administrative interface is slightly lacking. It does, however, offer best-in-class automation capabilities through an extremely detailed COM interface. There are many scenarios for which a company may need a virtualization platform. Considering the differences with these three, you should be able to find one that suits your needs quite closely.— Don Jones (djones@redmondmag.com) is a contributing editor for Redmond magazine. He’s currently hard at work on his new book, “Windows PowerShell: TFM” (Sapien Press). H'LUHFW6RIWZDUHFRP 7KHZHE·V EHVWGHDOV RQJHQXLQHVRIWZDUH 0LFURVRIW2IÀFH 3URIHVVLRQDO(GLWLRQ 0LFURVRIW:LQGRZV;3 3URIHVVLRQDO(GLWLRQ 0DFURPHGLD 'UHDPZHDYHU 2QO\ 2QO\ 2QO\ 0LFURVRIW:LQGRZV +RPH(GLWLRQ $GREH&UHDWLYH6XLWH 3UHPLXP 2QO\ 2QO\ 0LFURVRIW2IÀFH $GREH$FUREDW 6WXGHQW 7HDFKHU(GLWLRQ 3URIHVVLRQDO(GLWLRQ 2QO\ 2QO\ 0LFURVRIW2IÀFH 6WDQGDUG(GLWLRQ 2QO\ 26 | August 2006 | Redmond | redmondmag.com | Emergency Response, Microsoft Style When malware strikes Microsoft code, Stephen Toulouse and the MSRC team rush in to extinguish the fire. BY MICHAEL DESMOND y name alone, you’d expect the Microsoft Security Response Center (MSRC) to look like something out of a Gene Kranz memoir—an amphitheater of workstations like those arrayed before the legendary NASA flight director. In fact, the MSRC is a benignlooking, oversized conference room buried in the heart of Building 27 on Microsoft’s Redmond campus. Stephen Toulouse sits at a long table in the MSRC, a bank of wide-screen flat panel displays behind him. An MSRC security program manager since 2002, Toulouse came to Redmond to help Microsoft establish a more robust response to the security events plaguing the software giant. It’s been an up and down ride. The MSRC was established in 1998, around the time the CIH virus (also known as Chernobyl) started wiping out files on users’ hard drives. A year later, the Melissa worm hauled down networks across the globe. In rapid succession, attacks with names like VBS/Loveletter, Sircam, Code Red, Nimda, and Klez piled up. As it turned out, none of these prepared Microsoft for the hard lessons it would learn at the end of January 2003. B | redmondmag.com | Redmond | August 2006 | 27 Emergency Response, Microsoft Style Jan. 25, 2003 SQL Slammer Toulouse will never forget the moment he first heard of SQL Slammer. It was a Saturday morning, and the freshly appointed MSRC manager was at a local auto shop, having a new stereo system installed in his Jeep. “I’m at the shop and over the radio I hear: ‘The Internet was taken down today by a worm affecting SQL Server,’” recalls Toulouse. “That was the first I heard of it.” A few moments later, Toulouse was racing toward Redmond, the interior of his Jeep still torn open from the halffinished installation. He would spend the next two weeks struggling to investigate and remediate a malware infection that completely overwhelmed his team. “Our internal network was impacted,” Toulouse says. “We had guys walking CDs over to microsoft.com servers to get things to the right places, because we had to rely on that rather than the network that night. It took close to two weeks to stabilize the situation.” Toulouse was tasked with cooking up a packaged update tool that would automatically let users know if their systems were vulnerable. The orders he was given that day were simple—don’t stop working, no matter what. “‘Even if Bill Gates himself comes over and tells you to stop, you tell him to talk to me,’” Toulouse remembers being told. Over the next six months, the MSRC would release four separate fixes for SQL Slammer. Toulouse singles out a few key lessons from that early challenge. Among them: • The recovery effort must start from a central core of first responders • All key stakeholders must be brought together. “Get all the smart people in one room,” says Toulouse. “Let’s work together so everybody is really steeped in it.” • Updates must be packaged for automatic delivery and execution to ensure remediation. Perhaps most important, Microsoft management realized there had to be a coherent, predictable and well-documented process. The initial response to Slammer was sloppy. Critical stakeholders were scattered across the Redmond campus. Managers scrambled to produce code updates. Staffers struggled to maintain communications and Internet access throughout the event. Microsoft customers struggled as well. They had no idea what to expect from the MSRC in terms of guidance and communication. Those struggles led to a lot of soul searching at Microsoft. After the event had passed, then-MSRC Director Mike Nash went on a months-long road tour, talking to customers about Slammer and learning what they needed for the next such event. “I credit actually our customers with a lot of our response process,” Toulouse says. 28 | August 2006 | Redmond | redmondmag.com | “You get focused on security, and where does it come from? SQL Server. Someplace completely unexpected.” — Stephen Toulouse, Program Manager, Microsoft Security Response Center That process today is called the Software Security Incident Response Process, or SSIRP. The process documents and codifies MSRC operations, replacing ad-hoc improvisation with clearly defined roles and milestones. SSIRP would quickly become the foundation of all MSRC response activities. Says Toulouse: “Because at Microsoft we turn nouns into verbs, you hear, ‘Are we SSIRPing?’ or ‘Have we SSIRPed?’” Mike Reavey is the operations manager at the MSRC and the one who’s responsible for managing Microsoft’s monthly Patch Tuesday releases. He’s the guy who helps pull the switch that causes a scheduled update to jump the tracks and be handled as a SSIRP event. “If the train is on the track and is moving along, we know the product team and will pull them in,” says Reavey, who describes an escalation that affected a patch designed to fix the CreateTextRange flaw in Internet Explorer. “We had Is our IT environment safe? Can you prove it? STOP ALL THE QUESTIONS ABOUT SECURITY! Download Enterprise Security Reporter. They’ll never second-guess you again. • • • • Instantly view the security configuration of your Windows environment Create and distribute reports automatically Centrally audit security settings from Active Directory across the enterprise Boost confidence of suspicious auditors and nervous CIOs Know the State of Your Windows Security Instantly! DOWNLOAD a FREE, fully functional trial version at www.scriptlogic.com/passthetest ©2006 ScriptLogic Corporation. All rights reserved. ScriptLogic and the ScriptLogic logo are registered trademarks of ScriptLogic Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. www.scriptlogic.com 1-800-424-9411 Point. Click. Done! Emergency Response, Microsoft Style Managed Mayhem Lessons from the MSRC Come Together: Whether it’s crisis management or code writing or community relations, there is a consistent effort made to, as Toulouse put it, “put all the smartest people into one room.” That effort has paid major dividends at the MSRC. Equip and Prepare: The MSRC isn’t an elaborate setup, but it does come equipped with redundant Internet connections, ample communications, and its own fleet of servers and workstations. Know Who’s Watching: When a bulletin or patch is released, Microsoft knows malware authors are watching. The MSRC limits the detail in security bulletins to prevent enabling an early attack, and tracks for exploits based on previously published patch code. Get Cultured: It took a famous 2002 Gates memo—and the eruption of the SQL Slammer exploit—to change the culture at Microsoft. The result has been a remarkable transformation, leading to the development of programs like the Security Development Lifecycle (SDL). Seek Structure: Patch Tuesday changed everything for Microsoft and IT managers alike. By scheduling releases, Microsoft is better able to manage the process, while IT managers are better able to plan around it. Seek Advice: To help it deal with and anticipate future threats, Microsoft began sending reps to Black Hat hacker events to glean insights. Later, the company established the Blue Hat Conference—an annual gathering of security professionals and hackers. Get Friendly: For years, Microsoft was known for its stormy relationship with security organizations, decrying criticisms of its software and offering an opaque window to researchers reporting flaws to the company. Today, Microsoft is more open and collaborative, even if friction still exists. — M.D. 30 | August 2006 | Redmond | redmondmag.com | an IE update in path, going through its weeks of testing. We see an issue that gets posted on one of the [hacker] lists. We see this. We alert to it. We actually knew about CreateTextRange and were working on it already. This was just a change in threat level.” Using processes evolved out of the panic of SQL Slammer, the MSRC today is able to pull in affected product teams and partners to assess the threat and respond. In the case of CreateTextRange, the patch was able to launch as scheduled, on Patch Tuesday, says Reavey. Of course, not every flaw is so accommodating. Aug. 11, 2003 Blaster “2003. That year really marks a huge amount of information consumption, looking at best practices, and dealing with incidents and learning from them to create the processes we’re using today,” says Toulouse. The Blaster worm was really the first test of the lessons learned from SQL Slammer six months before. Blaster tapped a flaw in Remote Procedure Call (RPC)-DCOM present in Windows XP and 2000, directing infected systems to flood Microsoft’s Windows Update site with traffic. “From mobilization to execution, we were able to move much more quickly than Slammer, in a much more disciplined way. We had several contingency plans and a number of things in place to blunt that attack. We had no interruption at all.” Toulouse credits the four-stage MSRC process, which follows the steps below: • Watch Phase: The MSRC constantly monitors mailing lists, newsgroups, MSN traffic and input from security researchers. Often, reports come in via the secure@microsoft.com e-mail, which MSRC staffers monitor constantly for hints of trouble. • Alert Phase: The MSRC alerts product teams, security program managers and third parties such as the Global Infrastructure Alliance for Internet Safety (GIAIS) group of ISPs to help mobilize to a possible threat. • Assess and Stabilize Phase: This is the process of judging the threat and crafting the remediation. A threat affecting very few users may be elevated to a SSIRP event if the payload is destructive enough, for example. • Resolve Phase: The final phase includes the release of security bulletins, patch code, systems guidance, and other remediation content. Once the resolution is complete, the team returns to the watch phase, looking specifically for issues with or related to recently released updates or bulletins. With Blaster, the MSRC significantly stepped up communications—a key learning from the Slammer event— IS YOUR WEBSITE HACKABLE? FIND OUT WITH OUR FREE SECURITY SCAN! We will check your website for: SQL injection Cross site scripting / XSS Google hacking Directory traversal attacks Other web vulnerabilities www.acunetix.com FREE SECURITY AUDIT Sign up for your free audit at: http://www.acunetix.com/security-audit/ Emergency Response, Microsoft Style “It was a very large event for customers. It had the ability to threaten customers’ ability to get updates.” — Stephen Toulouse, Program Manager, Microsoft Security Response Center launching a series of webcasts and more detailed security bulletins. The effort would soon extend to e-mail alerts, RSS feeds, Web blogs and, ultimately, give rise to the formalized monthly updates known as Patch Tuesday. “Five years ago I used to say we wrote the best bulletins no one ever read. And now, everyone reads the bulletins,” says Christopher Budd, security program manager in the MSRC. “It’s a mainstream thing. To meet that broader audience we’ve had to step up with broader communications.” Despite the success, the stakes were high. Blaster hoped to disrupt the Windows Update service, using a distributed denial of service (DDOS) attack to prevent Microsoft from pushing patches out to millions of PCs and servers. A botched implementation in the malware made it easy for Microsoft to sidestep the attack. Still, the vulnerability forced Microsoft to look closely at the behavior of its own software—in this case, RPCDCOM—and ask some hard questions. “Are you listening on the network? Why are you listening on the network? Do you need to be listening on the network?” asks Toulouse in rapid succession. “Are you anonymous? Why are you anonymous? Do you need to be anonymous? Blaster forced them fundamentally to rethink some assumptions.” Blaster motivated Microsoft to introduce a malware removal tool as part of its response. It was the first time Microsoft had taken such a step, and foretold broader solutions from Microsoft such as Microsoft AntiSpyware (now called Windows Defender) and Microsoft OneCare. 32 | August 2006 | Redmond | redmondmag.com | It led also to one other Microsoft innovation, says Toulouse. “Blaster was one of the key things in the decision to enable the firewall by default in [Windows] XP SP2.” April 30, 2004 Sasser By the time the Sasser worm emerged, about eight months after Blaster, the MSRC was in full stride. The group had moved into its current digs—an expansive conference area outfitted with redundant communications, dedicated servers and workstations, and unfiltered connections to the Internet. Changes were also reaching far beyond the walls of the MSRC conference area. “There are dedicated security program managers with product teams now. Their whole job is to work with the MSRC,” says Toulouse. “To me, these changes are really partly responsible for making the process work as efficiently as it does today.” In fact, it was this efficiency that helped Microsoft stave off the worst effects of the Sasser worm, when it struck on the last day of April 2004. Sasser was based on a known vulnerability that had been patched just two weeks earlier. “We had the same things with Sasser as we did with Blaster,” says Toulouse, “but they all occurred orders of magnitude sooner.” - iÊÕÃÌÊ `Ã>Li`Ê iÀÊ >ÌqÛÀÕÃÊ ÃvÌÜ>Àit iÀÊ* ÊÀÕÃÊv>ÃÌiÀ]ÊLÕÌÊà i½ÃÊ i«>À`âi`ÊÌ iÊiÌÀiÊV«>Þ° ÞÊ }}}ÊÃÞÃÌiÊÀiÃÕÀViÃp>`ÊvÀÕÃÌÀ>Ì}Ê ÕÃiÀÃpÌÀ>`Ì>Ê>ÌÛÀÕÃÊÃÕÌÃÊi>ÛiÊ ÞÕÊiÃÃÊ«ÀÌiVÌi`° ÃÌi>`]Ê}iÌÊÀÃvÌÊ6ÊÌ6ÀÕÃÊÃvÌÜ>Ài°Ê 7Ì ÊÌÃÊi>ÃÞÊ>`ÊÌÕÌÛiÊÌiÀ v>Vi]Ê ÀÃvÌÊ6ÊÌ6ÀÕÃÊÃvÌÜ>ÀiÊ`iýÌÊL}Ê `ÜÊÃÞÃÌiÊÀiÃÕÀViÃÆÊÃÌi>`]ÊÌÊÜÀÃÊ µÕVÞÊ>`ÊÃi>iÃÃÞÊLi `ÊÌ iÊÃViiÃ°Ê >ÃÞÊ`ÃÌÀ>Ì 7Ì Ê6]ÊÌ iÊ«ÀÌiVÌÊÞÕÊ ii`ÊV>ÊLiÊViÌÀ>ÞÊÃÌ>i`Ê >`Ê>>}i`]ÊëvÞ}Ê >`ÃÌÀ>Ì°Ê̽ÃÊ>Ì iÀÊ Ü>ÞÊ6ÊÌ6ÀÕÃÊÃvÌÜ>ÀiÊ >ÝâiÃÊÞÕÀÊ«ÀÌiVÌ° 7Ì ÊÀiÊÌ >Ê{äÊÊÞ>ÊÕÃiÀÃÊ ÜÀ`Ü`i]ÊÀÃvÌÊÃÊÌ iÊLiÃÌÊV ViÊvÀÊ «i«iÊ>`ÊV«>iÃÊÃii}Ê>ÝÕÊ «ÀÌiVÌÊ>}>ÃÌÊÛÀÕÃiÃ]Ê >ViÀÃÊ>`Ê `iÌÌÞÊÌ ivÌ°Ê ÊÀÃvÌÊÃÕÌÃÊ>ÀiÊ>Û>>LiÊ ÜÌ ÊÓÞi>ÀÊViÃið ,ÊÎä9Ê/,o ÜÜÜ°}ÀÃvÌ°VÉ`VÉÀi`` "7Ê}iÌÊëÞÜ>ÀiÊ «ÀÌiVÌÊÜÌ Ê iÜ`Ê>ÌëÞÜ>ÀiÊ{°ä *ÀÌiVÌ}ÊvÀ>ÌÊÃViÊ££ -iiÊÌ iÊV«iÌiÊiÊvÊ6ÊÃÕÌÃÊvÀÊ iÊ ÕÃiÀÃ]ÊÃ>ÊLÕÃiÃÃiÃÊ>`Ê>À}iÊiÌiÀ«ÀÃið /Õ} ÊÊÛÀÕÃiÃ]Êi>ÃÞÊÊÕÃiÀð Emergency Response, Microsoft Style “We had children born during Sasser. I had a dog die during Sasser. You can’t schedule this—it’s not easy.” –Stephen Toulouse, Program Manager, Microsoft Security Response Center But Sasser also confirmed a troubling fact. When Microsoft releases a bulletin or patch, malware writers are watching. Closely. “Actually creating the fix for a specific issue that comes in usually doesn’t take that long,” says Budd. “But then it widens. You fix the issue and then you fix surrounding or similar issues. We know that when we release a security update for an issue in component XYZ, that draws attention to that area.” That’s exactly what happened with the April 13 patch, which was part of security bulletin MS04-011. It’s widely believed Sasser was produced by reverse engineering the patch to access the vulnerability. Anyone who had failed to deploy the MS04-011 patch found themselves in the crosshairs of the worm. 34 | August 2006 | Redmond | redmondmag.com | Making matters more difficult, patch coders must contend with almost outrageous complexity. “Ten versions of Windows, 27 different languages,” says Budd. “That’s 270 different Windows updates.” Testing that many permutations is a process that can take weeks, or even months. The MSRC works with Microsoft product teams to expedite and scale the proving process, using a tightly automated, scripted process. But all it takes is a single failure to send the coders scrambling to fix the fix. “When you look at the breadth of people running Windows and you look at the infinite software combinations, the law of large numbers starts to take affect,” says Toulouse. “A million people—that is still a big number no matter how you put it from a percentage standpoint. So now you’re sunk. That’s why the goal and the focus have to be around quality, and that takes time. There have been updates that have taken many test passes.” And even after release, the work is ongoing. “There is also the post-release monitoring for customer issues,” explains Reavey. “It honestly never ends … when you think about it.” Sasser also proved out the need for Microsoft’s Software Development Lifecycle (SDL) program, which fundamentally changed the way code is written at Microsoft. Mike Howard, senior security program manager at Microsoft, says SDL is a critical foundation to secure systems. “You can have all the established definitions you want— encryption, firewalls—and all it takes is a bad implementation or bug in the code, and all that was laid bare.” Howard, who co-authored the book “Writing Secure Code,” says his group acts like an internal consulting organization, working with different product teams to deliver programmer training, specs, code review and testing, and other services. Asked how big the change was for coders at Microsoft, Howard smiles. “Just a little.” The rigorous training and review—including automated fuzz testing that helps find buffer overflow weaknesses— has paid huge dividends. The number of security bulletins for SDL-enabled products like Windows Server 2003 and SQL Server 2005 are significantly lower than earlier versions. Dec. 27, 2005 WMF Zero-Day Exploit SQL Slammer, Blaster and Sasser all shared a common thread: They exploited previously known flaws in Microsoft code—flaws that had already been patched. The WMF Zero-Day exploit attacked from an unforeseen direction, infecting any system that so much as displayed a malformed WMF graphics file, whether in a 5$'0,1 VXSHUVRQLFUHPRWHFRQWURO ZZZUDGPLQFRPUDGPLQ 5$'0,1LVWKHPRVWVHFXUHDQGUHOLDEOHUHPRWHFRQWUROVRIWZDUHGHVLJQHGWR PRQLWRUVXSSRUWRUZRUNRQUHPRWHFRPSXWHUVLQYLUWXDOO\UHDOWLPH5$'0,1KDV SURYHQWREHLQFUHGLEO\IDVWDQGHDV\WRXVHDSSOLFDWLRQ5$'0,1LVDFRPSOHWH UHPRWHFRQWUROVROXWLRQWKDWKDVDOOPLVVLRQFULWLFDOIHDWXUHV:LWKWKHLQYHQWLRQRI 'LUHFW6FUHHQ7UDQVIHU7HFKQRORJ\5$'0,1UHPRWHFRQWUROVRIWZDUHGH¿QHVQHZ VWDQGDUGVLQWKHLQGXVWU\ *HQHUDOFKDUDFWHULVWLFV 0LOLWDU\JUDGHVHFXULW\ 3HUIRUPDQFH 6XSHUVRQLFYHKLFOHVSHFL¿FDWLRQV )XOO\26LQWHJUDWHG17VHFXULW\V\VWHPZLWK 17/0YVXSSRUW ,3¿OWHUWDEOHWKDWUHVWULFWVUHPRWHDFFHVVWRVSH FL¿F,3DGGUHVVHVDQGQHWZRUNV 6HUYHUSDVVZRUGSURWHFWLRQ $GYDQFHGELW$(6HQFU\SWLRQIRUDOOVHQGLQJ DQGUHFHLYLQJGDWD $XWKHQWLFDWLRQEDVHGRQ'LI¿H+HOOPDQH[FKDQJH ZLWKELWNH\VL]H .HUEHURVVXSSRUW &RGHWHVWLQJGHIHQVHPHFKDQLVPWKDWSUHYHQWV WKHSURJUDP¶VFRGHIURPEHLQJDOWHUHG 6PDUWSURWHFWLRQIURPSDVVZRUGJXHVVLQJ ,QFRUUHFW6HUYHUFRQ¿JXUDWLRQVSUHYHQWLRQ *HQHUDWLRQRIXQLTXHSULYDWHNH\VIRUHDFKFRQ QHFWLRQ 6XSHUVRQLFIUDPHSHUVHFRQGVSHHGRQ/$1 IUDPHVSHUVHFRQGRUPRUHRQPRGHP 3RZHUSODQW'LUHFW6FUHHQ7UDQVIHU70 :HLJKW0E )HUU\UDQJHXQOLPLWHG :LQJVSDQYDULDEOHJHRPHWU\GHVNWRSVL]HG 7\SH0XOWLUROH6XSHUVRQLF5HPRWH&RQWURO 0DQXIDFWXUHU)DPDWHFK 'HVLJQHGE\'PLWU\=QRVNR 0DLGHQÀLJKW0DUFK 9LQWURGXFHG-XQH 6WDWXVDFWLYHVHUYLFH 1XPEHUEXLOWPLOOLRQV 3ULPDU\XVHUXSWRGDWHEXVLQHVVDOORYHUWKH ZRUOG 8QLWFRVW86VTXDGURQGLVFRXQWVDYDLODEOH $UPDPHQW 6HFXUHYRLFHDQGWH[WFKDWIHDWXUHV )LOHFDUJRWUDQVIHU 7HOQHWDQGRWKHUXVHIXOWRROV 7ULYLD 1RFRPSHWLWLRQLQGXVWU\EUHDNWKURXJK 6XSHUVRQLF)36UDWLR /RZHVWSURFHVVRUXVH 0LQLPXPWUDI¿FFRQVXPSWLRQ 8OWLPDWHVHFXULW\VWDQGDUGV 3ULFHUDQJH 2SHUDWLRQDOKLVWRU\ FRPSDQLHVRI)RUWXQHOLVWZLWKZLGH JHRJUDSKLFVSUHDG 1RUWK$PHULFD 6RXWK$PHULFD (XURSH $XVWUDOLDDQG2FHDQLD $VLD $IULFD 7\SLFDOFRPEDWXVH &RUSRUDWH 6PDOODQGPHGLXPEXVLQHVV +HOSGHVNSURYLGHUV 7HOHFRPPXWLQJ (GXFDWLRQDO +RPH )DPDWHFK,QWHUQDWLRQDO&RUSRUDWLRQ 5DGPLQDQG5HPRWH$GPLQLVWUDWRUDUHUHJLVWHUHGWUDGHPDUNVRI)DPDWHFK,QWHUQDWLRQDO&RUS Emergency Response, Microsoft Style Web browser, an e-mail message, or even the Windows image editing program. Microsoft had no warning that the exploit was coming, and the sneak attack plunged the MSRC into brief disarray. The MSRC initially said a patch would be released on Patch Tuesday—two weeks away—then reversed direction and said a patch would come early. It arrived on Jan. 5, 2006, the Thursday before Patch Tuesday. In fact, WMF had IT professionals clamoring for the bad old days, when Microsoft would release a patch as soon as it was ready, rather than on a predictable, monthly schedule. Recalls Budd: “We would build the updates and write the bulletin, and when they were ready, we posted them. We heard from customers. The randomness of the process— we were just throwing a hand grenade into their inbox.” But when Microsoft announced that a WMF fix would arrive on Patch Tuesday, the industry howled. Budd, however, says Microsoft moved the WMF fix forward (‘out of band’ in Microsoft parlance) when the code came together more quickly than expected. “That was a case of where, due to the targeted nature of the fix and relatively esoteric nature of the functionality, we were able to … achieve confidence more quickly than we thought,” says Budd. The early release did little to stem criticism, which reached a crescendo in the days after Microsoft’s initial pronouncement. “We face a lot of opinion around timing. There’s nobody more dedicated and more driven about getting these updates out than the MSRC,” says Toulouse, who points to the bigger picture issue with patches. “We cannot introduce a new problem into customer systems. They’ll distrust the updates—they will not apply them.” It’s a real concern. Yet the MSRC faced the issue—for the first time—of a third-party authored patch gaining the recommendation of respected security organizations like The SANS Institute. For Johannes Ullrich, CTO of the SANS Institute, the critical nature of the flaw left his organization little choice. “The WMF thing—it was bad, people were exploited,” says Ullrich. “If the exploit is already known and out there I don’t see harm in [releasing a beta patch]. Do it and at least be able to help people.” Toulouse says the MSRC was on top of the threat, releasing bulletins, blogs and guidance to help sidestep the threat in advance of a patch. Still, the WMF event revived some of the historical antagonisms between Microsoft and the security community. “Our relationships with security researchers have not always been pleasant—there were times when it was a little rocky,” Toulouse admits. But he’s quick to point out that the level of collaboration with researchers, hackers and others has improved dramatically over the years. Ullrich agrees, though he looks for more progress going forward. 36 | August 2006 | Redmond | redmondmag.com | “The thing that struck me during the WMF episode was that they didn’t really seem to have the hacker mind. They approach it with kind of the attitude of, ‘as long as it’s not yet done in the wild it doesn’t exist,’” says Ullrich. “There obviously seems to be quite a bit of confusion in their organization when something like WMF comes out.” A Whole New World If the MSRC has done one thing since its inception, it’s to impose order on a chaotic environment. “We’ve eliminated as much of the surprise as we can,” says Budd, singling out the bulletins that detail upcoming patch activity the Thursday before release. “We give them as much information as we can, for high-level planning, without jeopardizing security. “The regularity lets us de-emergency-ify the process. In this arena, boring actually is a virtue. We want to make it as boring as possible. The regularity lets us make it as boring as possible.” But as the MSRC evolved, so did Microsoft. A company that once pushed deep application and OS integration at every turn is today obsessed with securing code and ensuring the integrity of programmatic links. “If you had a developer at Microsoft 10 years ago, that developer was going ‘cool feature, cool feature, cool feature,’” Toulouse says. “Now that developer is thinking, ‘I’ve got a cool feature, used correctly it could do this. But now I have to consider what could happen if it’s used another way.’” The SDL program is the most dramatic symptom of this change. In fact, the effort has been so successful that malware writers are shifting to softer targets. Specifically, end users. “You are probably going to see fewer and fewer Internetwide attacks. I think what you’re seeing now is a move from the operating system to the application layer, with really targeted attacks,” says Toulouse. “What we’re starting to see are more and more targeted attacks and more social engineering.” New challenges lie ahead. Zero-day exploits. Sophisticated phishing- and social engineering-based attacks. Toulouse has no doubt that security concerns and events will have him racing into Redmond in the middle of the night many more times. “I can tell you how long it takes to get to this room from my home at three in the morning, hitting all the green lights,” Toulouse laughs. “In the end, it’s a journey, not a destination. We will continue to make mistakes and we will continue to learn from our mistakes.”