Mark Minasi's Windows Networking Tech Page
Issue #34 June 2003
To subscribe, visit http://www.minasi.com/nwsreg.htm.
To unsubscribe, link to http://www.minasi.com/unsubs.htm.
To change e-mail address, switch between HTML or text format, etc., link to http://www.minasi.com/edit-newsletter-record.htm.
Visit the Archives at http://www.minasi.com/archive.htm.
Please do NOT reply to this mail; for comments, please link to www.minasi.com/gethelp. Document
copyright 2003 Mark Minasi.
- Announcing Our AD Design Help Service
- Summer Sale on CDs!
- Request: Please Consider Posting An Amazon Review
- Upcoming Free Appearances: Security Roadshows in San Jose 6/18, Denver 6/20, Anaheim 6/24, San Diego 6/25, Chicago 6/27
- Seminars: XP and the NEW Server 2003/2000 Classes: LA, DC, NY
- Tech Section
- Has Outlook/Outlook Express Started Blocking Your Attachments?
- AD and backups
- Online List of Ports and Usages
- More on Eliminating NTLM and LM
- Fixing "the computer did not resync because no time data was available"
- VMWare Fans: Upgrade to 4.0
- Server 2003 Book Errata
- Bring a Seminar to Your Site
Hello all —
Whew, it's been a long six weeks on the road (hence no May newsletter) and
I'm about to get back on the road to do two weeks' worth of Security Roadshows,
sponsored by Microsoft and Windows and .NET Magazine and coming to San Jose, Denver, Anaheim, San Diego and Chicago between June 18 and 27, see
below for details.)
I've got lots to talk about this issue, so let's get right to it.
First, the marketing stuff, as short as I can make it...
Announcing Our AD Design Help Service
It's been three and half years since Windows 2000 came out and only about
half of the NT 4 domains have upgraded ... what's going on? In my
experience people are upgrading slowly for several reasons: insufficient
funds, or insufficient people to do it, or just plain uncertainty. A
couple of months ago I realized that for many people have an AD plan almost
done ... but they'd like someone to look it over before they make the Big
Jump. So I started offering an AD design service and it's keeping me
pretty busy. Find out more at http://www.minasi.com/adnow.htm.
Summer Sale (With Reduced International Shipping) on CDs!
So many of you responded to our 2003 book/CD offer that we're offering the
.NET, Tuning, and Security CD sets at 33% off. We've also dropped
international handling costs $15/set for this sale. Get 'em while they're
cheap! Info at http://www.minasi.com/cdsale2003.htm.
Request: Please Consider Posting An Amazon Review
The 2003 book has been selling well -- many thanks! -- and it topped
Bookpool's sales list for a few weeks. I'm very grateful for the response
that the book's gotten, but I need to ask your assistance, if I may. If
you've got the 2003 book, could I ask that you take a moment and post a few
words on Amazon about it? Reviews there mean a lot; thanks in advance for
The Security Roadshow's Coming To Your Town In The Next Two Weeks!
Microsoft has asked Windows and .NET Magazine to bring back the Windows
Security Roadshow, so Windows SuperSite jefe Paul Thurrott and I are
coming to six cities between June 18-27. I do my "12 Tips To Secure Your
Windows Network" talk and Paul talks about "The Future of Windows Security."
Locations are San Jose 6/18, Denver 6/20, Anaheim 6/24, San Diego
6/25, and Chicago 6/27. Info at http://www.winnetmag.com/roadshows/security2003/.
See you there!
Seminars: XP and the NEW Server 2003/2000 Classes: LA, DC, NY
Just a few more days until our Los Angeles seminars: "XP
Support" and "Running a 2003/2000-Based Active Directory."
There's no faster way to become expert in desktop or network support. And
don't forget we're coming to DC in September (near Dulles) and NY in November
(near LaGuardia). Find out
about the XP seminar at http://www.minasi.com/xpsupport.htm,
the Active Directory/Group Policy seminar at http://www.minasi.com/2003outln.htm,
and the schedule of seminars at http://www.minasi.com/pubsems.htm.
This month, some troubleshooting, more info on last newsletter's topic, a
useful resource and some errata.
