Windows IT Library UPDATE--the monthly report from Windows IT Library, your free online technical reference. http://www.WindowsITlibrary.com

*********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Windows & .NET Magazine Network Web Seminars http://www.winnetmag.com/seminars

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: WINDOWS & .NET MAGAZINE NETWORK WEB SEMINARS ~~~~

DON'T MISS OUR WEB SEMINARS IN MARCH!
Windows & .NET Magazine has 3 new Web seminars to help you address your security and storage concerns. There is no fee to attend "Selling the Importance of Security: 5 Ways to Get Your Manager's Attention," "Building an Ultra Secure Extranet on a Shoe String," or "An Introduction to Windows Powered NAS," but space is limited, so register for all 3 events today!
http://www.winnetmag.com/seminars

~~~~~~~~~~~~~~~~~~~~

February 19, 2003--In this issue:

1. BOOK REVIEW
- The XML Schema Complete Reference

2. ANNOUNCEMENTS
- Join the HP & Microsoft Network Storage Solutions Road Show!
- Visual Studio Connections: 3 for 1 Conference Offer

3. NEW FROM WINDOWS IT LIBRARY
- Windows NT Troubleshooting
- Windows 2000 Authentication

4. NEW BOOKS IN PRINT
- Essential ASP.NET with Examples in C#
- Cisco Networking Academy Program IT Essentials II: Network Operating Systems Engineering Journal and Workbook

5. NEW EBOOKS
- The Insider's Guide to IT Certification
- Custom CGI Scripting with Perl

6. WINDOWS IT LIBRARY TOP FIVE
- The Microsoft Outlook E-mail and Fax Guide
- Optimizing Windows NT
- Microsoft Windows NT Server Administrator's Bible: Option Pack Edition
- Microsoft Windows NT Secrets: Option Pack Edition
- A+ Certification: How to Pass Your Exams

7. TECHNICAL TIP
- Attacking Your Own NT Networks

8. CONTACT US
See this section for a list of ways to contact us.

********************

1.

BOOK REVIEW


* THE XML SCHEMA COMPLETE REFERENCE
Authors: Cliff Binstock, Dave Peterson, Mitchell Smith, Mike Wooding, Chris Dix, Chris Galtenberg
Publisher: Addison-Wesley Professional
Published: September 2002
ISBN: 0672323745
Paperback, 1008 pages
Price: $59.99

In the opening pages of "The XML Schema Complete Reference," the authors raise, then answer, the questions "Why XML?" and "Why XML schemas?" The authors devote the remainder of the book to helping software developers learn two vital skills: how to create an XML schema and how to integrate it into an existing application.

In answer to the question "Why XML?," the authors explain that because XML has become the de facto standard for the exchange of data, it plays an essential role in many modern computer and business systems. In answer to the question "Why XML schemas?," the authors explain that "XML provides a grammar for parsing a particular file or stream format." They point out that "XML schemas provide a mechanism for specifying more extensive grammar constraints. The ability to guide the layout of an XML document makes that XML document much more predictable."

Together, the six authors who wrote the book have more than 80 years of experience with both emerging and mature technologies. C++, Java, Microsoft SQL Server, Visual Studio .NET, XML schema, C#, and Microsoft .NET Web services are just a few examples of the technologies with which the authors are conversant and which they use regularly. Not only is their experience impressive, but also the diversity of their experience ensures that "The XML Schema Complete Reference" covers its subject matter from a range of perspectives.

Some of the authors are members of the World Wide Web Consortium's (W3C's) XML Schema Working Group. This group makes recommendations, as opposed to creating standards, regarding XML processing. Five of the group's recommendations provide the background and represent the framework around which this book was written. The five recommendations are
- the XML recommendation--XML 1.0 (second edition)
- the namespace recommendation--namespaces in XML
- the infoset recommendation--XML information set
- the XPath recommendation--XPath
- the schema recommendation--XML schema

"The XML Schema Complete Reference" consists of seven parts: an XML schema overview, the creation of XML schema documents, validation of XML schemas, result-oriented schemas, data-oriented schemas, a case study, and five appendices. The authors' primary objective in this book is to "provide detailed examples of every XML schema component. In order to detail each component, this book contains an example of the corresponding schema document element, and all the associated attributes." I believe the authors have delivered on their stated goal. However, a word of warning: To get the most out of this book, you should be comfortable with XML and what it does. Ideally, you should also have practical experience in the use of XML. "The XML Schema Complete Reference" isn't an introduction to XML.

