Windows Client UPDATE--A Forgotten Caveat of Patches--October 14, 2004

If you'd like to receive Windows Client UPDATE in HTML format in the near future, click the URL below.

http://www.windowsitpro.com/HTML/Index.cfm?NewsletterID=8&email=#emailaddr#

Make sure that overzealous antispam software doesn't block your copy of Windows Client UPDATE--add Windows_Client_UPDATE@list.windowsitpro.com to your list of allowed senders and contacts.

This Issue Sponsored By

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Windows Client UPDATE.

Free White Paper: Deploying Windows Updates with Confidence

http://www.windowsitpro.com/whitepapers/winternals/index.cfm?1014cli_p

Security Administrator

http://www.secadministrator.com/rd.cfm?code=fsep254xup

===============

1. Commentary: A Forgotten Caveat of Patches

2. Reader Challenge

- September 2004 Reader Challenge Winners

- October 2004 Reader Challenge

3. News & Views

- Microsoft Working on Spyware Solution

4. Resources

- Tip: Enabling Concurrent RDP Sessions in Windows XP SP2

- Featured Thread: Adding a Windows XP Machine to a Windows 2000 Domain

5. New and Improved

- Performance Analysis Tool

- Create Multiple Windows Desktops

- Tell Us About a Hot Product and Get a T-Shirt!

==== Sponsor: Free White Paper: Deploying Windows Updates with Confidence ====

IT professionals are challenged to balance the requirement for rigorous testing of Windows updates and service packs against the need for rapid deployment to block emerging security threats. This free white paper provides an overview of the issues surrounding Windows updates and service packs. Find out how to manage changes to critical system files and settings introduced by patches and service packs, and how to rapidly restore single and multiple machines in the event that they are rendered unbootable, unstable, or incompatible with installed applications. Download this white paper now!

http://www.windowsitpro.com/whitepapers/winternals/index.cfm?1014cli_p

==========

Dear READER,

In late September, we converted our email newsletters to HTML. This change was based on audience feedback that led us to believe the scale had tipped in favor of HTML email newsletters.

Wow, did you ever chime in with feedback on this one! You resoundingly told us, "Don't take away my text newsletters!" More than 1000 (and counting) of you have taken time out of your busy day to tell how you want your email newsletters delivered.

Effective Monday, October 11, we will move email newsletters back to text format. We will include a link for any reader who wants to sign up for the HTML format, which we'll offer again when demand for this format has built up.

It's wonderful to see how responsive our audience is and how much you care about the content. We want to continue providing high-value content in these free email newsletters. Our sponsors and your clicks are what allow us to produce this high-quality content for free in the email newsletters.

We have been overwhelmed by your response and appreciate this incredible testament to the deep community relationship we have with you. In a meeting the other day, we were discussing how cool it is that so many of you felt strongly enough about it to take the time to write us an email message and tell us your thoughts!

We work really hard to listen you, our loyal (and opinionated!) audience, and we feel privileged to be the hub of this incredibly active Windows IT community over the past 10 years. Keep the feedback coming because you know we're listening!

Best regards,

Karen Forster

==== 1. Commentary: A Forgotten Caveat of Patches ====

by David Chernicoff, david@windowsitpro.com

I tend to be somewhat obsessive about keeping all the computers I'm directly responsible for updated with patches and hotfixes. This attention to detail has paid off: I have yet to have a virus or security exploit on one of my personal computers, nor have I had to deal with malware outbreaks or anything of that nature.

Unfortunately, I'm not always able to convey that sense of urgency to my friends and clients. A friend (who is also a client) recently asked me to try to clean up a seriously infected computer. The system ran his company's cash register and point-of-sale systems, and due to a casual corporate attitude about Web surfing when business was slow, had managed to acquire quite a collection of viruses and malware. I'd been trying to convince this client to change his choice of point-of-sale systems because the one he has runs properly only when the account it runs under has full administrative access rights. However, he'd purchased the business only a few months earlier and didn't have the financial resources to dump the system and migrate the 5 years of customer and inventory data it contained.

After I removed literally hundreds of infected files and dozens of malware applications, the computer still wasn't running right, and I decided that it would be simpler (for me) to wipe the hard drive and reinstall the OS and applications. Fortunately, the client had been religious about running the automated backup routine I'd written for him, so the actual application data files were backed up onto another computer and were free of corruption and infection.

To simplify the installation process, I used an XP installation CD-ROM that included Service Pack 2 (SP2). The combined OS/SP2 installation reduced the amount of time needed for the reinstall because I didn't have to go through the Windows Update process too many times to make sure that I'd dealt with all the latest security concerns. So, in a process we're all too familiar with, I wiped the hard drive, reinstalled the OS, updated it, and installed antivirus and anti-malware software.

These steps brought me to the point of reinstalling the application software. The easy part would be reinstalling the standard office automation applications. The point-of-sale software would require a little more work, but my client knew that product and would handle that installation himself. My only real concern was ensuring that he had a solid, reliable system on which to install the application.