— Michael Desmond (mdesmond@redmondmag.com) is the editor at large for Redmond. You do it all the time. Do you think the bad guys won’t? Sunbelt Messaging Ninja: Kill viruses, spam, and bad attachments Other attachment filters don’t filter attachments: They filter extensions. Anyone can change extensions. And the bad guys don’t need an FAQ to show them how. It’s an easy trick—at least it was. Until now. Meet Sunbelt Messaging Ninja—the new all-in-one, best-of-breed, third-generation messaging security solution: Ninja is a plug-in framework that integrates best-of-breed antivirus, antispam, and SMART* attachment-filtering modules on your Exchange server. Full control: The policy-based plugin architecture allows you powerful, granular control. You can finally rule with an iron fist. SMART attachment filtering: Ninja features the first flexible policy-based attachment filter that isn’t fooled by extensions. It looks inside files to determine their true identity. Your policies decide what happens to all attachments SM based on criAttac ART ™ hmen teria such as inbound and outbound t email direction and internal or external recipients. Dual-engine antivirus: Ninja combines the power of two high-quality AV engines: Authentium and BitDefender. Dual-engine antispam: Ninja’s spam filtering decimates junk mail with both Cloudmark (which includes antiphishing) and Sunbelt’s own heuristics-based iHateSpam engines. And, of course, it also supports RBLs and SPF. FREE attachment filter: For a limited time you can have Ninja’s attachment filter for FREE. It’s full-featured. Not crippleware. All you have to do is download it at www.sunbelt-software.com/ninjared. TM FREE Filter Sunbelt Software Tel: 1-888-NTUTILS (688-8457) or 1-727-562-0101 Fax: 1-727-562-5199 www.sunbelt-software.com sales@sunbelt-software.com *Suspicious Mail Attachment Removal Technology™ © 2006 Sunbelt Software. All rights reserved. Sunbelt Messaging Ninja, SMART and Suspicious Mail Attachment Removal Technology are trademarks of Sunbelt Software. All trademarks used are owned by their respective companies. Back to Basics Quiz: Are You the Master of Your Windows Domain? BY DOUG BARNEY & MICHAEL DESMOND Y ou may be a genius with AD, a master crafter of applications and a conqueror of collaboration. In all the excitement, though, you may be forgetting something. With so many products, technologies and outright threats to wrestle with, it can be easy even for seasoned IT pros to forget the fundamentals. So put down the plan for that big Web 2.0 project for a minute, and take a moment to make sure you’ve covered all your IT bases with this quick quiz. Backup and Recovery Do you perform regular data backups? Yes [5 points] No [0 points] Does your backup strategy involve off-site tape rotation for disaster recovery purposes? Yes [5 points] No [0 points] If Yes, is the off-site location far enough away that it won’t be hit by a region-wide disaster? Yes [5 points] No [0 points] Do you incorporate special, additionally scheduled backups for archival purposes? Yes [5 points] No [0 points] Do you perform periodic restores to verify backup data? If so, how often? Never [0 points] Monthly [5 points] Quarterly [4 points] Bi-annually [3 points] Annually [1 points] Do you have an information lifecycle management (ILM) strategy that includes offsite backup for disaster recovery? Yes [5 points] No [0 points] Does your backup strategy extend to remote offices? Yes [5 points] No [0 points] Password Policy Do you require complex passwords with a mix of numbers and symbols? Yes [5 points] No [0 points] If not, do you require passphrases of greater than 15 characters that include spaces? Yes [5 points] No [0 points] | redmondmag.com | Redmond | August 2006 | 39 Back to Basics Quiz: Are You the Master of Your Windows Domain? Do you specify a minimum number of characters for passwords? If so, how many? No minimum [0 points] 4-6 [2 points] 7-13 [3 points] 14 or more [5 points] Do you require end users to change their passwords? Never [0 points] Every month [5 points] Every two months [4 points] Once a year [2 points] If so, does this password change policy also affect Unix users? Yes [5 points] No [0 points] Have you presented user training on information security, social hacking, and the importance of strong passwords and protection of data? Yes [5 points] No [0 points] Have you hired a professional security company to perform a security assessment involving penetration testing? Yes [5 points] No [0 points] If Yes, have you incorporated the suggestions of that testing into your operations? Yes [5 points] No [0 points] Do you incorporate policies that enforce screen saver locks when users walk away from their machines? Yes [5 points] No [0 points] Have you deployed anti-virus software across the enterprise? What platforms have you deployed to? Not deployed [0 points] Clients only [2 points] Clients and servers [3 points] Clients, servers, and gateways [5 points] How often are virus signatures updated? Hourly [5 points] Daily [4 points] 2-3 times per week [3 points] Weekly [2 points] Monthly [1 points] Not updated regularly [0 points] Have you deployed anti-spyware software? Yes [5 points] No [0 points] Do you have a proven ability to remove spyware if machines are infected? Yes [5 points] No [0 points] Does anti-virus and anti-spyware protection extend to company laptops not regularly attached to the network? Yes [5 points] No [0 points] Do you employ a spam filter? Yes [5 points] No [0 points] Have you secured both your externally facing and internal SMTP servers against unauthenticated relay? Yes [5 points] No [0 points] Malware Management Are users trained in how to minimize spam (such as do not reply)? Yes [5 points] No [0 points] What rights level do most of your end-users operate at? Administrator [0 points] Power User [3 points] Limited Rights [5 points] Is your company in compliance with the Can-Spam Act? Yes [5 points] No [0 points] Have you implemented a plan to adopt leastprivileged user rights? Yes [5 points] No [0 points] Have you deployed an asset management system that automatically inventories machines for licensed software? Yes [5 points] No [0 points] Do you have proof of ownership of all your software licenses? Yes [5 points] No [0 points] Vendor Management Do you have rules for buying from a startup? Yes [5 points] No [0 points] Do you look at the finances of smaller vendors you buy from? Yes [5 points] No [0 points] Do you require source code in escrow from less secure vendors? Yes [5 points] No [0 points] Do you make sure that mission critical tools are only bought from financially secure vendors? Yes [5 points] No [0 points] Does your IT team have a plan to either support a product if the vendor goes under or a plan to switch to another tool? Yes [5 points] No [0 points] Online Application Management Do you prohibit or manage public network IM traffic and clients on your network? Yes [5 points] No [0 points] Do you monitor and/or filter IM traffic? Yes [5 points] No [0 points] License Management Are you comfortable that you are in compliance with software licensing? Yes [5 points] No [0 points] 40 | August 2006 | Redmond | redmondmag.com | Do you have a way of controlling what IM clients are installed on local machines? Yes [5 points] No [0 points] Back to Basics Quiz: Are You the Master of Your Windows Domain? Do you prohibit or manage remote access applications like VNC or GoToMyPC on your network? Yes [5 points] No [0 points] Is your monitoring system tuned to eliminate or reduce false positives and false negatives? Yes [5 points] No [0 points] Do you get Microsoft Security Bulletins as soon as they appear? Yes [5 points] No [0 points] Do you prohibit or manage peer-to-peer on your network? Yes [5 points] No [0 points] Do you have a policy in place such that system administrators know what to do when a page occurs? Yes [5 points] No [0 points] Does your patch management policy include service level agreements including metrics for time-to-patch and compliance percentage? Yes [5 points] No [0 points] Do you have a standard for peer-to-peer? Yes [5 points] No [0 points] Do you have an out-of-band notification system for your employees to notify them of issues when the email system is down? Yes [5 points] No [0 points] Do you have a way of controlling what is installed? Yes [5 points] No [0 points] General Security Active Directory Does your backup solution include backups of your Active Directory database? Yes [5 points] No [0 points] Do you have a plan in place for an AD restore in case of a lost object, domain controller, domain or forest? Yes [5 points] No [0 points] Have you appropriately locked down Domain Administrator rights to as few people as possible? Yes [5 points] No [0 points] Do you have a policy to ensure your Schema Admins and Enterprise Admins group remains empty of users until they require access for a particular purpose (least privileged policy)? Yes [5 points] No [0 points] Management and Monitoring Do you incorporate automated systems management in your network (like Altiris or SMS) that includes an inventory function? Yes [5 points] No [0 points] Do you have a monitoring solution in your network that incorporates pager or phone notification when systems go down or hard drives die? Yes [5 points] No [0 points] When was the last time you performed a risk/security assessment? Less than one year ago [5 points] One to two years ago [3 points] Two to four years ago [2 points] More than four years ago [1 points] Never [0 points] Do you have a security policy? Is it documented and are end users aware of points relevant to them such as acceptable use? Yes [5 points] No [0 points] Do you have a short-cut path for highly critical patches in your process? Yes [5 points] No [0 points] Do you have IDS/IPS to augment your firewalls? Yes [5 points] No [0 points] Do you have an action plan in place to handle extended emergencies? Yes [5 points] No [0 points] How Good Are You? Add up your score and see where you fall: [305 to 241] Domain Controller: You’ve mastered your domain and you’re ready to take on new challenges. Do you have your eye on the CIO’s office? Do you have a patch management policy? Yes [5 points] No [0 points] [240 to 181] Human Firewall: Your network is in good hands. Security is solid and operations are efficient, but there’s always room for some fine-tuning. Does your patch management policy include provisions for laptops not necessarily attached to your network or users’ home machines attached to work via VPN? Yes [5 points] No [0 points] [180 to 121] Tech Plugger: You’ve made a fair showing, but your techniques and tactics need improvement. Are your wireless networks protected with strong encryption? Yes [5 points] No [0 points] Do not use wireless networks [5 points] 42 | August 2006 | Redmond | redmondmag.com | [120 to 61] Security Slacker: You had better pick it up or you’re going to get picked off. Your network is low hanging fruit for hackers. [60 to zero] IT Idiot: You need to find another line of work—please. Citrix Education Has Rolled Out New, Advanced Certifications... ...and IT professionals everywhere are celebrating. With advanced certifications and training, IT professionals now can provide the best access experience by: • Designing and building the most efficient Citrix environments • Providing optimal support for Citrix Access SuiteTM products • Drastically reducing implementation costs Citrix’s advanced certifications are among the most highly respected in the industry: Citrix Certified Enterprise AdministratorTM 4.0 (CCEA)— provides extensive preparation for build, test, rollout and support of all Citrix Access Suite products. Citrix Certified Integration ArchitectTM 4.0 (CCIA)— provides advanced preparation to analyze the existing IT environment, and design for a successful implementation of the Citrix Access Suite. Get rolling with our most advanced certifications and more at www.citrix.com/edu/redmond C I T R I X E D U C A T I O N ©2006 Citrix Systems, Inc. All rights reserved. Citrix ® , Citrix Access Suite TM , Citrix Certified Enterprise Administrator TM and Citrix Certified Integration Architect TM are trademarks or registered trademarks of Citrix Systems, Inc. in the United States and/or other countries. All other trademarks and registered trademarks are the property of their respective owners. Microsoft will be unleashing a new wave of technologies: Will you be ready? Join IT managers and network administrators for TechMentor’s focused training — by expert instructors — on integrating, managing, securing and troubleshooting Microsoft Windows server systems. Technical Training at Every Level of Experience TechMentor delivers in-depth technical training designed to help you get the most out of your network. Experts will cover these topics and more: > Active Directory > Command-Line Scripting > Disaster Recovery > DNS > Group Policy > VBScript > Vista > Wireless Security Tips, Tips, Tips Bringing real-world experience to the conference, TechMentor instructors actually USE the technology they teach about. You’ll walk away with hundreds of tips and step-by-step instructions that you can apply immediately. “I'd stopped going to conferences several years ago because of weak technical content. This conference is NOT a sales pitch for anyone. It gave me the real-world technical info and examples I need to be successful.” — B. Hogan, TriZetto Save $200. Register Today! TechMentorEvents.com OCTOBER 9-13, 2006 LAS VEGAS Network and Certification Training for Windows Professionals 100+ Sessions, 6 Tracks KEYNOTE SPEAKERS Exchange/ SQL Server MCSE MCSA Bill Boswell, Microsoft Scripting and Automation Security Mark Minasi, MR&D System and Network Troubleshooting PRESENTED BY: Second Time Around Windows Server 2003 R2 and the new DFS. BY GARY OLSEN W hen Microsoft released Windows Server 2003 R2, more commonly referred to as simply “R2,” it posed a challenge to IT managers. After all, the far-reaching release has created a storm of interest and confusion. With the much-anticipated Longhorn Server OS now at beta 2 and looming large in planner’s minds, many IT managers struggle to place R2 in the context of the Windows Server release life cycle. They needn’t worry. Since 2003, Microsoft has worked to make its OS and software releases conform to predictable, two-year intervals. Two years after the initial shipment of a new product, an R2 release is scheduled to extend features, roll up bug and security fixes, and provide a fully updated foundation for new releases. Two years after that, according to the roadmap, a full-version release of the software is due. 46 | August 2006 | Redmond | redmondmag.com | “Windows Server Release Cycle” on p. 48 shows the overall life cycle as Microsoft currently defines it. Thus, the next major release of Windows Server will be Longhorn, followed by Longhorn R2 two years later, and followed next by Blackcomb. There are currently R2 releases for System Management Server (SMS), Virtual Server, Small Business Server (SBS), and Windows Storage Server (WSS). Microsoft says all products should have an R2 release. By definition, R2 releases are a big deal, but few are as big as Windows Server 2003 R2. In addition to an extensive set of feature upgrades affecting everything from storage management to Active Directory administration, IT managers will welcome the addition of powerful Windows SharePoint Services. But no single feature looms as large as the newly minted distributed file system and replication technology cooked into R2. ILLUSTRATION BY RALPH VOLTZ | redmondmag.com | Redmond | August 2006 | 47 Second Time Around Touring R2 No doubt about it, Windows Server 2003 R2 is a significant release. This version has a large number of product add-ons that greatly expand the reach of the original Windows 2003 Server OS. It offers IT managers ample reason to consider an upgrade ahead of the long-awaited Longhorn Server OS. no compelling maintenance reason to commit to or avoid an upgrade. Down the road, you’ll be able to upgrade to Longhorn Server from either Windows Server 2003 or R2 when the next-generation server OS is released, probably in the second half of 2007. Installing R2 is a straightforward process. The software comes as a two-CD set. The first CD is simply Windows Windows Server Release Cycle 4 YEARS Major Releases 2 YEARS Release Updates Windows Server 2003 Blackcomb “Longhorn” Windows Server 2003 R2 In fact, when I first installed R2, the long list of add-ons reminded me of the old Windows NT 4 Option Pack, which at the time combined product add-ons such as Routing and Remote Access Services and Terminal Services. With Windows Server 2003 R2, IT managers will encounter an impressive list of add-ons, including: • Active Directory Application Mode (ADAM) • Identity Management for Unix (NIS) • Active Directory Federation Services (ADFS) • Distributed File System (DFS) • DFS Management • DFS Replication Service (DFSR) • DFS Replication Diagnostic and Configuration Tools • File Server Management • File Server Resource Manager • Hardware Management • Print Management Component • Storage Manager for SANs • Microsoft Services for NFS (formerly included in Services for Unix) • Subsystem for Unix-based Applications • Windows SharePoint Services Many of these add-ons were separate downloads from Microsoft, others are completely new, and some have morphed from existing products. Note that Services for Unix (SFU) has now been wrapped into the R2 components. From a licensing standpoint, R2 is included with the Software Assurance (SA) or the Enterprise Agreement (EA) license. If you don’t have either the SA or EA agreements, you can purchase R2 as a new server license. There are no new Client Access Licenses (CALs) for R2 because it uses the Windows Server 2003 CAL. R2 shares a support lifecycle with Windows Server 2003, which is scheduled to sunset in 2013. It’s worth noting that R2 is not a required update, it’s entirely optional. Because service packs and hot fixes are compatible between Windows Server 2003 and R2, there’s 48 | August 2006 | Redmond | redmondmag.com | “Longhorn” R2 Server 2003 plus Service Pack 1, which enables IT shops to quickly bring their machines up to grade to support the move to R2. If your systems are already at Windows Server 2003 SP1, you can ignore the first CD and simply install from the second CD. The second CD contains all the components previously listed, adding them to the Windows Components displayed in the Add or Remove Programs area of the Control Panel. These are not installed by default, however. You need to open Add or Remove Programs and click Windows Components to see the components made available by the R2 setup. Check the components you want installed, as you would for any other component (see Figure 1). The New DFS For all the new features in R2, one stands out from the crowd: the new Distributed File System (DFS). DFS has been widely used in Windows environments to provide an orderly namespace, as well as redundant file resources. Figure 1. The new Distributed File System component is selected for installation. Second Time Around However, the replication engine behind this functionality, called the File Replication Service (FRS), has been fraught with problems since its inception in Windows 2000. FRS has staggered from hotfix to hotfix and is a more stable technology today, but it remains far from reliable. With the R2 release of Windows Server 2003, it appears Microsoft has decided to start from scratch. Using a completely new approach, it re-wrote the replication engine from the ground up. There’s no connection at all to the old FRS. The confusing part of this is that the new replication engine named DFS or, as it is sometimes called, DFSR, only replicates DFS namespace data. The old FRS is still used to replicate SYSVOL, because Microsoft didn’t have time to incorporate DFSR for replicating SYSVOL under R2. Of course, FRS is also used to replicate DFS namespaces built As indicated in this list, nothing has changed with respect to SYSVOL data. FRS replicated this data in Windows 2000 and 2003, and continues to replicate it in Windows Server 2003 R2. In addition, for compatibility purposes, R2 supports DFS namespaces built in Windows 2000 and 2003 by using FRS for replication. So if you upgrade a Windows Server 2003 DFS server to R2, the DFS functionality and management will still be the same and work Migration Walk Through Let’s say we have an existing DFS Namespace called SalesData that is hosted on Windows Server 2003 servers. After the R2 upgrade, we can open the Distributed File System snap-in and still see and manage that namespace—there’s nothing to install or change. If we want to take advantage of the new DFSR in R2, how do we migrate the data from the old namespace to the new? It’s simple. Let’s say the namespace SalesData is hosted on four Windows Server 2003 servers, named SRV1, SRV2, SRV3, and SRV4. The migration steps are as follows: 1 Upgrade each server to Windows Server 2003 R2, and then install Distributed File System via the Add or Remove Programs interface. R2 supports FRS and the legacy DFS namespace, so the existing DFS structure will continue to work as it did before the R2 upgrade. 2 in Windows 2000 and 2003, because the new replication engine is not available in those older operating systems. Clear as mud, right? Perhaps the best way to explain the DFS, DFSR and FRS relationship is with a quick summary of key points. We can then dig in a little deeper with some examples: • R2 DFS/DFSR is installed as a Windows component • FRS is the old replication service and is still used to replicate SYSVOL data in R2 • FRS is also used in R2 to replicate legacy (Windows 2000 and 2003) DFS namespaces • DFSR is a much more efficient replication engine than the legacy FRS • The Legacy DFS and new R2-based DFS use different replication topologies • DFSR will be used to replicate SYSVOL data beginning with Longhorn 50 | August 2006 | Redmond | redmondmag.com | Once the servers are upgraded to R2 and the R2 DFS, open the DFS Management snap-in on one server and add the existing SalesData namespace. The namespace will be displayed in the snap-in. There is no need to reconfigure the namespace unless you want to add new servers. 