Has Outlook/Outlook Express Started Blocking Your Attachments?
About a month ago, I noticed that Outlook 2000 (on my desktop) and Outlook
Express 6.0 (on my laptop) started blocking most of my e-mail attachments --
EXEs, VBS, PDF, just about everything except image, DOC, PPT, and XLS files,
offering only a message to the effect that there was a potentially scary type of
file attached and that Lookout (oops, I meant Outlook) was doing me a favor and
This was of course irritating ... but also familiar. I recalled that
back when Office 2000 SR-1 came out that Outlook had started doing something
similar. I vaguely recalled that it'd required a Registry change to
disable this new "feature" that SR-1 came with, called the
"Outlook E-mail Security Update." It seemed at the time kind of funny that some of the extensions that Microsoft didn't
block (Word, Excel, PowerPoint) could contain pretty dangerous macros, while at
the same time I couldn't imagine what would be bad about a PDF. In any
case, I was puzzled about why the E-mail Security Update would return now.
A bit of searching showed that IE6's SP1, a "critical" update in
Microsoft's eyes, did me the favor of re-enabling the E-mail Security Update
without asking. Here's how to un-do it. This is apparently the
"cod liver oil" model of security through updates -- "swallow it,
it's good for you."
Getting my attachments back in Outlook Express 6.0 was simple. Click Tools/Options and
then the Security tab on the resulting property page. Un-check the box in
the middle of the page that says "Do not allow attachments to be saved or
opened that could potentially be a virus." Click OK to clear the box
and you can get to your attachments.
With Outlook 2000, it was a trifle more complex.
1) Open Regedit and go to HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Security.
If you don't have the key, then create it.
2) In that key, create a new entry of type REG_SZ called "Level1Remove".
3) Fill the key with a list of extensions that you don't want Lookout to block,
separated by semicolons. For example:
Note that some places say NOT to use the periods. I used them and it worked.
4) Close Regedit.
5) Exit Outlook.
6) Use Task Manager to ensure that Outlook.exe
is indeed not running.
7) Restart Outlook.
OL2002 apparently works the same but you substitute "10.0" for
"9.0." And there are a few utilities around that will save you the
Registry hacking. A Forum member suggested this freeware tool which puts a
GUI on it:
I've not tried it but I've heard good things about it.
AD and Backups: One For Each Server
Now that I'm teaching AD disaster recovery in class, I'm finding that
virtually everyone has made the same mistake at some time when it comes to
protecting their AD backups. You need to back up the Active Directory on every
domain controller. In general an AD backup on one DC cannot be restored to
I guess this doesn't seem to make sense -- can't a backup from any DC
be restored to any DC, isn't that what disaster recovery is all about? --
and so people simply take one set of AD backups and leave it at that.
Unfortunately, they then find that the backups are no good when restored to
So what do you do if all of your DCs are destroyed at once or, equivalently,
what if you have only one DC? (Note that I strongly recommend against ever
running just one DC. But I realize that sometimes economic realities
prevent that second DC. If that's the case, tell the boss exactly how many
hours the network will be down if you lose the one DC and how cheap a little
clone and a copy of Server is. If the boss can do math you'll have that
second DC in no time.) In that situation,
Microsoft says that you can rebuild your domain by installing Window 2000 Server
on a new system and then restoring any AD backup from any of the now-destroyed
domain controllers. KB article 263532 isn't a short one, but it does offer
some valuable advice.
But why is it that you can't restore an AD taken from
DC1 onto DC2? Simple: USNs (uniform sequence numbers). Where NT 4.0
BDCs had copies of the SAM that were identical because they were just carbon
copies of the PDC, recall that in AD every DC maintains its own set of internal
pointers etc. So let's say that DC1 replicates with DC2 at noon on
Tuesday. DC1 then updates what it knows about DC2, which (simplified)
might be something like "the last time I asked DC2 what was new, it told me
that its most recent update was USN number 10000." That USN is just
an internal sequence number indicating how many times someone's updated
DC2's copy of AD. So if Jane, a user on the AD, has changed her password
20 times since DC2 came up, then that accounts for 20 of the 10,000 changes that
DC2 has seen. In contrast, DC1 might have been up longer and might have a
highest USN of 50,000 because it's seen many more changes; it could have been
around for 117 of Jane's password changes. Both DC1 and DC2 have the same
information in their databases, but not necessarily the same USNs. So
suppose we have yet another DC named DC3 and the last time that DC1 replicated
with DC3 then DC1 found out that DC3's highest USN was 5000. Now let's say
that DC3, suffers damage to its AD and no one can find a backup of its AD, and
someone decides to just restore a backup of DC2's AD to DC3.
