Slashdot Mirror
MSN Lists 10 Dumb Things NT Users Do
Stephen Moore writes "10 Dumb Things Windows NT Users Do. By MSN. Strangely they don't mention buying Windows NT in the first place. I particularly like
7. Forgetting the password
(Look for their suggestion here)
and
9. Applying service packs unwisely.
This brings new meaning to the Hack PC Week story.
Here is
the url.
Cheers"
11. installing NT
12. Forgetting to click on the 'Vegas' option on solitaire.
13. (My own one) typing 'ls' five times in a row trying to get a directory listing in the command shell
14. Signing up for a hotmail account
15. Paying $x for MS technical support, and believing them when they tell you reinstalling NT will fix your problem.
Obvious, I know. Sue me.
> (although it's miles ahead of Linux, OS/2, or even BeOS).
If its really miles ahead of those OS's, then why:
- can I set up my Linux box in 1/4 the time it takes me to set up a default installation of a WinNT machine.
- was I able to set up Be faster and easier the first time I ever used it than any of the times I've ever installed WinNT.
I don't think I agree with the author on these points, but then again, it was an MSN article.---
"Everybody knows the moon's made of cheese," Wallace.
This guy is basically an idiot.
1. Hardware compatibility. Followup in this month's issue of NoShit Magazine.
4. No ERD. I'll bet that everyone who is reading this has a recent (less than 1 week) backup of their system. It is basically the same thing here.
6. Enable the GUEST account? Is this guy on acid or what. Every checklist on hardening NT has at or near the top disabling this account. If you want to share across machines you need local accounts or a domain account if you are running a domain.
7. Give yourself admin privileges for your everyday account? This is insane. If you do that and let a virus/macro/trojan by you, it has the machine. Your everyday use account should be as a USER (or POWER USER) and you should just remember the admin account password, or lock it in a safe.
9. Service Packs (and HotFixes) are pretty much mandatory and I think it is highly irresponsible to suggest that you don't apply them, espcecially if you are running a small number of machines. There have been some bugs that existed in Service Packs, but they were primarily related to new ways of authentication in response to security vulnerabilities. These bit shops that were not careful in their deployment (and yes, M$ could have made it _much_ easier).
10. This was accurate at one time, but for the last year or more, all the cloning utilities update the SID. M$ even has an approved procedure. Interestingly, this is not an issue for existing flavors, but W2K uses the SID in the ActiveDirectory scheme and they must be unique.
For example:
Now give it to one of your NT-loving buddies. Ask them if they can fill in the blanks.Then send them to the full story. It's good for some laughs! :)
The SID is nothing to do with the CD key. Nor is it anything to do with licensing.
The SID is generated/created/synthesised by the install process, and used to uniquely identify the machine to the domain controller's security database.
Multiple identical ID's in a DB that expects uniqueness is BAD.
If you're not using NT Domain security, then you won't notice anything.
Administrators whom are worth their salt know that you don't know what you're talking about.
This sig left unintentionally blank.
I'm a Microsoft Certified Systems Engineer/Microsoft Certified Trainer. I instruct for one of the largest computer training companies in the world. I also run Linux...and MacOS...and BeOS...and AmigaOS... But I'm not here to debate the relative merits (or demerits) of an operating system because I've seen too many people complain about what they do not know about to know they're full of shit. But this guy scares me. Not only is he an MCSE, but Microsoft actually let him put that drivel on their page. I for one HATE paper MCSE's, because they take the relative value of the certification and kill it. I'm not saying he's one, but jeez! This guy, even though he claims to have used NT since 3.1 Advanced Server, says some pretty stupid shit:
1. To quote: "Windows NT has an abstraction layer between the hardware and the operating system. When a program wants access to a hardware device...it must go through this layer to do so. The purpose of this is security, and to ensure a bad application can't steal all resources from a given hardware device."