3 At this point you need to configure the replication. There is a very intelligent wizard that guides you through this part. While I’ve been able to follow the prompts to a successful configuration, you should of course test your configuration in your lab first, to ensure that the setup will meet your requirements. That’s it! You’re now using the new DFS for namespace and replication. Again, this does not affect SYSVOL, as it will continue to use FRS. — G.O. Second Time Around as it did prior to the upgrade to R2. FRS will still be used to replicate this legacy DFS data. Upgrading to the new DFS is simple. Once the second CD of the R2 installation media is installed, the Distributed File System shows up as a Windows Component in Add or Remove Programs under the Control Panel. Just check the box and install it as you would any other component. With the R2 release of Windows Server 2003, it appears Microsoft has decided to start from scratch. Using a completely new approach, it re-wrote the replication engine from the ground up. Technology Change Up Moving up to R2 doesn’t replace the old replication engine with the new one. Rather, the legacy DFS and R2 DFS replication topologies exist side by side, as independent services for specific missions. Each DFS is managed by its respective snap-in, with the legacy DFS from Windows 2000 and 2003 being managed by the Distributed File System snap in, just as it was prior to the upgrade. The R2 DFS, meanwhile, is managed and configured by the DFS Management snap-in, which is created when you install R2 DFS. Keep in Mind: Installation of the R2-based DFS component modifies the Active Directory schema. Make sure you use proper change control procedures before installing the component. The new R2 DFS brings plenty of benefits in large part because Microsoft built the new DFSR replication engine from scratch. The crown jewel of the new DFS is definitely a technology called Remote Differential Compression (RDC). RDC allows only the changed bytes in a file to be replicated, as opposed to sending the whole file. The result is vastly reduced bandwidth requirements. For instance, if I change the title on one slide in a 3.5MB PowerPoint file, FRS would have to send the entire file. DFSR only sends the bits reflecting the change to the title text. According to Microsoft, this can slash the amount of data transferred from 3.5MB to just 16KB. On a standard DSL connection, the time to transfer data reflecting the edit drops from over a minute for the entire file to less than a second for the 16KB of changed bits. Extrapolate that to hundreds or thousands of files that exist in some DFS environments, and you get a sense of the impact this improvement can have. DFSR also fixes a long-running nuisance of DFS—namely, the difficulty it had replicating data that changed frequently. While some shops got around the limitation by deploying more bandwidth, this brute-force solution was both expensive and tricky to manage. For example, IT managers had to specifically set aside the bandwidth for DFS replication rather than other tasks. With RDC in R2, you can replicate dynamic data extremely efficiently using much less bandwidth. One of the more welcome advancements in the replication space with R2 has more to do with vocabulary than technology. The new DFS eliminates ill-defined terms like Link, Target, Root and Root Replica, which made little sense to anyone who didn’t use DFS on a regular basis. The new management tool, shown in Figure 2, uses common-sense terms like “Sending Member,” “Receiving Member,” “Sending Site,” “Receiving Site” and “Schedule Topology,” along with the connection status. There isn’t space here to print all the features and details about DFS under R2, but believe me it’s easy and intuitive to manage. Remember that DFS now is an umbrella term that refers to namespaces and replication. I recommend highly that you move to the new DFS. If you use DFS now and are debating about whether to upgrade to R2, this would be excellent justification.— Figure 2. The new Distributed File System (DFS) uses common-sense terminology to describe replication processes. 52 | August 2006 | Redmond | redmondmag.com | Gary Olsen (golsen@hp.com), MCSE, is a consultant with HP Services, supporting Windows NT and Windows 2000 and consulting on Active Directory design and deployment. Knowledge is a degree that incorporates life’s curriculum. Move forward with an IT degree online from Capella University. Capella is an accredited university offering hands-on, real-world experience. And you can apply to earn credit for real-world experience, training, certifications (such as CCNP®, MCSE, CISSP®, and PMP®), and previous education. To learn more, call 1-888-CAPELLA or visit www.capella.edu. Capella University is accredited by The Higher Learning Commission and a member of the North Central Association of Colleges and Schools, 30 N. LaSalle Street, Suite 2400, Chicago, IL 60602-2504, (312) 263-0456; www.ncahigherlearningcommission.org. Capella University, 225 South 6th Street, 9th Floor, Minneapolis, MN 55402. © 2006 Capella University ch: Can Redmond’s Backups Keep ’Em in the Game? eplacing legends is a tricky business. But it’s a business Microsoft must carry off over the next two years if it hopes to weather the 2008 retirement of the greatest legend in the industry, Bill Gates. Gates has already stepped aside as chief software architect, succeeded by Ray Ozzie. Long-time friend Steve Ballmer will remain as president and CEO and will be the one to step into Gates’ iron boots once he leaves for good in July 2008. Finding someone to fill Gates’ shoes is going to be a tough trick. In fact, few believe that one or two executives—even proven ones like Ballmer and Ozzie— can fill all the roles Gates plays at Microsoft. A management team that can work cooperatively with Ballmer and Ozzie, however, may succeed. Fab Five There are five key players coming off Microsoft’s upper management bench who could make that happen: They are Craig Mundie, chief research and strategy officer, Steven Sinofsky, senior vice president of Windows and Windows Live, Antoine LeBlond, corporate vice president, Office Productivity, Bob Muglia, senior vice president, Server and Tools Business, and Kevin Johnson, co-president (with Jim ILLUSTRATION BY MARK COLLINS New management team must fill the void left by Gates. BY ED SCANNELL Allchin who is retiring in December) of the Platforms and Services Division. Whether these five, along with Ballmer and Ozzie, possess the right combination of talent, chemistry and humility to work effectively together will only be discovered in time. But some observers are optimistic. They believe these young managers could help the company more quickly enter the age of Web-based development. “[It has] grown to be an enormously successful company, but there are a lot of changes afoot involving software architectures as well as the way software is going to be delivered and paid for. It may not be a bad thing to have some new people coming that have something other than a PC view of the universe,” says Gordon Haff, principal IT advisor with Illuminata Inc. Gates’ transition could also help liberate the new management team from the enormous amount of legacy code still living in current versions of Windows. Industry watchers believe that the new managers will accelerate development around more innovative Web-based products that can be delivered significantly faster. “These younger managers will agonize a lot less about cutting loose or reshaping existing products or at least not putting so many | redmondmag.com | Redmond | August 2006 | 55 resources into them and moving forward into Web-based areas,” Haff says. Sinofsky figures to play a central role in guiding Microsoft into the new age of software development, even as he helps get the long-overdue Vista to market. Sinofsky, who joined the company in 1989 right out of college, has a reputation as a disciplined, no-nonsense manager. Over the past decade, he’s delivered a new version of Office every two to three years without fail. Users and business partners like Sinofsky’s tough, goaloriented reputation, but will his experience with Office be enough? “We know he knows applications but how smart is he about Windows development and operating systems architectures in general? I suppose if he has been about the company for 17 years he could pick that up quickly and he better, given the state of Vista,” says one New York-based Microsoft business partner who did not want to be named. Another key figure is Craig Mundie, who will work closely with Gates on the company’s research and incubation efforts over the next two years. He will also work with Microsoft General Counsel Brad Smith on intellectual property and technology efforts. Mundie joined the company in 1992 to create and run the Consumer Platforms Division, and was the driving force behind Microsoft’s Trustworthy Computing Initiative. “He has been high up there for a long time in terms of influencing research, and he would have been a good candidate for the CTO job too. The question is will he and Ballmer see eye to eye on maintaining Microsoft’s commitment to research as well as development,” says Dwight Davis, vice president and practice director with Summit Strategies. Antoine Leblond, who also joined Microsoft in 1989, has a reputation for pushing the envelope on innovation and emphasizing Web development. He’s responsible for features in Word such as background spell checking, HTML file formats and Visual Basic for Applications. As director of Office development, Leblond will be responsible for the technical design and development strategy of Office, Microsoft’s largest revenue generator. and decision making there every day,” says Will Zachmann, president of Canopus Research in Duxbury, Mass. Zachmann and others note there is ample evidence that no matter how much luck and skill goes into assembling a management team, when a leader as entrenched as Gates leaves, the possibility for political jousting is always present. “Guys from time to time on the technical side of the house at Microsoft have tried to pull an Al Haig thing. Ray has vision and talent but you can imagine an old palace guard there setting the stage for corporate infighting. Think of the Greek armies after the death of Alexander,” Zachmann says. During this transition, Microsoft’s upper management must maintain a broad perspective. In the past, the company has allowed its field of vision to narrow to development on Windows and Office. “There has been a tendency with those in leadership positions at Microsoft to get myopic. The worst thing about being myopic is you think you actually know what is going on, and that is when you make mistakes,” says Melinda Ballou, program director of application life-cycle management at IDC. “The problem with visionaries new or old at Microsoft is their only experience within the enterprise comes from within the womb of the Microsoft environment,” says Mike Drips, an independent IT consultant working with large accounts in the San Francisco area. Gates’ transition could also help liberate the new management team from the enormous amount of legacy code still living in current versions of Windows. Paging Al Haig Despite stepping away from day-to-day management at Microsoft, industry observers say Gates has remained a formidable presence. He continues to preside over product reviews, amp up energy levels, and bring together the talent and resources to complete mission-critical initiatives. “You have some very creative talents in that team, but they are opinionated and may have very different views on things. The real issue is putting them all together as you will no longer have this integrating point of coordination 56 | August 2006 | Redmond | redmondmag.com | Change Management Despite the growing competitive pressures and continued product delays, some analysts believe Microsoft is in a fine spot. “There is so much advantage to momentum and presence, and Microsoft still has both. You can point to Vista delays and growing competition from multiple directions, but I still think there will be a lot of forward momentum at Microsoft, regardless of who is at the helm,” says Summit Strategies’ Davis. The new management team might ease the task by using Gates’ departure as an opportunity to change Microsoft’s corporate personality. Some believe the emerging powersto-be should take the opportunity to present a softer, more-friendly image to the outside world. But which managers might lead such a transformation is unclear. “With Gates gone the company can’t afford a lack of personality, but it has to change the one it has,” says Dana Gardner, principal analyst with InterArbor Solutions Inc. “It can now change it quickly but the question is what that personality going to be. If it is schizophrenic with different personalities that are hard to identify, it could be a long and difficult period for them.” — Ed Scannell (escannell@redmondmag.com) is Redmond’s editor. The Most Universal Three Letters Since URL At HP, a PMP® [credential] is a stamp of approval. Our major reason for focusing on project management certification is customerbased: We want to make sure we’ve got the best project managers. Customers across countries and industries ask us, what kind of project managers do you have? What kind of certification do they have? We can tell them that the majority of our project managers are certified. HP values certification. We have four levels of project managers, and the top three require a PMP certification. Ronald L. Kempf, PMP | Director, HP Services Project Management Competency Development & Certification ® Making project management indispensable for business results. www.pmi.org/pmpredmond.htm ® Project Management Institute © 2006 Project Management Institute, Inc. All rights reserved. “PMI”, the PMI logo, “PMP”, and “Making project management indispensable for business results” are registered marks of the Project Management Institute, Inc. NEVER AGAIN By Hong-Lok Li Virtual Panic still vividly remember the day. I came into work in a good I mood on a sunny summer morning in Vancouver, and was getting ready to do a regular check of the firewall log. As an IT Manager at the University of British Columbia, I managed a network of 400 nodes and supported applications on a variety of platforms. These ranged from large HP/Compaq and IBM enterprise servers at the top end, to Windows Server 2003, Novell Netware 6.X, Unix and Citrix servers in the mid-range, all the way down to Windows and Macintosh desktops at the client. That sunny summer day started going badly when my assistant reported that she had received more than 20 calls from users at different departments (including Payroll). Users complained that they either could not log in to the Novell server or their Microsoft Outlook e-mails were extremely slow. My assistant mentioned that she had tried to reset (delete and recreate) the Outlook profiles of a few users, but this restored normal operation for just a few minutes. I checked both the Novell server and Exchange 2003 server—everything was functioning properly. A review of the server log and multiple virus scans produced nothing. I turned my attention to the network traffic monitoring software, which showed that the network was unexpectedly busy. “What could be causing it?” I wondered desperately, as I stared at the switches in the machine room. The phone calls were piling up and the situation was getting worse with pay day the next day and the payroll systems still down. I tried to hide my growing frustration as I patiently explained to managers that we were working hard on the problem. I was approaching the point of outright panic when suddenly I remembered there had been a power outage the day before. Our network employed a gigabit backbone and high-speed switched Ethernet connections at both the core and the edge. Ethernet switches located in floor distribution wiring closets divide the network into 10 geographic sections. The result is a tree structure starting from the switch and expanding to every wiring floor closet and eventually workstation. The network, however, had been implemented with virtual local area 58 | August 2006 | Redmond | redmondmag.com | network (VLAN) technology, to provide flexibility. By layering a logical network structure atop the physical network, client computers could participate in a departmental subnet regardless of physical location. Just as important, the virtualized structure compartmentalized traffic, preventing congestion. Remembering the power outage, I quickly went through the settings for each routing switch. I soon discovered that a Cisco 2900 routing switch had ceased retaining its VLAN settings since the power failed. As a result, three VLANs had collapsed into a single default VLAN, and the unmanaged traffic was choking the network. Once I discovered the problem, it took me 20 minutes to reconfigure the switch and restore the network to normal operation. It was a difficult yet challenging day, no doubt. From this “Never Again” experience, I learned that problems can often arise from forgotten events, and that the solutions we employ to boost productivity can fail in ways that destroy productivity.— Hong-Lok Li, MCSE 2003, MCSA, MCDBA, MCSD, is an information technology manager at the University of British Columbia, in Vancouver, Canada. What’s Your Worst IT Nightmare? Write up your story in 300-800 words and e-mail it to Michael Desmond at mdesmdond@redmondmag.com. Use “Never Again” as the subject line and be sure to include your contact information for story verification. ILLUSTRATION BY MARK COLLINS Get noticed for the right reasons Not standing out as the professional you are? Increase your career opportunities and earning power. Get your CAPM® credential — the globally recognized certification for IT professionals with project responsibilities. You’ll catch the eye of management with your proficiency in project management application. Start getting noticed. Earn your CAPM® credential, brought to you by the organization that furthers careers in project management: Project Management Institute. ® Making project management indispensable for business results. www.pmi.org/capmredmond.htm ® Project Management Institute © 2006 Project Management Institute, Inc. All rights reserved. “PMI”, the PMI logo, “CAPM”, “PMP”, and “Making project management indispensable for business results” are registered marks of the Project Management Institute, Inc. When it comes to disaster, it’s not IF, but WHEN. And too often, it’s when you least expect it. Get High-Availabilty and Disaster Recovery “In-One” With Double-Take ® Double-Take delivers real-time data replication combined with fail-over so you have high-availability and disaster recovery for your Windows Servers -- safely and securely. It is your job to keep servers up, data available and prevent downtime. Failure to protect mission critical data and applications can set your business back by weeks, months or worse. Disaster recovery is now one of the highest IT priorities. This is the reason that hundreds of Fortune 500 companies worldwide use Double-Take to ensure their business continuity. Three levels of data compression allow more data to be replicated and increase performance and scalability. In today’s business climate, you have to have a tested plan and reliable tools in place for Double-Take gives you the peace of mind your data is safe the moment your server (or site) goes down. Double-Take and your job secure. is that tool. Sold more than all other High-Availability tools combined, it is even certified for W2K Datacenter. No other HA tool is. A whole department sitting on their hands can cost thousands of dollars per minute. The ROI of Double-Take is a no-brainer. Don’t wait. Download a free 30-day eval copy right now and start protecting your data and applications. Download Your Free Eval Copy Today www.sunbelt-software.com Tel: 1-888-NTUTILS (688-8457) or 1-727-562-0101 Fax: 1-727-562-5199 Email: sales@sunbelt-software.com WindowsInsider Greg Shields Get a Grip on Those Gripes E ver get just flat out pissed off about something in IT? I sure do. Often, the problem is that there is little we can do to fundamentally change what is bugging us. Or is there? This month we’re giving you the chance to sound off on the issues that irk you the most. In sifting through dozens of responses, which again proves systems administrators can be a vocal bunch, we learn a lot about what’s bothering you. Airing out some of these issues may inspire other administrators to grapple anew with some of their thornier problems. We’ll start off with IT Specialist Jeremy Soto in Heidelberg, Germany, who has a beef with software packaging. “Poor installation and upgrade packages are the worst,” he writes. “Why don’t all vendors use just one install engine like InstallShield or MSI that supports truly quiet installs and provides options for single file installation? When I attempt to do a background network installation [using tools like Systems Management Server or Altiris], some of these packages are a major challenge.” Software companies take note: If you’re still creating your own custom installation applications that don’t support silent installation, meet me after class. Jeremy’s rant is a valid one. Admins who use software management systems struggle with them all the time. If you don’t yet support a silent installation, please make it a high priority in your next release. And make sure you post the silent command-line switches prominently on your Web site where people can find them. A Question of Semantics Kyle Beckman, Systems Support Specialist from Atlanta, Ga., has a problem with the wording in the Windows Group Policy. “I don’t understand why Microsoft has so many double negatives for the wording in Group Policy. ‘Allow access’ to something seems the most understandable way to do it.” Group Policy wording is extremely precise, but Kyle’s impression is correct. Interpreting the meaning of the setting Software\Microsoft\Windows\ Currentversion\Policies\Explorer, this creates a new DWORD value named NoStrCmpLogical. Once you do this, then set the data to 1. Liar, Liar Pants on Fire Peter Cousins is in technical support in England and asks the age-old question, “Why do users lie during the diagnostic process [when we’re trying to fix their computer]? Either way they lose,” he Interpreting the meaning of a Group Policy setting sometimes requires the skill of a master logician. sometimes requires the skill of a master logician. What exactly happens when you Disable the Do Not Process The Run Once list? Only the help file knows. Ron Elstun is a CAD Systems Administrator from Littleton, Co., who has an interesting problem actually created by Microsoft. Why, he asks, did the company change its Windows XP file sorting? He notes that Windows 2000 and earlier versions sort the following files [character-by-character] in this order: 11200.dwg 220.dwg 31.dwg But with XP, the files sort numbers as: 31.dwg 220.dwg 11200.dwg “This drives me crazy,” he says, “since I work with CAD files that are named with numbers 99 per cent of the time. The first two or three numbers determine the type of drawing (electrical, mechanical, piping, etc.).” This gripe actually has a fix. There’s a registry key you can modify to revert the sorting algorithm back to the old Windows 2000 sort-by-character style. To do this, in the registry key type the following: HKEY_LOCAL_MACHINE\ says. “If their lying ensures you can’t identify the problem, then their computer remains broken. If you identify the fault, then you know they have lied! So why do they do it?” It’s been said that a job in technical support is equal parts scientist, investigator and psychologist. Our user population has a very real belief that IT’s looking over their shoulder and that any problem with their computer could be an RPE— Resume Producing Event. Consequently, they’re given incentive to make up stories about how their computer broke. On the other hand, we in IT can be a little holier-than-thou when we’re trying to fix someone else’s machine. It’s difficult to bite your tongue when you know that someone’s really screwed the pooch, but it’s also our job to get it fixed. In response, we sometimes decide to play the role of psychologist. So get them on the couch, have them tell you about their mother and figure out the real reason for the problem. Role Playing David Jackson from Chicago has a beef with how companies don’t match roles with titles. “What bothers me is how companies classify jobs inappropriately. | redmondmag.com | Redmond | August 2006 | 61 WindowsInsider A software developer should be paid as a developer, and a DBA should be paid as a DBA. Too often companies use job titles that don’t match the tasks performed, and then use those titles as an excuse to pay less than market value.” Salary.com reports the national average for median salary of a DBA is $83,952, while for a Web Software Developer that figure drops to $68,970. What’s notable here is that most Web software developers also deal with databases in writing their code. Sites like Salary.com are interesting because while their data has given ammunition to job seekers, they also supply that same ammunition to employers. This means both sides of the negotiating table can escalate the debate. Fun-House Mirror Lastly, I have one gripe about disaster recovery as it relates to storage area networks (SANs). High-end storage manufacturers sell high-reliability disk arrays that cost millions to implement. Unfortunately, the little guys with five or 10 servers in their networks are still stuck with the same old RAID options, namely RAID 1 and RAID 5. What I’d like to see out of the major server manufacturers is a poor-man’s equivalent of EMC’s Business Continuity Volume, also referred to as the “third mirror.” Imagine this scenario: You set up all your servers as a RAID 1 mirror for the system and apps drive, but instead of stopping there, you add a third disk into that two-disk RAID 1 set. This disk is also in the mirror set, but it mirrors itself to the primary pair perhaps once a day at three in the morning. Why is this cool? Well, if during the day some vulnerability’s concept code stops being conceptual and you get hacked, a regular RAID 1 isn’t going to help you. Once the virus infects the machine, the RAID controller conveniently copies the virus to both disks in the mirror. This usually means a reinstall for you. But if you had our “third mirror” in place, the fix would involve little more than restarting the server with the third drive as the primary. This would effectively