Wrong yet again. You're batting none for about a hundred here. Sysprep is not used for cloning to an identical machine. You can restore the image to any machine with the same HAL - regardless of other hardware, provided you can include the drivers for the new hardware in the image. All this stuff isn't rocket science - it's standard Windows stuff. If you'd bothered to do even the slightest bit of research you would have found this out. Quit while you're ahead.
Bullshit. What's the Windows backup utility for? Using that you can make functional backups of Windows 2000 & XP. And restore it as well.
For disk imaging, they also provide other tools like RIS, which allows you to make a generic image and restore to multiple hardware platforms, provided they use the same HAL.
The problem is nothing to do with SIDs. The problem is that there is no way to back up a live (i.e. running) Windows XP (or NT, or 2000) system on NTFS in such a way that you can restore it to a fully functional system without going through (a) installation of XP/2k/NT (b) installation of all software packages individually and then (c) going through the hassle of applying the multitude of security patches on Windows and every package. This probably entails about 10+reboots and a considerable period of time. NTFS locks too many files which are required by a running system(pagefile.sys, registry, etc, etc, etc)
Nonsense. Backup using Windows backup to whatever media you need. Now for DR. Install Windows whatever on the machine (nothing else), insert the tape and restore the filesystem and the system state. Reboot. Voila - full restore.
You have to jump through a few more hoops to restore an AD/Exchange/SQL server, but that's it.
Hmmm... so what do you do when you have a good 2-3k client machines to handle as well? If it were just servers that would be one thing - but when you have client applications all over the place and you have to go around installing and patching that's something entirely different.
When you're running that many client machines you can either use a distributed SUS architecture, or for most businesses of that size they have management software in place (be it Altiris, SMS, Unicenter,or even HFNetCheckPro) that can be used to deploy updates in a sensible fashion. Sure, as soon as you get over about 100 machines you start getting to the point where the interdependencies start to get complicated, but if you can get say 95% of your machines with no manual intervention then you're winning. If you've got good test procedures, you should be able to get even more.
At work, you pop in your trusty f_prot or other comparable antivirus software and BAM! There's Blaster/SoBig/Klez/whatever staring you in the face. You yell at a random staffer for opening attachments at work.
This continues for a week until Microsoft releases the patch, which you download and install. You think everything will be OK for a while
This would be nice if it was actually true. How many exploits have there been where the exploit was out and spreading before the patch was released? Very few - I can't think of any. Blaster was patched weeks before the exploit was out, Code Red, Nimda, Code Blue - all the same.
You haven't "worked" in IT, have you? Part of that time is testing the patches to make sure they work and don't break something else worse that what the worm/virus/hole will do. Anyone who lets Windows update run fully automated on production servers is a fool.
Eight years and counting, and most of that time in Windows environments. I didn't say that you didn't need to test, testing is a given. If you're not testing, you're a fool. However, the fact is that between the time the update comes out and the time an exploit is released there is generally a windows available for testing. Blaster is a case in point - the update was out for weeks. A good admin would have reviewed the update, seen that it was a remotely exploitable hole and started testing it. Then with the automated deployment tools it's a matter of releasing the update. For what it's worth, I don't recommend Windows Update on servers at all - I prefer to patch them in a more controller fashion. Of course, in some environments the volume of servers means you have to automate it in some way.
This is the opportunity for community leaders to finally start talking about the FUNDAMENTAL architecture differences between Windows and Unix variants that allow security issues to be contained (permissions/groups)
Guess what? Windows has permissions and groups as well. And they're used for the same purposes - restricting access to resources. The fact that many don't use them is a valid point, but fundamentally the architecture is in place. This is how professional shops are providing secure Windows environments. It's not rocket science
How many Windows Security Threats have made me work over 24 hours straight? 1 every 2 two months in 2003
Why did you have to work over 24 hours straight? Don't you have an automated patch management strategy in place? Surely that's part of supporting an OS? Surely after the first time you would have figured out that there's a better way to do it?
I'm so tired of people trying to lock down windows boxes! Sure anybody can install anything on a win box... that's why it's bad for public access.
It's not that hard. Don't make the user an administrator takes care of 90% of it, and some judiciously applied NTFS permissions take care of the rest. It's getting to be a pretty tired argument, for those of use who've been using NT since 3.51 securing workstations isn't a big deal.
Now, if you're talking about Win 9x/ME, I absolutely agree. They have no place being anywhere that requires even a modicum of security.
UPNP is a standard that lets you transparently open up holes in your NAT.
No it isn't. That happens to be one of it's uses, but it's actual purpose is to discover other UPNP devices on the network and configure the host machine to be able to talk to them.
Tell me, how useful are command line arguments to word.exe?