Yeah, right. Don't be a jackass. Yes, although the NT ARCHITECTURE is supposed to promote security (in many different contexts), the true purpose of the HAL is to make all hardware look the same to the microkernel. Therefore MS wouldn't have to use different source code every time NT was ported to a different platform. MS actually had the engineers code the prerelease versions of NT 3.1 on a MIPS box, and then PORT it to x86. NT's original premise was PORTABILITY...and that's where the HAL comes in. Now that all the other ports are gone (RIP Alpha...stupid MS) the only thing the HAL is good for is to maybe port W2K to IA-64? Who knows, but security ain't the issue here.
2. Here's another one: "If you install NT into the same partition, you'll end up sharing the \Program Files directory, which could be catastrophic for Internet Explorer, for instance. This is an easy one to avoid."
Whatever. Go to your NT box. Open that Program Files Directory. NT specific binaries are stored in a "Windows NT" subfolder. IE, specifically, is stored in %systemroot%\Program Files\Plus!\Microsoft Internet. When you install or upgrade a 9x machine (even with Plus!) with IE3/4/5, it installs to C:\Program Files\Internet Explorer. This guy's talking out of his ass. I've done dual boot 9x/NT boxes all day long. I DID, however, keep both copies of IE the same rev...for consistency's sake...:)
3. One more: "The key to ensuring your two Windows NT computers can communicate is to make sure the guest account in user manager is enabled. This is the account that is used when one computer connects to another, with relatively little security--the reason it is disabled by default."
Wha...WHAT?! Are you out of your freaking MIND?! One of the first things we teach in the classes is to keep Guest diabled. Why don't you just create a local user, put 'em in the appropriate ACL's for the share, use the "conenct as" option and be DONE with it...
There are more...but I gotta get back to work...:)
This guy says he's an MCSE? And MS puts his stuff up for the whole world to see? People like him make people like me look bad.
-Kevin, MCSE/MCP+I/MCT, MCP ID # 1198191
PS: Just to be fair...I do agree with him on the service pack issue...I don't use a newly released SP until it's been out in the field for a while. SP3, for instance, was an apology for SP2...:)
My posts don't reflect the opinion of my employer, and my employer's opinion doesn't influence the content of my posts.
Yeah. Windows NT allows a complete idiot think he's adminning a box until something goes wrong. Those other OSes require you to actually KNOW something in advance of things going wrong.
1. Using the wrong hardware...
Hey you people! Why are you still messing around with IA32? The archetecture is a toy! We've been running 64 bit processors for years now. Of course, you only really need a huge server if your OS has no remote admin capabilities. Otherwise you'd buy a bunch of little ones and distribute the load (No single point of failure that way either, and you can lock those machines away in com closets because unix never crashes. IMHO, the wrong hardware could also mean any hardware I ever have to deal with because I Don't Do Windows.
2. Installing Windows NT where it doesn't belong...
Everyone who's ever installed NT is guilty of this.
3. Choosing the wrong file system...
You have two choices. Flip a coin.
4. No emergency repair disk...
I've never had that problem in Linux or OS/2.
5. Using the wrong Pagefile size...
Everyone has this problem, even in UNIX. OS/2 got around it by having a dynamically resizable swap file, but that led to its own problems.
6. Missing a key network component...
Sorry, anyone who says "Security" in the same breath as "guest account" should be taken out behind the barn and shot.
7. Forgetting the password...
See point 1 about absolute idiots...
8. Using older applications...
UNIX is backwards compatable with 30 years of applications (Assuming you can still find a K&R compiler somewhere.) MS can't even manage a decade? Ok, I'm not being fair, since 95/98 are still 16 bit under the hood (30 years after DEC introduced the 16 bit PDP 11 [in 1970] to replace the then-outdated 8 bit PDP 5 and PDP 8.)
9. Applying service packs unwisely...
Nevermind that there may be vital security fixes on those things. Maybe this was why those bozo's over at ZD were afraid to install a single linux security patch on their RedHat box. That's what you get when you put a trained windows monkey in charge of a Real OS.
10. Cloning Windows NT...
Hmm. I wonder how this affects those backups you've been making for the past year. Are you SURE your system will be functional when you restore from backup when your disks go to hell in a handbasket? Better double-check...
No other OS I've ever run across has had any problem being cloned. You can even do it with OS/2 (Admittedly you REALLY have to know what you're doing with OS/2, due to extended attributes.)
