Mark Minasi's Windows 2000/NT/XP Newsletter
Issue #27 November 2002

To subscribe, visit http://www.minasi.com/nwsreg.htm. To unsubscribe, link to http://www.minasi.com/unsubs.htm. To change e-mail address, switch between HTML or text format, etc., link to http://www.minasi.com/edit-newsletter-record.htm. Visit the Archives at http://www.minasi.com/archive.htm. Please do NOT reply to this mail; for comments, please link to www.minasi.com/gethelp. Document copyright 2002 Mark Minasi.

What's Inside

News:

Catch My Free Security Talk Online
XP Support Seminars: Philly, Kansas City, Honolulu, LA, DC and NY in 2003
Windows .NET 2003 Server Seminars in Tampa in November, Chicago, Houston, Honolulu and LA in 2003
I Will (Sniff!) Not Be Speaking At Future Techmentors
Pick Up A Copy of our Windows 2000/.NET Audio Seminar and Software Quality Book

Tech Section
- Shutting Off Services
- Rolling Out Service Packs with Group Policies
- Finding That Command-Line Gold
- Making XP Command Prompts Open to C:\
- Running Administrative Tools From XP SP1
- Caution: Make Sure You're Only Logged In Once If You Change Passwords in AD
Conferences
Bring a Seminar to Your Site

News

Hello all --

As you've noticed, you're getting the newsletter a different way, via URL rather than in your e-mail. In case you're wondering, this isn't intended to be a permanent change. Rather, I'm trying to figure out how many of the bounced messages that I'm getting are actually from dead e-mail addresses, as opposed to the ones that bounce because of some hyperactive filter program.

For some reason a number of my subscribers don't get the newsletter because their e-mail servers claim that they detect VBScript in the e-mail -- something that doesn't make sense to me, as there's never anything in the HTML emails any scarier than a URL. As I sent you all a simple text e-mail, I'm hoping that the overly paranoid scanners didn't object to the URL link to here.

This month features a few articles that I think you'll find useful -- some advice on shutting down excess services and how to use group policies to roll out service packs. Others offer some tips and point a pitfall in changing passwords in Active Directory. I'm working away at the .NET Server book -- that's why it's been so long since the last newsletter -- and it's shaping up pretty nicely. The Linux book ought to be on the shelves by the time you read this. Amazon has it for $35 at http://www.amazon.com/exec/obidos/tg/detail/-/0782141196/markminasi and Bookpool has it for $31 at http://www.bookpool.com/.x/3k34tijmkr/sm/0782141196 . Both are taking pre-orders and claim they'll have it by the 12th.

Catch My Free Security Talk Online

We had a terrific turnout in NY, Chicago, San Francisco and Denver but if you missed them then there's another chance. The magazine has put the roadshow online at http://app2.streampipe.com/vtc/switch.tc?c=10156&cn=renaissance&s=20253&e=1999#
and it's free. My talk is "12 tips to secure your network."

XP Support Seminars: Philly, Kansas City, Honolulu, DC, LA and NY in 2003

If your company is making the move from Wintendo (Win 9x), NT 4.0 or Windows 2000 Pro to XP Professional, then we've got the seminar for you! "XP Professional for Support Professionals" shows your desktop support techies how to deploy, network, manage, support and troubleshoot XP Professional, in just two days. This seminar is packed with demonstrations and a course guide filled with step by step procedures. As always, I try my best to make explaining entertaining so come join us in 2003 in Philadelphia, Kansas City, Honolulu, LA, DC or New York. Visit www.minasi.com/pubsems.htm for schedule specifics or www.minasi.com/xpsupport.htm for the course outline.

Or, if you just can't wait... contact us about bringing me to your site, where I can tailor the class to your company's needs.

Windows .NET 2003 Server Seminars in Chicago, Houston, Honolulu, DC and LA in 2003

Our very successful two-year run of our seminar on how to plan for, install, manage and troubleshoot Windows 2000 Server is over; we won't be running any more public 2000 Server seminars.

In February, we'll inaugurate a brand-new class on planning, installing, managing and troubleshooting Windows .NET 2003 Server! Okay, I'm kidding a bit. Yes, there will be a new seminar starting in February. But it won't be an earth-shaking change from the Windows 2000 Server class simply because despite the drastic-sounding name change, Windows .NET 2003 Server isn't that different from Windows 2000 Server. Not that there's nothing new to learn, not by any means. But where Windows 2000 Server was a major change from NT 4.0, .NET Server is more of a "Windows 2000 Server version 1.1." Many of the concepts will remain unchanged from the first course -- but naturally .NET Server adds some new goodies, and we'll cover them in the class. But you'll still learn a lot... 2003 Server doesn't always change what Server can do, but it often changes how you make it do something.