Relatively. However, that misses the point. The Windows Scripting Host tool in Windows is capable of scripting those applications using COM, not simply by passing command line arguments to the application. Therefore in your script you could do a CreateObject(Application.Excel) (or whatever) and then automate Excel entirely from script. I think that was the point the OP was driving at.
You seem to be confused as well. You say that MS Office/OpenOffice are applications, then proceed to set a challenge that also involve scripting with applications.
But maybe a monopolist which continues to abuse it's position _should_ be held to a higher standard than others ? Is it not arguable that MS has the resources required to audit all of it's code and fix such issues ? Maybe not technically true, but arguable in court...
But then your case depends on proving that Microsoft is continuing to abuse it's position - and presumably the defence to that would be that since the monitoring board (or whatever got appointed) hasn't cited them for it, they can't be. Or something like that.
...and it opens a new cmd window for every instance of net use just like I said.
Because you're totally wrong. It doesn't open a new window for every instance of net use, unless you're doing something daft like "start net use". The "net" command is a win32 command line tool that executes in the same cmd environment as the login script. Seriously, if you're opening a new command prompt every time you execute the net command, you're doing something wrong.
Using IfMember.exe means the login script is shelling out to DOS (yes it's still DOS) to find group membership then shelling out again to run NET USE
Your login script is running in a cmd window anyway, so it's not shelling out anywhere. It's executing command line executables to do so. For someone who claims to have managed MS OS's for so long you don't actually know much about doing it.
you know what, if you want to financially support criminals, thats your business
Surely if they are criminals, there would be legal methods to deal with spammers, not by blacklisting entire class C ranges? How many of these criminals have actually been prosecuted - or are you just calling them criminals in the hope that people will believe you?
I found the SpamBayes plugin for Outlook broke some bits and pieces. Most annoying for me was the autocomplete of cached email addresses - it would show the list but the entries weren't actually visible. It's listed as a bug on their web site, but no indication of a resolution date. Apart from that it worked really well, no false positives.
Does it have a way to search for file names by regular expressions, by exact substring/phrase, or even by all the words? I can't get Windows 2000 to search by anything other than any of the word stems.
Other posters have noted that regexps aren't necessarily useful to (they claim) the majority. The advanced user will use the command line, which provides some tools that support regexps (e.g. findstr, or WSH)
And pressing the Logo key between Ctrl and Alt will unceremoniously dump the player out of a fast-action full-screen game.
I can sell my Linux distribution for the same price Microsoft sells Windows XP Professional. I am only requied by the GPL license to give my source code to people who buy my software. How is that a drawback? How does that make it "free"? It isn't and it doesn't
And you don't understand economics.
When the GPL says that whoever receives your software is also allowed to redistribute it, the price of your software rapidly approaches zero. All it takes is one person to pay the price, and then make it freely downloadable and you've just lost your sales opportunities. You're left with eking out a living selling support & t-shirts & cute fluffy penguin dolls - and look around and see how sucessful that's been.
I don't see where the money argument comes into play here?
I am going to mention TCO - not to say that it's lower in one case or another though. The money argument presumably comes into play with things like ease of development, API's, developer support, ongoing support - things like that. Saying the OS component is free might make some price difference, but probably not as much as you might think. The same arguments apply both ways of course, so MS will sway the figures their way, companies using Linux will want the figues to sway the Linux way.
Slashdot Mirror
Wrong yet again. You're batting none for about a hundred here. Sysprep is not used for cloning to an identical machine. You can restore the image to any machine with the same HAL - regardless of other hardware, provided you can include the drivers for the new hardware in the image. All this stuff isn't rocket science - it's standard Windows stuff. If you'd bothered to do even the slightest bit of research you would have found this out. Quit while you're ahead.
For disk imaging, they also provide other tools like RIS, which allows you to make a generic image and restore to multiple hardware platforms, provided they use the same HAL.
Nonsense. Backup using Windows backup to whatever media you need. Now for DR. Install Windows whatever on the machine (nothing else), insert the tape and restore the filesystem and the system state. Reboot. Voila - full restore.
You have to jump through a few more hoops to restore an AD/Exchange/SQL server, but that's it.
When you're running that many client machines you can either use a distributed SUS architecture, or for most businesses of that size they have management software in place (be it Altiris, SMS, Unicenter,or even HFNetCheckPro) that can be used to deploy updates in a sensible fashion. Sure, as soon as you get over about 100 machines you start getting to the point where the interdependencies start to get complicated, but if you can get say 95% of your machines with no manual intervention then you're winning. If you've got good test procedures, you should be able to get even more.
This continues for a week until Microsoft releases the patch, which you download and install. You think everything will be OK for a while
This would be nice if it was actually true. How many exploits have there been where the exploit was out and spreading before the patch was released? Very few - I can't think of any. Blaster was patched weeks before the exploit was out, Code Red, Nimda, Code Blue - all the same.
