Mark Minasi's Windows 2000/NT Newsletter

Issue #14 June 2001

To subscribe, visit To unsubscribe, link to To change e-mail address, format, etc., link to  Visit the Archives at  Please do NOT reply to this mail; for comments, please mail to  

What's Inside


Seminars Coming: Seattle (this Wednesday/Thursday) Raleigh & Dallas (July), Washington, New York (Queens), Pasadena, San Francisco, Chicago (September)... And That's IT For 2001

You read in the previous newsletter that Windows 2000 magazine wanted to experiment with running some of my seminars, and the first couple of test cities (Long Beach and Boston) were great.  (Particularly as it gave me a chance to go to Legal Seafood in Boston.)  They really didn't get a chance to ramp up the marketing for San Francisco, however, and so I asked them if I could just take the seminar and run it a bit later.  They agreed, so we're running it at the Hyatt Regency Embarcadero September 19/20.  Right before that we return to southern California for the third time, this time to Pasadena.  The week before we're going back to DC and New York, but this time instead working west of New York, we're going east to the LaGuardia Crowne Plaza.  Chicago winds up September.  No seminars in October and a limited number in November and December because I've got to get the Server 2002 book written, save for a few conferences.  We've also not gotten the numbers that we needed in Toronto and Montreal -- which is odd, given the number of people who expressed interest -- so we're moving those sessions to early 2002.

But that's it for public classes in 2001; no more until 2002.  The reason?  I need to keep my time open for the Fourth Edition, which I'm starting work on now.  It'll cover both Windows 2000 Server and Windows .NET Server.  (And in case you've not been following your geek gossip, that is the new name of what we might call NT 5.1 -- that is, the next version of Server.  MS originally said it was called Server 2002, but changed their minds -- the latest name is Windows .NET Server.  As .NET Server isn't that big a change, it'll be simple to cover both in the same edition, and it gives me a chance to further expand and improve the book. 

So Seattle, Raleigh, Dallas, DC, New York, Pasadena, San Francisco, and Chicago are the last eight publics for this year.  I'm still scheduling in-house seminars through the end of the year as time permits.

Our two-day Windows 2000 seminars have been a lot of fun and the attendees have been great.  Built atop the Third Edition, we add coverage of things even more up-to-date than the Third; I've already added coverage of Windows .NET Server enhancements, a big section on troubleshooting group policies and some major enhancements to the Active Directory replication info, stuff too new to have made it into the Third -- and there's more coming.  Visit to see specific session dates and locations, seminar outline, and how to sign up.  

Dallas and Raleigh are just around the corner, so if you've been thinking about signing up, now's the time.  

Content-Free Talks?  Heck, We've Got Those, Too

As you probably know, I do both multi-day seminars and short 45-90 minute talks on various technical topics (but mostly about Windows NT and 200x).  I make a fair amount of my income from speaking, and in general my talks focus on technical topics and intend to educate and inform their audience; if they happen to be entertaining as well, then that's of course important it keeps the audience awake but getting laughs isn't normally the main focus of my talks.  But in the past few years, clients have sometimes approached me about doing a short 45-70 minute keynote that contained no content at all, just a bit of basically "stand-up" -- jokes, stories, and offbeat observations about the tech business from someone who's been in computers since 1973 but that has managed in all that time to avoid taking too much of it too seriously.  

The result?  Some of the most sweating I've done in a long time while not purposely doing anything aerobic.  In 18 years of professional speaking, I haven't flopped all that often (about a half-dozen times), but, as with any one who gets up in front of an audience, I worry about it all the time.  But to my relief, the entertainment-only talks worked out great.  A few weeks ago I did one of those talks and one attendee told the conference coordinator that his only complaint was that he'd laughed so hard his face hurt."  So I thought I'd put it on my site as a regular offering.