Our first .NET Server class will be in Chicago in February, then we'll go to Houston, Honolulu, Los Angeles, and DC. I hope you'll join me for a seminar that will fill your brain with knowledge and share a few laughs in the process.

NOTE that every attendee gets the Mastering Windows .NET 2003 Server book (once the book's finished).

I Will (Sniff!) Not Be Speaking At Future Techmentors

I know that some of you must plan far into the future if you want your companies to find money for seminars and conferences; that's why we've put together the entire 2003 public seminar schedule already. Many of you tell me -- quite kindly, and thanks! -- that whether or not I'm talking at a conference is a big criterion in your choice of conferences, so I wanted to post a note about a change for next year: I won't be speaking at 101Communications' Techmentor conferences, unfortunately. The current conference chair, who is also the editorial director of 101Communications' Microsoft Certified Professional magazine, told me after this fall's San Diego conference that she wanted to focus on speakers who also write for MCP magazine, and of course I don't write for MCP mag, so I'm outa there.

That's a shame, as 101Communication's own readers voted me their favorite technical author just a couple of months ago at the 101Communications' CertCities Web site, but I understand the conference chair's reasoning -- it's a brutal time business-wise for anyone doing a tech-oriented magazine or conference. She probably feels that matching up the masthead of MCP Mag more closely with Techmentor's speaker list is worth trying in order to bolster both businesses. And I wish them well -- Microsoft Certified Professional is a great magazine and I've always enjoyed Techmentors, which feature top-notch speakers. Techmentor's contact line is techmentorevents@101com.com for more info.

Again, if you are planning which conferences to attend next year then I hope you'll plan to attend one that I'll be speaking at -- so watch this newsletter for the dates and locations for Windows Magazine LIVE! (where we let people speak no matter what magazine they write for <grin>), or check their Web site at www.winconnections.com. Thanks!

Pick Up A Copy of our Windows 2000/.NET Audio Seminar and Software Quality Book

Want to attend the Server class but haven't the time or money? $225 gets you the audio version of the seminar complete with over 10 hours of lecture accompanied by illustrative PowerPoints, all nicely cross-indexed for future reference. Pick up a copy today at www.minasi.com/audiosales. Only 30 left and then they are gone forever.

Do computer bugs bug you? Find out why they're so prevalent and what you can do about them by grabbing a copy of my 1999 McGraw-Hill book The Software Conspiracy: Why Software Vendors Produce Faulty Products, How They Can Harm You, And What You Can Do About It. It's just five bucks in e-book (PDF) format. If you've read my other books then you know my technical writing -- but this book is aimed at both techies and non-techies. The much-respected Kirkus Reviews said of that it was "A lucidly written, eminently practical guide to fighting back against the modern scourge of software 'bugs' ... An absorbing, easily understandable, and inspiring book..." Get your copy at www.softwareconspiracy.com.

Tech Section

This month, we start with a couple of topics that came up at our first two Security Roadshows and move to some great short tips.

Which Services Can I Turn Off?

Services are programs that run on an NT/2000/XP/.NET machine whether someone's logged into that machine or not. While they are quite useful, each service presents yet another potential source for hackers seeking to find security holes to exploit in order to seize control of your system. Additionally, services take up RAM and CPU power. So many security experts recommend turning off unnecessary services.

But which services are unnecessary? That's a tough question to answer entirely, but here are a few suggestions. Don't take these as gospel, because every service is needed by someone. But they're a few things to look at.

Server and/or Computer Browser service

The Server service enables your computer to share its files with other computers, to act as a "server" in the "client-server" sense of file sharing. The other half of this transaction is the client piece of file sharing, another service with perhaps the most misleading name of any NT service: the "workstation" service.

Clearly any system that will act as a file server must have this service enabled. But the odd thing about Microsoft operating systems is that they all install with the Server service enabled, including Windows XP, 2000 Professional, Windows 98, and Windows ME. Thus, if you had 1000 workstations and 50 servers on your network, then you've got a total of 1,050 file servers.

That's bad because anyone who can get access to the Server service on your computer could easily get access to any file on your computer. And most workstations don't share files, so why run the thing anyway, as it just takes up CPU power and 1/2 meg of RAM? (Some people do need to run this, as their administrators like to be able to connect to the default C$, D$, etc shares. If this is the case, then I guess you should leave it on.)

