MS has been using simulator questions since the IIS 4.0 exam. The Win2k3/XP exams have even more simulator type questions. Even with an A-B-C-D type "multiple guess" exam, unless you know something about something, you stand to only get 25% correct, which is far less than the 70-80% needed to actually pass. The paper MCSEs get weeded out pretty quickly, at least in my area, and we usually hear about the bad ones when they come knocking.
Want to install printers to all your desktops? Use AD Group Policy. That's why it's there. Makes it extraordinarily easy to keep your enterprise standardized. Install a SUS server, and now patching is a breeze also.
Got technical problems? I haven't seen a problem yet that hasn't been addresses at MS' TechNet. On those very rare occasions that i've had to call Tech Support, I've always gotten the problem fixes, and on all but one occasion, had my money refunded for the call.
It's easy to argue how much something sucks from a position of ignorance. Try asking a question and learning instead of perpetuating the FUD that is the stock in trade at this place.
Jabber may be find for a small set of people who want to keep in touch, but we've found that the code is way too immature to support a corporate clientbase. There are a lot of features that MSN Messenger has that Jabber doesn't and won't have in the forseeable future, and a lot of the missing features are basic things. In addition, I really don't care for Jabber's method of dealing with various issues "Just telnet into the Jabber port and send raw XML to the server! WHEEEEEE!".
If you already own an Xbox, you're already helping them. By the way, I want to be able to play my Atari2600 cartridges on my Gamecube. Since Nintento won't help me do this, should I blackmail them?
No, I don't get to define what blackmail is. But the lawyers do, and my (and several other people's) interpretation of what blackmail is seems to all agree that this case IS blackmail. Now Free-X has gone and sullied the reputation of the OSS movement.
Why would Microsoft want to even consider working with these people? Linux doesn't further Microsoft's goals with the XBox, and I certainly don't blame them for telling Free-X to go fsck themselves.
I'm sorry, you don't get to define what blackmail is. YANAL and all that...
This does fall within the letter of the law for blackmail. And now the Open Source movement has to deal with the collective black eye this is going to give them.
Our question for you is: are your posts going to be how the Complete Moron Collective is going to express itself?
As above, so below, eh? Let me get this straight: If I'm not following the party line by bashing Microsoft and praising a bunch of people who really aren't in a position to be demanding anything from Microsoft, then I'm somehow a moron?
Sounds like someone is a part of the Rightthink Cabal. Do you have any original thoughts of your own?
I submitted a story about these guys a day or two ago, but of course it was rejected because it painted them in a less than favorable light (blackmail and all).
I'll ask the question again: Is this how the Open Source movement is going to seek legitimacy? By attempting to blackmail people?
From the clamav site: "The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too"
They're still using OpenAV's defs with some of their own. This didn't sit too well with me, as it's (IMHO) schizophrenic, and not production-level quality. So I ditched ClamAv and shelled out $80 for F-prot.
Clamav is nice and all that, but my feeling is that it's not ready for primetime, especially if it's relying on OpenAV's definitions.
NTSyslog and Swtach are both valuable tools. The syslog daemon itself has far too many built in insecurities to make it entirely trustworthy (i noticed you mention a secured Linux box). I'd appreciate your input on making it DoS proof.
The syslog box is behind an internal firewall that allows only syslogd from the servers being logged to contact it. I'd put the thing on an independant network, except that our network topology wouldn't allow for that. Part of security is identifying risk, and either accepting it, or mitigating it. We looked at the possibilty of someone internally trying to DoS the box, and figured the risk was low. The firewall has good controls over traffic and sometime soon, we'll institute some more controls in the future (ie, either SSL-enabled transmission or IPSec).
For the Security Logs, I'm using both NTSyslog and a new product that I'm beta'ing from Microsoft that sends all security information to a collector that inserts the information into a SQL database. The transmission between the server and the collector is SSL enabled and mutually authenticated before any transmission takes place.
Again i question how you can facilitate enabling the kind of auditing levels you boast with a local event log retention policy which will maintain a reboot stamp from 1 year ago. I would have found if more believable if you had said you computed the value from your centralised logs.