The next time that DC1 tries to replicate with DC3, it says to DC3,
"hmmm... the last time we talked you were up to USN 5000. What do you
know that's happened since?" As DC3 has gotten a brain transplant
from DC2, it says to DC1, "hey, a lot's happened -- my highest USN is now
10,000!" and re-replicates a whole lot of stuff to DC1, creating havoc.
Now you can see why it's possible to take any old AD backup and put it on a
restored DC, provided that DC is the only one in the domain -- there' s
no replicating to do, and so no USN mixups. Of course, even in that case,
Microsoft recommends that you use this DC to get another built-from-scratch DC
up and running, and then demote that first DC and format its hard disk.
You may be wondering if this is true for 2003, given that with Server 2003
it's possible to DCPROMO an entirely new DC based on a backup. Assuming
that all of your DCs were destroyed, could you build a fresh new 2003 system and
DCPROMO it using the backup from a DC on your destroyed domain? No;
DCPROMO won't run in any case unless it can contact a DC and authenticate
whoever's running DCPROMO. If it didn't do that, then anybody could add
extra domain controllers to a domain -- and that wouldn't be good. As
there wouldn't be any working DCs, DCPROMO would never get a response, and would
fail before creating the domain controller.
Online List of Ports and Usages
Ever needed to know who uses port 1080? Our good friend Morten Zierson
at the Forum suggests http://www.chebucto.ns.ca/~rakerman/port-table.html
as a good reference on ports.
More on Eliminating NTLM and LM
Last time I published a lengthy article about how to eliminate the antique LM
authentication protocol from your network, and suggested banishing its stronger
cousin NTLM in favor of the more-secure NTLMv2. Thanks for the huge volume
of kind mail over the article, I'm glad so many of you liked it.
Some of you wrote to tell me that, as expected, shutting off NTLM would break
some things. But I was surprised to find that shutting off LM, an
authentication protocol that I'd have thought obsolete for the past ten years,
broke some things as well. Some readers discovered these compatibility issues:
- Quantum SNAP servers need LM, some readers reported. Quite
- Older versions of SAMBA needed LM, some reported. My experience with
SAMBA on Linux has shown, however, that any version of SAMBA from the past
two or so years can work fine without LM. It does seem to need
NTLM, however, so restricting your network to NTLMv2 only will probably
cause problems for SAMBA. I am told that SAMBA 3.0, shipping soon, has
no such requirements. It sounds pretty neat, as 3.0 can even act as a
member of an Active Directory without NetBIOS.
- Novell CIFS: one reader reported that NetWare -- he didn't say which
version -- needed LM for authentication. That's disturbing to hear, as
LM's so easy to crack.
In most cases, readers who experienced problems when disabling NTLM and LM
solved those problems by loosening their security back to allow NTLM, still
Please keep sending me these reports, I'd like very much to hear about
subsystems that won't work without NTLM or LM. I'll share the results as I
Fixing Time Synchronization Problems
My XP desktop stopped synchronizing its time with the domain. The Event
Log kept showing that the desktop hadn't time-synced with any of my DCs in
weeks. That worried me because if my workstation's time drifted more than
five minutes from the domain controllers' time then I'd not be able to log
on. Once I was three minutes off, I figured it was time to figure out what
I tried to re-synchronize from the command line:
And got "the computer did not resync because no time data was available."
Oooh, that doesn't look good. But then I realized that I'd fixed my
system's time server as an experiment rather than letting AD set it. Some
free time sync programs do that also, so many of you may be in this
position. I just cleared out HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters's "NtpServer" value entry,
and then I restarted the Windows Time Service. Sadly, no dice ... still no
sync. For some reason, if your domain doesn't find all of the Registry
entries to be "just right," then it won't sync with your system.