Furthermore, every server annoys the network by announcing its presence every 12 minutes with a broadcast saying "hi, I'm still here... I'm a server named JoesPC and I don't have anything to share, but I'm a server and I wanted you all to know that I'm still here!" Broadcasts slow down a network and the machines on the network, as everything's got to stop and listen to the broadcast to see if there's anything important in it. Those broadcasts go into the server browse list, which is how all of those computers get into Network Neighborhood / My Network Places.

Now, even if you do want the Server service running on all of your systems, you can get the systems to stop doing those broadcasts by stopping a different service -- the Computer Browser service. Some people worry that turning this off will keep their computer from being able to browse My Network Places, but that's not the case at all. This service only announces a server's presence; shutting it off on your computer will still let you open up NetHood and see the other computers on the network. (By leaving your Server service on and disabling Computer Browser, you are, then, essentially running your server in "stealth mode;" think of this as a Romulan cloaking device for servers.)

People tend to leave the Server service on for two reasons that are unnecessary: Web servers and Remote Assistance / NetMeeting. You do not need to have the Server service running on a Web server, and both Remote Assistance and NetMeeting can still transfer files without the Server service.

Fax Service

Manual and off by default, but you always have to wonder if someone will find a way to exploit it... I have very few systems attached to fax-capable modems, so I disable this wherever I find it.

Indexing Service

This seems to get turned on wherever you have a Web server. It's a great way to build fast, powerful search engines for a Web server but unless you've explictly created a search page on your Web then disable this. Also, delete the two default indexes "System" and "Web" and instead create custom indexes as needed. See Newsletter #17 for more info on Indexing Service, but the bottom line is that most of us can safely ignore it.

Alerter and Messenger

Two services that support pop-up messages on your desktop. These are not the pop-ups that you get on the Web -- shutting down these services will not get rid of Web pop-ups, unfortunately. Nor is this Windows Messenger. The system uses this to send administrative messages; for example, it's possible to type "net send * get off the system" and everyone will get a little pop-up message that says "get off the system;" the idea is that administrators can use this as a primitive kind of instant messaging to network users.

I tend to turn this off, but be aware that if you do then many error messages only appear in the event logs at that point.

IMAPI CD-Burning COM Service

New to XP, this service assists XP's Roxio CD Creator. If you turn it off, then Roxio stops working. If, on the other hand, you use a separate third-party burner, like Ahead Software's Nero Burning ROM, then the service is unnecessary and you can disable it.

Shell Hardware Detection

This is new to XP. When you plug in certain kinds of hardware, like cameras, CF cards or the like, then XP responds by popping up a window and asking you what you'd like to do -- download pictures, create a slide show, etc. That's all done with the "shell hardware detection" service. If you find the "what shall we do with this new hardware?" windows irritating then you can shut off this service.

Still Image Service

Camera support stuff. If you know you use it, great. Otherwise, disable it.

Themes

I'm not sure why this is, but XP actually has a service that supports Themes. Call me an old fuddy-duddy, but I prefer to burn my CPU cycles getting work done or playing a game, so I've never quite understood why anyone would turn on the zooming menus and the other stuff that you can do on the UI. As I'm kind a plain-blue-background-and-no-sound-effects guy, this service doesn't do anything for me, so I shut it off.

Volume Shadow Service

This is the client half of a neat tool that lets you simply and automatically archive important files several times a day. Unfortunately, the server half isn't appearing until Windows .NET 2003 Server arrives. So it's safe to stop this service for now... but don't forget to turn it back on when .NET arrives!

Web Client

If you have Web pages that you store on other people's servers, then you need some way to connect to those servers to change your Web content. For years FTP has been a popular approach but it's a little limited for some, which led to an improved over-the-Internet file sharing system called the Web Distributed Authoring and Versioning or WebDAV protocol. (Look up RFCs 2518 and 3258 if you need the geeky details.) Basically, though, it's a file sharing system that runs over port 80, piggy-backing on HTTP. And it's a terrific idea, as anyone who's ever fought with an FTP client can attest.

XP includes the client-side part of it in a service called the Web Client. 2000, .NET and, if I recall right, IIS 4.0 include the server-side in "Web folders." See, you probably didn't even know that you had a built-in file sharing system that had nothing at all to do with SMB and that can slip past your firewalls because it runs on port 80!