By the time you've finished reading this book, you'll be able to confidently tackle a large assortment of tasks and activities associated with XML schemas. For instance, you'll be able to determine whether using a schema in a given circumstance is wise. You'll gain exposure, in a practical sense, to almost every feature of XML schemas. You'll also have learned about validation of XML schemas, applying XML schemas to attain specific business goals, and the steps involved in mirroring an XML schema with a SQL Server schema.

Apart from the book's many practical examples, tips, and insights, its other major feature is its inclusion of a comprehensive case study, titled "The Campus Resource and Scheduling System (CRSS)." The case study is divided into four areas: the business case, the architecture, the server tier, and the integrated solution. From a business perspective, the CRSS demonstrates how the system should be accessible from the Web and adaptable to PDAs and other types of wireless technology. From the point of view of XML, the case study demonstrates how you can deploy XML schemas to validate user interaction and how you can use XML schemas to automatically handle the mapping of XML data to relational tables. By studying the case study, you'll learn the steps involved in integrating XML schemas with Microsoft technologies such as SQL Server 2000, the Windows .NET Framework, and Visual Basic (VB).

The companion Web site for "The XML Schema Complete Reference" (http://www.xmlschemaReference.com) is an online reference source for anyone who creates XML schemas. After you're familiar with the concept of XML schemas, you should bookmark this site because it gives you a quick, convenient way to check syntax. From the home page, you can follow links to detailed information organized into categories such as simpleType, complexType, choice, sequence, notation, regular expressions, and identity constraints. From the Examples tab on the home page, you can either download a .zip file containing all the XML schema documents and sample code that the book discusses or use your browser to access the samples (which are organized according to the chapter in which they appear in the book).

You can also find out more about the book from the companion Web site. A link on the companion site's home page takes you to the publisher's Web site, where you can read a brief description of the book; browse through the book's table of contents, preface, and index; and read a sample chapter, which discusses XPath and XPointer. Of course, the other benefit of having a companion Web site is that the authors can keep their readers up-to-date about any technological changes that have occurred since the book was published.

The book concludes with five appendices. The first of these, an XML schema quick reference, is a handy syntax reference. The XML grammar appendix lists XML schema regular expressions. The third appendix, devoted to the thematic catalog XML schema, consists of four listings: the thematic catalog schema document (catalog.xsd), the thematic address schema document (address.xsd), the supporting pricing schema (pricing.xsd), and the supporting database sequence schema (sequence.xsd). You can access each of these schemas, along with a variety of other minischemas, from the Examples tab of the book's companion Web site.

The fourth appendix is useful for Oracle database designers because it lists the differences between mapping XML schema data types in Oracle8i and Oracle9i. The final appendix is a glossary of terms and phrases, which are arranged by topic. The topic-based organization lets readers quickly refresh their knowledge of a particular topic and keeps explanations of closely related terms together.

The enthusiastic tone of "The XML Schema Complete Reference" suggests that the authors have a lot of fun working with XML schemas. Also apparent is that the authors undertook an extensive amount of research to produce such a detailed text. And because the authors are keen to hear about your XML schema experiences, each of them has included his personal email address in the book's preface. The authors invite you to share "your stories, additions, code samples, questions, feedback, and insights."

Tony Stevenson
mkdsoftware@trump.net.au
Windows IT Library Guest Reviewer

For more book reviews, visit the Windows IT Library Web site.
http://www.WindowsITlibrary.com/bookreviews

2.

ANNOUNCEMENTS



* JOIN THE HP & MICROSOFT NETWORK STORAGE SOLUTIONS ROAD SHOW!
Now is the time to start thinking of storage as a strategic weapon in your IT arsenal. Come to our 10-city Network Storage Solutions Road Show, and learn how existing and future storage solutions can save your company money--and make your job easier! There is no fee for this event, but space is limited. Register today!
http://www.winnetmag.com/roadshows/nas

* VISUAL STUDIO CONNECTIONS: 3 FOR 1 CONFERENCE OFFER
Visual Studio Connections + Microsoft ASP.NET Connections + SQL Server Magazine Connections equals the largest gathering of Microsoft product architects and independent technology gurus. Register for one conference and attend the other two for free. Choose from over 130 sessions. This conference will save you months of trial and error.
http://www.devconnections.com

3.