Don't sweat it. First, I give each log a generous amount of space (a few megs at least, except for the Security log which I allocate more). Second, reboot events are in the System log. This log right now is about 100k in size, since the system is so stable and static. A static system is a happy system, and a happy system has a small System log. Most of the entries in that system's System Log are from TermServDevices complaining about one of the other admins connecting. He's got some funky printer drivers that the Exchange server doesn't have, so the printer redirection feature doesn't work for him and generates an event.
You're partially correct with the fact that Microsoft wants to sell you Exchange2000. BUT. Buying an Exchange2k license allows you to downgrade to Exchange5.5. Buy the Exchange2k license, and the $20 media kit for Exchange5.5 and you're set. I believe that Microsoft will support Exchange5.5 until 2005 or so.
This licensing scheme works for most of thier software now- but SQL2000 and you can downgrade to SQL7 if you need to. Same with Office2k/XP.
If you want to type up business documents on your Nokia, knock yourself out. I don't know how many people still bang away on their Ataris, but I do know one guy who still writes his docs on a TI44 with a daisy wheel printer. But he's weird.
Um, no. You're obviously a few steps behind. Try to keep up as I educate:
NT post SP4 and Win2k by default keep a heartbeat value written in the Registry. Uptime derived from Event Log only happens when the heartbeat isn't turned on. See article Q232243 on TechNet for more information.
But don't worry yourself about my Event Logs and good administration. All my logs are centrally collected via NTSyslog to a secured Linux server running Swatch, plus I'm running a beta of a new event log collection service. I'm writing some very nice code to query the database the events are kept in. I can track a single user and everything he touches on the network from logon to logoff at this point.
I'd go back to work, but it appears that my servers are all up and running. My ego is justifiably inflated.
That's right. Grandma runs whatever is on the PC she buys at BestBuy or CompUseless. And last I checked, they're not selling a whole lot of Linux preinstalls.
But is it FUD to say that the average person wouldn't know how to do a network RPM install? I'd wager that the pitiful Muggles wouldn't even know how to log on to the console, much less know how to invoke the proper switches to fetch an RPM off the network. Compare that to sticking the Office CD into the CD-ROM drive, and BAM! Autorun launches and here's a nice installer. Why can't we see that in Linux? Maybe it's the damn macho factor. I still see the Slackware crowd poo-pooing the RedHat users, etc... our Unix admin here likes Sendmail over Postfix just because it's more "manly" even though it takes him all day to get the damn thing tweaked and tuned. Apparently, things are supposed to be esoteric and difficult in Linux.
I know, whenever I say anything that isn't hypercritical of Microsoft nor heaps praise upon praise on Linux, it gets everyone running around screaming FUDFUDUFUDFUD!, but you all have to grow up sometime. To embrace Open Source, first you have to have Open Minds. That includes giving credit where credit is due.
So tempting to mod you down like the troll you are but why not bite instead.
So I'm to blame for your lack of control now?
For a bunch of self-appointed geeks, you all sure missed the point in your fervor to defend whatever it is today that isn't Microsoft.
I've said it before, I'll say it again and use smaller words so you all understand: Linux isn't going to be a viable desktop replacement until Grandma can install something like OpenOffice or StarOffice as easily as she can on Windows.
All the responses I've seen aren't viable. You expect a home user to know how to use apt-get or a network install of an rpm? HA! I use OpenOffice on a Win2k box, and I find it a major pain in the ass as compared to Office2k. And it certainly doesn't like the multiuser situation very much, either.
Show us an operating system besides Windows that doesn't require you to hold esoteric knowledge to install an easy-to-use word processor and email app.
Last time I checked, I didn't need to compile Office2000 from source, and it installed just by popping the CD in and answering a few questions. Can you say the same about Linux?
No serious application provider gets 100% uptime. Anyone who says they do are either lying or playing doll-houses with their servers.
C:\>uptime \\exchsrvr01
\\exchsrvr01 has been up for: 365 day(s), 15 hour(s), 39 minute(s), 59 second(s)
Irony defined. My Exchange server has been up for a year today. 100% uptime. 1 year ago we had some scheduled maintenance, so actually, it's been 100% uptime for well over a year.