As I couldn't REALLY abandon the idea of at least the pretense of providing useful content, it's all sewed together into a talk called "How To Succeed In The Computer Business."  Learn the secrets of choosing the right "beta" names, how to create demand for your product even if your company doesn't make any products, why Intel's next chip should be called the "Lutonium," as well as the secret of the Next Big Thing in networking.

The Software Conspiracy Gets Coverage At MSNBC

My book The Software Conspiracy:  Why Software Firms Produce Faulty Products, How They Can Harm You, And What You Can Do About It got an unexpected plug in an enjoyable column by MSNBC columnist Brock Meeks.  Complaining about software's unreliability, Brock titled it "Killer Apps Are Killing Me."  Check it out at

I'm Working As Fast As I Can...

Some of you have mailed me to ask why I don't do newsletters more frequently.  One reason: time.  My travel schedule this year is fairly heavy and I've taken on a new monthly column (which I'll tell you about in a future newsletter), as well as new duties as a series editor for a line of new Windows 2000-centric books from Sybex (which I'll also tell you about in a future newsletter), so it's hard to get it out more often.  But I'll keep trying.  Thanks for reading and I hope you enjoy my newsletters.

Tech Section

Summer Toys

I'm not sure this stuff goes in the Tech Section, but I've recently acquired a few new pieces of equipment and wanted to share some good experiences.  (I don't have a pecuniary interest in any of this stuff, nor did I get any of for free, by the way; they're just good tools.)

The Palm 505:  Palm Does It Again

I've been a Pilot (oops... you're supposed to say "Palm," as the lawyers hired by the guys who make the Pilot pen -- my favorite pen as well, perhaps I'm just a sucker for the name? -- want you to say) fan since the original "skinny Pilot" back even before US Robotics bought them.  As an electronic Daytimer, it's great -- long battery life and a good desktop-to-palmtop synchronization method.  I own several Windows CE and PocketPC devices, but keep returning to the Palm.

One thing that the Palm lacks, however, is color.  As recently as a year ago, I argued that anyone who wanted color on a Palm didn't understand what Palms were for in the first place.  I argued that the goal of any new Palm designs should have the one guiding principle of longer battery life.  Color, faster processors, or higher-resolution screens worked against that, so they hadda go.  That, I've always felt, is the problem with CE devices.  Where I can travel for three weeks with my Vx without recharging the batteries, my iPAQ couldn't run more than a day or two without an electricity refill.  I bought a Handspring Prism and while its color was very nice, it couldn't have provided me three weeks' usage on a single charge unless I carried around twenty-pound batteries.  Now, that's not to say that I wouldn't gladly TAKE a Palm with color, so long as it's no less miserly on battery power.  But I didn't think we'd ever see it.

I was wrong.

The Palm 505 looks almost exactly like a Vx, with 8 MB of RAM, but it's also got a very intelligently designed color screen.  You can choose to run it without the backlight to save power and, of course, that's usually an option on any color palmtop.  But what's different here is that it uses an LCD that's actually quite visible without the backlight; thus far, I have not used the backlight much at all.  But when I DO use the backlight, it's far better than the nearly-useless one on the III and V (but fixed on the Vx) -- this is the clearest color LCD palmtop that I've worked with, including the iPAQ.

PalmOS 4.0 comes with it, which is something of a benefit -- they fixed the security problem and there's now a scratchpad that you can scribble on.  Handspring models have used USB cradles for quite some time but the 505 now uses one and, unlike the earlier Palm USB support, works on Windows 2000.  I had some trouble synchronizing Lotus Organizer 6.0 to it but when I completely removed all of the old synchronization software and reinstalled first the PalmDesktop 4.0 software and then Lotus EasySync then the problem went away. (Whew!)  There's room for a plug-in memory card, so Palm's finally caught up to (or is trying to catch up to) Handspring -- who, by the way, has a pretty cool Vx competitor in its new Visor Edge.  (But it's not color.)