NEW FROM WINDOWS IT LIBRARY



* WINDOWS NT TROUBLESHOOTING
Learn all the tweaks, tips, and administration shortcuts necessary to keep a Windows NT environment trouble-free. This reference contains detailed solutions and preventive techniques for the most common NT hotspots.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=638

* WINDOWS 2000 AUTHENTICATION
This chapter looks at the most important OS security service--authentication--and how Windows 2000 implements it. Learn about the Win2K authentication architecture and the nuts and bolts of the Kerberos authentication protocol, such as how it compares with Windows NT LAN Manager (NTLM) and how it can be used as a single sign-on (SSO) solution between different OSs.
http://www.WindowsITlibrary.com/content/617/06/toc.html

4.

NEW BOOKS IN PRINT



* ESSENTIAL ASP.NET WITH EXAMPLES IN C#
This book begins with a discussion of the rationale behind the design of ASP.NET and an introduction to how it builds on top of the Windows .NET Framework. Subsequent chapters explore the host of new features in ASP.NET, including the server-side compilation model, code-behind classes, server-side controls, form validation, the data-binding model, and custom control development. Throughout the book, working examples illustrate best practices for building Web-based applications in C#.
http://www.awprofessional.com/titles/0-201-76040-1

* CISCO NETWORKING ACADEMY PROGRAM IT ESSENTIALS II: NETWORK OPERATING SYSTEMS ENGINEERING JOURNAL AND WORKBOOK
The IT Essentials II course is designed as an intensive introduction to server hardware, multiuser OSs, multitasking OSs, and networked OSs. Students explore a variety of topics, including hardware upgrades and configuration, installation procedures, security concerns, backup procedures, and remote access. Command-line and graphical OSs are also covered. This title prepares students for the Computing Technology Industry Association's (CompTIA's) Server+ certification exam through the use of hands-on lab exercises that reinforce what the student has learned from the online curriculum and the Network Operating Systems Companion Guide.
http://www.ciscopress.com

5.

NEW EBOOKS



* THE INSIDER'S GUIDE TO IT CERTIFICATION
This book offers guidelines for choosing the best study guides, helps you save hundreds of dollars, and suggests ways you can become successful in IT. The amount of time you'll save preparing for your certification exams will more than make up for the time that you spend reading this book.
http://winnet.bookaisle.com/ebookcover.asp?ebookid=13475

* CUSTOM CGI SCRIPTING WITH PERL
This book, a resource for Web developers and programmers who program Common Gateway Interface (CGI) applications in Perl, functions as both a comprehensive reference to the fundamentals and as a hands-on tutorial with detailed examples for creating and customizing CGI applications for the Web. You'll learn important CGI basics, such as how to set up a server for integrating CGI scripts and how to work with HTTP variables. You'll also get a complete review of all the Perl syntax needed to create CGI programs and learn how to upload and test scripts and how to use libraries effectively.
http://ebooks.winnetmag.com/ebookcover.asp?ebookid=13391

6.

WINDOWS IT LIBRARY TOP FIVE



* THE MICROSOFT OUTLOOK E-MAIL AND FAX GUIDE
Written for Microsoft Outlook end users and the administrators who support them, this volume explains all the real-world tasks that you're likely to encounter when working with Outlook, plus many timesaving techniques that take you beyond the basics.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=191

* OPTIMIZING WINDOWS NT
With the expert advice of Sean Daily, you'll quickly learn how to tune your Windows NT system to get the most performance out of your existing network. This book offers working solutions for everyday networking problems and includes hundreds of benchmarking, maintenance, troubleshooting, and recovery tips.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=435

* MICROSOFT WINDOWS NT SERVER ADMINISTRATOR'S BIBLE: OPTION PACK EDITION
This book, with specific coverage of the Windows NT 4.0 Option Pack add-ons, can help you plan, install, configure, manage, optimize, and connect NT Server 4.0 to the Internet.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=405

* MICROSOFT WINDOWS NT SECRETS: OPTION PACK EDITION
Packed with the kind of notes, tips, and workarounds that come only from years of working day-in and day-out with a product, this book will help you optimize the performance, reliability, and security of your network.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=329

* A+ CERTIFICATION: HOW TO PASS YOUR EXAMS
This book walks you through all the skills tested in the Computing Technology Industry Association's (CompTIA's) CompTIA A+ certification exam--both the A+ Core Hardware exam and the A+ OS Technologies exam.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=175

7.