But what's that you say, you need to know how well-tested the Web Client and Web Folders are? Me too. My paranoid suspicion is that this is going to turn out to be a great protocol with the usual bunch of security holes that someone will discover and exploit some day. So for myself, I shut off the Web Client service and avoid Web folders on my Web servers.

Windows Image Acquisition

Support for webcams mostly. If you're not using one, then you can shut this service off.

World Wide Web Publishing Service, SMTP, FTP

For years, Microsoft has installed a Web server on every copy of Server, unless you asked Setup not to. That's why there are still systems out there trying to infect my Web servers with Nimda -- there are people who set up 2000 Server or NT Server to be a file server and who don't even realize that they've become and "accidental webmaster," so they don't know that their Web server (the one that they don't even know that they have) is infected and is trying to infect others.

Take a moment and see if you're running FTP, SMTP, or IIS on a server that you don't want to run those services on. You'll tighten up your system's security and get back some resources.

And If You Have XP...

You may find that your computer came with a copy of XP and that the hardware vendor added a few services. Could they be making your system more wobbly or less secure? There's an easy way to test to see if you need these extra services. Just start up msconfig.exe and click the "Services" tab. It's got a check box on it labeled "Hide Microsoft Services;" check it and you'll see just the stuff that the vendor (and perhaps you, depending on what you've installed) added. You can then stop any of those services or even click the "disable all" button to shut 'em all off. You can then restart your system and, well, just see if you miss any of them.

If you get too nuts and find that you've stopped a service that you needed to get your system going, then you can always start it with the Recovery Console and use the enable command to tell your system to start the service; then you'll be back up and running.

Rolling Out Service Packs With Group Policies

I mentioned at the Roadshow that it's essential to keep up to date with service packs (and of course hotfixes). I roll out hotfixes automatically with the Software Update Service, which I've discussed elsewhere. But service packs are very simple to roll out with a group policy object. Several people in the audience indicated that they'd not figured the process out, so here it is step-by-step. I've done this both for XP systems to deliver XP's SP1 and Windows 2000's SP3.

In brief, the approach is simple: expand the service pack, put it on a share, create a group policy object that assigns the service pack's MSI to a machine, and apply that GPO to a group of machines.

Before starting, let me suggest that if you have never created a group policy or do not know how group policies work that you review the group policy material in Chapters 8, 9 and 12 of Mastering Windows 2000 Server.

Expand the Service Pack

First, expand the service pack. Service packs come as large EXE files -- XP SP1 is 137 MB in size, 2000's SP3 is 129 MB. But they've got to be expanded into their component files before it's possible to use a group policy on them. Do that with the -x option. For example, suppose you've places Windows 2000's SP3 file w2ksp3.exe on a server named \\sv1. You want systems to retrieve a copy of SP3 from this server. Start out by expanding SP3 with this command:

w2ksp3.exe -x

That command causes the service pack to ask where you'd like it expanded to -- "Choose directory for extracted files." For this example, tell it to save the expanded files to C:\2KSP3. (It'll take a few minutes.)

Share the Directory

Once it's finished expanding, take a look at the 2KSP3 directory. It will contain a directory I386; share it, so now we've got \\sv1\i386.

Create the Group Of SP3 Targets

We won't want to create a group policy that applies to all machines, as those machines might include XP or .NET Server machines. Instead, we'll want to use something called policy filtering to restrict the systems that get the SP3 group policy object (GPO).

Open Active Directory Users and Computers and create a global group called SP3 Targets, and then add all of your Windows 2000 Professional and Server machines to this group. (Or you might want to only include one machine initially for test purposes, and then add the others later.)

Create the Group Policy Object

That i386 share contains a directory named update, which will contain a file named update.msi. That is our target file for the group policy object. Open Active Directory Users and Computers and right-click the object in the left-hand pane that represents your domain, then choose Properties.

In the resulting property page, you will see three tabs. One will be labeled "Group Policies;" click it.

Click the "New" button to create a new group policy object.

Name it "Deliver Windows 2000 SP3."

Next, we'll make sure that this GPO only applies to the systems in the "SP3 Targets" group by adjusting the permissions on this new GPO. Start by clicking Properties.

Click Security.

You'll see ACLs for the GPO and you'll probably see one for Authenticated Users, one for CREATOR OWNER, one for Domain Admins, another for Enterprise Admins and yet another for SYSTEM. Click the "Authenticated Users" ACL, and then the "Remove" button.