and immediately take you back in time to that last snapshot at three in the morning. The solution would take a few more hard drives, but a few more hard drives is a lot cheaper than a whole SAN. Still royally ticked off and want to vent? Drop me a line. It’s a hard world out there, and we systems administrators have to stick together. — Greg Shields, MCSE: Security, CCEA, is a senior consultant for 3t Systems in Denver, Colo. (www.3tsystems.com). A contributing editor to Redmond magazine and a popular speaker at TechMentor events, Greg provides engineering support and technical consulting in Microsoft, Citrix and VMware technologies. When information comes together, better backup is only the beginning. EMC NetWorker helps you shape a recovery management strategy that covers everything. A small office. A large data center. A common need: enterprise-wide recovery management to protect against user error, data loss, system outages, or a catastrophic event. EMC® NetWorker™ has you covered, from simple, secure backup and recovery executed at record-breaking speed to integrated snapshotting and continuous data protection (CDP). So now you can centralize, automate, and accelerate backup and recovery—and reduce risk and cut costs across the board. Read our white paper, “Enhanced Focus on Disk-Based Data Protection and Recovery,” at software.EMC.com/networker and see what NetWorker can do for you. Or learn more at software.EMC.com/recoverymanagement. EMC2, EMC, and where information lives are registered trademarks and NetWorker is a trademark of EMC Corporation. © Copyright 2006 EMC Corporation. All rights reserved. SecurityAdvisor Joern Roberta Wettern Bragg Bit by Bit W hen Windows 2000 hit the streets six years ago, it kept your data confidential with something called the Encrypting File System (EFS). This worked well, but created almost as many problems as it solved. You can’t use EFS to encrypt many of your system files, for example. This leaves some data unprotected, including paging and hibernation files. Also, recovering EFS-encrypted data can be difficult if not impossible when the profile for the user who originally encrypted the files is lost or inactive. These limitations led many companies to disable EFS altogether. BitLocker should make file encryption easier and more effective. One of the new security features coming in the Enter- is also helpful for desktop computers or servers. (Longhorn, the next version of Windows Server, will also include BitLocker.) After all, desktop computers and servers are also susceptible to data theft. File system permission rules won’t prevent unauthorized data access if someone starts the computer with a different operating system. BitLocker also has a feature to help companies needing to decommission computers, like leased computers up for return. Normally, you’d have to erase BitLocker lets you encrypt your entire system partition. This prevents unauthorized hard drive access without locking you out of your own data. prise and Ultimate editions of Vista, BitLocker lets you encrypt your entire system partition. This prevents unauthorized hard drive access without locking you out of your own data. With the release of Vista only a few months away, now is the time to evaluate whether or not this is the right tool for you. Laptop computers are the most obvious candidate for an encryption system like BitLocker. Every day, hundreds of laptops are lost in taxicabs. The recent theft of a laptop containing the personal data of more than 26 million people from a Department of Veterans Affairs employee made national news. The cost of replacing the hardware pales in comparison to the havoc wreaked by leaked information. BitLocker applies strong encryption to your computer’s entire system drive. You won’t have to worry who might access data on a lost or stolen laptop. BitLocker all data from the hard disk before returning the computer. With BitLocker, you can skip this tedious step. Simply leave the drive as is, because no one will be able to read the data. A better practice, however, is to use BitLocker’s secure deletion capability. This quickly removes all data from the drive. What You’ll Need BitLocker uses a startup key to encrypt data, and Microsoft enforces some stringent hardware requirements to protect the key. BitLocker encryption keys are typically stored on a Trusted Platform Module (TPM) chip. A TPM chip functions like a smartcard built into the motherboard. It’s essentially a small computer that stores private keys and performs some basic encryption tasks. A TPM blocks any attempt to retrieve this key or other confidential information. Access to TPM BitLocker Tips B itLocker can be dangerous, so plan carefully before using it for encryption. Make sure you’ve planned your recovery strategies, including procedures to help remote users who lose access to data on their laptop. • Disable BitLocker until you’re ready. Use Group Policy to disable BitLocker until you’ve planned and practiced your recovery strategy. • Store recovery keys centrally. Use Group Policy to store recovery keys in Active Directory so administrators can get to them to quickly restore access to data in an emergency. • Buy compatible computers. If you’re buying new laptop computers now, make sure they have a TPM chip that complies with version 1.2. • Learn about BitLocker now. Microsoft has created many documents to define and describe BitLocker, including detailed deployment guides. You can access this information at www.microsoft.com/technet/ windowsvista/security/bitlockr.mspx. — J.W. functions is controlled by a PIN or biometric authentication. The TPM will prevent any access after a pre-determined number of unsuccessful attempts. BitLocker requires the TPM chip be permanently attached to the computer—normally to the motherboard—and that it meets at least version 1.2 of the TPM specification. Many laptop computers (and a few desktop models) have this chip, but older models may not or they may have an outdated TPM. Make sure your computer meets Microsoft’s current TPM requirements. | redmondmag.com | Redmond | August 2006 | 65 SecurityAdvisor BitLocker Bits T here are numerous overviews, deployment guides and technical references about BitLocker on the Microsoft Web site: • An executive overview gives a thorough rundown on how BitLocker works and how it can help secure drives on lost or stolen devices. • A step-by-step guide walks you through the drive encryption process using BitLocker. • Technical overviews explain how it fits within the Trusted Platform Model. • A list of client host requirements explain what you need to run BitLocker. To learn more about BitLocker, go to Redmondmag.com. FindIT code: MSBL Fortunately, you’re not completely out of luck if you don’t have a current TPM chip. You’ll be able to use a USB storage device to hold your encryption keys (although the current beta does not yet support this). If you choose this option, your computer’s BIOS must be able to access USB devices before the operating system has started up. Of course, using a USB stick means you have to remember to bring it along when you travel. You also must take care to store it into a safe place. A TPM is more convenient because it’s always in the computer. Encryption Essentials Encrypting your system drive is fairly straightforward. You may have to create a separate partition of at least 1.5GB. BitLocker needs that space to hold some startup files and have a temporary space for setup. Once the encryption process starts, plan on going out for dinner or watching a movie. It can take more than an hour. Once the drive is encrypted, you can restart your computer. If everything proceeded as planned, you’ll be prompted for a PIN or USB stick before Vista starts. This will unlock the startup key used to decrypt the data on the system partition. After this, you won’t even notice BitLocker is there until the next time you restart your computer. There will be a very small impact on system performance, but it’s unlikely you’ll even notice any slowdown. Recovery Options If things go wrong with BitLocker, there’s a risk you may lose access to all data on your hard drive. Microsoft provides several safeguards to protect against this, but it’s up to you to put them in place. Simplify Active Directory Management with WinRadarTM. WinRadar is an Active Directory administration tool that allows you to remotely manage client systems through a domain controller interface. With its wide range of built-in features, you will eliminate the need to write scripts or create tools. WinRadar v2 - Centralized AD Management Download a - Remote Process Termination FREE 30-Day Trial - Hot Fix & Service Pack Viewer of WinRadar v2 Today! - Bulk User Updating www.cns-software.com/rd - Advanced Export Feature - Client Software Removal - Wake-On-LAN (WOL) SPECIAL OFFER: Order today and receive an instant $200 rebate TM Tools by Administrators for Administrators 1-866-344-6267 sales@cns-software.com ©2006 CNS Software, LLC. All rights reserved. WinRadar, the CNS Software logo, and tag line are trademarks or registered trademarks of CNS Software, LLC in the United States and/or other countries. The names of actual products mentioned herein may be the trademarks of their respective owners. Instant rebate not redeemable for cash, may not be combined with any other offer, available for a limited time only. See website for details. LEAST PRIVILEGE COMPLIANCE IS NOW IN YOUR HANDS In today’s corporate environment, it’s not an option. DesktopStandard’s Group Policy extensions take you beyond built-in Windows security management, giving you the power to limit rights and privileges to the least required for authorized tasks. Reduce the complexity of managing your distributed desktop environment while increasing security and compliance. Find out how at www.desktopstandard.com. © 2005 DesktopStandard Corporation. All rights reserved. desktopstandard ™ manage with standards. FREE WEB SEMINARS Available On-Demand — Tune in Today! ➤ Is Your Network Safe from Internet Worms? Learn New Techniques for Protecting Your Network from the Latest Threats ➤ Disaster Recovery for Your Windows-based Applications ➤ The Top Five Most Deficient Security Compliance Controls ➤ Fighting the Insider Threat Brought to you by: Visit: Redmondmag.com/techlibrary/webcasts SecurityAdvisor First, BitLocker creates a recovery key when you encrypt the drive. You have a number of options for storing this key, whether on a separate USB stick or simply by writing it down. If you use Active Directory, you can also configure a policy that automatically copies the key into Active Directory. If BitLocker can’t decrypt the drive because it can’t access the TPM (if something happens like you install the drive in a different computer or lose the USB key), you can enter the recovery key and things should be back to normal. Just make sure you don’t store the recovery key with your laptop, or you’ll effectively lose any protection that BitLocker provides. Because of the potential recovery and support issues, you should learn how to handle any recovery scenarios before using BitLocker. For example, you may have to help a user on a business trip who is having a panic attack because he lost his USB stick or another who can’t get at his presentation after having the motherboard on his laptop replaced. Don’t Ditch EFS Just Yet BitLocker is easier to use and more comprehensive than EFS. It transparently encrypts all files on your system disk, including the swap and hibernation files. And you won’t have to configure files or directories for encryption. However, as BitLocker only encrypts data on the system disk, you still have to use EFS to protect any files stored on a different partition. Also, BitLocker might not be practical if you share a computer with other users. Imagine having to share the PIN for the TPM with multiple users or handing a USB device back and forth. BitLocker doesn’t protect any files while the computer is running, whereas EFS can prevent unauthorized access to specific files, while still per- mitting access to other files for normal operations. You can think of BitLocker as protection for when someone steals your computer, and EFS as protection against unauthorized access to specific files while your computer is running. The security benefits of BitLocker are obvious. However, there will also be many cases of people inadvertently locking themselves out from their data because they made a tactical error that prevents BitLocker from decrypting their data. Plan your recovery strategies first so you won’t become a victim of your own security. — Joern Wettern (jwettern@redmondmag.com), Ph.D., MCSE, MCT, Security+, is the owner of Wettern Network Solutions. He has written books and developed training courses on numerous networking and security topics. He helps companies implement network security solutions, teaches seminars and speaks at conferences worldwide. AdvertisingSales RedmondResources Matt Morollo Associate Publisher 508-532-1418 tel 508-875-6622 fax mmorollo@1105media.com West/MidWest East AD INDEX Advertiser Page URL Acronis Inc. 2 www.acronis.com Acunetix 31 www.acunetix.com/security-audit/ AvePoint, Inc 16 www.avepoint.com Capella University 54 www.capella.edu Citrix Education 43 www.citrix.com CNS Software 66 www.cns-software.com Dataviz, Inc. 19 www.dataviz.com DesktopStandard 67 www.desktopstandard.com Devon IT C3 www.ntavo.com Diskeeper Corporation 77 www.diskeeper.com Dorian Software 37 www.doriansoft.com Dan LaBianca JD Holzgrefe eDirectSoftware 25 www.edirectsoftware.com Director of Advertising, West 818-674-3417 tel 818-734-1528 fax dlabianca@1105media.com Director of Advertising, East 804-752-7800 tel 253-595-1976 fax jdholzgrefe@1105media.com EMC Corporation 9,64 www.emc.com Famatech 35 www.famatech.com GFI Software 24 www.gfi.com Grisoft 33 www.grisoft.com IBM Corporation 49,51,53 www.ibm.com iTripoli Inc. 20 www.itripoli.com SALES Bruce Halldorson Western RegionalSales Manager CA, OR, WA 209-473-2202 tel 209-473-2212 fax bhalldorson@1105media.com Danna Vedder Microsoft Account Manager 253-514-8015 tel 775-514-0350 fax dvedder@1105media.com Tanya Egenolf Advertising Sales Associate 760-722-5494 tel 760-722-5495 fax tegenolf@1105media.com CORPORATE ADDRESS 1105 Media, Inc. 9121 Oakdale Ave. Ste 101 Chatsworth, CA 91311 www.1105media.com MEDIA KITS: Direct your Media Kit requests to Matt Morollo, associate publisher, 508-532-1418 (phone), 508-8756622 (fax), mmorollo@1105media.com REPRINTS: For all editorial and advertising reprints of 100 copies or more, and digital (Web-based) reprints, contact PARS International, Phone 212-221-9195, e-mail: 1105reprints@parsintl.com, Web: www.magreprints.com/QuickQuote.asp LIST RENTAL: To rent this publication's e-mail or postal mailing list, please contact our list manager Worldata: Phone: 800-331-8102. E-mail: mail@worldata.com Web site: www.worldata.com/101com Postal Address: 3000 N. Military Trail, Boca Raton, FL 33431-6375 Redmond (ISSN 1553-7560) is published monthly by 1105 Media, Inc., 9121 Oakdale Avenue, Ste. 101, Chatsworth, CA 91311. Periodicals postage paid at Chatsworth, CA 91311-9998, and at additional mailing offices. Complimentary subscriptions are sent to qualifying subscribers. Annual subscription rates for non-qualified subscribers are: U.S. $39.95 (U.S. funds); IT CERTIFICATION & TRAINING – USA, EUROPE MaxSP 18 www.maxsp.com Al Tiano Network Automation 63 www.networkautomation.com Advertising Sales Manager 818-734-1520 ext. 190 tel 818-734-1529 fax atiano@1105media.com The Neverfail Group C2,1 www.neverfailgroup.com Project Management Institute 57,59 www.pmi.org Quest Software C4 www.quest.com Redmond Magazine 68 www.redmondmag.com PRODUCTION SAPIEN Technologies, Inc. 69 www.sapien.com Kelly Ann Smith Scriptlogic Corporation 29 www.scritplogic.com SoftTree Technologies, Inc. 62 www.softtreetech.com Special Operations Software 15 www.specopssoft.com Production Coordinator 818-734-1520 ext. 164 tel 818-734-1528 fax redadproduction@1105media.com Canada/Mexico $54.95; outside North America $64.95. Subscription inquiries, back issue requests, and address changes: Mail to: Redmond, P.O. Box 2063, Skokie, IL 60076-9699, e-mail RED@lists.101com.com or call 866-2933194 for U.S. & Canada; 847-763-9560 for International, fax 847-763-9564. POSTMASTER: Send address changes to Redmond, P.O. Box 2063, Skokie, IL 60076-9699. Canada Publications Mail Agreement No: 40039410. Return Undeliverable Canadian Addresses to Circulation Dept. or DHL Global Mail, 2-7496 Bath Rd, Mississauga, ON, L4T 1L2, Canada. © Copyright 2006 by 1105 Media, Inc. All rights reserved. Printed in the U.S.A. Reproductions in whole or part prohibited except by written permission. Mail requests to "Permissions Editor," c/o Redmond, 16261 Laguna Canyon Road, Ste. 130, Irvine, CA 92618. The information in this magazine has not undergone any formal testing by 1105 Media, Inc. and is distributed without any warranty expressed or implied. Implementation or use of any information contained herein is the reader's sole responsibility. While the information has been review for accuracy, there is not guarantee that the same or similar results may be achieved in all environments. Technical inaccuracies may result from printing errors and/or new developments in the industry. St.Bernard Software 5 www.stbernard.com Sunbelt Software 10,38,60 www.sunbelt-software.com TechMentor Conferences 44,45 www.techmentorevents.com The Training Camp 70 www.trainingcamp.com TNT Software 41 www.tntsoftware.com EDITORIAL INDEX Company Page URL Adesso Systems Inc. 11 www.adessosystems.com Advanced Micro Devices 22 www.amd.com Apple Computer Inc. 58 www.apple.com Cisco Systems Inc. 58 www.cisco.com Citrix Sytems Inc. 58 www.citrix.com EMC Corp. 22 www.emc.com HP 58 www.hp.com IBM Corp. 11, 58 www.ibm.com Illuminata Inc. 55 www.illuminata.com Intel Corp. 22 www.intel.com Network Automation Inc. 17 www.networkauomation.com Novell Inc. 58 www.novell.com Oracle Corp. 11 www.oracle.com SWsoft Inc. 22 www.virtuozzo.com This index is provided as a service. The publisher assumes no liability for errors or omissions. | redmondmag.com | Redmond | August 2006 | 71 Foley on Microsoft By Mary Jo Foley Microsoft’s Future Is … Robotics? W hile I’m a fan of futuristic/geeky projects as much as anyone, I just didn’t feel all that wowed about Microsoft’s announcement earlier this summer (late June) that it was launching a development platform for folks building robots. That is, until I had a chance to chat with Tandy Trower, the general manager in charge of the Microsoft Robotics Studio product. Microsoft historians may know Trower as a 24-year-plus Microsoft veteran who has worked on a variety of Microsoft projects, ranging from Visual Basic to Microsoft Agent technology. He has also served as a member of Chairman Bill Gates’ strategic planning staff during his tenure. It was in that capacity that Trower discovered the robotics community and its growing prominence in the tech landscape. “There were a number of robotics community leaders coming to us saying they wanted to interact with us,” Trower says. “Bill asked me to spend several months with the leaders and find out what was going on.” Trower found that the robotics community was keen on welcoming Microsoft as an active participant. Two years ago, he assembled a 60-page document on the state of the robotics industry and formulated a number of plans that Microsoft potentially could pursue in this space. After reading Trower’s findings, Gates and his research lieutenants, Rick Rashid and Craig Mundie, all agreed that Microsoft needed to jump on the robotics bandwagon. They decided to allow Trower to create a robotics project that would be incubated inside Microsoft Research. Trower and his team of nine began building a programming model/frame- work that would be of use to developers working on anything from a Lego robot to an industrial-scale robot. In October, the team showed off to Gates what they were building. On June 20, Trower’s band introduced the first Community Technology Preview (CTP) test build of that framework. What’s interesting is that the new robotics programming framework is based on many of the distributed programming model techniques developed by the BigTop/BigWin team. That was another incubated project, favored by Mundie, which aimed to deliver a grid computing-based operating system. While Microsoft is mum on the status of this skunk-works effort, I’ve heard from sources that the company decided to kill off BigTop earlier this year. But it seems that the spirit of BigTop lives on in Microsoft’s Robotics Studio. What persuaded the Microsoft power elite, which had just shunned a gridcomputing initiative, to back Trower’s robotics play? Two words: The future. Trower believes that robots are the nat- GetMoreOnline For more on Microsoft Research, the Microsoft Robotics Studio and for an introduction to Microsoft’s Robotics Studio Application Model, log on to Redmondmag.com. Find IT code: Foley0806 redmondmag.com 72 | August 2006 | Redmond | redmondmag.com | ural successor to PCs, and he’s convinced his bosses to adopt his view, or so it would appear. To make it happen, Trower knows that robots must evolve beyond the limited capabilities they possess today. The new programming framework coming out of the Robotics effort is intended to do just that. “It goes beyond robotics. There are implications for other areas,” he says. The framework could help Microsoft and others develop “remote presence” kinds of applications that could, for instance, help monitor aging adults who need around-the-clock care, Trower says, via some kind of “telepresence devices.” Robotics programmers could develop new kinds of security sensors or maintenance applications for mundane chores, such as cutting lawns and cleaning pools. While the Robotics Design Studio is Microsoft-developed code, the company is taking pains to make it work with non-Microsoft languages including JavaScript, Carnegie Mellon’s Alice language and others, Trower says. “The perception is that Microsoft focuses only on our core businesses,” Trower notes. “Robotics is still five to 10 years away from realizing its full potential, but Microsoft’s executives understand this. This is an investment in the future.” Indeed it is. And the future, at least according to Microsoft, can be boiled down to one word. Robotics. Do you think the Redmondites are right? Or are they off on a wild goose chase? Write to me at mjfoley@redmondmag.com.— Mary Jo Foley is editor of Microsoft Watch, a Web site and newsletter (MicrosoftWatch.com) and has been covering Microsoft for about two decades. You can reach her at mjfoley@redmondmag.com. NTA Thin Client Terminals. Forward-Thinking IT Transformation. “Anyone?” Still paying for PCs? NTA Thin Client Terminals for server-based computing are far more affordable, functional, and secure. And easier to maintain with no client applications to load or hard drives to fail. These Terminals—ICA, RDP, and PXE capable; plugand-play—run Windows®, UNIX®, Linux, and mainframe applications directly from data center servers. Use as is or with the NTAVO Secure Access Appliance to integrate your IT systems. Contact Devon IT today. D E VON IT N TAVO . C O M 1 .888.524.9382 info@devonit.com © 2006 Devon IT, Inc. ©2005 Quest Software, Inc. All rights reserved. Quest and Quest Software are trademarks or registered trademarks of Quest Software. All other brand or product names are trademarks or registered trademarks of their respective holders. 