Slashdot Mirror

GM did you a favor. I have a Kia with the Microsoft system. An Apple iPhone can crash the system so hard that it needs a full reboot. You have to stop the car, turn the engine-off and restart to get the phone interface working again. The system doesn't work with Android properly either. I assume Microsoft's system must work well with a Zune or a Lumia phone, however I have never seen one to try it out. :-)

Keep the engine stuff separate than the entertainment stuff. If you let Microsoft near your car controls, then it will be like the old Bill Gates compares Windows to a GM car joke.

While Linux is technically better in some areas, the commercial push and the huge ecosystem of HW and SW vendors generally make Windows work much better. The command line is simply not needed that much in Windows because the various graphical tools for configuring things are more advanced. What comes to PowerShell, you really have to adapt from the UNIX world and find out the PS way of doing things. Especially the object oriented data manipulation has a different feeling to it. They have done some nice things to modernize the CLI and some parts of PowerShell actually are more highly developed than Bash. However I completely agree that a package management system would greatly improve Windows.

I don't & mainly because of these 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) ... here tis:

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL

I suggest taking a look at Windows Server 2012 File Server role - W2K12 - deduplication is an in box feature
- SMB Multichannel - better performance uisng 4 TCP channels
- Storage Spaces - SAN like features with no special hardware (this is not dynamic volume)
- Thin provisioning - using Spaces, Windows can create TP LUNs
- NFS 4 server - in box role in W2K12
- Resilient File System (ReFS) - high degree of compatibility with the most common NTFS features, but has resiliency and scalability features that go beyond NTFS
- Windows Server Backup - now supports backup to the cloud (in box feature)
- Support for Hyper-V VMs - now Hyper-V supports running VMs using a file server and SMB 3.0
- Scale-out - with more than one server, File Server can be configured in a scale out mode for better scalability

Sources:
http://www.windowsnetworking.com/articles_tutorials/Overview-File-Server-Role-Windows-Server-8-Failover-Clustering.html
http://www.windowsitpro.com/article/windows-server/top-ten-windows-server-2012-storage-enhancements-143157
http://blogs.technet.com/b/windowsserver/archive/2012/03/28/microsoft-online-backup-service.aspx
http://blogs.technet.com/b/bettertogether/archive/2012/07/21/windows-server-2012-part2-virtualization-enhancements-scalability-amp-flexibility.aspx
http://www.microsoft.com/en-us/server-cloud/windows-server/2012-editions.aspx

Full disclosure: I do work for Microsoft. I am a senior program manager on the Virtual Machine Manager team. I work on Storage Automation using SNIA SMI-S/ My blog is: http://blogs.technet.com/b/hectorl

XP has prefetch but it will cache an application you load once and as such you want to periodically remove old files. This is probably one of the big reasons XP gets slower over time. A simple scheduled task could fix it.

Windows 7 is agonizingly slower than Windows XP on machines with slow disk. I have a laptop that boots Windows 7 in literally twice the time it booted XP. It never worked right on XP which is the only reason I'm running 7. It came with Vista, which is the only OS on which suspend/resume works correctly. I get video corruption under Linux with my AMD R690M chipset, which really ought to work correctly with the open source driver because of its vintage; I presume that AMD has not released sufficient information to support it properly because I've had the same problems for a very long time now and through many revisions of the driver.

Googling for something on the impact shifting to IPv6 got me to this pre 2006 article: http://www.windowsnetworking.com/articles_tutorials/IPv6-Support-Microsoft-Windows.html

A good read. Seems that although there is limited IPv6 support on Win95/98, but it is better to just dump the OS when the time comes. It seems that fun times are to be had in the new feature for sysadmins and techs everywhere...

I am just embarking on a project to do exactly what the OP is asking for. Windows Server 2003 has an indexing service you can setup. http://www.windowsnetworking.com/articles_tutorials/Working-With-Windows-Server-2003-Indexing-Service.html It is limited in its own form but provides the back-end tools you need.