Click Add... and add the SP3 Targets group. In the field labeled "Permissions for Authenticated Users," make sure that the boxes for "Read" and "Apply Group Policy" under "Allow" are checked.

Click OK when done adjusting the GPO's ACLs to return to the "Group Policy" tab.

Click the "Deliver Windows 2000 SP3" GPO and then the "Edit" button.

Under Computer Configuration, open the folder labeled "Software Settings."

Click the small icon that looks like a blue-striped box labeled "Software installation."

In the right-hand pane, right-click the background and choose New/Package. That will bring up a dialog box named "Open." This is where you tell the GPO where to find the MSI file. You must be sure to point to the GPO using a UNC, like \\servername\blahblah instead of c:\somedirectory\blahblah. Remember that you've shared the I386 directory of the service pack, and the file that you want is update\update.msi inside that directory. In my example, I'd fill in the Open dialog box with

\\sv1\i386\update\update.msi

and click OK. That will immediately raise a dialog box labeled "Deploy Software" which offers you two options: Assigned or Advanced. Click the "Assigned" radio button and then OK. Close the Group Policy snap-in, the domain property page and Active Directory Users and Computers.

Now reboot any computer in the SP3 Targets group. As the system boots, you'll see the familiar dialog box with the Windows 2000 Server logo and the all-too-familiar "please wait..." message. At the bottom of the dialog, you will eventually see a message like "Now installing managed software Windows 2000 Service Pack 3."

Finding That Command-Line Gold

If you read my books and articles on a regular basis then you know that I'm a command line devotee -- I'm always looking for great new ways to do things from the command line.

I'm sure I've mentioned this before, but if you've never taken a look at \winnt\help\ntcmds.chm then you really need to -- it's a Help file that covers all of the command-line tools in Windows 2000, XP and .NET Server. Here's a few worth looking into that ship with XP:

Sc lets you control services, including the ability to uninstall services from the Registry altogether.
Taskkill lets you stop any program running on any computer. (Assuming you have the right to do that.)
Relog reformats Perfmon information from its normal binary log format to CSV or other formats.
Eventquery, eventcreate and eventtriggers control and examine event logs for local and remote computers.
Getmac returns your network card's MAC address.
Diskpart is FDISK's successor, an extremely power disk partitioning tool.
Anyone who's ever fooled with boot.ini's bizarre ARC-type disk identification formats will like bootcfg.
Openfiles lets you find out who's got a given file open, so when you get that message about how you can't delete a file because it's in use then you can find out who's using it.
WMIC is a powerful tool with a sort of strange interface that lets you examine and change Windows Management Instrumentation information on your computer.

There are lots more of these commands, those are just a few. I can't stress strongly enough that command line tools are worth investigating. They're often my "secret weapon" when trying to fix a system that's not responding too well on the GUI, but that will cough up a command prompt window.

Making XP Command Prompts Open to C:\

And speaking of command lines...

I use XP a bit more than half of the time these days and find that there's a lot to like about it. But it has a really irritating habit when opening command prompts -- instead of dumping you at C:\>, which it would normally do unless you've configured your account otherwise, it opens you to the location of your local profile. As a result, instead of a prompt like

C:\>

You get

C:\>Documents and Settings\JoeBlow

Which can take up half the width of a command window. I usually end up just typing cd \ and Enter to get the prompt back to C:\>. It finally irritated me enough that I remembered that you can tell Windows 2000 or XP to always execute a particular command when opening up a command prompt -- kind of like an AUTOEXEC.BAT for command prompt windows.

Just look in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor and in that key you'll see an entry called AutoRun. You can put any command in there, so I just enter "cd \" and then from that point on, I can just open a command prompt to see C:\>. If you want to do more than one command, just put an ampersand ("&") between the commands, like

cd \ & echo Hello master, what are your commands?

That affects command windows for the whole system -- no matter who's logged in at your computer, she'll get that when she opens a command prompt window. But if she wants a different AutoRun, then she can modify the entry in HKEY_CURRENT_USER\Software\Microsoft\Command Processor and change the AutoRun there.

Running Administrative Tools From XP SP1

Ever since XP appeared it's been hard to administer a Windows 2000 or .NET-based network from XP; for some reason the standard adminpak.msi does not work on XP. So Microsoft released a set of beta administration tools for XP. Unfortunately, once you install SP1 for XP then they break.