After going over with my client all the things I'd done on the computer, the only software that had to be reinstalled (other than the point-of-sale software) was Microsoft Office. After reinstalling Microsoft Office XP, I went to the Office Update Web site and installed the required updates--of which there were quite a few.

Thinking I was finished with my portion of this project, I double-checked the configuration to make sure everything was ready to go. You can imagine my consternation when I discovered that installing and updating Office XP had compromised the OS's security by reintroducing an exploit that I'd already patched--specifically, the JPEG buffer overrun exploit described in Microsoft Security Bulletin MS04-028. (Microsoft now has a tool that's designed to find and alert you to this exploit, which can be reintroduced after the installation of several widely used Microsoft applications. For details about the GDI+ Detection Tool, go to http://support.microsoft.com/default.aspx?scid=kb;en-us;873374.)

This whole experience reminded me--rather forcefully--of something I'd forgotten. In the past, if you installed applications after installing certain service packs or hotfixes, you often had to reinstall the service pack or hotfix because the application installation replaced files that you'd patched. This concern is still valid--perhaps even more valid in these security-conscious days than it once was--and you shouldn't let that fact slip from your mind.

Off topic (but of considerable interest), I want to invite you to test your Active Directory (AD) and Group Policy skills against your peers in the IT Prolympics. Before you start, you can download a free reference guide about AD and Group Policy. Then, take a 20-question multiple-choice test. Finally, complete a timed virtual AD lab to demonstrate your skills in a real-life setting.

Windows IT Pro will select three winners based on their overall scores. The gold medalist will win an all-expense-paid trip to TechEd 2005, and all three winners will be featured in the January issue of Windows IT Pro. To sign up for the competition, go to http://www.windowsitpro.com/itprolympics--you have until November 26 to complete the test and the virtual lab. Good luck!

==========

==== Sponsor: Security Administrator ====

Try a Sample Issue of Security Administrator! Security Administrator is the monthly newsletter from Windows IT Pro that shows you how to protect your network from external intruders and control access for internal users. Sign up now to get a 1-month trial issue--you'll feel more secure just knowing you did. Click here!

http://www.secadministrator.com/rd.cfm?code=fsep254xup

==== 2. Reader Challenge ====

by Kathy Ivens, challenge@windowsitpro.com

September 2004 Reader Challenge Winners

Congratulations to the winners of our September Reader Challenge, who won copies of "Windows Server Undocumented Solutions: Beyond the Knowledge Base," by Serdar Yegulalp (McGraw-Hill Publishing), and "Home Networking for Dummies," by yours truly (Wiley Publishing). Visit http://www.windowsitpro.com/articles/index.cfm?articleid=43835 to read the answer to the September Reader Challenge.

October 2004 Reader Challenge

Solve this month's Windows Client challenge, and you might win a prize! Email your solution (don't use an attachment) to challenge@windowsitpro.com by October 28, 2004. You must include your full name and street mailing address. (Without that information, we can't send you a prize if you win.)

I choose winners at random from the pool of correct entries. Because I receive so many entries each month, I can't reply to respondents, and I never respond to a request for a receipt. Look for the solutions to this month's problem on October 29, 2004, at http://www.windowsitpro.com/articles/index.cfm?articleid=44212.

The October 2004 Challenge:

I receive many queries from readers about many different subjects, but suddenly I'm seeing a lot of questions about effective search procedures. I think the recent press about the success of search-engine providers, and the appearance of search engines for specific topics, probably motivated your interest. Many tricks and tips can make your online searches more efficient. However, based on the questions I see and what I observe when I peek over peoples' shoulders while they enter search queries, I think that many people lack knowledge about basic search techniques. How much do you know about basic search operations? Test your knowledge with this challenge.

Question #1:

By default, search engines use one of two boolean operators. What are those operators?

Question #2:

Two changes should occur in the search engine process when you enclose a search phrase in quotation marks. One change is that the words you enter are searched for in the order in which you entered them. What is the other change?

Question #3:

Shakespeare wrote a poem titled Who Is Sylvia? What could this poem possibly have to do with understanding the way search engines work?

==== 3. News & Views ====

by Paul Thurrott, thurrott@windowsitpro.com

Microsoft Working on Spyware Solution

During a weekend trip to the Computer History Museum in Mountain View, California, Microsoft Chairman and Chief Software Architect Bill Gates revealed that his company is working on an antispyware software solution. Gates didn't say when the company would ship the technology or whether it would be bundled with Windows or shipped as a standalone product.

Gates did say, however, that Microsoft is dedicating "hundreds of millions of dollars" of its $5 billion annual R&D budget toward solving the problems of "malware and adware." Although Gates says that he's never been victimized by a virus, his PCs have been riddled with spyware, forcing him to run third-party spyware scanners. "I haven't had a virus on my machine basically ever," he said.