I have over three dozen Win2k servers here that meet or exceed five nines of availability for the past year. It's not dollhouses, it's not rosy tint. It's just good systems administration. That's why I get paid the big bucks.
You're using ClamAV on a production box?! You do realize that the OpenAntivirus definition files haven't been updated since October, 2002... For Bob's sake, spend $80 and get F-Prot or something else that gets updated more than twice a year.
It is an OK mail server, but your experience is the exception, not the rule.
I've had little to no problems with Exchange either. Does that make me an exception also? Imagine that! Two exceptions in the same room! What are the odds?
hfnetchk / MS BaseLine Security Analyzer + individual updates + manual download (and file verification) + qchains is the only way I update now. There may be a better way, but WindowsUpdate is death.
Try SUSServer. It's a locally owned and configured WindowsUpdate type thing. It downloads all the patches from WU, but you decide which patches get pushed to your boxes from the SUSServer. Group Policy makes this a Very Easy Thing to do.
As for WU itself, I've never had a problem with it, although I don't let WU to a carte blanche update to whatever machine I'm working on. Some hotfixes don't play nice with our proprietary software.
I've never personally seen an Exchange server priv.edb corrupt, but it can happen. I had a collegue who had it happen to him. All he had to do was restart the server, and the rollback with the transaction log took care of the rest.
I havve seen Sendmail shit itself, and trash/var/spool/mail. Too bad there isn't a transaction log for that...
I'm suprised you're still employed with such a cavailier and unprofessional attitude like that. If you worked for me, you'd last about 5 minutes before I'd have your ass fired with cause.
MS Exchange Server (server end; NT only), MS Outlook (client end; Win32, MacOS). Very limited support of open-protocol clients (IMAP, webmail?). Microsoft Corp. wants to sell you Exchange 2000, these days, but Exchange 5.5 is still very common.
Webmail in the Exchange world is Outlook Web Access (OWA). Very easy to install and get running. It provides virtually all of the same functionality as Outlook, including calendar access, etc... I prefer using it over Outlook when I'm on the road as I have users to tend to send me large attachments, and my dialup bandwidth is limited.
Exchange's IMAP support is just fine. I've used IMAP clients from Outlook Express, mutt and pine. Exchange also does POP3 pretty well too.
I use OWA and have no problem accessing shared inboxes. Instead of specifying your own mailbox at the initial login page, try specifying a different box that you have access to.
I use it all the time to access our helpdesk mailbox when I'm at our colo facility. As for GAB access, just type in part of the name and hit "Check names"
1) Load Win2k, SP3+ 2) Install all important Windowsupdate stuff 3) Load Exchange 2000 (domainprep, forestprep, etc). 4)Install Sp3 for Exchange 2000. 5) Configure domain
Not wanting to split hairs here, but shouldn't step 5 come before step 3? IIRC, you have to run forestprep and domainprep before Exchang2k can be installed since there are schema extensions that have to be in place before the server can be installed.
IIRC even more, in an AD environment, it won't even let you install Exchange2k until the AD has been prepped.
I inherited the role of Exchange admin, as I'm primarily a network engineer and systems guy. But you know what I did to get this super reliable Exchange site in place? I followed the damn instructions.
First, get quality hardware. Check the HQL. Any MCSE will tell you that is where you start. Install the OS (win2k in this case, since it makes installation easier). Slap Win2k SP3 on it. Install Exchange 5.5. Nothing fancy, except installing the priv.edb on a separate drive for performance. Install Exchange 5.5 SP4. And I'm done.
Nothing that the Exchange Gurus keep to themselves, just common sense. I was done in under 90 minutes.
Your argument is invalid anyway- Linux can be secure IF you put the time into securing it and making it reliable. Anyone who thinks that ANY operating system or suite of services (even the BSDs) is naive and should have his patch cables severed.
For the record, I'm a Postfix guy myself, but Exchange has existed very nicely in my network. Much nicer than some of the Solaris boxen with Sendmail.