What won't you like?  Well, if you want to play MP3s on your Palm or do voice recording, then this isn't the tool for you.  There's no hard case like the one that the V/Vx had and I miss that, as it saved my Vx more than once.  There's a folding keyboard, but the V's keyboard won't work, as they've mucked with the cradle connector again, so you'll have to re-buy your keyboard, GPS, or whatever doodad you used to plug into the cradle slot.  And if you want to go mobile with your 505 and your StarTac phone, as I do, then you'll have to buy a new cable from  But make sure that you only use one e-mail account; if you want to use more than one then you'll have to upgrade the "Mobile Internet Kit" with new software to access two or more e-mail accounts.

All in all, I'm extremely pleased with the new 505.  But if you don't need color, then go with the Vx or the Handspring Visor -- they're both thin, reliable PDAs.

Charge Your Cell Phone With The Sun

I use one of the many variants of the Motorola StarTac phones and am forever forgetting to charge it, leaving me with naught but a trickle of juice in the battery, three days left on the road, and (of course) no charger, as I forgot to pack it.  So now I use batteries that charge themselves.  Sunpower Systems makes replacement lithium-ion batteries for the StarTac family that contain a solar cell -- just leave them in the sun (a window works fine) and they'll stay at full charge.  You can, of course, charge them in the usual way with a charger.  The other nice feature is that if I've got a flat battery then just 15 minutes in the sun is enough time to build sufficient charge to make a short phone call.  They're at

A Stand-Alone Web Terminal For $200

Some of you who've heard me speak have me talk in glowing terms about how I've got a dumb terminal in my kitchen connected to a Terminal Server in another part of the house.  It's useful because the dumb terminal lets me check e-mail, surf the Web and so on from the kitchen, which a center of house activity (at least, it is at the Minasi household).  But the licensing for Terminal Server is a bit troublesome, so it's not a good answer for many.  How then to put cheap Web connectivity anywhere in the house?  Check out  They make a stand-along Web terminal for $200.  It's actually a 266 MHz x86 system with 64 MB RAM, a CD-ROM, integrated sound card and speakers, integrated video, 56K modem, and Ethernet connector.  You can either set it to autodial the Internet with the modem, or (if you've got your house wired with Internet access via Ethernet), just plug in an Ethernet cable.  Comes with keyboard and mouse, needs only a monitor.  The box itself isn't much larger than a hardcover book.  The system runs Linux although you don't see the Linux, which means it's running Netscape, not IE, and there's no local hard disk so you can't download things.  There IS, however, a 4 MB flash memory that lets you store things like bookmarks.  I bought one and have been running it through its paces and it seems a pretty good deal.

Server Gets A New Name

Microsoft has yet again re-named NT Server.  As you know, NT Server 5.0 goes by the name "Windows 2000 Server;" but what to call the next version, coming next year?  A couple of months ago it got the name "Windows 2002 Server," but Microsoft changed their minds and now it's "Windows .NET Server."  My first thought is, "how are we going to abbreviate that?"  Sure wish it were just "Windows NT Server 5.1..."

I Named My NT Domain ACME.COM, What Do I Call the 2000 Domain?

A reader told me that he'd (unwisely) given his old NT 4.0 domain the name NETBIOS name of "ACME.COM" -- period and all -- and now that he's ready for Active Directory, he wondered what to call his Active Directory domain?

Of course, the problem stems from the fact that you can use a considerably wider range of characters in a NetBIOS name than you can in a DNS name.  Two examples are spaces and periods.  You can have an NT domain name like ACME.COM, but I recommend against it.  But will it interfere with giving the Active Directory the name  Not at all.  Remember that AD references use DNS for lookups, and NT 4.0 references use WINS for lookups -- two totally different naming systems.  So is just fine for an AD domain name.

One Domain is ACME.COM, The Other Is ACME.ORG, What Do I Do?