06/2006/IRedmond Smart E-mail. Get top marks in e-mail management. With intelligent archiving from Quest Software. Pop quiz: how do you meet e-mail compliance requirements while reducing the cost of messaging data storage and increasing productivity? The correct answer: with e-mail archiving solutions from Quest Software. Quest® Archive Manager is the versatile solution that helps your organization address e-mail compliance requirements and much more. Discover and retrieve data easily with powerful searching tools. Access and leverage the knowledge locked up in e-mail with secure information sharing. And reduce ongoing operational costs through efficient storage management capabilities. Go to the head of the class with the smart choice in e-mail archiving — Archive Manager from Quest Software. ————————————————————————————————————— To learn more, read our new white paper “E-mail Controls and Regulatory Compliance — What You Need to Know,”at: www.quest.com/intelligent ————————————————————————————————————— Stop by booth #701 at Tech Ed Boston for a chance to win up to $10,000 Application Management | Database Management | Windows Management OCTOBER 9-13, 2006 LAS VEGAS Network and Certification Training for Windows Professionals Knowledgeable, Accessible Instructors » Learn from Mark Minasi, Todd Lammle, Derek Melber and others. Real-World Training » Learn the new features of Windows Vista. » Improve your network security. » Diagnose and repair common network problems. Peer Networking » Problem solve with peers during networking events. Certification Prep » Upgrade your skills to Windows 2003 with the MCSA and MCSE tracks. Sponsors and Exhibitors (as of June 30) TechMentorEvents.com OCTOBER 9-13, 2006 LAS VEGAS Network and Certification Training ® for Windows Professionals 100+ Sessions, 6 Tracks Exchange/ SQL Server KEYNOTE SPEAKERS MCSE MCSA Scripting and Automation Bill Boswell, Senior Consultant with Microsoft Consulting Services, Author Security System and Network Troubleshooting Register by September 1 and Save $200 TechMentorEvents.com Mark Minasi, Best-Selling Author, Popular Technology Columnist, Commentator and Keynote Speaker Microsoft will be unleashing a new wave of technologies: Will you be ready? J oin network administrators and IT managers for TechMentor’s focused training—by expert instructors—on integrating, managing, securing and troubleshooting Microsoft Windows server systems. Technical Training at Every Level of Experience TechMentor delivers in-depth technical training designed to help you get the most out of your network. Experts will cover these topics and more: » Active Directory » Command-Line Scripting » Disaster Recovery » Group Policy » VBScript » Vista » Wireless Security Tips, Tips, Tips Welcome to TechMentor Bringing real-world experience to the conference, TechMentor instructors actually USE the technology they teach about. You’ll walk away with hundreds of tips and step-by-step instructions that you can apply immediately. 2 Who Should Attend Exhibit Hall > Network and Systems Administrators > IS/IT Managers and Directors > Network and System Engineers > MCPs, MCSAs and MCSEs > Security Specialists > IT/Systems/Technical Analysts > Help Desk/Desktop Support > Consultants Evaluate the newest products and solutions for Windows networking professionals in the TechMentor Exhibit Hall. Leading vendors will be on hand to explain and demonstrate the very latest breakthroughs in their technologies. Keynote Presentations Bill Boswell Senior Consultant with Microsoft Consulting Services, Author What's Ahead for a Windows Datacenter Mark Minasi Best-Selling Author, Popular Technology Columnist, Commentator and Keynote Speaker Hastening La Vista: Microsoft Delivers The Next Windows Wednesday, October 11 11:45am-2:00pm Exhibit Hall Open and Lunch 5:30-7:30pm Exhibit Hall Open & Reception 6:00-7:00pm One-On-One Consulting Hour 6:30-7:30pm Meet the Editors of Redmond magazine Thursday, October 12 11:45am-2:00pm 1:00-1:45pm Exhibit Hall Open and Lunch Vendor Presentations Table of Contents Instructors Program-At-A-Glance Course Descriptions Registration and Travel October 9-13, 2006 • LAS VEGAS 3 4–5 6–17 18–19 Instructors sultant specializing in Identity Management, Rights Management, and Public Key Infrastructure deployments. Paul’s background includes Microsoft technologies, Lotus Notes, Sun Microsystems, IBM AIX, UNIX and Linux. He has held roles in technical training, consulting, subject matter expert for Microsoft Learning Products, support and help desk. Dmitri Daiter, MCSE, a Principal Exchange Engineer for Zenprise Inc., is a systems engineer/architect with over 12 years of experience in the IT industry. Dmitri’s specialization is architecting and managing network and messaging infrastructure based on Microsoft products, but his expertise spans a range of technologies. Dmitri had several successful network and messaging infrastructure deployment and migration projects from Exchange 4.0 to 2003. Currently he is focusing on messaging troubleshooting automation and tools. Anil Desai, MCSE, MCSD, MCDBA, is an independent consultant based in Austin, TX. He specializes in evaluating, implementing, and managing solutions based on Microsoft technologies. Anil has designed and managed hundreds of SQL Server databases. He has worked extensively with Microsoft’s server products and the .NET development platform. Anil is the author of books on the Windows Server Platform, SQL Server, Virtualization, AD, and IT management. He is a conference presenter and magazine contributor. Jeff Hicks, MCSE, MCT, is a Senior Network Engineer with Visory Group, as well as principal consultant of JDH Information Technology Solutions. He has been in the IT industry for over 14 years, doing everything from help desk support to project management. He is currently a contributing editor to ScriptingAnswers.com. Eric Johnson, MCSE, MCDBA, MCSD, is a database administrator for a Fortune 500 company. Eric has 10 years of IT experience and has been working with Microsoft SQL Server since version 6.5. Eric has managed and designed databases of all shapes and sizes. He has delivered numerous SQL Server classes and Webcasts. He is the VP of Marketing for the Colorado Springs SQL Server Users Group and author of the 4-part series, Tour de SQL, published in Redmond magazine. Don Jones is the owner of ScriptingAnswers.com, a contributing editor to Redmond magazine, and a columnist on CertCities.com and MCPMag.com. Don has written more than a dozen information technology books, including Managing Windows with VBScript and WM (Addison-Wesley). Don is also an independent technology consultant, with a focus on security and automation in Microsoft-centric environments. Todd Lammle, CCNA, CCNP, CEH, CEFI, FCC, RF Licensed, has been involved in computers and networking for over two decades. He has worked for companies such as Xerox, AAA and IBM to consult on both bounded and unbounded media technologies, as well as unlicensed IEEE specifications. He’s been consulting on the new 802.11j (4.9Ghz) for Homeland Security, as well as providing prevention techniques for hacking and forensic technologies. Todd has written more than 50 Sybex study guides. Todd is President of GlobalNet Training and CEO of RouterSim, LLC. Rhonda Layfield, MCT, NT/2000/2003 MCSE, MCSE: Security, began her network support career in 1982 serving in the US Navy, where she worked for 7 years in communications with a top secret clearance. Since then, she alternates between consulting (including a network support role at Microsoft) and training (currently teaching MCSE bootcamps). Some of her clients include Dow Jones, US Airforce, IBM, Duke Energy, Wachovia and EDS. Darren Mar-Elia, MVP, directs DesktopStandard’s product engineering group. He has 18 years of experience in IT systems and network administration architecture with companies such as Quest Software, Charles Schwab and Wells Fargo Bank. He is currently a member of the JP Morgan Partners Technology Advisory Board. He created and maintains gpoguy.com and has written and contributed to eleven books on Windows including The Windows Group Policy Guide (Microsoft Press). Darren is a frequent speaker on Windows infrastructure topics. Derek Melber, MCSE, CISM, MVP, is the Director of Education and Certification at DesktopStandard. Derek is a nationally known speaker, trainer and author, focusing on Active Directory, Security, and Group Policy. Derek’s latest works include The Group Policy Guide (MSPress) and Windows XP Professional ExamCram2 Second Edition (QUE). conferences’ highest attendee evaluation scores. He won CertCities.com’s “Favorite Technical Author” reader poll for the third year running. Jeremy Moskowitz, MVP, MCSE, founder of Moskowitz, Inc. (www.Moskowitz-inc.com), is an independent consultant and trainer for Windows technologies. He runs GPanswers.com and WinLinAnswers.com forums to answer Group Policy and Windows/Linux Integration questions. He authored Group Policy, Profiles and IntelliMirror (SYBEX). His latest book is Practical Windows & Linux Integration: Hands-on Solutions for a Mixed Environment (SYBEX). Jeremy frequently contributes to Redmond magazine. Sekou Page, MCSE, CISSP, has over 10 years of experience in the IT field. He is Exchange 5.5/2000, IIS, and Active Directory Design Certified. Sekou specializes in Active Directory and Exchange migrations and has lead over 50 successful migrations, over 30 of which were in Exchange 2003. His expertise also includes infrastructure architecture/optimization and security. Currently Sekou is the Principal Exchange knowledge architect at Zenprise. Keith Parsons is Managing Director of the Institute for Network Professionals and is Editor-in-Chief for NICs. He holds 36 technical certifications and has earned an MBA in Qualitative Analysis from the Marriott School of Management. He is author (or editor) of a dozen technical publications and has developed six technical certifications for companies such as Network Associates, Verisign, and IBM. Beth Quinlan, MCT, MCSE, MCSA, CISSP, is a trainer/consultant who has specialized in Microsoft infrastructure technologies and security design for over 12 years. Beth is in her 4th worldwide tour for Microsoft Product Teams. She trains internal Microsoft engineers, partners and customers on ISA Server 2004, Antigen, Exchange Hosted Services and RMS. Beth has spoken at events for Microsoft and others, written courseware, developed hands-on labs and recently authored ISA Server 2006 Reviewer’s Guide. Steve Riley is a product manager in Microsoft’s Security Business Unit. In 1998 he joined Microsoft Consulting Services to design highly-available network architectures, develop hosting platforms for custom and off-the-shelf applications, and deploy complex multi-site VPNs. As a security consultant, he worked with customers to conduct security assessments and risk analysis, deploy technologies for attach prevention and intrusion detection, and assist with incident response efforts. He is a frequent speaker at conferences worldwide. Bruce Rougeau, MCSE, MCP+I, MCT, Citrix Certified MetaFrame Administrator, began designing and implementing a three-tier architecture in 1998. A recent thin client implementation was deployed using Citrix’s WinFrame utilizing 1,000 Windows-based terminals and fewer than 20 PCs. Currently he works for EDS as an infrastructure architect focusing on networks, Web servers, thin client computing and 32-way Intel Data Center solutions. Greg Shields, MCSE: Security, CCEA, is a senior consultant with 3t Systems in Denver. A contributing editor to Redmond magazine, Greg has experience with architecting and administering enterprise collaboration systems using Microsoft, Citrix, and VMWare technologies. His recent projects include architecting a multi-company, collaborative software development environment, deployment of an enterprise patch management system using SMS, and authoring best practices with its use. Greg is a dynamic speaker and technical trainer. Bharat Suneja, MCT, MCSE: Messaging, MCSE: Security, Security+, has over 10 years of experience architecting and managing exchange environments ranging from mid-size companies to large service providers. His expertise spans Active Directory and security. Bharat has worked in industries including ecommerce, ISP/ASP, IT firms and software. Bharat is a writer and contributing editor for IT publications and was a technical reviewer for Exchange Server 2003 24 Seven (by Jim McBee). Richard Taylor is a speaker, consultant, and trainer. He has worked as an instructor for training centers, a consultant for firms such as Honeywell, MCI, and Lockheed Martin and is an Intel systems engineer where he developed and implemented programs to improve factory automation systems. Rick also worked for Nestlé supporting one of the largest single AD domains worldwide. He was responsible for maintaining the functionality of servers in South America, the U.S. and Canada. Joern Wettern, Ph.D., MCSE, MCT, Security+, is the owner of Wettern Mark Minasi, MCSE, is author of Mastering Windows Server 2003, the latest in a series of books on Microsoft networking that have sold over a million copies. He has been a columnist for several industry magazines. Mark is a frequent conference keynote and breakout speaker and regularly garners those Network Solutions, a consulting and training firm. He has written books and developed training courses on a number of networking and security topics. In addition to helping companies implement network security solutions, he regularly teaches seminars and speaks at conferences worldwide. TechMentorEvents.com Instructors Paul Adare, the Chief Technology Officer of IdentIT Inc., is a security con- 3 Crash Courses CC3 Monday, October 9, 2006 G O DEEP! TechMentor takes you in-depth with 3-1/2 hour crash courses on Networking, Troubleshooting, Vista, Linux/Windows Interop and more. Get a jump on your training with these pre-conference courses led by expert instructors. CC1 VMware Workstation & Server Crash Course 8:00-11:30am Greg Shields If you’ve heard all the virtualization hype and not had time to learn it, now’s your chance! Focusing on VMWare’s suite of products for virtualizing servers and workstations, Greg will guide you swiftly through the tools and the technology while pointing out the pitfalls and the promise. You’ll learn the basics of deploying, managing, and troubleshooting Virtual Machines using VMWare’s Workstation and ESX Server. You’ll discover the best ways to secure your server hosts and rapidly deploy new Virtual Machines. You’ll analyze system sizing tricks and performance optimizations that prevent bottlenecks and resource overuse. And, you’ll leave with proven solutions for virtualizing your entire server infrastructure at a very affordable price. CC2 Networking Crash Course 8:00–11:30am Todd Lammle TCP/IP? IPv6? Internetworking? Hubs, switches and routers? Have you always wanted to understand what these terms really mean in a compact, easy to understand format? Take the plunge into this high octane, half-day course and leave soaked in everything about basic networking. You’ll be fully equipped with a thorough, realitybased knowledge of networking. This course opens with the very basics of computers and networking, then glides upward through TCP/IP addressing, routing protocols and even basic wireless technologies-priceless for anyone trying to get a running start in the networking arena. Crash Courses, MCSA MCSA – Microsoft Certified Systems Administrator Track 6 M icrosoft Certified System Administrators (MCSAs) are the frontline, in-the-trenches workers in most organizations. They’re the system administrators, the ones who keep the servers humming along, who manage users, groups and resources. If this is you, it’s time to get busy and add a title to your arsenal that will give you a leg up on your peers and demonstrate your expertise to the boss. The MCSA Track is fast-paced, presenting all the vital information necessary to prepare you for the MCSA exams. The instruction removes all redundancy in the exam curriculum and accelerates the learning process by providing only the information needed, without any sales propaganda. This track has been updated to include a new session that will quiz the students by going through a database of Microsoft questions targeted at the 70-290 exam. This is a jam-packed week with a lot of material to cover and a dynamic instructor to aid you in navigating the MCSA maze. This track is led by popular “certification slam session” instructor Bruce Rougeau who has been teaching MCSA/MCSE certification courses for the past 10 years. NOTE: TechMentor does NOT guarantee that you will obtain a certification after completing the certification tracks. You will be taught the test objectives, but successfully passing the tests involves more than just your training. Vista Crash Course 8:00–11:30am Mark Minasi Windows Vista’s on the way with a bunch of cool new features. So get ready for another round of “Just HOW do I do this thing I used to be able to do in two clicks?” In this course, Mark Minasi helps you get past “fear of flying”—flying off the handle, that is, when it first takes you a half hour to find the Properties page for your network adapter. You’ll find this session is the fastest way to translate your “XPertise” to the newest Windows so that you can, well, sit back and enjoy the Vista! CC4 Linux/Windows Integration Crash Course 8:00–11:30am Jeremy Moskowitz Linux is coming to your enterprise, and you’ll have to support it. Are you ready? Could you reboot, troubleshoot, change rights, install new Linux software? Better take a crash course. Since you’re getting into Linux, you’ll want single sign-on from the corporate Active Directory. In the second half of the session, we’ll describe and demonstrate how Active Directory can be the focal point of your authentication network, provide some tips on how to configure Linux clients and how Samba (an application which makes Linux play nicely with Windows) fits into the picture. If you’ve got Linux and Windows and lot of questions, this session is for you. CC5 Troubleshooting Group Policy Crash Course 8:00–11:30am Derek Melber If you run Active Directory, you use Group Policy. Even with the default Group Policy Objects, other issues will arise. Knowing what’s under the hood will go a long way toward troubleshooting. This session will go into the finer points of troubleshooting Group Policy files, folders, permissions, and storage. You’ll learn about creating, modifying and applying Group Policy, from both the client and server standpoint. When you’re done with this crash course, you’ll be able to quickly and efficiently resolve any Group Policy issue. M5 MCSA: Attended and Unattended Installs and Upgrades Monday 12:30–2:00pm Bruce Rougeau After a course overview, you’ll move right into troubleshooting an attended or unattended installation or upgrade of Windows XP and Windows 2003. You’ll use tools such as Remote Installation Services, Sysprep and Setup Manger. Then you’ll migrate user settings and files using the Files and Setting Transfer Wizard, ScanState and LoadState. M11 MCSA: Data Access, File System, and Printing Monday 2:15–3:45pm Bruce Rougeau You’ll learn techniques for planning, creating and monitoring a data access strategy for providing access to files, folders and shares— including NTFS permissions, Share permissions, WebDav, compression and encryption. Other topics covered include configuring and providing access to Offline files, synchronization, creating and managing printers and print jobs for local printers, remote printers, printer sharing and Internet printers. M17 MCSA: Windows 2003/XP System Configuration and Backup Strategies Monday 4:00–5:30pm Bruce Rougeau You’ll learn how to install, configure, remove, troubleshoot and monitor devices and configure driver options for driver signing. Learn how to use tools like regedit to search and modify the reg- October 9-13, 2006 • LAS VEGAS istry. You’ll also get into configuring hardware profiles, power management for mobile users and using Scheduled Tasks to schedule backups or other routine events. MCSA: Configuring Routing and Remote Access Bruce Rougeau Wednesday 4:00–5:30pm Bruce Rougeau This session will be a complete introduction to Active Directory, including all the buzz words and all the steps for creating a multilevel domain forest. You’ll examine the different groups by defining the scope and membership for each then explore possible implementations based on the Microsoft terminology. You’ll also learn about managing user objects via a GUI or scripts. Secure, efficient remote access is becoming more critical in these days of telecommuting.This session is all about configuring and troubleshooting remote access, including routing and remote access. MCSA: Active Directory, Part 2 This session will cover Microsoft questions for the 70-290 Managing and Maintaining a Windows Server 2003 Environment exam. You’ll go through each test objective by covering questions from Microsoft Readiness and Review materials. T11 Tuesday 8:30–10:00am W23 Tuesday 10:15–11:45am Bruce Rougeau This session will introduce the concept of GPOs and scenarios for using them. Then you’ll learn how to use Resultant Set of Policy and Group Policy Management Snap-ins to resolve conflicts between GPOs. You’ll also learn about GPO Filtering, Loopback processing, Block Inheritance, Override and WMI filtering. T17 MCSA: 70-290 Exam Prep Th5 Thursday 8:30–10:00am Bruce Rougeau Th11 Thursday 10:15–11:45am Bruce Rougeau MCSA: Disk Management Tuesday 1:45–3:15pm MCSA: Troubleshooting RAS Policies and Capturing Passwords with Network Monitor Bruce Rougeau Hardware management is the theme for this session. You’ll learn about managing basic and dynamic disks, monitoring hardware devices with Device Manager and the Control Panel, optimizing server disk performance with RAID, defragmentation and monitoring disk quotas. The session will also cover different RAID options, how to recover from a disk failure, the command line tool diskpart and the value Microsoft sees that it brings to the table. RAS policies can be tricky to implement.You’ll learn about the various settings and see a live demo exploring various variations. You’ll also leave knowing how to go home and start sniffing your local networks with Microsoft’s complimentary Network Monitor. You’ll learn how it works, and how to use it to monitor and troubleshoot network issues. Th17 MCSA: Role-Based Security and Security Templates Thursday 2:15–3:45pm T23 MCSA: Terminal Services and Remote Troubleshooting Tuesday 3:30–5:00pm Bruce Rougeau This session starts with configuring and troubleshooting Remote Desktop, then moves on to other areas of remote management, including Terminal Services. Other topics covered include usage of Terminal Services Administrative tools and managing and troubleshooting print queues. Learn how to use the Remote Desktop group and limitations in an Active Directory environment. W5 Wednesday 8:30–10:00am Bruce Rougeau W11 MCSA: TCP/IP Configuration and DHCP Issues Wednesday 10:15–11:45am Bruce Rougeau Learn how to configure TCP/IP, manage and troubleshoot DHCP leases, Relay Agents, databases, scope options, server options and reservations. You’ll also troubleshoot APIPA addressing and TCP/IP configuration issues. W17 Th23 MCSA: Performance Monitoring and System Recovery Strategies Learn how to monitor your most critical resources by creating a system baseline that includes CPU, disks, network, processes and pagefile performance counters. You’ll also learn about the boo sequence for Intel systems and explore options for backing up and restoring your systems using automated system recovery (ASR) procedures; restoring data from shadow copies; planning, deploying and monitoring system backups; and restoring a failed system. You’ll emerge with an understanding of Windows backup, safe mode, system restore and recovery console. MCSA: DNS Configuration and Troubleshooting Wednesday 2:15–3:45pm Bruce Rougeau You can’t be an effective administrator if you don’t understand name resolution—specifically DNS. Learn the ins and outs of DNS, Bruce Rougeau Security means different things to different people. In this course, you’ll go through the different types of servers and discuss the various security measures you can take for each. Then you’ll learn how to use GPOs and security templates based on computer roles to configure Registry and file permissions, account policies, audit policies, user rights, security options and system services. The next part is deploying templates using GPOs and scripting. MCSA: Web Services and Service Pack and Hotfix Assessment and Deployment Thursday 4:00–5:30pm Bruce Rougeau Each MCSA should be able to install and configure an IIS server. In this session, you’ll learn how to install IIS, create virtual directories, explore IIS 6.0 architecture, set security parameters and set up IIS for self-monitoring. You’ll also learn how to make IIS more functional by enabling features disabled by default. F5 MCSA: IPSec Security Principles Friday 8:30–10:00am Bruce Rougeau Learn how to increase security with IPSec, which IPSec mode to use, how to select an authentication method, and how to configure IPSec authentication, encryption level and the appropriate IPSec protocol. You’ll also get into troubleshooting IPSec with IP Security Monitor and IPSec logging and learn how to plan and implement security for wireless networks. F11 MCSA: Certificate Strategy and Planning Friday 10:15–11:45am Bruce Rougeau Finish your week’s training with a discussion of planning, implementing and managing certificates. Learn how to deploy, manage and configure SSL certificates for wireless networks, plan and configure authentication, plan for digital signatures, install and configure Certificate Services, plan a multi-level certificate authority (CA) hierarchy, and archive and recover keys and revoked certificates. You’ll also learn how to back up and restore your CA. TechMentorEvents.com MCSA T5 MCSA: Active Directory, Part 1 configuring DNS server options, zone options, DNS forwarding, and monitoring and troubleshooting DNS. 7 MCSE – Microsoft Certified Systems Engineer Track H olding the Microsoft Certified Systems Engineer (MCSE) title says a lot about you: it’s difficult to get, and shows that you’ve got top-level design and administration skills. It’s also a credential that can add sparkle to your resume. But you have to come prepared for this rigorous course: The MCSE Track is aimed at administrators or system architects with substantial (at least a year or more) Windows 2000 Server or Windows Server 2003 experience. This intense week will prepare you to take tests necessary to obtain Microsoft’s highest-level administrative certification. Led by well-known author and trainer Derek Melber, the course offers a sequential path through the test objectives you’ll be required to know. Be ready with your laptop and goggles: this course flies! NOTE: TechMentor does NOT guarantee that you will obtain a certification after completing the certification tracks. You will be taught the test objectives, but successfully passing the tests involves more than just your training. M6 MCSE: Physical and Logical Devices Monday 12:30–2:00pm Rick Taylor Hard drives are the most important physical and logical devices on a Windows system. With basic disks, dynamic disks, volumes, partitions and troubleshooting, there’s a lot to know. Don’t forget about handling drivers, driver signing and driver rollback. You’ll learn about disk quotas, defragmentation, removable drives and how the operating system detects and handles these devices. M12 Monday 2:15–3:45pm Derek Melber MCSE: RAS and Remote Administration Monday 4:00–5:30pm Rick Taylor This session will dig deep into remote access services, covering protocols, security, RAS clients and permissions. RAS policies—the heart of RAS security—will be demystified so you can fully understand how to create and manage them.You’ll also learn about other remote access topics like Remote Desktop, Remote Assistance, Terminal Services for administration (which has new names and interfaces for Windows Server 2003) and tools like the MMC and how to use the Adminpak for administration. T6 MCSE: Name Resolution Tuesday 8:30–10:00am Rhonda Layfield MCSE Have you said goodbye to WINS yet? If you haven’t, you’re not alone. Not only do we still get to support WINS, but now Active Directory requires DNS. Most Active Directory issues end up being DNS issues, so if it’s not set up properly for AD, bad things happen and they happen fast. This session will help prepare you for DNS’s requirements, options and recommended configurations for Active Directory. 