Slashdot Mirror
MS has been using simulator questions since the IIS 4.0 exam. The Win2k3/XP exams have even more simulator type questions. Even with an A-B-C-D type "multiple guess" exam, unless you know something about something, you stand to only get 25% correct, which is far less than the 70-80% needed to actually pass. The paper MCSEs get weeded out pretty quickly, at least in my area, and we usually hear about the bad ones when they come knocking.
Want to install printers to all your desktops? Use AD Group Policy. That's why it's there. Makes it extraordinarily easy to keep your enterprise standardized. Install a SUS server, and now patching is a breeze also.
Got technical problems? I haven't seen a problem yet that hasn't been addresses at MS' TechNet. On those very rare occasions that i've had to call Tech Support, I've always gotten the problem fixes, and on all but one occasion, had my money refunded for the call.
It's easy to argue how much something sucks from a position of ignorance. Try asking a question and learning instead of perpetuating the FUD that is the stock in trade at this place.
Jabber may be find for a small set of people who want to keep in touch, but we've found that the code is way too immature to support a corporate clientbase. There are a lot of features that MSN Messenger has that Jabber doesn't and won't have in the forseeable future, and a lot of the missing features are basic things. In addition, I really don't care for Jabber's method of dealing with various issues "Just telnet into the Jabber port and send raw XML to the server! WHEEEEEE!".
If you already own an Xbox, you're already helping them. By the way, I want to be able to play my Atari2600 cartridges on my Gamecube. Since Nintento won't help me do this, should I blackmail them?
MS has no obligation to make Linux run on the XBox.
No, I don't get to define what blackmail is. But the lawyers do, and my (and several other people's) interpretation of what blackmail is seems to all agree that this case IS blackmail. Now Free-X has gone and sullied the reputation of the OSS movement.
Why would Microsoft want to even consider working with these people? Linux doesn't further Microsoft's goals with the XBox, and I certainly don't blame them for telling Free-X to go fsck themselves.
I'm sorry, you don't get to define what blackmail is. YANAL and all that...
This does fall within the letter of the law for blackmail. And now the Open Source movement has to deal with the collective black eye this is going to give them.
Our question for you is: are your posts going to be how the Complete Moron Collective is going to express itself?
As above, so below, eh? Let me get this straight: If I'm not following the party line by bashing Microsoft and praising a bunch of people who really aren't in a position to be demanding anything from Microsoft, then I'm somehow a moron?
Sounds like someone is a part of the Rightthink Cabal. Do you have any original thoughts of your own?
I submitted a story about these guys a day or two ago, but of course it was rejected because it painted them in a less than favorable light (blackmail and all).
I'll ask the question again: Is this how the Open Source movement is going to seek legitimacy? By attempting to blackmail people?
From the clamav site:
"The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too"
They're still using OpenAV's defs with some of their own. This didn't sit too well with me, as it's (IMHO) schizophrenic, and not production-level quality. So I ditched ClamAv and shelled out $80 for F-prot.
Clamav is nice and all that, but my feeling is that it's not ready for primetime, especially if it's relying on OpenAV's definitions.
NTSyslog and Swtach are both valuable tools. The syslog daemon itself has far too many built in insecurities to make it entirely trustworthy (i noticed you mention a secured Linux box). I'd appreciate your input on making it DoS proof.
The syslog box is behind an internal firewall that allows only syslogd from the servers being logged to contact it. I'd put the thing on an independant network, except that our network topology wouldn't allow for that. Part of security is identifying risk, and either accepting it, or mitigating it. We looked at the possibilty of someone internally trying to DoS the box, and figured the risk was low. The firewall has good controls over traffic and sometime soon, we'll institute some more controls in the future (ie, either SSL-enabled transmission or IPSec).
For the Security Logs, I'm using both NTSyslog and a new product that I'm beta'ing from Microsoft that sends all security information to a collector that inserts the information into a SQL database. The transmission between the server and the collector is SSL enabled and mutually authenticated before any transmission takes place.
Again i question how you can facilitate enabling the kind of auditing levels you boast with a local event log retention policy which will maintain a reboot stamp from 1 year ago. I would have found if more believable if you had said you computed the value from your centralised logs.