You can, thankfully, fix it with this command:
w32tm /config /syncfromflags:DOMHIER /update
Type that from a command line, and then restart Windows Time Service and
retry the w32tm /resync or, better,
w32tm /resync /rediscover
A command that cleans out and rebuilds a few other Registry entries. I
had that problem with my XP box about a year ago; since then I've found these
commands useful on a number of systems. When workstations get more than
five minutes out of sync with the DC, then they stop authenticating but they're
not very forthcoming about the reason -- so when authentication's a problem then
first look at DNS, and if that doesn't help then look at time!
VMWare Fans: Upgrade to 4.0
Regular readers will know that I'm a huge fan of VMWare's VMWare Workstation
product, so much that I made it the focus of a newsletter about a year
ago. I've recently upgraded to their 4.0 version (a $99 upgrade) and
wanted to pass along that it's well worth the money. The ability to drag
and drop files between virtual machines is a real godsend for someone setting up
complex virtual networks. And if you've ever tried to run XP or 2003
systems in a VMWare 3.1 environment then you know that the mouse behaves
strangely when the Winlogon, the login screen, is active, but that's fixed in
4.0. Networking is more flexible as well, as you can move virtual machines
from one virtual subnet to another without a reboot. You can also control
those virtual subnets more easily, as they've included a GUI interface to manage
most of a subnet's characteristics. (Not all, unfortunately; for example,
I wanted to set VMNet4 to use 192.168.0.x but the GUI doesn't let you change the
network number. Something for 4.1, perhaps!) In any case, if you're
a VMWare fan, I recommend giving it 4.0 a try. If you're not using
VMWare, then give it a look. For just $300 you can take one machine and
turn it into an entire test lab of machines.
You may know that Microsoft recently purchased VMWare's competition,
VirtualPC, and will probably give it away eventually, so you might wonder:
does buying VMWare make any sense? I think so, as I'm guessing -- and it's
just a guess -- that once Microsoft finishes re-working VirtualPC that it will
only run on Enterprise Server 2003 ... and that four grand for Enterprise might
be a tad expensive for some budgets. Furthermore, VMWare can also run
virtual machines running Linux, NetWare or basically any other x86-based OS.
Still not using VMWare and wondering how it'd be useful? In just a few
words, VMWare Workstation is a $300 program that creates actual entire virtual
PCs out of your computer. You can tell it things like, "I'd like a
new PC with this much RAM, these many hard disks, and two Ethernet
cards." You then boot that virtual machine -- it runs in a window --
and you see a Phoenix BIOS bootup message just as you would for a new
computer. You then install an operating system from scratch onto this
virtual machine and it behaves in every way as if it were a separate stand-alone
This has a few benefits. First, you create as many VMs as you like, so
long as their memory doesn't exceed 1GB of RAM. Thus, one computer can
host six or seven systems, a virtual test lab. Second, you can network
them, making them either look like an honest-to-God NIC on your real-world
network, or you can create virtual subnets and keep all of the networking off
the real network -- you can even run a network sniffer in a virtual machine and
see what's going on. Very nice for isolating a small network to diagnose a
problem. Third, when they're not running, these virtual machines live on
the host computer as nothing more than a few files on the host's hard disk --
big files, yes, but files. You can create a virtual system that does a
particular function and then you can just back it, ready to restore if ever
needed. The 1GB limit only applies to the VMs actually running, recall --
you can have as many pre-built VMs ready to go as you like, there's no limit
there. Finally, there's snapshots. A snapshot tells the VM to
remember its exact state at some moment in time, and you can tell the VM to
return to that snapshot in an instant. The value? Testing.
When I test some new software, I first set up a computer and play with that
software to get the feel of it. Then I wipe the computer clean and
re-install the software fresh to test what I've learned; that wipe and reinstall
is essential, but it takes time. With a VM and a snapshot, all I've got to
do is just click the "Revert" button and the VM forgets everything
that I've done since I last took the snapshot. If you teach classes and
run demonstrations, you'll love snapshots; if you test systems then you'll also
Honestly, I don't own any stock in this company and I have no idea if they're
even publicly traded. But the product's good; give it a shot. www.wmware.com
is the place to find out more.