Combine that with the next article from that site and you have a solution: http://www.windowsnetworking.com/articles_tutorials/Making-Windows-Server-2003-Indexing-Service-Useful.html

This article shows you how to use the Indexing service from an ASP script. The solution I am working on will be done in PHP as it can also link to COM applications. This basically allows you to put a file search tool on your Intranet which is indexed and returns the results very quickly. Best of all, it uses existing software on Windows and doesn't cost any extra.

I am just embarking on a project to do exactly what the OP is asking for. Windows Server 2003 has an indexing service you can setup. http://www.windowsnetworking.com/articles_tutorials/Working-With-Windows-Server-2003-Indexing-Service.html It is limited in its own form but provides the back-end tools you need.

Combine that with the next article from that site and you have a solution: http://www.windowsnetworking.com/articles_tutorials/Making-Windows-Server-2003-Indexing-Service-Useful.html

This article shows you how to use the Indexing service from an ASP script. The solution I am working on will be done in PHP as it can also link to COM applications. This basically allows you to put a file search tool on your Intranet which is indexed and returns the results very quickly. Best of all, it uses existing software on Windows and doesn't cost any extra.

I did wonder if it was something like that, but if you can create a bash script then you can also create a logon script: use something like

net use U: /del
net use P: /del
net use U: \\MY_SERVER\users
net use P: \\MY_other_server\public

in your Windows logon script then it will auto-mount the drives (without any annoying messages resulting from a persistent share not being able to find the network path when you're not on the Uni network). We use that kind of thing in our logon scripts at work.

(copied the script lines above from http://www.windowsnetworking.com/kbase/WindowsTips/WindowsNT/AdminTips/Logon/WindowsNTLoginScriptTricksandTips.html )

"when I first saw this article, I immediately thought "Bloat."" - by A. B3ttik (1344591) on Friday February 27, @10:48AM (#27012387)

On bloat (& more that's adversely affecting the IP Stack)?

Take a read:

Here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)...

This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on

"when I first saw this article, I immediately thought "Bloat."" - by A. B3ttik (1344591) on Friday February 27, @10:48AM (#27012387)

On bloat (& more that's adversely affecting the IP Stack)?

Take a read:

Here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)...

This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on

See my subject-line, because here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.) as examples thereof:

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)...

This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall ge

Here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)...

This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)...

Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature, especially for the concept of LAYERED SECURITY... so, why was it removed? The reasons given by the VISTA reskit in my p.s. below are COMPLETELY lame but, judge for yourselves later below. Read on...

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allow

Here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)...

This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)...

Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature, especially for the concept of LAYERED SECURITY... so, why was it removed? The reasons given by the VISTA reskit in my p.s. below are COMPLETELY lame but, judge for yourselves later below. Read on...

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allow

Here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)...

This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Filtering is

Here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx [msdn.com]

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ [windowsnetworking.com] )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Filter

Here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Filterin

"Windows 2008 suffers from the same atrocious network performance problems than Vista. DPCs made by the network drivers use too much CPU time when transfering data over a 100Mbps-1Gbps network link." - by this great guy (922511) on Saturday February 28, @08:25PM (#27026449)

Good points, & historically they've plagued VISTA (&, in the case of filecopies, even older MS OS to an extent/afaik) & in the case of media file playback being affected adversely in VISTA, it has to do with caching, & iirc, specifically caching of network reads regarding media files (don't quote me on the specifics here though, I don't use VISTA, but also read about what you stated around a year++ ago)...

Here are 2 more points for you to be aware of:

(2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of th

2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx [msdn.com]

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ [windowsnetworking.com] ) ... here tis:

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generall

"2k3 just works. Does anyone have a compelling reason to use 2k8?" - by bdsesq (515351) on Saturday February 28, @12:41PM (#27023705)

I don't & mainly because of these 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) ... here tis:

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another

2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) ... here tis:

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Fil

"I run a few 2k8 servers and must say that there are very few features that distinguish it from 2k3" - by itzdandy (183397) on Saturday February 28, @12:24PM (#27023603) Homepage

2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) ... here tis:

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that a

2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) ... here tis:

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Fil

I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) ... here tis:

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service
(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Filtering is quite simple also (even easier imo, provided you know what port's involved, & that's what the IANA lists are for, after all).