TECHNICAL TIP



* ATTACKING YOUR OWN NT NETWORKS
This tip is excerpted from Mark Joseph Edward's "Internet Security with Windows NT" (29th Street Press, 1998).
http://www.WindowsITlibrary.com/content/121/09/toc.html

Windows NT shares can be vulnerable to attack. Let me point out a few tidbits that may help you strengthen the security of your shared objects.

First, remember that NT creates several default file shares upon installation; two of the most prevalent are C$ and D$, which give the Administrator group access to C:\ and D:\. Although other default shares are established during NT installation, these two are attacked most often. Remember to rename these shares to something obscure.

As a general rule, NT requires a user name and password to access shares, but there are several important exceptions. NT does not require a password if the Everyone group has access and the Guest account is enabled with a blank password. Therefore, it is always wise to disable the Guest account unless using it is absolutely necessary. In that case, pick an incredibly hard-to-guess password.

Writing programs that attack shares is pretty easy. In fact, all that's needed is the machine name, IP address, and the share name, which are easy to obtain with the NBTStat command. With a little luck, NBTStat might provide an actual user name as well. Such a program includes a small loop that reads a text-based dictionary file one line at a time and pipes the words into a command such as net use x: \\MACHINE_NAME\SHARE_NAME dictionary_word /USER:username

It's not hard, but it is rather slow.

Other dangerous shares under Windows NT include the registry share. The registry is not exactly a share in the true sense of the word because it can't be unshared, but it does allow access from machines across a network. NT uses the native Remote Procedure Calls (RPC) mechanism to access the registry on the remote computer. Until recently, this registry share was, by default, made available with read permission to Everyone after a fresh installation of Windows NT. Because most programs store sensitive information in the registry (including NT's own user security database, SAM), the presence of this share creates a great security threat.

Microsoft finally realized that blindly sharing the registry is not a good idea and released SP2 for NT 3.51 to make it possible to disable network access to the registry. Simply create the following key; only the users listed in the ACL for this key can access the registry remotely. The key on NT 4.0 is

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ SecurePipeServers\winreg

When information about the registry share vulnerabilities spread in the NT community, some sources started recommending removing the Everyone group's access from the HKEY_LOCAL_MACHINE key without propagating permissions through the entire tree. On the surface, this method works well, but remember, a malicious programmer could still use the Windows NT API to grab any subkey within the HKEY_LOCAL_MACHINE key.

8.

CONTACT US



Here's how to reach us with your comments and questions:

* COMMENTS ABOUT THE BOOK REVIEW OR THE NEWSLETTER IN GENERAL? Email Dave Bernard at dbernard@winnetmag.com.

* TECHNICAL QUESTIONS? Please post your technical questions to the discussion area. http://www.winnetmag.com/forums

* PRODUCT NEWS? Email press releases to products@winnetmag.com.

* QUESTIONS ABOUT YOUR WINDOWS IT LIBRARY UPDATE SUBSCRIPTION? Email Customer Support at WindowsITlibrary@winnetmag.com.

* WANT TO SPONSOR WINDOWS IT LIBRARY UPDATE? Email emedia_opps@winnetmag.com.

********************
This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today. http://www.winnetmag.com/sub.cfm?code=00inxupb

Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Windows IT Library UPDATE.

You are subscribed as #EmailAddr#.

MANAGE YOUR ACCOUNT You can manage your entire Windows & .NET Magazine Network email newsletter account on our Web site. Simply log on, and you can change your email address, update your profile information, and subscribe or unsubscribe to any of our email newsletters all in one place. http://www.winnetmag.com/email

Thank you!
_________________________________________________________ Copyright 2003, Penton Media, Inc.