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Thomas More wrote Utopia as a parody above all else. Utopia is roughly Latin for "No place". The book was written not to see 'how good things could be' but to put these things together and see just how impossible it would be to realize. That is NT down to the core, IMHO. Okay, granted the vernacular term 'utopia' doesn't take all this into account, but it is interesting to note.
Addendum 1) If you haven't read Utopia, I highly suggest it. I especially love the children laughing at the visiting dignitary. Great stuff.
Addendum 2) As a previous NT user, I don't understand the value of the rescue disk. Sounds great (hmm, the Utopia analogy still applies), but everytime NT died to the point it wouldn't reboot (twice that I remember, and I used it for less than a year), the rescue disk did NOTHING except complain that it couldn't find NT. Frustrating.
Please. BeOS configures at least twice as easy as Windows NT does now. Networking configuration is abysmal in NT, whereas in BeOS it's pretty much one-stop shopping. It took me about fifteen minutes to install drivers and set them up correctly for my system under Windows; under BeOS, it took me all of two not only to set it up, but to get my dynamic IP and visit a couple of my favorite web sites.
As for the Linux crack, NT may be "easier," but what it lacks in luser-friendliness it makes up for in raw power and flexibility. Further, for any competent computer user, Linux actually isn't significantly harder than NT to set up.
I suppose I should be grateful; now the PR arm of Microsoft is viewing not only Linux, but BeOS, an operating system not even competing with Windows NT, never mind competing in the same class, and OS/2, an arguably dead operating system that is no longer supported by their parent, as targets for their FUD.
Microsoft must be running scared.
If you do not know your administrator account password, you will have to completely reinstall Windows NT because eventually you'll need to have access to this account.
Actually, this isn't true. A linux boot disk can be used to change the administrator password. Do read the warnings though.
The best way to avoid this dilemma is to immediately add your personal user account to the administrators local group of the system. This will make your main user account an administrator of the system, sparing you from heartaches and time later.
No comment on this one....
Can you get an equivalent of su for nt, and run the GUI apps by typing in a console?
I remember reading all sorts of wonderful things about NT 3.51 (remember those days) and its abilility to be installed to Alpha and PowerPC systems thanks to the HAL. And that the purpose of the HAL was for cross-platform installs.
Am I wrong? Or are they just claiming it's for security now that they don't support any platforms other than Intel (instead of removing it and possibly stirring up bugs)?
"Evil will always triumph over good, because good is dumb." - Dark Helmet (Spaceballs)
This could easily be 10 dumb things linux users do:
1) Forgetting to check the Hardware-Compatibility HOWTO
2) Wrongly partitioning the hard disk
3) Using UMS-DOS
4) Forgetting to create a boot disk and not installing LILO
5) Creating a 1MB swap file
6) Micsonfiguring the network
7) Forgetting the root password (or setting it to root!)
8) Using libc5 applications
9) Applying kernel patches unwisely
10) Using different Linux distros on different machines
Perhaps NT and Linux aren't that different after all!
Okay, here's what I had to do to install NT 4.0 and SQL Server 7.0, over the course of two days -- and I'm still working on it!
/b. Won't let me do that, DOS complains "you need to run LOCK. Rebooting now". It reboots for me without asking. /b. Reboot.
1. Try booting from the installation CD. Oops, kernel dump! "Inaccessible Boot Device". Need to reboot.
2. Partition the drive. Need to reboot.
3. Format the drive to a FAT partition.
4. Run winnt
5. Run LOCK. Then run winnt
5. Try booting the installation. Kernel dump again! Reboot.
6. Go ask the service reps if they've ever seen the problem. Yep! Need to copy some updated Adaptec drivers to the installation directory on the HD for the installation to work.