Don't sweat it. First, I give each log a generous amount of space (a few megs at least, except for the Security log which I allocate more). Second, reboot events are in the System log. This log right now is about 100k in size, since the system is so stable and static. A static system is a happy system, and a happy system has a small System log. Most of the entries in that system's System Log are from TermServDevices complaining about one of the other admins connecting. He's got some funky printer drivers that the Exchange server doesn't have, so the printer redirection feature doesn't work for him and generates an event.
You're partially correct with the fact that Microsoft wants to sell you Exchange2000. BUT. Buying an Exchange2k license allows you to downgrade to Exchange5.5. Buy the Exchange2k license, and the $20 media kit for Exchange5.5 and you're set. I believe that Microsoft will support Exchange5.5 until 2005 or so.
This licensing scheme works for most of thier software now- but SQL2000 and you can downgrade to SQL7 if you need to. Same with Office2k/XP.
If you want to type up business documents on your Nokia, knock yourself out. I don't know how many people still bang away on their Ataris, but I do know one guy who still writes his docs on a TI44 with a daisy wheel printer. But he's weird.
Um, no. You're obviously a few steps behind. Try to keep up as I educate:
NT post SP4 and Win2k by default keep a heartbeat value written in the Registry. Uptime derived from Event Log only happens when the heartbeat isn't turned on. See article Q232243 on TechNet for more information.
But don't worry yourself about my Event Logs and good administration. All my logs are centrally collected via NTSyslog to a secured Linux server running Swatch, plus I'm running a beta of a new event log collection service. I'm writing some very nice code to query the database the events are kept in. I can track a single user and everything he touches on the network from logon to logoff at this point.
I'd go back to work, but it appears that my servers are all up and running. My ego is justifiably inflated.
Class dismissed.
That's right. Grandma runs whatever is on the PC she buys at BestBuy or CompUseless. And last I checked, they're not selling a whole lot of Linux preinstalls.
But is it FUD to say that the average person wouldn't know how to do a network RPM install? I'd wager that the pitiful Muggles wouldn't even know how to log on to the console, much less know how to invoke the proper switches to fetch an RPM off the network. Compare that to sticking the Office CD into the CD-ROM drive, and BAM! Autorun launches and here's a nice installer. Why can't we see that in Linux? Maybe it's the damn macho factor. I still see the Slackware crowd poo-pooing the RedHat users, etc... our Unix admin here likes Sendmail over Postfix just because it's more "manly" even though it takes him all day to get the damn thing tweaked and tuned. Apparently, things are supposed to be esoteric and difficult in Linux.
I know, whenever I say anything that isn't hypercritical of Microsoft nor heaps praise upon praise on Linux, it gets everyone running around screaming FUDFUDUFUDFUD!, but you all have to grow up sometime. To embrace Open Source, first you have to have Open Minds. That includes giving credit where credit is due.
So tempting to mod you down like the troll you are but why not bite instead.
So I'm to blame for your lack of control now?
For a bunch of self-appointed geeks, you all sure missed the point in your fervor to defend whatever it is today that isn't Microsoft.
I've said it before, I'll say it again and use smaller words so you all understand: Linux isn't going to be a viable desktop replacement until Grandma can install something like OpenOffice or StarOffice as easily as she can on Windows.
All the responses I've seen aren't viable. You expect a home user to know how to use apt-get or a network install of an rpm? HA! I use OpenOffice on a Win2k box, and I find it a major pain in the ass as compared to Office2k. And it certainly doesn't like the multiuser situation very much, either.
Dear Spack-
Show us an operating system besides Windows that doesn't require you to hold esoteric knowledge to install an easy-to-use word processor and email app.
Last time I checked, I didn't need to compile Office2000 from source, and it installed just by popping the CD in and answering a few questions. Can you say the same about Linux?
No serious application provider gets 100% uptime. Anyone who says they do are either lying or playing doll-houses with their servers.