That same week, another reader told me that he intended to create two different AD domains, one named and the other named  The problem, he said, was that DCPROMO of course gives AD domains an old-style NetBIOS name, and that name was (of course) ACME in both cases.  As he couldn't have two domains named ACME, he asked, what to do?  The key is to understand that you can tell DCPROMO to give your domain ANY name.  So I suggested that he use the NetBIOS names ACMECOM and ACMEORG.  Of course, the names ROVER and FIDO would have worked as well.

Don't Skip The Support\Tools Folder

I need to mention this more often.  Al Degutis wrote me to tell me how great a tool called NETDIAG is.  Basically it's a program that does a long series of basic "sanity checks" on your servers or workstations.  I knew about it, but he had a great suggestion:  he runs a batch file first thing in the morning that runs netdiag with the /verbose switch, redirecting the output to a text file.  He then examines the text file, looking for the word "failed."  Or you could simplistically do this with one line:

netdiag /v|find "Failed"

And case counts -- FIND counts "failed" as different from "Failed."

The tricky part about NETDIAG is that you will NOT find it already installed on your system.  Instead, look on your 2000 CD (either Professional or Server) for the \SUPPORT\TOOLS folder.  Install the file with the .MSI extension and you'll get a wealth of extremely useful tools like NETDIAG -- and while you're at it, don't miss DCDIAG, a similar basic set of "sanity checks" for domain controllers, or DSASTAT, which checks your global catalogs.

Syntax Error On Service Pack Slipstream Updates

I'm really mad at myself about this one.  

As the Setup chapter explains in the Third Edition, you can assimilate a Resource Kit into an I386 directory on Windows 2000 with the update -s command.  I typed it as 

update -sc:\

Which is wrong (and I know it -- it was a typo that slipped past me AND the tech editor).  It should be

update -s:c:\

A million apologies.  This is particularly frustrating as Microsoft's syntax here is not very clear, and I really wanted to HELP rather than hurt matters by providing an example that functioned right.  I do sincerely apologize to anyone who banged their head against the wall about this one because of my typo.  Thanks to the five readers who spotted this.

Service Pack 2 Is Out

As you may know, Service Pack 2 has been out for a few weeks now.  I've not had any trouble with it, save for the time needed to download the 105 MB of it.  There are a few things to know, though.  First, you can still slipstream it by extracting it and then running update.exe, as the Third Edition explains.  And, as before, for some reason you can only do that if the directory that contains the I386 stuff is actually CALLED I386 or NEC98.  If you're currently running encryption lower than 128-bit then SP2 shifts your system to 128-bit mode and I've not seen a way to avoid that.  The SP also nails some memory leaks, a bunch of IE bugs, makes the File Replication Service work better in large domains, and resolves a problem with DNS that caused it to dial out frequently (and unnecessarily) on small networks -- among other things.

There IS a SID History Pruner, After All

Those of you who've heard my Active Directory migration talk know that some migration tools create a thing called a SID history.  In just a few words, it's a neat way for you to get a new account in a brand-new Active Directory domain while still being able to access the things that you accessed with your old account.  How it works is simple: as you may know, when a domain controller authenticates you, it passes along not only your SID but also the SIDs of any groups to which you belong.  With SID histories, the migration tool just includes your old user SID, disguised as a global group's SID.  So when one of your old domain's servers tries to authenticate you from the new AD domain, then the AD domain controller says "this is Bill, the new guy that you've never heard of before, but he's a member of the following groups, which include the "old Bill that you DO know" group.  Result:  you can access your old file shares, printers, Exchange mailbox and the like.

What I've commented in the past, however, is that some people are concerned about the potential security problems associated with dragging around old SIDs.  Many see SID histories as just an interim tool, and they'd like to be able to reach a point where they've decommissioned the old domains.  Once there, they want to prune the old SID histories.  I'd always heard that it wasn't possible, but Brian Komar pointed out the error of my ways to me.  Check out Knowledge Base article Q295758 for a short VBScript that will delete a domain's old SID histories.