Server 2003 Book Errata
Many of you have written not only to tell me that you like the book (whew!)
but also that you've found places were we goofed. Here's the first batch
of corrections, with my apologies.
Page XXXIV reference to "Windows Server 2002" should of course be
"Windows Server 2003."
Chapter 1, Overview
Page 16, second para from bottom "...the result will be eventually
be..." should be "...the result will eventually be..."
2003 Needs New Server CALs
I had originally been led to believe that anyone upgrading from 2000 servers
to 2003 servers would not need to upgrade their CALs. Apparently Microsoft
changed their mind and you do need to upgrade CALs if you go to
2003. Let me clarify that: add just one 2003 server to your
enterprise and you'll probably have to buy 2003 CALs for everyone in your
network. Apologies for the error. I try to avoid license issues
altogether, as they're really legal rather than technical issues -- this is
Datacenter Versus Enterprise Editions
When I wrote the Overview -- the first chapter of the book -- Microsoft
hadn't yet decided what went into Enterprise and what into Datacenter.
They decided late in the game (too late to get into the book) to enhance
Enterprise's attraction by including a bunch of Datacenter tools, including
- 8-node clusters
- Windows Resource Manager
- NUMA support
- Hot plug PCI support
So the references to these tools as Datacenter-only are no longer correct.
MSDE is Outa There!
I mentioned in Chapter 1 that Microsoft shipped Server 2003 with MSDE, the
reduced-function version of SQL Server 2000. They did in RC2 and earlier,
but pulled it from the final version, probably over post-Slammer jitters.
So apologies, but there's no free database server in 2003. Shucks.
Chapter 4, Registry
Page 89, last sentence -- "You can see the hive files that correspond to
parts of the subtree listed in Table 4.3" should refer instead to Table
Page 90, first sentence -- "Table 4.3 needs a few notes..." should
say "Table 4.4 needs a few notes..."
Page 91, last sentence before Table 4.5 should be "Confused about where
all the keys come from? You'll find a recap in Table 4.5. It's
similar to Table 4.4, but it's more specific about how the keys are built at
Domain Controllers Do Have SAMs
On page 90 I discuss the SAM file, noting that domain controllers do not have
SAM files -- they have Active Directory databases. A reader correctly
points out that DCs do indeed have SAMs, even though those SAMs have only one
account -- the Directory Service Restore Mode password.
Chapter 5, Setup
Page 95, third paragraph, second sentence "You can script, as before,
but scripts are easier" should be "You can script your installs,
as before, but creating those scripts has become easier."
RIS Goes on DCs
Somewhere in Chapter 5 I said that you can't put RIS on a DC. (I'm not
sure why I wrote that, I've done it. Brain damage from too much CRT
emissions; good thing I'll be 100% LCD soon.) It's not true, you can put
RIS on a DC with no trouble.
Chapter 7, DNS/WINS/DHCP
Page 439 -- the text is unclear about what is the default choice for
AD-integrated zone replication. The default pathway for AD-integrated
zones is to all DCs in the AD domain, rather than to all of the DCs in a given
Page 460 -- the second paragraph refers once to a system at 188.8.131.52 and
twice to a system at 10.1.1.5. All three references should be to 10.1.1.5
-- the 184.108.40.206 reference is incorrect.
HOSTS, Then DNS Cache
Page 363, top, says
"Summarizing, then, a Windows 2000 or later system looks in its DNS
cache, then its HOSTS file, then asks a DNS server, then a WINS server, and
This is true except for the order. Systems always look in HOSTS first,
then DNS cache. That was actually explained correctly earlier in the text;
I just messed up the summary. Corrected, the statement should be
"Summarizing, then, a Windows 2000 or later system looks in its HOSTS
file, then its DNS cache, then asks a DNS server, then a WINS server, and
You Can Now Define Vendor Classes
Another RTM surprise! For years you've been able to create user classes
in DHCP, as you've read in my 2000 book and in the 2003 book. But in the
final release of Windows Server 2003, Microsoft added the ability to create new
Chapter 8, Active Directory
Complex Passwords are the Default!