AND

Once a malware gets inside? One of the FIRST things it does, is disable a software firewall... & with NO OTHER BARRIERS IN THE WAY, such as PORT FILTERING RULES (which because they work @ an unrelated level (drivers-wise), in the IP stack, makes it an actual advantage because it cannot be 'taken out' from a single point of attack (though, perhaps MS is saying a single point of control is the advantage in their method, it still lends itself to being taken down from a single place too by the same token - imo? A "catch-22" situation, quite possibly & MOST likely)?

You get, what you get (infested systems galore online today).

APK

P.S.=> Mr. Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) & I are currently in progress searching for the reasoning behind the removal of 0 as a valid IP blocking address in a HOSTS file, but even HE was unaware of WHY this was done... but, with any luck? We're going to find out - &, I'll let you all know, here, if the thread isn't dead by then... apk

I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) ... here tis:

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service
(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Filtering is quite simple also (even easier imo, provided you know what port's involved, & that's what the IANA lists are for, after all).

AND

Once a malware gets inside? One of the FIRST things it does, is disable a software firewall... & with NO OTHER BARRIERS IN THE WAY, such as PORT FILTERING RULES (which because they work @ an unrelated level (drivers-wise), in the IP stack, makes it an actual advantage because it cannot be 'taken out' from a single point of attack (though, perhaps MS is saying a single point of control is the advantage in their method, it still lends itself to being taken down from a single place too by the same token - imo? A "catch-22" situation, quite possibly & MOST likely)?

You get, what you get (infested systems galore online today).

APK

P.S.=> Mr. Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) & I are currently in progress searching for the reasoning behind the removal of 0 as a valid IP blocking address in a HOSTS file, but even HE was unaware of WHY this was done... but, with any luck? We're going to find out - &, I'll let you all know, here, if the thread isn't dead by then... apk

As far as I know, Windows Vista has a rewritten TCP/IP stack.

http://www.windowsnetworking.com/articles_tutorials/TCP-IP-Networking-Windows-Vista.html

but let's not make it obvious with a new share that an additional volume is mounted.

You could give this this regkey value a try and see if it takes care of your concern. Supposedly it prevents Windows from automatically creating those shares.

Except that the only thing that requires reactivation is a new motherboard.
Assuming you are talking about retail or whitebox OEM (big brand OEM uses a completely different system) it is a tally of various hardware components.

It is possible to go over the limit without replacing the motherboard, especially if the motherboad doesn't have a built in lan port (or it has one but it's disabled).

BTW I would strongly reccomend backing up your activation data so a clean reinstall does not mean needing to reactivate. Afaict when you reactivate with any hardware (or possiblly even driver) changes at all MS can't tell the difference between that and trying to activate on completely different hardware.

http://www.windowsnetworking.com/kbase/WindowsTips/WindowsNT/UserTips/Miscellaneous/BackupRestoreXPActivation.html

If anyone has a better method let me know.

There are three parts of Windows Desktop search that I can see

1. WindowsSearch.exe
2. Windows Search Service
3. Windows search Deskbar

To disable #1 you can create a software restriction policy. Follow the instructions for creating a Hash Rule here. Using a hash is best because it will work no matter where the application is launched from though you may have to update the policy if someone installs a newer version. More info on Software policies can be found here

You might not actually want to disable #2 because I'm not sure yet if it was installed by Desktop search 3.01 or if it was originally part of XP. XP has an indexing service that's turned on by default and is used by the normal search box. I've never had much problems with it before but I also never use it so I turn it off. You'll have to decide for yourself.

1. Click Computer Configuration, click Windows Settings, click Security Settings, and then click System Services.
2. Right click on "windows search" and select properties.
3. Check the box for "Define this policy setting" and then select Disabled.