DNS Syntax Error And We Got Mixed Up About Mixed Mode

In the Third Edition, page 523, about seven lines down, I left a period off the end of the NS entry; it should look like

@  ns

Thanks to Adrian Greaves for pointing this out!  Adrian also spotted a problem with the discussion of Active Directory Users And Computers on page 675.  Lisa describes how ADUC attaches itself to the PDC emulator operations master when creating a new user account.  That's only true in MIXED mode -- in native mode, of course, ANY domain controller can create a new user account.

The Editors Add A Hyphen

In the NT Server 4.0, 7th Edition, page 518 has an added hyphen in a command.  "\\servername\USERS\%user-name%" should be "\\servername\USERS\%username%.  Sorry, and thanks to Anthony DeRoche, who caught it.


I hope you'll join me for a seminar but if you can't attend a class then please consider attending one of these conferences:

Canada Comdex Toronto July 11

My buddy George Spalding and I  visit Our Neighbor To The North to do a one-day soup-to-nuts program as part of the Toronto Comdex show.  Just one day, just George and Mark, and for once I get to go to Canada in the SUMMER!  (For some reason the vast majority of my Canadian clients hire me in the Winter.  I've always just assumed that it was just part of The Universe's Dire Plan To Get Me.)  Find out more at  (More about Canada Comdex, not about The Universe's Dire Plan.)

HP World "Getting Ready For Active Directory" August 20-21

HP World has asked me to do two talks at their upcoming Chicago conference -- an all-day talk on Active Directory design and migration, and an half-day talk on Intellimirror (group policy, software rollouts and the like).  Info at

TechMentor San Francisco September 4-8

Another reliably good show, and one gaining in popularity, as it seems that every one that I attend is larger than the one before.  It's got great sessions and is back in San Francisco.  Info at

WinConnections in Phoenix October 1-4

The same folks that put on that Windows 2000/Exchange 2000 Connections conference in Monterey are coming to Phoenix (well, really Scottsdale) in early October.  I get to keynote, as well as do my Active Directory overview, an explanation of what Windows XP and 2002 will do for (or to) you, and then I debut my "12 Things You Can Do To Secure Your Windows 2000 Network" talk.  Find out more at

Comdex Vegas November 13-15

Yes, it's crowded, insane, and messy... but Fall Comdex is too much fun to pass up.  For the third year running, George Spalding hosts Comdex's Windows 2000/2002/XP "X-treme Knowledge" (God, I can't wait for that "X-treme" stuff to die out) sessions.  Sign up and you'll hear not just George and me but also my co-authors Christa Anderson and Doug Toombs.  I'm not only doing my 2000/2002 talks, I've also been asked to do my Software Conspiracy talk:  "Why Software Firms Produce Faulty Products, How They Can Harm You, And What You Can Do About It."   Their Web site is of course, but there's not much in the way of information there yet.  

Bring Mark to your site to teach

I'm keeping busy doing Windows 2000/2002 seminars, but I've still got time to visit your firm.  In just two days, I'll make your current NT techies into 2000/2002 techies.  To join the large pharmaceutical, agricultural, aerospace, banking, government, transportation, and other organizations that I've assisted, either take a peek at the course outline at, mail Jennifer Williams at, or call her at (757) 426-1431 (between 1 and 5 Eastern time, weekdays, please).

Until Next Month...

Have a great month!  Please share this newsletter; I'd like very much to expand this newsletter into a useful source of NT/2000/2002/XP information.  Please forward it to any associates who might find it helpful, and accept my thanks.  We are now at over fourteen thousand subscribers and I hope to use this to get information to every single Mastering NT and 2000 Server reader. Thanks for letting me visit with you, and take care!  Many, many thanks to the readers who have mailed me to offer suggestions, errata, and those kind reviews.  As always, I'm at

To subscribe, visit To change e-mail, format, etc., link to  To unsubscribe, link to Visit the Archives at Please do NOT reply to this mail; for comments, please mail to

All contents copyright 2001 Mark Minasi. You are encouraged to quote this material, SO LONG as you include this entire document; thanks.