8 T12 MCSE: Manage Users, Computers, and Groups Tuesday 10:15–11:45am T18 Derek Melber With roaming profiles and mandatory profiles, controlling them is very important. If you have roaming profiles, you then need to MCSE: Networking Concepts and Principles Tuesday 1:45–3:15pm Derek Melber This session starts off with thorough coverage of IP and subnetting. You’ll learn about supernetting, CIDR and subnet masking to the nth degree.You also get up to speed on all areas of DHCP and DHCP design criteria (including the DHCP relay agent and DHCP scope options), NAT, demand-dial routing and wireless connections and IP troubleshooting. T24 MCSE: Network Security Tuesday 3:30–5:00pm Rick Taylor When it comes to network security, there are plenty of options within Windows Server 2003. You’ll get reacquainted with old friends like SMB signing and port filtering, learn how to secure authentication and how to use certificates to increase network communication security.You’ll also get into IPSec—an abyss of settings and options you’ll learn to decrypt—and the new and improved Windows Firewall, which you can control almost 100% through GPOs. W6 MCSE: Resource Access Permissions aren’t the same as back in the Windows NT days. They’ve grown up and have true inheritance, control over permission denial and granularity unlike anything before. With changes to how ownership is handled (or given away) and default share permissions, you’re dealing with a brand new structure for handling resources in Windows Server 2003. If you missed the key changes with the encrypting file system (EFS), you’ve missed one of the biggest improvements in Windows Server 2003. M18 know what is stored in them to save time and drive space. If you have users changing from one computer to another, tools like the File and Settings Transfer Wizard and User State Migration Tool (USMT) will help you migrate their information. You’ll also learn about the new types of groups available in Active Directory and best practices on how to use and nest them. MCSE: IIS and IIS Security Wednesday 8:30–10:00am Rick Taylor Windows Server 2003 now has a distinct product for running a Web server—IIS. You’ll learn the new features of IIS including overlapping recycling, real-time editing of the XML metabase, Application Pools, Web Service Extensions, and the key architectural changes that improve stability, security and performance for your Web servers. W12 MCSE: Active Directory, Part 1 Wednesday 10:15–11:45am Derek Melber Active Directory takes you on a quest to understand the terminology and structural components. You’ll learn both in this session, starting with the key concepts and the structural components of Active Directory and how they work together. You’ll cover domains, trees, forests, sites, trusts, organizational units (OUs) and more. Without a core understanding of how Active Directory works, you will never be successful on any of the MCSE exams dealing with Active Directory. You’ll get all of the answers here. W18 MCSE: Active Directory, Part 2 Wednesday 2:15–3:45pm Derek Melber Active Directory is too big a topic to fit into one session. This second session will present the more difficult topics, such as FSMOs, universal group caching, replication design, organizational unit (OU) design, Active Directory security and delegating administrative control. You’ll also learn how to secure domain controllers and account policies, and ensure that all authentications are secure. W24 MCSE: Managing and Monitoring Performance Wednesday 4:00–5:30pm Rick Taylor Although Task Manager has been around a long time, it has several new features for you to learn. There’s also the System Monitor (a.k.a. Performance Monitor), which is ideal for baselining and troubleshooting network, application or system problems. You’ll also learn the ins and outs of Software Update Services (SUS), and how it should work with GPOs. Event Viewer is still essential for monitoring, but the audit policy needs to be set up to fill the security October 9-13, 2006 • LAS VEGAS logs. You’ll also see Microsoft Baseline Security Analyzer (MBSA), which is constantly being upgraded with new features. Th6 MCSE: Introduction to GPOs Thursday 8:30–10:00am Derek Melber Group Policy Objects can be complex to understand, design, and implement. This session will cover the key aspects of Group Policy Objects, including GPO precedence, delegation, enforcement, blocking policy inheritance and GPO filtering. You’ll also learn about the key aspects of GP settings, including security controls, logon and authentication components, software restrictions, desktop standardization and software distribution. Th12 MCSE: Disaster Recovery and Backups Thursday 10:15–11:45am Rick Taylor Learn how to navigate the myriad options for troubleshooting, backup and recovery. There are still familiar tools like Last Known Good and NTbackup, as well as new options like Automated System Recovery and Volume Shadow Copy. For Active Directory, there are also System State and authoritative restores, the Recovery Console, tombstoning and emergency management. Th18 MCSE: Introduction to GPOs (repeat session) Thursday 2:15–3:45pm Derek Melber Group Policy Objects can be complex to understand, design, and implement. This session will cover the key aspects of Group Policy Objects, including GPO precedence, delegation, enforcement, blocking policy inheritance and GPO filtering. You’ll also learn about the key aspects of GP settings, including security controls, logon and authentication components, software restrictions, desktop standardization and software distribution. Th24 MCSE: Advanced GPOs Thursday 4:00–5:30pm Derek Melber This session will take you on a tour of advanced GPO techniques and tasks, like custom GPO settings, ADM templates and new security settings. You’ll use security templates to secure a group of computers and ensure the computers always get these settings. You’ll also learn how to delegate control to all aspects of GPO management using the new features of the GPMC. F6 MCSE: PKI and Certificates Friday 8:30–10:00am Rick Taylor Windows Server 2003 PKI can deploy an enterprise public key infrastructure fairly simply, but understanding the correct hierarchy for your Certificate Authorities (CAs) is essential. You’ll learn the correct design of PKI and your CAs, as well as how to issue and manage the certificates required for the multitude of certificate-using applications. There are plenty of new PKI enhancements as well, including certificate enrollment, qualified subordination and custom certificate templates. F12 MCSE Review Session Friday 10:15–11:45am Rick Taylor Do you still have burning questions about Microsoft technologies, exams, or the exam process? This is the time for those questions. We’ll open up the floor to your questions, and guide you through some summary activities to help solidify your knowledge from the week. We will look at a few archived Microsoft questions that give you a clear understanding of the type of questions you’ll be up against when you sit for the exams. Remember, “There are no stupid questions.” Bring your questions to this session. MCSA: Windows Server 2003 Core Requirements (70-270, 70-290, 70-291), 2nd Edition By James Chellis, ISBN: 0-7821-4452-7 ($119.97 retail, $60 for TechMentor attendees, courtesy of Sybex/Wiley) • Includes the two Study Guides: MCSA/MCSE Windows Server 2003 Network Environment Management and Maintenance Study Guide (70290), and MCSA/MCSE Windows Server 2003 Network Infrastructure Implementation, Management and Maintenance Study Guide (70291) • As well as one additional backlist Study Guide: MCSA/MCSE Windows XP Professional Study Guide, Third Edition (70270), 078214412-8, Paper/CD • Plus two bonus CDs featuring an evaluation version of Windows Server 2003 and two additional bonus exams for each title. MCSE: Windows Server 2003 Certification Kit • MCSA/MCSE Windows Server 2003 Network Environment Management and Maintenance Study Guide (70290) • MCSA/MCSE Windows Server 2003 Network Infrastructure Implementation, Management, and Maintenance Study Guide (70291) • MCSA/MCSE Windows Server 2003 Network Infrastructure Planning and Maintenance Study Guide (70293) • MCSA/MCSE Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide (70294) • Plus two bonus CDs featuring an evaluation version of Windows Server 2003 and 300 additional practice test questions TechMentorEvents.com MCSE (70-290, 70-291, 70-293, 70-294) 2E By James Chellis, ISBN: 0-7821-4453-5 ($159.96 retail, $80 for TechMentor attendees, courtesy of Sybex/Wiley) 9 Exchange/SQL Server T16 C all this the “Windows back-end” track. Learn the ins and outs of two mission-critical applications, Exchange Server 2003 and SQL Server 2005—installation, management and troubleshooting will be some of the areas covered. If you have responsibility for these servers, or need to get up to speed on either, this is the track for you. Respected industry veterans will give you the skills you need to tackle these complex servers. M4 Overview of Exchange Server 2007 Monday 12:30–2:00pm M10 Messaging Hygiene in Exchange 2003 & Beyond: Exchange 2003, 2003 SP2, Exchange 2007 Monday 2:15–3:45pm Bharat Suneja Exchange Server 2003 and Exchange Server 2003 Service Pack 2 include Messaging Hygiene tools you can use to protect your organization from unsolicited commercial email (UCE). You’ll learn what these features offer and how to configure the different components of the Messaging Hygiene framework. Learn how to avoid common pitfalls when using different filtering mechanisms like Connection Filter, Sender ID Filter, Sender Filter, Recipient Filter and Intelligent Message Filter—and get a preview of what Exchange Server 2007 has in store for Messaging Hygiene. M16 Designing Exchange for Performance Monday 4:00–5:30pm Sekou Page You’ve got Exchange up and running and everything seems fine— until someone says “e-mail is slow.” Troubleshooting Exchange performance begins with making sure you have a well designed infrastructure. Factors like the type and number of servers in your environment, user load and behavior and your overall IT infrastructure can all contribute to how you design and tune your systems. You’ll learn how to architect an Exchange environment and design servers for maximum performance. Exchange/SQL Server T4 10 SMTP Virtual Servers and SMTP Connectors: How to Configure SMTP in Exchange Server 2003 Tuesday 8:30–10:00am Bharat Suneja Exchange Server 2000/2003 uses SMTP as a transport and forms the backbone of an Exchange message routing topology. Learn how SMTP works in Exchange 2003 and how to configure it properly. You’ll learn how SMTP virtual servers and SMTP connectors work and how to configure SMTP in different topologies. You’ll learn best practices and get the answers to many frequently asked questions about SMTP configuration. T10 Clustering Exchange with Exchange Server 2003 & 2007 Tuesday 10:15–11:45am Bharat Suneja High Availability clustering is a solution to the higher uptime needs demanded by SLAs in some organizations. In this session, you’ll learn how clusters provide higher uptime, how to set up an Exchange cluster using Windows Server 2003 and Exchange Server 2003, planning and deployment considerations, considerations for managing clustered Exchange servers and get a sneak preview of the new clustering features coming in Exchange Server 2007. Tuesday 1:45–3:15pm Sekou Page DNS is often considered a “black box.” Once it’s configured and working, it’s hard to figure out why it “breaks” or what might be wrong. The focus of this session is troubleshooting DNS issues as they relate to Microsoft Exchange. There will be a group discussion on approaches to take when troubleshooting connectivity, zone integrity, performance, Active Directory DNS and name resolution. By thoroughly understanding the different classes of DNS issues and the appropriate troubleshooting processes, we’ll take the mystery out of DNS issues. Bharat Suneja Exchange Server 2007, the next major version of Exchange, brings many new features, functionality and new ways of performing management tasks. This session provides an overview of all the new features coming in Exchange Server 2007. Troubleshooting DNS for Exchange T22 Disaster Recovery Planning for Exchange Tuesday 3:30–5:00pm Sekou Page You never know when disaster will strike. In this session, you’ll learn some of the ways to prepare your Exchange environment for an emergency, looking at the entire Exchange infrastructure from mailbox servers and infrastructure to individual mailboxes and messages. You’ll also learn some of the best ways to avoid disaster altogether by careful environment planning and architecting. W4 Exchange and Active Directory Availability Issues Wednesday 8:30–10:00am Dmitri Daiter When you implement your Exchange infrastructure, it is important to make sure that all the Active Directory related services and servers are available and not only available but available “nearby” (through a fast connection) and have necessary performance capacity. DNS servers, Domain Controllers, Global Catalog servers, and Kerberos servers need to be available for Exchange server to work properly and even to start. We will consider issues that will arise if there are problems with Active Directory availability. W10 Client Side Exchange Troubleshooting Wednesday 10:15–11:45am Dmitri Daiter When it comes to running Exchange, keeping your users happy is your goal. You’ve got a handle on troubleshooting server side issues, but when it comes to troubleshooting client side issues, it’s like stepping into the “Wild West.”You never know what to expect. In this session you’ll learn techniques for troubleshooting client side issues. From Outlook to OWA and mobile devices, you’ll learn everything you need to be successful when working on client side issues. W16 Troubleshooting SMTP for Exchange Wednesday 2:15–3:45pm Sekou Page Exchange has become the most critical business communication tool. If e-mail goes down, the impact on business transactions and productivity is detrimental. At the core of all email communication is Simple Mail Transfer Protocol (SMTP). This session will provide an in-depth look at SMTP—examining common configurations and problems and address some of the well known (and not so well known) methods of troubleshooting SMTP problems. W22 Architecting a Highly Secure Messaging Environment Wednesday 4:30–5:00pm Sekou Page The security of your mail infrastructure is critical. With the threat of worms, viruses and hackers (both external and internal), securing your mail system is no easy task. Although Windows 2003 and Exchange 2003 have made improvements over previous versions, your mail system is far from safe. In this session, you’ll learn best practices for securing your Exchange infrastructure from top to bottom and examine some of the common mail system exploits and how to avoid them. October 9-13, 2006 • LAS VEGAS Th4 SQL Server 2005 Reporting Services Thursday 8:30–10:00am Eric Johnson Refined in this release of SQL Server, Reporting Services is a powerful, easy to manage reporting platform. This presentation will cover the tools you need to design, manage, and view reports. In addition, we will look at SharePoint integration, report subscription, integration with SQL Server Management Studio, and much more. Th10 Monitoring and Optimizing SQL Server 2005 Performance Thursday 10:15–11:45am Anil Desai Monitoring and optimizing SQL Server performance is essential. This session will include walkthroughs and demonstrations of SQL Profiler, Query Analyzer, Windows System Monitoring and the Database Engine Tuning Advisor. You’ll learn how to troubleshoot slow queries, find bottlenecks on busy servers, design indexing strategies, manage blocking and deadlocks, and use of partitioning and index-related enhancements to optimize performance. Th16 SQL Server Integration Services Thursday 2:15–3:45pm Eric Johnson SQL Server Integration Services (SSIS) is the new extraction, transform, and load (ETL) tool in SQL Server 2005. SSIS replaces and improves upon Distributed Transaction Services (DTS) from previous versions. Now a truly powerful enterprise level ETL tool is available with SQL Server. SSIS provides graphical tools for designing, building, and debugging SSIS packages. This presentation will provide an overview of SSIS and a look into the many functions for merging, cleaning, and aggregating data. In addition, we will look at options for scheduling and running SSIS packages both with and without SQL Server. Th22 your SQL Server installations, including managing logins, creating database users and managing server- and object-level permissions. F4 Replication in SQL Server 2005 Friday 8:30–10:00am Eric Johnson In this session, we will dive into the challenge of configuring, using, and troubleshooting replication. Topics will include snapshot replication, transactional replication, merge replication, and the newlyminted peer-to-peer replication. We’ll look at how replication works and how to make the best use of it in your environment. Additionally, we will look at new tools and enhancements that will allow you to more effectively manage and troubleshoot SQL Server Replication. F10 SQL Server 2005 Data Protection and High Availability Friday 10:15–11:45am Anil Desai SQL Server 2005 includes many new features to help ensure that your database servers stay up and running, even under the worst of circumstances. This presentation will cover SQL backup and recovery, including new enhancements that make the process more reliable and walkthroughs of real-world backup and recovery plans. There will also be live demonstrations of the high-availability features in SQL Server 2005, including database mirroring, log-shipping clustering, database snapshots, replication and how to select the most appropriate high availability technology for a given scenario. Securing SQL Server 2005 Thursday 4:00–5:30pm Anil Desai BONUS! Each attendee will receive the complete set of all course notes*. This CD will be handed out during the conference. (*excludes crash courses) TechMentorEvents.com Exchange/SQL Server Relational databases are where an organization’s most sensitive and important assets are often stored. Therefore, it’s only fitting that systems administrators and DBAs do their part to protect systems. SQL Server 2005 uses a multi-layered security model that involves security principals, securables and permissions. It’s consistent and straight-forward, once you understand how all the pieces fit together. This presentation will cover details you’ll need to know to secure 11 Scripting and Automation “C hoose your weapon” with this year’s Scripting and Automation track, where industry guru Don Jones will introduce you to all the right tools for the right job: VBScript, command-line (batch) scripting, and even Microsoft Shell (MSH, or “Monad”), Microsoft’s newest scripting shell for Windows and server automation. You’ll even find a session or two that don’t involve any scripting whatsoever, giving you automation tools that you can start using right away, with zero experience and zero learning curve. Take the entire track and become a true Automated Administrator, able to leverage a variety of technologies to increase productivity, efficiency, and even your job satisfaction. All sample scripts and other tools will be provided (via download) for your convenience (bring an extralife battery if you plan to follow along on your laptop). Don’s quick-moving and occasionally whimsical style is famous for making difficult scripting concepts easy to grasp even for someone with absolutely no prior experience; step right up and learn about the automation technologies that will truly set you apart from the masses as a professional, enterprise-class Windows administrator! M3 VBScript Fundamentals, Part 1 Monday 12:30–2:00pm Don Jones Learn the core VBScript language, including how Windows Script Host (WSH) works, how VBScript handles and manipulates data, how to add looping and logic to your scripts, and even how to modularize your script code. This is the place to start if you have absolutely no prior VBScript experience, as you’ll be treated to a step-by-step introduction to the language, shown how to use the documentation effectively, and even shown a few tricks for “scripting without scripting.” This session is an absolute must for anyone planning to take other scripting courses in this track. Scripting and Automation M9 12 VBScript Fundamentals, Part 2 Monday 2:15–3:45pm Don Jones Continue your VBScript education by learning to work with the COM objects that provide access to Windows’ administrative functionality. You’ll learn how to manipulate files and folders, how to map drives and printers, and even how to manipulate the registry and other Windows shell components. Most importantly, you’ll finish learning the basics of VBScript, preparing you to begin working with more advanced technologies like Windows Management Instrumentation and Active Directory Services Interface. Pre-requisite: Completion of VBScript Fundamentals I. M15 VBScript Debugging and Error Handling Monday 4:00–5:30pm Don Jones Stop banging your head against the wall and stomp those bugs— or, better yet, prevent them from happening at all! You’ll learn the experts’ secrets for preventing VBScript bugs, as well as techniques for gaining better insight into your scripts’ execution to help eliminate bugs quickly. You’ll also learn VBScript error handling techniques, a valuable way of giving your scripts the intelligence to anticipate problems and deal with them, rather than crashing unexpectedly at the first sign of trouble. Don will even provide you with several debugging tools and show you how to use commercial script debuggers, giving you a complete arsenal in the war on bugs. Prior VBScript experience, or completion of earlier VBScript sessions in this track, is highly recommended. T3 VBScript and Windows Management Instrumentation (WMI) Tuesday 8:30–10:00am Don Jones Use VBScript to tap into Windows’ most powerful administrative technology: Windows Management Instrumentation (WMI). Learn to inventory configuration settings, perform basic configuration changes—all remotely, of course—and utilize WMI testing and development tools like