For #3 I'm not sure yet how to disable it but I'm pretty sure the most it would take is a custom ADM file with the proper registry edits. Not sure what those would be yet but shouldn't be too hard. It also might just go away when you disable #1.

Call me crazy, but I thought that ISA support was removed from Windows with XP?

OK, a quick Google search comes up with ISA NON-plug/pray support is removed, so that is a portion of ISA products.

see articles like this for reference http://www.windowsnetworking.com/articles_tutorial s/wxpisanc.html

So, it seems like this is a continuation of what XP did, do any new motherboards have ISA anymore? it's been a long time since I've seen one, and I can't think of any ISA card worth running today...

I don't have a single authoritative explanation for you, but this page has some good tips.

Historically, the old FindFast service (now called Indexing Service) was horribly buggy and made Windows PCs run very slow. As a result, standard practice was to disable it (as noted here). I can't say for certain if the same problem exists in Win2K or WinXP, but I still tend to disable the Indexing Service out of habit/superstition.

So, you mean that they abuse their economical power... But it is ok, since they do that with a nice GUI? Or are you saying (falsely) that Microsoft has not extended those protocols? Because they have extended (or tried) almost all of them, DNS being the only exception, and irrelevant since they already tried to extend TCP.

• AD can serve a standard DNS domain (even if mixed with Linux BIND servers), including an LDAP backend and dynamic updates: http://support.microsoft.com/kb/317590
  
• AD can also serve Kerberos for Linux clients (in a standard way): (here), it can also do RADIUS as well.
  
• AD is LDAP compliant so use can also use nss_ldap to grab user information on Linux system from it
  
• Linux and Windows nodes can perform two directional file sharing via standard* CIFS protocol
  
• AD (with addition of certificate services) can serve as s X509 Certificate Authority.
  
• AD + Exchange will understand SMTP, SMTP-AUTH (over LDAP), POP3, IMAP, IMAPS, NTTP protocols (additional web based access is also provided).
  
• With Windows Server 2003 R2, AD can also serve standard NIS, NFS, CUPS and similar UNIX protocols.
  
• If you include non standard (but known) protocols in the mix, Windows and Linux machines can also interoperate via DFS (Distributed File Sharing), RPD (Terminal Services), etc.
  
  
  The required setup is done less than an hour, and will require a (less competent) system administrator for maintenance in the long run.
  
  (It can be argued that the Linux side will require a more educated - i.e: more expensive - system administrator, and preparation of many site specific scripts and configurations - yet this may not seem objective for some people).
  
  Don't misunderstand I'm not proposing converting all the systems to AD. I'm telling AD is also a fine solution based on open protocols.

DOS talking to XP? Sure! Microsoft had a DOS client that would talk SMB. So yes, you can access shares on a Windows XP box from DOS. (Haven't tried this myself.)

This page has some info on setting it up.

http://www.windowsnetworking.com/articles_tutorial s/dosclnt3.html

If you have an windows domain the best is to the group policies and create individual accounts to track each of the students.

Group policy http://www.microsoft.com/technet/technetmag/issues /2005/05/LockDown/ will also give you a great deal of control over how much of the windows interface they have access to. For instance you can lock out the CLI, and where they can save files. Here is a link from Micro$oft on how to get started.

If you don't have an active directory domain setup, you can still lock down the desktop by creating local policies http://www.windowsnetworking.com/articles_tutorial s/wxppspol.html, unfortunately you will need to apply these to each PC if all the hardware in the lab is the same, but it wouldn't be to difficult to create a locked down image using Ghost, and then image all the machines to be identical.

Also, if the school can afford it buy a copy of websense http://www.websense.com/global/en/. It will keep the little buggers out of the internet, prevent them from downloading games, and even using chat programs.

Driver support can be a problem. Just buy linux friendly hardware if you plan on running linux. The benefits outweigh the brief googling. It's the same problem I had a couple of years ago with windows XP: I have never got my ISA network adaptors to be recognized by XP. Even this nifty howto didn't do the trick for my SMC adaptors. Linux recognized them right out of the box. The difference I guess is that microsoft dropped support for these adaptors, while linux usually doesn't support hardware because their manufacturers aren't interested in linux support...