In a related Webcast event, Microsoft Security Business and Technology Vice President Mike Nash said that the company's spyware efforts will likely come to market in a free system update similar to Windows XP Service Pack 2 (SP2). "Some of this will come through extra protection in the platform," he said. "But it's also clear that there are some good third-party solutions available today as well. As our plans develop, we will update you with our progress."

Additionally, Microsoft is working on an antivirus solution, although the delivery plans for that product might have changed. Originally, Microsoft intended to ship its antivirus technology as a core part of Longhorn, the next Windows version. With Longhorn's release slipping to 2006, however, Microsoft could deliver the antivirus solution before that time, perhaps as an XP update.

==== Announcements ====

(from Windows IT Pro and its partners)

Get the Charter Issue of Windows IT Pro!

Windows & .NET Magazine is now Windows IT Pro! Act now to get our special charter issue rate of just $39.95--that's 52% off the cover price! The September issue shows you how to plug DNS holes and select the best scripting editor, plus learn more about the business side of IT. And discover the top 10 PC trends we think you need to keep an eye on. This is a limited-time offer, so order today!

http://www.winnetmag.com/rd.cfm?code=thep204jul

Join Itzik Ben-Gan, William Vaughn, and Gert Drapers in Brussels!

Learn from SQL Server Magazine experts at Europe's premiere SQL Server event--Brussels SQL Server Day on October 26. Join Microsoft and SQL Server Magazine for a free, full-day event that gives SQL Server users the tools they need to unleash the power of SQL Server 2000, deploy SQL Server Express, and get ready for SQL Server 2005. Register now!

http://www.windowsitpro.com/roadshows/sqlserverbrussels/index.cfm?code=1011semailannc

==== 4. Resources ====

Tip: Enabling Concurrent RDP Sessions in Windows XP SP2

(contributed by David Chernicoff, david@winnetmag.com)

One feature in the beta release of Windows XP Service Pack 2 (SP2) that isn't in the final version was the ability to configure XP to support two simultaneous Remote Desktop sessions. I found this feature very useful, given the way I use RDP in my daily tasks, and I was disappointed that it was gone. However, you can re-enable this feature with a simple registry edit.

1. Open Registry Editor (Start, Run, regedit).

2. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\Licensing Core.

3. Create a new REG_DWORD value named EnableConcurrentSessions.

4. Set the value to 1.

5. Exit the editor.

You'll then have support for two concurrent RDP sessions.

Featured Thread: Adding a Windows XP Machine to a Windows 2000 Domain

Forum participant "Eghareeb" is having trouble joining a Windows XP Professional Service Pack 1 (SP1) machine to a Windows 2000 Server SP4 domain. The error message reports that no more endpoints are available from the endpoint mapper. If you can help, join the discussion at http://www.windowsitpro.com/forums/rd.cfm?cid=36&tid=126317

==== Events Central ====

(A complete Web and live events directory brought to you by Windows IT Pro: http://www.windowsitpro.com/events)

Are You "Getting By" Using Fax Machines or Relying on a Less Savvy Solution That Doesn't Offer Truly Integrated Faxing from Within User Applications?

Attend this free Web seminar and learn what questions to ask when selecting an integrated fax solution, discover how an integrated fax solution is more efficient than traditional faxing methods, and discover how to select the fax technology that's right for your organization. Register now!

http://www.windowsitpro.com/seminars/faxsolutions/index.cfm?code=1011emailannc

==== 5. New and Improved ====

by Barb Gibbens, products@windowsitpro.com

Performance Analysis Tool

Executive Software has released Disk Performance Analyzer for Networks. This free utility detects and reports server fragmentation-related performance slowdowns and their effect on your network. With this information in hand, you can then use Windows' built-in defragmenter or a third-party product to correct the problem, if necessary. To download Disk Performance Analyzer for Networks, click the link below. You can contact Executive Software at (818) 771-1600 or (800) 829-6468.

http://www.executive.com/downloads/menu.aspx

Create Multiple Windows Desktops

Gamers Tower has released Multi User Desktop 2004 Professional 2.3. Like a keyboard/video/mouse (KVM) switch, the software lets you create an unlimited number of independent desktops and connect each one to different computers. You can access desktops via hotkeys or an icon in the system tray. The new version features remote desktops, a shell and program manager, and a profile and icons manager. For more information, see the Gamers Tower Web site.

http://www.multiuserdesktop.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows IT Pro T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to whatshot@windowsitpro.com.

==== Contact Us ====

About the newsletter -- letters@windowsitpro.com

About technical questions -- http://www.windowsitpro.com/forums

About product news -- products@windowsitpro.com

About your subscription -- winnetmagupdate@windowsitpro.com

About sponsoring UPDATE -- emedia_opps@windowsitpro.com

===============

This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

http://www.windowsitpro.com/sub.cfm?code=wswi201x1z

View the Windows IT Pro Privacy policy at

http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro is a division of Penton Media, Inc.

221 East 29th Street, Loveland CO 80538

Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All Rights Reserved.