Eight years and counting, and most of that time in Windows environments. I didn't say that you didn't need to test, testing is a given. If you're not testing, you're a fool. However, the fact is that between the time the update comes out and the time an exploit is released there is generally a windows available for testing. Blaster is a case in point - the update was out for weeks. A good admin would have reviewed the update, seen that it was a remotely exploitable hole and started testing it. Then with the automated deployment tools it's a matter of releasing the update. For what it's worth, I don't recommend Windows Update on servers at all - I prefer to patch them in a more controller fashion. Of course, in some environments the volume of servers means you have to automate it in some way.
Guess what? Windows has permissions and groups as well. And they're used for the same purposes - restricting access to resources. The fact that many don't use them is a valid point, but fundamentally the architecture is in place. This is how professional shops are providing secure Windows environments. It's not rocket science
Why did you have to work over 24 hours straight? Don't you have an automated patch management strategy in place? Surely that's part of supporting an OS? Surely after the first time you would have figured out that there's a better way to do it?
And heaven forbid that we spent time and effort to do it. Christ, with that attitude you've lost before you've even started
Besides, why give them something they already have?
Choice? Competition? Price? Security? Maybe someone could do it better?
It's not that hard. Don't make the user an administrator takes care of 90% of it, and some judiciously applied NTFS permissions take care of the rest. It's getting to be a pretty tired argument, for those of use who've been using NT since 3.51 securing workstations isn't a big deal.
Now, if you're talking about Win 9x/ME, I absolutely agree. They have no place being anywhere that requires even a modicum of security.
No it isn't. That happens to be one of it's uses, but it's actual purpose is to discover other UPNP devices on the network and configure the host machine to be able to talk to them.
Tell me, how useful are command line arguments to word.exe?
Relatively. However, that misses the point. The Windows Scripting Host tool in Windows is capable of scripting those applications using COM, not simply by passing command line arguments to the application. Therefore in your script you could do a CreateObject(Application.Excel) (or whatever) and then automate Excel entirely from script. I think that was the point the OP was driving at.
You seem to be confused as well. You say that MS Office/OpenOffice are applications, then proceed to set a challenge that also involve scripting with applications.
Surely if it's lesbian porn theres no head, only lots of tail?
But then your case depends on proving that Microsoft is continuing to abuse it's position - and presumably the defence to that would be that since the monitoring board (or whatever got appointed) hasn't cited them for it, they can't be. Or something like that.
Mod this down
yes it's still DOS
No it isn't. It's a 32-bit command interpreter, not DOS. It looks like DOS, and behaves in a similar fashion, but it ain't DOS.
Because you're totally wrong. It doesn't open a new window for every instance of net use, unless you're doing something daft like "start net use". The "net" command is a win32 command line tool that executes in the same cmd environment as the login script. Seriously, if you're opening a new command prompt every time you execute the net command, you're doing something wrong.
Your login script is running in a cmd window anyway, so it's not shelling out anywhere. It's executing command line executables to do so. For someone who claims to have managed MS OS's for so long you don't actually know much about doing it.
Surely if they are criminals, there would be legal methods to deal with spammers, not by blacklisting entire class C ranges? How many of these criminals have actually been prosecuted - or are you just calling them criminals in the hope that people will believe you?
I found the SpamBayes plugin for Outlook broke some bits and pieces. Most annoying for me was the autocomplete of cached email addresses - it would show the list but the entries weren't actually visible. It's listed as a bug on their web site, but no indication of a resolution date. Apart from that it worked really well, no false positives.
Other posters have noted that regexps aren't necessarily useful to (they claim) the majority. The advanced user will use the command line, which provides some tools that support regexps (e.g. findstr, or WSH)
And pressing the Logo key between Ctrl and Alt will unceremoniously dump the player out of a fast-action full-screen game.
So disable the damn thing.
And you don't understand economics.
When the GPL says that whoever receives your software is also allowed to redistribute it, the price of your software rapidly approaches zero. All it takes is one person to pay the price, and then make it freely downloadable and you've just lost your sales opportunities. You're left with eking out a living selling support & t-shirts & cute fluffy penguin dolls - and look around and see how sucessful that's been.
Yeah, but there have also been two releases of a so-called stable kernel (2.4.something) that have had pretty severe flaws in them as well.
I am going to mention TCO - not to say that it's lower in one case or another though. The money argument presumably comes into play with things like ease of development, API's, developer support, ongoing support - things like that. Saying the OS component is free might make some price difference, but probably not as much as you might think. The same arguments apply both ways of course, so MS will sway the figures their way, companies using Linux will want the figues to sway the Linux way.