Wbemtest. You’ll also learn how to read the sometimes-complex WMI documentation, and to use script templates to create effective administrative scripts faster and more easily. Bring your WinXP laptop and follow along with the in-class samples and demonstrations. Pre-requisite: Prior VBScript experience, or completion of both VBScript Fundamentals sessions. T9 VBScript and Active Directory Services Interface (ADSI) Tuesday 10:15–11:45am Don Jones Reach out and manage Active Directory, local security accounts, and even local services by using ADSI, the Active Directory Services Interface. You’ll learn how to write and test ADSI queries, how to use script templates to create scripts more quickly, and how to dig up difficult-to-find ADSI and related documentation. You’ll learn to create users, manage organizational units, tap into groups, and even perform tricks with local services like file and print sharing. Pre-requisite: Prior VBScript experience, or completion of both VBScript Fundamentals sessions. T15 Writing Inventory Scripts Tuesday 1:45–3:15pm Don Jones A “nearly scriptless scripting” session: Learn (or review) the very, very basics of Windows Management Instrumentation (WMI) and see how to piece together template scripts (provided) to inventory a huge variety of information from desktop and server machines on your network. Think of this as “script assembly” rather than actual coding; you’ll use a series of easily-modified templates, as well as the Microsoft WMI documentation and WMI Wizards and “Scriptomatics,” to produce useful inventory tools that work with Active Directory, databases, files, and more. Absolutely no prior scripting experience required. T21 VBScript and Databases Tuesday 3:30 – 5:00pm Don Jones Leverage the power of Access, Excel, and even SQL Server from within VBScript. You’ll learn to use ActiveX Data Objects (ADO) to uniformly access almost any database imaginable, using them to store the results from your scripts, drive your script’s activities, and much more. Includes an introduction to basic SQL language queries that make ADO work, and helps you bypass the confusing parts of ADO that don’t pertain to administrative scripting. Pre-requisite: Prior VBScript experience, or completion of both VBScript Fundamentals sessions. Also assumes basic WMI and ADSI scripting skills. W3 Windows PowerShell (“Monad”) Scripting, Part 1 Wednesday 8:30–10:00am Don Jones Welcome to Microsoft Windows PowerShell (WPS, formerly codenamed “Monad”), Microsoft’s answer to Unix shell scripting and one of the most powerful new ways to automate Windows administration. In this “fundamentals” session, you’ll learn what Windows PowerShell is and how it works. You’ll also learn just enough of Microsoft’s .NET Framework (which WPS is built on) to understand WPS and use it effectively. You’ll learn the very basics of the WPS scripting language, too, and see how WPS cmdlets can be used from within a script. This is the perfect introduction to Windows PowerShell. You will need to obtain the latest Windows PowerShell software independently if you wish to follow along; it will not be provided in class. October 9-13, 2006 • LAS VEGAS Windows PowerShell (WPS) Scripting, Part 2 Wednesday 10:15–11:45am Don Jones Learn how to write fully-functional Windows PowerShell (WPS) scripts, work with advanced cmdlets, and even learn about the broad variety of cmdlets initially available with WPS. You’ll learn more about the WPS scripting language, including its object-oriented nature and how to write more complex, powerful scripts. You’ll dig slightly deeper into Microsoft’s .NET Framework to see what makes WPS tick, and you’ll be able to write complete, fully-functional WPS scripts to help automate administrative tasks in your environment. Pre-requisite: Completion of Windows PowerShell Scripting I session. You will need to obtain the latest WPS software independently if you wish to follow along; it will not be provided in class. W15 Command-Line Scripting, Part 1 Wednesday 2:15–3:45pm Jeff Hicks Think you need to be a VBScript guru to automate administrative tasks? Think again. With the help of an old friend, the C:\ prompt, you can take advantage of the command line’s power and versatility. This session will introduce you to command line scripting so you can leverage the vast number of free command line utilities to manage your servers and desktops. You’ll learn to customize the command line to suit your needs, master basic command line syntax and techniques, and begin building batch files. You’ll also learn the top three commands every Windows administrator should know. Bring your Windows XP laptop and follow along with the inclass samples and demonstrations. Absolutely no prior scripting experience required. W21 Command-Line Scripting, Part 2 Wednesday 4:00–5:30pm Jeff Hicks This session continues our exploration into the power of the command line. Learn how to integrate VBScript and command line scripting, manage Active Directory without a management console, and leverage the power of WMI without having to know WMI! The session will wrap up with our rapid fire Top 10 Command Line Tricks, which are sure to fire you up to start using the command line. Bring your Windows XP laptop and follow along with the inclass samples and demonstrations. Pre-requisite: Command-Line Scripting I or previous command line experience. Th3 Windows PowerShell (WPS, formerly code-named “Monad”) Scripting Overview Thursday 8:30–10:00am Don Jones Caught up in other TechMentor tracks? Here’s a chance to learn about Windows PowerShell (WPS, formerly code-named “Monad”) the new scripting and automation shell from Microsoft. You’ll learn what WPS is, how it works, and the very basics of the WPS scripting language, to. You’ll see how WPS cmdlets can be used from within a WPS script, and see several pre-written WPS scripts in action. This is a great overview for WPS if you’re working hard to keep up with the latest technologies, and recognize that scripting and automation will be a major resume item over the next few years. This session is an overview for those unable to attend the Windows PowerShell (WPS, formerly code-named “Monad”) Scripting I and II sessions. Th9 VBScript with a GUI: HTML Applications (HTAs) Thursday 10:15 – 11:45am Don Jones Extend your VBScript skills and learn to make “real” Windows applications using nothing more than VBScript and simple HTML tags. You’ll learn to make completely standalone applications that utilize WMI, ADSI, and other scripting-related technologies in an HTML Application, or HTA. You’ll also learn an easy-to-use “script-to-HTA” conversion process that minimizes both debugging and application complexity. The perfect way to make your scripts more accessible to junior technicians and even end-users. Prior VBScript experience, or attendance in earlier VBScript sessions, is highly recommended, as is a strong familiarity with basic HTML tags and formatting. If you plan to follow along on your laptop, have a WYSIWYG HTML editor installed. Script Without Scripting Th15 Thursday 2:15–3:45pm Jeff Hicks A “nearly scriptless scripting” session: Learn to use a variety of tools that can produce ready (or nearly-ready) to run administrative scripts with just a few mouse clicks. You’ll learn about Wizards, “Scriptomatics,” and a variety of other tools, and learn the bare minimum necessary to convert the VBScript code they produce into useful administrative tools. You’ll also learn about (and receive a copy of) Don Jones’ “VBScript Toolkit,” an extensible graphical wizard capable of producing a variety of ready-to-run administrative scripts. This is the perfect, last-minute way to pick up some scripting skills, on the quick. It’s also a great way to review key scripting concepts and see additional scripting uses. Absolutely no prior experience required. Th21 Automating Windows Desktop Administration Thursday 4:00–5:30pm Jeff Hicks A “no scripting required” session: Learn to automate a number of top desktop administration tasks—tasks for which, in many cases, Windows lacks built-in tools—without writing a single line of script code. You’ll be introduced to a variety of free tools—including ready-to-run scripts, command-line tools, GUI tools, and more—that handle the otherwise difficult “en masse” administration of desktop machines, including service management, local account management, desktop inventories, and much more. All tools are provided to you in-class and you’re welcome to follow along on your laptop as you learn to use them. For script-based tools, a brief overview of the script will be provided so that you have a starting point for later modification and customization. Absolutely no prior scripting experience required. F3 Top Tricks of the Scripting Pros Friday 8:30–10:00am Don Jones Learn the tricks the experts use to make scripting faster, easier, and more efficient. You’ll learn how to leverage the features available in most commercial script editors, as well as freely-available tools, to write scripts faster, help prevent script bugs, work with databases, and much more. Attendees at this session (must attend entire session) will also receive a large package of script snippets that Don himself uses to script more quickly. You’ll essentially be taking home Don’s own bag of tricks to use in your scripting projects. Very demo-based, so feel free to bring your laptop and follow along. Moderate prior scripting experience is recommended in order to realize the full benefit of this session. F9 Advanced VBScript Tips, Techniques, and Practices Friday 10:15–11:45am Don Jones Wrap up your new scripting skills with advanced techniques and capabilities that will serve you for years to come: Master advanced modularization techniques, including advanced functions and subroutines as well as Windows Script Components. Learn about remote scripting, script security, security contexts, and other security-related concepts. Learn how to make standalone command-line tools using your VBScript tools, and how to automate Windows GUI applications using VBScript. Prior VBScript experience, or completion of earlier VBScript sessions in this track, is highly recommended. TechMentorEvents.com Scripting and Automation W9 13 Security S ecurity is kind of like the weather: everyone talks about it, but no one does anything about it. This is your chance to do something about it. This week-long track will take you from soup to nuts, giving you the basics of network and server security, through various Windows security topics, to several days of handson work in forensics and hacking training. Some of the top experts in Windows security will be teaching, including popular Redmond magazine “Security Advisor” columnist Joern Wettern, Microsoft security guru Steve Riley and noted speaker, author and trainer Todd Lammle. M2 Anonymous Computer Usage Monday 12:30 – 2:00 pm Todd Lammle This unique session will show you how to connect to PCs and sleuth problems using tools hosted on the Ultimate USB Security Stick. The USB memory stick is loaded with powerful security, hacking, and forensic programs—everything you need to help troubleshoot and secure client PCs, even if you lack Administrative rights. During the session, you’ll use the software on the USB stick to work through practical exercises and try out new computer setup and recovery techniques. You’ll also learn how to secure your PC against others who might try to use these tools to access your hardware. You’ll learn how to use USB-hosted apps to run everything from Web browsers and email clients to productivity applications—all without leaving a trace behind on the computer. This is a great session that will help manage trouble no matter where you find it. NOTE: Ultimate USB Security Stick is required for this class. Go online for details. M8 Network Analysis Monday 2:15–3:45pm Todd Lammle You already know that network analysis involves sniffing packets and tracing networks. But did you know that you can do all this with tools hosted on a USB stick? In this session, you’ll get to experience—hands-on—live network analysis. And because you’ll be working with portable software, you’ll be able to employ these techniques on any almost any system—all you need are the tools on the Ultimate USB Security Stick. You’ll learn how to see everything that’s typically leaked from most networks—you’ll locate passwords, identify suspicious traffic patterns, and view and capture packets on the fly. To ensure you’re equipped to handle today’s changing networking environments, we’ll also show you how to perform these tasks both wired and wirelessly. NOTE: Ultimate USB Security Stick is required for this class. Go online for details. M14 Security 14 T8 Computer Forensics Tuesday 10:15–11:45 am Keith Parsons Computer forensics analysis is a crucial discipline for any enterprise IT department. Whether assessing system vulnerabilities or investigating a suspected attack, you need to be able to recognize and assess malicious, unapproved, and unauthorized activity. In this session, we’ll show you the tools, the techniques, and critical, strategic steps needed to take to track down suspect activities. Review file activity and USB drive usage, find local passwords, and check for key logger software—all via tools hosted on the Ultimate USB Security Stick. You’ll master streamlined and elegant approaches and leave the session equipped to track down vulnerabilities and attacks. NOTE: Ultimate USB Security Stick is required for this class. Go online for details. T14 Wireless Security, Part 1 Tuesday 1:45–3:15pm Todd Lammle The first of a two-part program, Wireless Security shows you how to precisely secure your wireless LAN (WLAN) and Metropolitan Mobile Network (MMN), for both corporate and home networks. This valuable and informative course will teach you the beginnings of WLAN security, and review the benefits and drawbacks of security methods in use today. We’ll also look ahead to next-generation security methods so you can make well-informed decisions about WLAN security policies! T20 Wireless Security, Part 2 Tuesday 3:30–5:00pm Keith Parsons Following up on the first part of this two-part session, we’ll explore the dark side, using wireless tools to help us think and act like a WLAN hacker. You’ll see how vulnerable your wireless LAN might be—and what you need to do to protect it. No matter what you’ve heard, you really can secure that wireless network. We’ll perform hands-on exercises in-class like “war driving”, MAC spoofing, turning your laptop into an access point, and more. Just bring your own laptop, with either an internal or external wireless NIC, and take the plunge into hands-on wireless security! NOTE: Ultimate USB Security Stick is required for this class. Go online for details. W2 What You Can Do Now to Secure Your E-Mail Wednesday 8:30–10:00am Joern Wettern Social Engineering Monday 4:00–5:30 pm Keith Parsons Social engineering is the practice of obtaining confidential information by manipulating legitimate users. A talented hacker will often use the telephone or Internet to trick people into revealing sensitive information—such as a password or credit card number—or get them to do something that’s normally against policy. And just like that, a savvy hacker can punch right through many of your most sophisticated, technical defenses. This session will help you recognize and defend against social engineering-based attacks. T2 Security USB Stick you’ll use in this session. This is a mission-critical seminar if you’re serious about protecting your intranetwork from hackers and crackers! NOTE: Ultimate USB Security Stick is required for this class. Go online for details. Penetration Testing Tuesday 8:30–10:00am Keith Parsons Do you know if your systems and networks are adequately secure? There’s really only one way to find out—perform penetration testing to find out what a hacker might be able to see, find, or even steal from your systems. This session will teach you solid ethical hacking techniques and provide the skills you need to determine if your network and its hosts are vulnerable to hacking exploits. Best of all, all the tools for the session can be found on the Ultimate Securing your e-mail against viruses, spam, hacker attacks and other threats can seem like a gargantuan task. However, there are some simple steps you can take today to provide effective protection for your e-mail infrastructure. Many of these steps require little of your time and may be accomplished with the software you already have. In this session you will learn how to: • Design your e-mail infrastructure to provide secure client access without turning your firewall into Swiss cheese • Configure DNS so spammers leave you alone • Implement effective strategies for configuring Exchange Server and anti-spam software • Use Microsoft technologies to block viruses that spread via e-mail • Reduce administrative workloads and the impact of your security measures on users October 9-13, 2006 • LAS VEGAS Securing Content with Windows Rights Management Services Wednesday 10:15–11:45am Paul Adare Learn how to secure content within the enterprise using Windows Rights Management Services (RMS). This session includes high-level overviews of deployment considerations for an enterprise-wide implementation of RMS, as well as detailed discussion on architectural guidance, design, scalability, availability, and reliability for organizations of all sizes. An emphasis is put on understanding the end-to-end planning and process so attendees can accurately scope the amount of time and resources needed to implement RMS as rapidly and cost-effectively as possible. W14 Securing Web Applications with ISA Server 2006 Wednesday 2:15–3:45pm Beth Quinlan If you are an IT professional responsible for providing remote users with secure web access to internal resources, then this session is for you! ISA Server 2006 will help you protect web-based applications, services and data across all network layers with stateful packet inspection, application-layer filtering and comprehensive publishing tools. A key differentiator of the product is its high level of integration with mission-critical business applications and services, such as IIS, SharePoint Portal Server, Active Directory, and Exchange Server. The session will show you how to use ISA Server 2006 to enable a smoother user experience for published web applications, document libraries, and content while improving security and easing your administrative burden. W20 Windows Vista System Integrity Technologies Wednesday 4:00–5:30pm Steve Riley For most of the history of computing, operating systems have lived in their own little bubbles of trust. Every part of an operating system pretty much assumed that every other part was exactly what it claimed to be and performed only what it claimed it could do. Recent attacks, though, have shown that such implicit trust is no longer suitable for computers. A far more trustworthy operating system is one where the principle of least privilege is enforced throughout and where all operations are verified before taking action. Windows Vista will ship with several new system integrity technologies, including code integrity, secure startup, service hardening, mandatory integrity control, and Internet Explorer protected mode. Steve Riley will explore how these technologies work to thwart malware attempts to take over your computer. Th2 Making the Best Use of Group Policy to Secure Your Network Thursday 8:30–10:00am Beth Quinlan Are you responsible for implementing security policy on Windowsbased computers in your company’s network? Do you need to find an easy way to implement these policies? If so, take a closer look at the Windows Group Policy feature. Commonly used to configure client desktops, Group Policy is also a powerful way to enforce security policy. This session will show you how to: • Identify different security settings. • Use the powerful Group Policy Management Console to ease the administrative burden associated with security policy implementation. • Easily document and report on security settings that have been deployed to computers and users in your network. • Become aware of the important new policy settings in Windows Vista, and outline considerations for Group Policy in future versions of Windows client and server operating systems. Th8 Windows Vista Networking, Firewall, and IPsec Improvements Thursday 10:15–11:45am all-new from the ground up. The TCP/IP stack has been rebuilt for performance and security. There is support for the strong end-system model, a redesigned filtering engine, improved automatic performance fine-tuning, increased resiliency against TCP/IP-based denial-of-service attacks, and full IPv6 support. The firewall includes all Windows XP SP2 functionality plus outbound filtering, enforcement of service hardening communications, an automatic no-exceptions mode for unpatched systems, and more. IPsec’s enhancements include simplified policies to speed connection time, a redesigned user interface, user-based policies, applicationaware policies, more troubleshooting and diagnostic tools, and much more. Th14 Effective Computer Lockdown Thursday 2:15–3:45 pm Joern Wettern Administrators often struggle to configure computers so they can only perform limited tasks, while remaining protected against configuration changes by users. The challenge grows for shared systems like Internet kiosks, where user data must be purged between log ins. In this session, you will learn how to use Microsoft’s Shared Computer Toolkit to perform important lockdown tasks for shared systems, whether it’s a tightly-protected public kiosk or a shared client PC in the enterprise. Th20 Microsoft Certificate Lifecycle Manager Deep Dive Thursday 4:00–5:30pm Paul Adare Get a detailed description and demonstration of the key design elements of the Microsoft Certificate Lifecycle Manager. You’ll learn how these elements can be leveraged to simplify deployment of digital certificates and smart cards in your organization. You’ll also gain a better understanding of how to customize CLM, taking an indepth look at how implementing policies and work-flows can positively impact the end-to-end lifecycle of digital certificates and smart cards. You’ll also see how end-user self service functionality can be used to reduce cost and overhead for IT departments. This session benefits IT administrators/implementers, IT decision makers, and IT architects alike. F2 Security Myths Debunked Friday 8:30–10:00am Joern Wettern There’s a lot of bad advice out there—especially in the area of network and systems security. In some cases, the bad information has been repeated so often that it is now accepted as common knowledge. In this session, Joern will debunk some of the most egregious security myths. You will learn that some configurations may make you feel good, but really don’t do a thing to enhance security. Most important, your improved understanding will help create a more secure network. Some of the topics covered are: • Why hardware firewalls can be less secure than software firewalls • How a DMZ can lower the overall security of your network • Why Network Address Translation is not a security technology • When complex passwords are a bad idea • Why it’s impossible to secure your network—and why it’s still worthwhile to do it F8 Attacker Trends and Techniques: An Update Friday 10:15–11:45am Steve Riley The bad guys keep getting better. They’re constantly changing their tactics and inventing new techniques to cause harm. Why do they do this? What motivates someone to—commit computerrelated crimes? How have the attacks changed and improved, and what kinds of attacks can we expect to see in the future? Steve will help you understand the latest in attacker trends and techniques, so that you can plan appropriately and implement effective processes and technologies to mitigate their threats. Steve Riley Security W8 What’s new with Windows Vista? Its networking components are TechMentorEvents.com 15 System and Network Troubleshooting T1 Tuesday 8:30am–10:00am Y ou can pick up any old book and learn how to install a new system. But knowing how to fix that system when it breaks takes real experience down in the trenches. Properly troubleshooting a failing server means getting it back up fast—and in some cases, fixing it before it ever went down. Sign up for the System and Network Troubleshooting Track and learn the very best tips, tricks, and real world solutions to the thorniest problems. Featuring instructors with real-world experience in complicated environments and sessions that run the gamut of your Windows network, you will leave with solutions you can immediately implement in your company’s network. Led by popular instructor and Redmond magazine contributor Greg Shields, the System and Network Troubleshooting Track is your fast-track to results! M1 Patch Management 