A common example is when an application saves its runtime settings to a registry key under HKEY_LOCAL_MACHINE (which is read-only to LUA users), instead of to HKEY_CURRENT_USER.

...but it's why I'm still on SP1 myself. Everything I have on my machine (including some graphics-intensive Win95/98 era stuff) runs beautifully. Many, many of the things I use often (like the old UnrealEd for Unreal1, UT99, and Deus Ex) refuse to work on any of the computers my friends have. On the other hand, Freespace always seems to work, but admittedly, that's due to a weird thing with the way-too-damn-many fonts installed on my machine. Also, doesn't SP2 refuse to allow more than 10 outgoing connection attempts at a time? I know Azureus mentions such in the settings.

Also, more seriously, XP SP2 broke the ability of my parents' virus scanner to keep an active monitor running. Which in turn quickly led to the near-total destruction of the computer before I came home for the holidays last year and fixed it (it arose again like a Phoenix, though key things in Windows are still missing . . . nothing important, actually, mainly stuff that was annoying and unable to be removed with any ease before, so in a way that's kindof a plus!)

Alot more stuff is broken, I just don't recall quite what. Hmm, maybe a quick google search will clarify:

Microsoft's own list of broken apps
Also,
SP2 removes the ability of users to send raw TCP segments
It also breaks Captive-NTFS
It can break the Group Policy Object Editor
And as mentioned above, it limits TCP to 10 outgoing attempts (link also includes methods of disabling this; more detailed information on the issue can be found here.
Here's a forum in which people describe a few of the more technical problems and their solutions for SP2

I could go on, but you get the idea. There are some serious drawbacks to SP2. I could go on about how the supposed security features don't exactly impress me (and honestly, all the third-party security programs on my computer have never had to do much, since I run it very securely anyways, and they could handle it even if I didn't), but again, you can probably elaborate on your own.

My point, really, is just that parent is being truthful! Hell, it doesn't even matter if you argue that SP2 doesn't break anything worth fretting about, the perception, with enough evidence to hold sway, still exists, so it's still a huge reason for lack of adoption. Maybe parent is flamebait as well, but sometimes truth == flamebait!

Why do people like you keep reiterating the tired old "without a network" line?

It hasn't been true since at least NT4 SP6a, when NT4 achieved a C2 rating *WITH* network. Windows 2000 achieved CC both with and without networking.

The NT4 link is no longer around on MS's site, but there are still some pages out there that reference it:

Such as this one

And here is Win2k

Link here, among other places.

There's a simple registry hack out there that let's you get rid of those bubbles. Took about 30 seconds to google for it: here.

If you use the same machine, you do not have re-activate.

Here you go with a link.

Also, a 2 minute phone call is not insult to injury. It's a phone call. Of approximately 120 seconds in length. Maybe 3 minutes.

Why don't you backup/restore Windows XP's activation keys?

VNC is an acronym for a software product that exist in a few different variants, most notably RealVNC which is free. http://www.realvnc.com/. I have yet to see any of the manufacturers use the acronym VNC for their commercial products, since it is the name for a specific software, not a generic acronym. http://www.windowsnetworking.com/kbase/WindowsTips /Windows2000/AdminTips/Network/VNCstandsforVirtual NetworkComputing.html The question itself is interesting. If the author of the grandparent post doesn't reply, I can recommend RealVNC and TightVNC http://www.tightvnc.com/ - AFAIK the different versions of the VNC based products are mostly compatible with eachother, except of course version specific changes, most notably security enhancements which you asked about.

• Well NTFS also has it's "sucking" points as in "sucking performance". More than one disk read/write test (Sandra, and one used by Magix) has shown my NTFS partition on the same physical hard disk to be 1/4th (that's 25%) of the speed of my FAT32 partition.

Also, NTFS is sensitive to fragmentation. Periodically defragmenting the file system -- including the MFT -- is highly recommended.