7. Oops, my DOS bootup floppy is corrupted now!
8. Find a new bootup floppy. Put in drive and bootup.
9. Copy the drivers to the HD.
10. Now I can do the installation by rebooting again.
11. Installation finally finished after about 30 minutes. Reboot again.
12. Oops, forgot to configure networking. Log-in as administrator. Change TCP/IP settings and join a domain. Reboot.
13. Oops, I need some more partitions. Create partitions.
13. Install the SPs. Reboot several times (forced to).
14. Try installing SQL Server. Says that IE4 is a PREREQUISITE! Oh crap!
15. Install IE4 from the network. Forced to reboot.
16. Try installing SQL Server. Apparently, I need IE4 SP1! Oh crap.
17. Download and install IE4.01 SP2 from the Internet. Forced to reboot.
18. Install SQL Server.
With Redhat + PostgreSQL:
1. Create latest boot diskette from latest drive image on the web. Boot up.
2. Go through a few installation screens.
3. Choose PostgreSQL as a package.
4. Reboot.
5. Do security checks and make sure PostgreSQL is running properly.
5. Done!
Sure, it's still in alpha testing with Linux, but HP-UX, just about any commercial Unix out there has ACLs and has had them for some time. If you have 35,000 users, you probably aren't using Linux. If you have 35,000 users and you're smart, you aren't using NT either.
This is my favorite one of the entire bunch. Basically Windows DLL management is basically broken by design and should be tought as a prime example of how not to build a stable system. Consider the facts:
...
1) Every little (or bit) P.O.S. application can (and often will) overwrite system DLLs. I would not dare to overwrite libc.so on my system every time I install a new app.
2) You have very little control over where you go to find your libraries. Compare this to LD_LIBRARY_PATH where you can set exactly where you look for your libraries (thus giving you the ability to use different versions without harming each other).
This is a prime example where MS's design is fundamentally broken, but they turn it around and blame the user for not understanding the beartraps that lurk under the surface. Of course installing a service pack, then installing your app and then re-applying the service pack (to make sure that all your DLLs match) is not quite intuitive. IMHO, the only way to have a stable windows machine is to do the following:
1) Install the OS
2) Apply all necessary service packs
3) Install your apps
4) Re-apply the service packs
5) Don't touch the machine anymore
Anybody with half a brain should see right away that something is fundamentally wrong here. It's admirable (or rather quite daring) of MS's marketing machine to blame this on the user. If they would have desgined it right the first time, you wouldn't end up in DLL hell everytime you install something new
I have tried to calmly discuss the topic, yet you respond with the same sentences... even though you admit that you don't know anything about UNIX... that you base your comments on the comments of others, not real experience. This is the typical MS line... one person stands and says "Wow MS is good", and the rest of you blind followers get a stiffy, and repeat it.
A) NT can block ports... but not based on IP... with NT it's all or nothing. In Linux I can block a port from everywhere except a few select IP's. Beat that.
NT Firewalls take an entire machine... you can install Checkpoint/Raptor/Other pathetic firewall on NT... but thats all the box is good for. In Linux I can have a file/print server or web server or FTP server etc. *and* firewall the box with no ill effects. Try that in you little blue box....
And yes Linux does support an encrypted filesystem. And NTFS is not fully journaled... (read the JFS Documentation)... hell, read anything, fill you mind with knowledge not the statements of others.
Now, we return to this issue of ACL's. I have stated three or four times. ACL's are not superior, they are different. A sysadmin who uses ACL's designs things differently than a sysadmin who doesn't. I'm not saying ACL's are not a Good Thing. I'm saying that Linux is not less secure becasue we don't use ACL's. You have not the experience to talk. You've said that. So end this silly dispute.
I've done Linux adminsitration. I've done NT administration (forgive me Tux). It's two completely different approaches. Your argument is wrong. It is fataly flawed. It is based on the premise that there is one way to do things. An unfortunate view prevelent in the MS world.
You tell me to shut up and sit down... but yet you, you with no experience... who likely has never truely admin'd anything outside of a reletively infant OS... you feel as if you have the right to make statements that have no basis in fact. Perhaps it is you who should sit and listen, and learn from those who have used many products, many OS's.
Get a life, not a lifestyle. - Hikem Bey
Oh, I love this! And by the way, don't firewall out UDP 137, UDP 138 and TCP139. (Nor, the DCOM port at TCP135). And watch as someone waltzes right into your NT sh!tbox as a guest user and proceeds to give it the raping it so richly deserves.