101: Tools & Techniques to Keep your Network Safe Monday 12:30–2:00pm Greg Shields Applying patches is like changing the oil in your car. You don’t really have to do it every month or every three months. But if you don’t, you’ll eventually be sorry. What’s makes it worse is the combination of hundreds of patches times hundreds or thousands of machines makes doing it every month a logistical nightmare. In this session on patch management strategies, we’ll discuss some tried and tested best practices used by successful companies for managing this expensive and time-consuming monthly activity. Don’t miss this session! Your network will thank you. System and Network Troubleshooting M7 16 Understanding and Troubleshooting User Profiles Monday 2:15–3:45pm Darren Mar-Elia Has there ever been a Microsoft technology more problematic than user profiles? How about roaming user profiles? This session will look in-depth at the different types of profiles, how user profiles work, the challenges of using roaming profiles and how you can troubleshoot and resolve common profile issues. We’ll look at tools and techniques for troubleshooting remote profile problems and best practices for ensuring the minimum of profile problems within your environment. M13 The Accidental DBA’s Guide to Microsoft’s Mandatory Databases – MSDE & SQL Server Express Monday 4:00–5:30pm Getting Down & Dirty with Group Policy Functionality Mark Minasi Microsoft has released tons of free network management utilities over the years. But recently they’ve all had one thing in common: they need a real-live SQL Server to run. And unless you want to shell out a few kilobucks for SQL Server 2000 or 2005, then you’re going to be using the Microsoft SQL Server Desktop Engine (MSDE) or its successor SQL Server 2005 Express Edition (SSX). They’re just like SQL Server... except that they don’t have any GUI administration tools. In this comprehensive talk, Mark solves the plight of the “accidental DBA” with a top-to-bottom look at what MSDE/SSX are, how to install then, how to secure them and run them, including 25 “cookbooks” to solve common problems and perform basic maintenance. SQL administration’s not just for DBAs any more, so who better to make it easy than master elucidator Mark Minasi? Darren Mar-Elia There are a lot of moving parts in Group Policy. Ensuring a functional Group Policy deployment means learning how Group Policy is structured, how its processed and where things can go wrong. This session will focus on increasing your understanding of Group Policy internals and processing. You’ll get inside knowledge on the most problematic areas of policy and learn how to deal with them should they arise in your environment using the logs and tools that are provided in the box. T7 What’s New with Group Policy in Windows Vista Tuesday 10:15–11:45am Darren Mar-Elia There are a number of significant advances coming for Group Policy in Windows Vista. From the subtle changes like the new Group Policy client service to the big ones, like the total overhaul of ADM files, this session will expose you to the good stuff in Vista GP and will describe how you can take advantage of it in a mixed Vista and XP world. We’ll also walk through some of the new policy areas supported in Vista, like power management, pushed printers and USB device lockdown. T13 Using, Troubleshooting, and Customizing the Security Configuration Wizard Tuesday 1:45–3:15pm Greg Shields As of late 2005, SANS reports an average of 15 minutes between attacks on Internet-facing servers. This means that within 15 minutes another bad guy will attempt to hack your network. Under this constant stress, you’ve got to be smart about securing your servers. Get smart with the SCW, a comprehensive but complicated tool for taking the guesswork out of this task. In this broad and very deep session we’ll discuss how to properly use the SCW and we’ll delve deep into its customizable XML back-end. You’ll take away the code you need to make it protect all your network assets. T19 Be Gone Ye’ SpyWare! Ridding IE of SpyWare for Good Tuesday 3:30–5:00pm Greg Shields Passwords going where? Give money to whom? I just won what? Who writes this stuff anyway? You don’t have to know who writes it, but you do have to get it out of your network. SpyWare and its annoying brothers, AdWare and MalWare, are a growing threat to the Internet, and the tools to get rid of it are immature at best. In this session, we’ll look at what’s available for excising it as well as examining the mechanics of a SpyWare infection. You’ll leave this session having learned the tricks to make yourself your own SpyWare scanner. W1 The Good, the Bad and the Really Ugly about Microsoft’s FRS Wednesday 8:30–10:00am Rhonda Layfield Is Windows File Replication Service giving you heartburn? Do you love it when it works and hate it when it doesn’t? In this deeply technical session, you’ll troubleshoot failed Group Policy Objects by understanding how they’re replicated with FRS and learn all the steps FRS takes in transferring files across the network. Learn about tools that can help you monitor and troubleshoot your FRS environment. October 9-13, 2006 • LAS VEGAS The Windows Troubleshooter’s Guide to DNS Wednesday 10:15–11:45am Greg Shields DNS has been around since the dawn of the Internet, but many Windows administrators still don’t fully understand it. As the backbone of Active Directory, it’s also a necessary evil for connecting your intranet. In this session, we’ll sort the truths from the untruths, learn how to keep it healthy, and how to troubleshoot it when it’s not. You’ll leave with a better understanding and a greater respect for your network’s biggest three letter four-letter word. W13 Top Tricks for Monitoring and Analyzing System Performance Wednesday 2:15–3:45pm Greg Shields Solving the most difficult system problems often means comparing its performance during the problem with how it behaved before the problem ever occurred. Keeping an eye on your systems’ performance is the most overlooked responsibility of a systems administrator. No more! In this session, you’ll learn about the best tools – both free and non-free – for monitoring, managing, and alerting on system performance issues. We’ll discuss how to use performance indicators as a measurement for solving problems, and you’ll come away knowing how to watch your performance logs for signs of trouble. W19 Finding and Fixing the Nastiest Active Directory Problems Wednesday 4:00–5:30pm Mark Minasi AD’s pretty reliable—quite reliable, in fact—sometimes things go wrong anyway. Domain controllers can get disconnected from other DCs, leading to replication problems and group policy failures. DNS can get stupid, leading to... well, leading to a wide variety of troubles. Administrators can be distracted while changing something in AD, laying waste to entire sections of AD—and creating a need for fast repair. And even IF none of those things happen, Active Directory is just a database, and even the best database needs a bit of database administration. Join battle-scarred AD veteran Mark Minasi in an examination of what can go wrong with AD, what to do about it, and maybe even have a few laughs in the process. Th1 Windows Authentications Revealed Thursday 8:30–10:00am Mark Minasi Every day we log into our Windows systems, but what really happens when we do? How do workstations and domain controllers exchange logon information without revealing passwords? Let veteran Windows expert Mark Minasi show you how logins work, what happens when they don’t work (and how to fix them) and how to better secure them. He’ll help you understand where Microsoft’s login protocols are secure, and where they aren’t. After this session, you’ll know exactly what terms like “ticket-granting service” and “service principal name” mean. Th7 Th13 Tuning, Troubleshooting, and Taming Terminal Services Thursday 2:15–3:45pm Terminal Services has been an integral part of the Windows operating system since 1998. That means we’ve had a lot of time to play with it and a lot of time to see it break. In this session, you’ll fix some of TS’s biggest problems and discuss how to tune it for best performance. We’ll discuss proven practices for setting up Terminal Services in both LAN and WAN environments. Best of all, you’ll learn exactly how to hack your terminal servers to eek out the very best performance. Th19 Ask the Troubleshooting Experts Thursday 4:00–5:30pm Greg Shields, Mark Minasi, Rhonda Layfield Missed the Consulting Hour at the Exhibit Hall? Got a hugely complicated question that’s plaguing your business and need an answer? Want to see what problems others are having in the IT field today? Come join the Troubleshooting Experts Mark Minasi, Rhonda Layfield, Don Jones and Greg Shields for a full 90 minute roundtable all about your problems. Together we can fix that nagging problem that brought you to TechMentor in the first place! F1 The Best Free Tools for Windows Server Troubleshooting Friday 8:30–10:00am Greg Shields Why buy anything if you can get it for free? With the hundreds of free tools out on the Internet, you can find one that’ll do just about anything—finding the right one is the hard part. For this session, Master Toolsmith Greg Shields shares the ones in his quiver for easing the burden of systems administration—without having to beg for money from the boss. Bring your USB hard drive to this session and you’ll leave with a thumb full of useful freebies. F7 Documentation & Change Control: Hating it to Loving it in 90 Minutes Friday 10:15–11:45am Greg Shields Do you hate documentation? Or maybe just want to learn how to do it better? Do you yearn for more control in your work? Non-stop firefighting gets the adrenaline going, but it’s a primary cause of “lack of sleep”, “lack of vacation”, and “lack of life outside work”. If you’re constantly firefighting to keep the network running, you’ve got more than a technical problem: You’ve got a process problem. In this session, we’ll douse those flames by showing you how to write great documents and implement processes to stabilize your environment. You’ll leave with proven practices and fill-in-the-blank documents that will stabilize your network and give your life back. When WSUS Goes Bad: Troubleshooting Windows Update Thursday 10:15–11:45am Greg Shields Greg Shields WSUS and Windows Update have been around for a while. But did you know they’re components of a holistic patching engine that is completely changing how we do updates? In this high-tech session learn more about the Windows Update Agent and WSUS – including a peek at the upcoming WSUS 3.0. Digging deep into this amazing new service, we’ll detail the do’s and don’ts for getting it working properly on your network. Plus, you’ll take home six useful scripts that’ll automate some of the most difficult and annoying parts of your WSUS installation. TechMentorEvents.com System and Network Troubleshooting W7 17 Hotel & Travel Information Rio All-Suite Hotel & Casino 3700 W. Flamingo Las Vegas, NV 89103 Phone: 1-888-746-6955 Avis Rent-a-Car is offering TechMentor attendees a discount from October 2 through October 20. To receive the discounted daily and weekly rates, call Avis at 1.800.331.1600 or go to http://tinyurl.com/b65u5 and use Avis Worldwide Discount number D005872. Conference Registration Each attendee will have access to: > All Courses > Keynotes > Exhibit Hall > Receptions > Consulting Hour with Instructors > Networking Events > Lunches and Morning Pastries > Conference Bag > T-shirt with Completed Survey > Printed Course Notes (for registered courses only) > NEW! CD of All Course Notes (excludes Crash Course notes) Early Bird Price (By September 1) $1,499 Regular Price (After September 1) $1,699 Registration and Travel Information TechMentor has negotiated a special room rate of $169 single/double for attendees. Attendees must book their accommodations by September 14, 2006 to receive the discount. After that date regular room rates will apply. Rooms at the special rate are available from October 7 through October 13, based on availability. 18 To make reservations, call 1.888.746.6955 and mention the group code S10TCH6 and the TechMentor conference to receive your discount. American Airlines is offering discounts from any published domestic fare for travel to Las Vegas between October 6 and October 16. Mileage members can receive full credit for all American miles flown to attend this conference. For discounts please call American Airlines at 1.800.433.1790, reference number #08H6AB. You must make your reservation by phone to receive the discount. HOW TO REGISTER Online: Phone: Fax: Mail: TechMentorEvents.com 1.800.280.6218 (8:00am – 5:00pm PST) 1.541.346.3545 TechMentor Registration 1277 University of Oregon Eugene, OR 97403-1277 Onsite: You may register for the conference onsite. However space is limited and admission cannot be guaranteed. Questions? Phone: 1.800.280.6218 (8:00am – 5:00pm PST) Email: TMREG@continue.uoregon.edu Web: TechMentorEvents.com Pre-Conference Crash Courses Early Bird Price (By September 1) $225 Regular Price (After September 1) $275 Group Discounts When you register 4-9 colleagues from the same company, each attendee pays only $1,299 per person. Register 10 or more for only $1,199 per person. To register a group and for more information, call Sara Ross at 972.506.9027 or email at sross@1105media.com. Alumni Discount We value our alumni! Attendees of any TechMentor Event from 2001-2006 qualify to receive a $100 discount. Combine this discount with Early Bird registration for a savings of $300. To qualify for the discount please include which conference or summit you attended. This discount does not apply to group pricing. Attendee Networking Forum Network with your peers before the conference begins. Check the “Attendee Networking Forum” box when you register and we’ll send you an e-mail with attendee contact information about a week before the event. It’s a great way to start networking before you arrive in Las Vegas. Refund and Cancellation Policy Registration is transferable with written authorization. Cancellations must be in writing and postmarked before the cancellation deadline. Cancellations must be made by September 1, 2006 and will be subject to a $250 cancellation fee. Cancellations made after September 1, 2006 as well as “no shows” are liable for the full registration fee. TechMentor’s Federal Tax I.D. Number is 95-4758348 TechMentor Conferences are a division of 1105 Media, Inc. October 9-13, 2006 • LAS VEGAS Pre-Conference Crash Courses Monday, October 9 Monday, October 9 Workstation CC1 VMWare and ESX Crash Course Greg Shields CC2 Networking Crash Course Todd Lammle CC3 Vista Crash Course Mark Minasi 8:00-11:30am SYSTEM & NETWORK TROUBLESHOOTING 12:30-2:00pm SCRIPTING AND AUTOMATION SECURITY Management 101: Anonymous Computer M1 Patch Tools & Techniques to M2 Usage Keep Your Network Safe Todd Lammle M3 VBScript Fundamentals, Part 1 M9 VBScript Fundamentals, Part 2 Don Jones Greg Shields 2:15-3:45pm M7 Understanding and Troubleshooting User Profiles M8 Network Analysis Todd Lammle Don Jones Darren Mar-Elia 4:00-5:30pm Tuesday, 8:30-10:00am October 10 M13 The Accidental DBA’s Guide to Microsoft’s Mandatory Databases—MSDE & SQL Server Express Mark Minasi Down & Dirty T1 Getting with Group Policy Functionality M14 Social Engineering Keith Parsons Debugging and M15 VBScript Error Handling Don Jones T2 Penetration Testing and Windows T3 VBScript Management Instrumentation (WMI) T8 T9 Keith Parsons Darren Mar-Elia 10:15-11:45am T7 What’s New with Group Policy in Windows Vista Darren Mar-Elia Don Jones Computer Forensics Keith Parsons VBScript and Active Directory Services Interface (ADSI) Don Jones 1:45-3:15pm 3:30-5:00pm T13 T19 Using, Troubleshooting, and Customizing the Security Configuration Wizard Greg Shields T14 Wireless Security, Part 1 Be Gone Ye’ SpyWare: Ridding IE of Spyware for Good T20 Wireless Security, Part 2 Todd Lammle Keith Parsons T15 Writing Inventory Scripts T21 VBScript and Databases Don Jones Don Jones Greg Shields Wednesday, 8:30-10:00am October 11 Good, the Bad, and W1 The the Really Ugly of Microsoft’s FRS You Can Do Now to PowerShell W2 What Secure Your E-Mail W3 Windows (“Monad”) Scripting, Part 1 Joern Wettern Don Jones Rhonda Layfield 10:15-11:45am Windows Securing Content with W7 The Troubleshooter’s Guide to W8 Windows Rights DNS Management Services Greg Shields 2:15-3:45pm Don Jones Paul Adare Tricks for Monitoring Securing Web Command-Line W13 Top and Analyzing System W14 Applications with ISA W15 Scripting, Part 1 Performance Server 2006 Greg Shields 4:00-5:30pm PowerShell W9 Windows (WPS) Scripting, Part 2 Jeff Hicks Beth Quinlan and Fixing the Windows Vista System Command-Line W19 Finding Nastiest Active W20 Integrity Technologies W21 Scripting, Part 2 Directory Problems Steve Riley Jeff Hicks Program-At-A-Glance Mark Minasi Thursday, 8:30-10:00am October 12 Authentications the Best Use of Windows PowerShell Revealed Group Policy to Secure (WPS, formerly code-named Th1 Windows Th2 Making Th3 Your Network “Monad”) Scripting Mark Minasi Beth Quinlan 10:15-11:45am Th7 When WSUS Goes Bad: Troubleshooting Windows Update Th8 Windows Vista Networking, Firewall, and IPsec Improvements Greg Shields 2:15-3:45pm Th13 Tuning, Troubleshooting, and Taming Terminal Services Th9 Th14 Joern Wettern Don Jones VBScript with a GUI: HTML Applications (HTAs) Steve Riley Effective Computer Lockdown Don Jones Th15 Script Without Scripting Jeff Hicks Greg Shields 4:00-5:30pm the Troubleshooting Certificate Automating Windows Th19 Ask Experts Th20 Microsoft Lifecycle Manager Th21 Desktop Administration Deep Dive Troubleshooting Speakers Jeff Hicks Paul Adare 8:30-10:00am Friday, October 13 F1 The Best Free Tools for Windows Server Troubleshooting F2 Security Myths Debunked Joern Wettern F3 Top Tricks of the Scripting Pros Don Jones Greg Shields 10:15-11:45am & Change Attacker Trends and F7 Documentation Control: Hating It to Loving F8 Techniques: an Update It in 90 Minutes Steve Riley 4 Overview Greg Shields VBScript Tips, F9 Advanced Techniques, and Practices Don Jones CC4 Linux/Windows Integration Crash Course Jeremy Moskowitz Group CC5 Troubleshooting Policy Crash Course Derek Melber EXCHANGE/SQL SERVER M4 Overview of Exchange Server 2007 Bharat Suneja MCSA M5 MCSE MCSA: Attended and Unattended Installs and Upgrades M6 MCSE: Physical and Logical Devices Rick Taylor Monday, October 9 Bruce Rougeau M10 Messaging Hygiene in Exchange 2003 & Beyond: 2003, 2003 SP2, Exchange 2007 Bharat Suneja Data Access, File M11 MCSA: System, and Printing M12 MCSE: Resource Access Bruce Rougeau Derek Melber Exchange for Windows 2003/XP MCSE: RAS and Remote M16 Designing Performance M17 MCSA: System Configuration M18 Administration and Backup Strategies Sekou Page Rick Taylor Bruce Rougeau Virtual Servers and MCSA: Active Directory, T4 SMTP SMTP Connectors: How to T5 Part 1 Configure SMTP in Exchange Bruce Rougeau Server 2003 T6 MCSE: Name Resolution Rhonda Layfield Tuesday, October 10 Bharat Suneja Exchange with MCSA: Active Directory, MCSE: Manage Users, T10 Clustering T12 Exchange Server 2003 & T11 Part 2 Computers, and Groups 2007 Bruce Rougeau Derek Melber Bharat Suneja T16 Troubleshooting DNS for Exchange Sekou Page T17 MCSA: Disk Management Bruce Rougeau T18 MCSE: Networking Concepts and Principles Derek Melber Recovery Terminal Services MCSE: Network Security T22 Disaster Planning for Exchange T23 MCSA: and Remote T24 Troubleshooting Sekou Page Rick Taylor Bruce Rougeau MCSA: Performance and Active MCSE: IIS and IIS Security W4 Exchange Directory Availibility Issues W5 Monitoring and System W6 Recovery Strategies Dmitri Daiter Rick Taylor Wednesday, October 11 Bruce Rougeau Side Exchange W10 Client Troubleshooting Dmitri Daiter TCP/IP W11 MCSA: Configuration and DHCP Issues Active Directory, W12 MCSE: Part 1 Derek Melber Bruce Rougeau SMTP DNS Configuration Active Directory, W16 Troubleshooting for Exchange W17 MCSA: and Troubleshooting W18 MCSE: Part 2 Sekou Page Configuring W23 MCSA: Routing and Remote Access Sekou Page Th4 SQL Server 2005 Reporting Services Managing and W24 MCSE: Monitoring Performance Rick Taylor Bruce Rougeau Th5 MCSA: 70-290 Exam Prep Bruce Rougeau Eric Johnson Th10 Monitoring and Optimizing SQL Server 2005 Performance Th11 Th16 SQL Server Integration Services Th17 MCSA: Troubleshooting RAS Policies and Capturing Passwords with Anil Desai Network Monitor Bruce Rougeau Eric Johnson Derek Melber MCSA: Role-Based Security and Security Templates Th6 MCSE: Introdcution to GPOs Derek Melber Th12 MCSE: Disaster Recovery and Backups Th18 Repeat – MCSE: Introduction to GPOs Thursday, October 12 Rick Taylor Derek Melber Bruce Rougeau SQL Server Th22 Securing 2005 Anil Desai Web Services and MCSE: Advanced GPOs Th23 MCSA: Service Pack and Hotfix Th24 Assessment and Deploy- Derek Melber ment F4 Replication in SQL Server 2005 Eric Johnson Server 2005 F10 SQL Data Protection and High Availability Anil Desai F5 Bruce Rougeau MCSA: IPSec Security Principles Bruce Rougeau Certificate F11 MCSA: Strategy and Planning Bruce Rougeau F6 MCSE: PKI and Certificates Rick Taylor F12 MCSE: Review Session Friday, October 13 Program-At-A-Glance a Highly W22 Architecting Secure Messaging Environment Bruce Rougeau Rick Taylor 5 HOW TO REGISTER ONLINE: TechMentorEvents.com REGISTRATION FORM FAX: 541.346.3545 First Name PHONE: 800.280.6218 Last Name MAIL with full payment to: TechMentor Registration 1277 University of Oregon Eugene, OR 97403-1277 Title Company Address City State/Province Zip/Postal Code Country Phone Fax Email *Your email address is used to communicate with you about conference registration. Vendor Marketing Code ____________________ Promo Code ____________________ Attendee Networking Forum – Yes, I want to participate in pre-conference networking via email. Which certification titles do you currently hold? Please check all that apply: MCP MCDST MCSA MCSE MCSD MCDBA MCT Other None PROGRAM SELECTION TechMentor Conference – $1,499 (Before September 1), $1,699 (After September 1) Select Track: Exchange/SQL MCSA MCSE Scripting Security Troubleshooting Pre-Conf Crash Course – $225 (Before September 1), $275 (After September 1) CC1 - VMWare Workstation and ESX Crash Course CC2 - Networking Crash Course CC3 - Vista Crash Course CC4 - Linux/Windows Integration Crash Course CC5 - Troubleshooting Group Policy Crash Course Additional Options Ultimate USB Security Stick - $150 (Required for Security Track sessions: M2, M8, T2, T8, T20) MCSA: Windows Server 2003 Core Requirements (70-270, 70-290, 70-291), 2nd Edition, Sybex/Wiley - $60 (50% off list; strongly recommended for MCSA Track) MCSE: Windows Server 2003 Certification Kit (70-290, 70-291, 70-293, 70-294) 2nd Edition, Sybex/Wiley - $80 (50% off list; recommended for MCSE Track) $100 Alumni Discount: Previous TechMentor event attended in 2001-2006: City ________________________ Date _________________ Group Registration: please call Sara Ross at 972.506.9027 to register. PAYMENT Check enclosed (payable to 1105 Media, in U.S. dollars drawn on a U.S. bank) Visa MasterCard American Express Discover Card Number ________________________________________________________________________________ Expiration Date ______________ Cardholder Name ____________________________________________ Signature ___________________________________________________ Cardholder Address (if different than above) ___________________________________________________________________________________ To confirm your registration, a guarantee of payment is required. Remit check or credit card. If you need an invoice please call 800.280.6218 or email TMREG@continue.uoregon.edu. To pay by purchase order, please include a copy of your P.O. with your faxed or mailed registration. Registration fees must be paid in full before the start of the event. SESSION SELECTIONS After receiving your email confirmation code, you may go online and select the breakout sessions you are interested in attending. You may attend ANY session in any track offered at TechMentor as long as space permits. Registration Form Total Fee ___________________________________ 19 OCTOBER 9-13, 2006 LAS VEGAS Network and Certification Training for Windows Professionals Knowledgeable, Accessible Instructors » Learn from Mark Minasi, Todd Lammle, Derek Melber and others. Real-World Training » Learn the new features of Windows Vista. » Improve your network security. » Diagnose and repair common network problems. Peer Networking » Problem solve with peers during networking events. Certification Prep » Upgrade your skills to Windows 2003 with the MCSA and MCSE tracks. Sponsors and Exhibitors (as of June 30) TechMentorEvents.com 9121 Oakdale Avenue Suite 101 Chatsworth, CA 91311 PRESORTED FIRST CLASS MAIL U.S. POSTAGE PAID Richmond, VA Permit #930