C:\>uptime \\exchsrvr01
\\exchsrvr01 has been up for: 365 day(s), 15 hour(s), 39 minute(s), 59 second(s)
Irony defined. My Exchange server has been up for a year today. 100% uptime. 1 year ago we had some scheduled maintenance, so actually, it's been 100% uptime for well over a year. I have over three dozen Win2k servers here that meet or exceed five nines of availability for the past year. It's not dollhouses, it's not rosy tint. It's just good systems administration. That's why I get paid the big bucks.
You're using ClamAV on a production box?! You do realize that the OpenAntivirus definition files haven't been updated since October, 2002... For Bob's sake, spend $80 and get F-Prot or something else that gets updated more than twice a year.
It is an OK mail server, but your experience is the exception, not the rule.
I've had little to no problems with Exchange either. Does that make me an exception also? Imagine that! Two exceptions in the same room! What are the odds?
hfnetchk / MS BaseLine Security Analyzer + individual updates + manual download (and file verification) + qchains is the only way I update now. There may be a better way, but WindowsUpdate is death.
/var/spool/mail. Too bad there isn't a transaction log for that...
Try SUSServer. It's a locally owned and configured WindowsUpdate type thing. It downloads all the patches from WU, but you decide which patches get pushed to your boxes from the SUSServer. Group Policy makes this a Very Easy Thing to do.
As for WU itself, I've never had a problem with it, although I don't let WU to a carte blanche update to whatever machine I'm working on. Some hotfixes don't play nice with our proprietary software.
I've never personally seen an Exchange server priv.edb corrupt, but it can happen. I had a collegue who had it happen to him. All he had to do was restart the server, and the rollback with the transaction log took care of the rest.
I havve seen Sendmail shit itself, and trash
I'm suprised you're still employed with such a cavailier and unprofessional attitude like that. If you worked for me, you'd last about 5 minutes before I'd have your ass fired with cause.
MS Exchange Server (server end; NT only), MS Outlook (client end; Win32, MacOS). Very limited support of open-protocol clients (IMAP, webmail?). Microsoft Corp. wants to sell you Exchange 2000, these days, but Exchange 5.5 is still very common.
Webmail in the Exchange world is Outlook Web Access (OWA). Very easy to install and get running. It provides virtually all of the same functionality as Outlook, including calendar access, etc... I prefer using it over Outlook when I'm on the road as I have users to tend to send me large attachments, and my dialup bandwidth is limited.
Exchange's IMAP support is just fine. I've used IMAP clients from Outlook Express, mutt and pine. Exchange also does POP3 pretty well too.
I use OWA and have no problem accessing shared inboxes. Instead of specifying your own mailbox at the initial login page, try specifying a different box that you have access to.
I use it all the time to access our helpdesk mailbox when I'm at our colo facility. As for GAB access, just type in part of the name and hit "Check names"
Really. It works.
1) Load Win2k, SP3+
2) Install all important Windowsupdate stuff
3) Load Exchange 2000 (domainprep, forestprep, etc).
4)Install Sp3 for Exchange 2000.
5) Configure domain
Not wanting to split hairs here, but shouldn't step 5 come before step 3? IIRC, you have to run forestprep and domainprep before Exchang2k can be installed since there are schema extensions that have to be in place before the server can be installed.
IIRC even more, in an AD environment, it won't even let you install Exchange2k until the AD has been prepped.
I inherited the role of Exchange admin, as I'm primarily a network engineer and systems guy. But you know what I did to get this super reliable Exchange site in place? I followed the damn instructions.
First, get quality hardware. Check the HQL. Any MCSE will tell you that is where you start. Install the OS (win2k in this case, since it makes installation easier). Slap Win2k SP3 on it. Install Exchange 5.5. Nothing fancy, except installing the priv.edb on a separate drive for performance. Install Exchange 5.5 SP4. And I'm done.
Nothing that the Exchange Gurus keep to themselves, just common sense. I was done in under 90 minutes.
Your argument is invalid anyway- Linux can be secure IF you put the time into securing it and making it reliable. Anyone who thinks that ANY operating system or suite of services (even the BSDs) is naive and should have his patch cables severed.
For the record, I'm a Postfix guy myself, but Exchange has existed very nicely in my network. Much nicer than some of the Solaris boxen with Sendmail.