CNN story describing breaking into machines with Guest access, among other things.
. The best way to avoid this dilemma is to immediately add your personal user account to the administrators local group of the system. This will make your main user account an administrator of the system, sparing you from heartaches and time later.
Except that now that latest little IE5 bug has suddenly given some loser in Bosnia whose page you happened to click in a search engine complete access to your internal network...
10: MSDN. Hey, who *wouldn't* want to read Slashdot using the latest Windows 2000 beta?
9: No third-party shit. When you go Microsoft all the way, you're guaranteed to have *at least* three less crashes per day.
8: Multiple servers. Come on, like a PII 450 with 128 MB RAM can *really* handle both the Web Proxy *and* mail load for a ten machine network? Hey, Microsoft's products are top-of-the-line... when computers are meant to handle that type of load, they'll tell you.
7: NT Workstation. Why use 95 or 98? Obviously, NT is the better solution. 98 is for users-- NT is for power-users. That's why it costs so much more.
6: Microsoft tech support. Isn't it nice to know that *when* Windows NT crashes into an unrecoverable state, Microsoft will at least be willing to tell you "Re-install NT, see if that fixes it."?
5: PPTP. It's easy, it's simple, and it's secure, right? I mean, sure, Schneier and Mudge *claim* to have attacks against it, but there are no *implementations* of it, right? Besides, most people pick strong passwords anyway!
4: Outlook Express. Hey, when you need a cool mail program, OE is it. You don't have any of that "attachment" shit-- it all looks inline. And if there's a script attached, OE will even execute it upon opening the message!!
3: Microsoft Office. What better program for editing text files?
2: J++. It's Java. Almost. But it works under Windows, at least! Never mind the fact that Microsoft violated their license terms with Sun and shouldn't legally be distributing it-- it makes writing Java applets almost as easy as writing Visual Basic applications!
1: IE 4 / 5. Hey, at least you can view www.windows2000test.com with it! That's more than you can say for that Netscape shit.
* NT is only easier to install if you've got blessed hardware... I've seen (NT4) installation cheerily, deterministically crash during hardware probing on a remarkably normal hardware configuration.
* One would think the swap file recommendation might not give "magic" formulas, and instead say something to the effec that, "What you're doing will largely determine how much swap you need. While NT generally recommends XX MB of memory, total, and perhaps at least YY of swap, in which to simply run happily, running something like Word or Excel might -- depending on document size and complexity -- boost your needs to ZZ MB or so, and doing memory-intensive tasks like using Photoshop to edit large, detailed imagery could require far more."
* Aigh! He recommends enabling the guest account for file sharing, rather than doing it the right way?
* "No such thing as a bug-free program?" {shrug} cat" seems pretty reliable to me... Also, this seems to be a remarkably tolerant attitude (accepting the idea that releasing buggy SPs is perfectly OK?!).
* The article should probably mention hot-fixes, too. When they're security-related, they could be IMPORTANT.
Yadda yadda.
Only the dead have seen the end of war.
It shows how bad NT is at real world computing. Terrifying really.
It tells you to "Windows 95/98 machine handy for your games" but warns you against trying to run 95 or 98 on the same machine.
Many of the things on the list are pretty basic things that other systems have fixed (and I'm just not talking Unix here).
I love number 5 - "People make the mistake of letting Windows NT suggest the default Pagefile size for your system." Given that every other OS on the planet can do this without too much hassle I'm surprised that this is a big a problem. Pagefile size is a pretty basic formula for most systems, not "amount of system memory + 12mb".
Most other operating systems that aim for the lofty ideals of NT do a lot of these things automatically, eg page sizing, hardware detection, patch installs, network setup, file system setup etc.
Most operating systems have a single user mode that allow users to change the superuser password from the console without needing to reinstall the whole system.
This article points out more that just the dumb things that users do. It points out the dumb things that microsoft does. In operating system terms NT is about 8 years behind on administration.
9 out of the 10 of these points are pretty basic flaws with NT that Microsoft should have sorted out years ago; all other Operating systems I support have had these fixed for years. It still proves my point that Microsoft are more interested in revenue than in producing a stable and useable operating system.