They've got a newer version of the administration tools for XP at http://www.microsoft.com/downloads/release.asp?ReleaseID=34032. But it's a cranky install -- it refers you to Knowledge Base article 304718 (READ IT!!!) that tells you to first uninstall all previous versions of the adminpak.msi and then copy a few lines from the Q article to create a batch file that you must run. Then you can install the new adminpak.msi. It's irritating but in my experience it works.

Change AD Passwords Wrong And You Can Get Locked Out

A couple of weeks ago I was at the Windows Magazine LIVE! conference in Orlando and sat in on Don Jones' talk on Windows security where I picked up a great tip. If you're going to change your Active Directory domain account's password and your domain enforces lockouts after some number of invalid logon tries, then be sure that you're only logged onto one computer. Let's take that in slow motion...

Suppose you're a member of a domain, bigfirm.biz. To help secure the network, bigfirm.biz locks users out after six consecutive bad logon attempts. You're logged onto two different workstations, call them WS1 and WS2, using your domain account and password "swordfish." Both have Kerberos tickets from when you logged on. Kerberos tickets last ten hours by default -- you can change that if you like -- and by default WS1 and WS2 will try to renew their tickets when they expire. When you logged into WS1, it remembered the password that you typed into it -- swordfish -- and WS2 did the same.

While sitting at WS1, you decide to change the password from "swordfish" to "mackerel." (Just for the halibut.) The change takes, and WS1 learns in the process that your new password is "mackerel." When the ticket expires, then WS1 will use "mackerel" to renew the ticket. So far, so good.

But what about WS2?

Eventually the ten hours are up and WS2's ticket expires. So it tries to renew the ticket, using the password that it remembers for you. That is, "swordfish." The domain controller rejects the logon attempt, as the password is no longer "swordfish." WS2 makes these logon attempts in your name and, employing the doggedness and speed of a computer, manages to bombard the domain controller with six consecutive failed logon attempts in a row. Result? The domain locks you out.

Moral of the story: when changing passwords, make sure you're only logged into one system at the moment.

Conferences

I hope you'll join me for a seminar but if you can't attend a class then please consider attending Comdex:

Fall Comdex November 18-21 Las Vegas

George Spalding and I team up yet again for Fall Comdex's "Extreme Knowledge" (doesn't that sound painful, "extreme" knowledge?) seminar sessions on Microsoft Windows technologies. If you're going to Vegas this November then consider dropping by to hear me, Christa Anderson, Todd Lammle, Doug Toombs, Jeremy Moskowitz and others deliver the goods on running Windows without pane! Go to http://education.key3media.com:8080/comdex/lv2002/education/FMPro?-DB=CXprogrm.fp5&-lay=webform&-format=conf_w_tracks.html&Program_ID=1037&-Find for more info.

Bring Mark to your site to teach

I'm keeping busy doing Windows 2000/.NET Server seminars and writing, but I've still got time to visit your firm. In just two days, I'll make your current NT techies into 2000/.NET techies. To join the large educational, pharmaceutical, agricultural, aerospace, banking, government, transportation, and other organizations that I've assisted, either take a peek at the course outline at www.minasi.com/w2koutln.htm, mail our assistant at Assistant@Minasi.com, or call her at (757) 426-1431 (only between 9-5 Eastern time, weekdays, please).

Until Next Month...

Have a quiet and safe month. I'll be traveling to conferences and classes and working on the .NET Server book (thank God for VMWare). I don't often get a chance to say it, but many thanks to the many of you who've bought a book, audio seminar, attended a conference or a live seminar.

Please share this newsletter; I'd like very much to expand this newsletter into a useful source of NT/2000/.NET Server/XP information. Please forward it to any associates who might find it helpful, and accept my thanks. We are now at over 21,000 subscribers and I hope to use this to get information to every single Mastering XP, NT and 2000 Server reader. Thanks for letting me visit with you, and take care -- the economy's coming back soon, I'm sure of it! Many, many thanks to the readers who have mailed me to offer suggestions, errata, and those kind reviews. As always, I'm at http://www.minasi.com/gethelp and please join us at the Forum with technical questions at www.minasi.com/forum.

To subscribe, visit http://www.minasi.com/nwsreg.asp. To change e-mail, format, etc., link to http://www.minasi.com/edit-newsletter-record.htm. To unsubscribe, link to http://www.minasi.com/unsubs.asp. Visit the Archives at http://www.minasi.com/archive.htm. Please do NOT reply to this mail; for comments, please link to http://www.minasi.com/gethelp.

Mark Minasi's Windows 2000/NT/XP Newsletter Issue #27 November 2002