When I first built domains from the final "RTM" version of Windows
Server 2003, I got bit of a surprise: any AD domain built on Windows
Server 2003 requires that user accounts have complex passwords. That
wasn't the case for RC2 or earlier versions.
Active Directory Migration Tool: Good For All Sizes, Says Microsoft
In chapter 8, I mention that Microsoft recommends ADMT for organizations of
1000 or fewer persons. I passed that along because I'd heard it from Peter
Houston, the former group product manager for Active Directory. I never
really agreed with the point of view, and have helped larger organizations
migrate with ADMT, but felt that duty-bound to pass along Microsoft's
I then got an e-mail from Andreas Luther, one of the Giant Brains in the
Active Directory world at Microsoft. Andreas has helped many firms move to
AD and so I was happy to read that no such recommendation existed at the
moment. From MS's point of view one could migrate an enterprise of any
size with Active Directory Migration Tool 2.0. It's a bit rough-edged
compared to some of the third-party migration tools from NetIQ, Quest, BindView
or Aelita, but the price is right.
Modifying Intrasite Replication Intervals
I mention in the book that AD domain controllers replicate to their partners
every five minutes and that you can't change the number. Apparently you
can, although I wouldn't recommend it. Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
and change the REG_DWORD value "Replicator notify pause after modify (secs)"
as you like. Again, I wouldn't mess with it. More info at KB 214678.
Logging Time Service Info
Page 571 says there's no way to get the Time Service to log errors and
successes, but there is indeed a way, although it only works on 2003 and not XP
or 2000. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config.
Create a new REG_DWORD named FileLogSize and fill it with the maximum size of
the log in bytes -- you'd have to enter 20000000 for a 20 MB log. Then
tell it where to put the log with a fully specified file name in a new value
entry "FileLogName" which should be REG_SZ. An example entry
might be "C:\logs\timelog.txt." Finally, tell the Time Service
how much detail you want with a third entry, FileLogEntries. (This is
another REG_SZ.) Give it a numeric value between zero and 72.
Microsoft doesn't tell us exactly what each of these levels offer.
Chapter 9, User Accounts
Removing IPSec Policies Isn't Automatic
On page 737, Lisa tells us that removing a group policy object causes its
effects to be un-done, and I'd have told you that too, with the exception of
course of "unmanaged" administrative templates. Michele
Beveridge, however, tells me that IPSec policies need an extra step -- you must
first unassign the policy before removing it, or the the IPSec policy will
Chapter 10, Storage
There are No Setup Floppies
Page 872's sidebar "Should I use FAT on the system partition?" has
a third paragraph that refers to a set of floppies that you can start 2003 Setup
from. Those floppies existed for 2000; they don't for 2003. There is
no Setup option in 2003 that starts from a boot floppy -- it's either RIS, files
on the hard disk, or the CD-ROM.
More Details On Dynamic Disks
Page 837 -- the italicized sentence points out that you can't create dynamic
disks on laptops. (I've always wondered, "how would 2003 know?")
A reader points out that according to Microsoft, you also can't create dynamic
volumes on cluster shared disks and "external" disks, whatever MS
means by "external" disks.
Many, many thanks to Kevin Casper, David Martin, Sue Diefenderfer, Yuval Sinay, Tracy
Rozman, Kim Robinson, rmilewsk at the Forum, Michele Beveridge and anyone who I missed. Keep
those comments coming in... and thanks so much for reading.
I hope you'll join me for a seminar but if you can't attend a class then
please consider attending another show:
Six cities this month -- see the earlier article. Just a morning long
and the price is right!
TechMentor San Diego, September 2-6
101 Communications' semi-annual geekfest comes to San Diego in fall's waning
days. Join me when I keynote this great show featuring Windows Giant Brain
Bill Boswell, Security Expert Nonpareil Roberta Bragg, Group Policy Expert Dude
Jeremy Moskowitz and others. It happens right around back-to-school time,
so come on back to school with some of the industry's leading lights. http://www.techmentorevents.com
for more info.
Windows Magazine Live! November 2-6, Orlando
The magazine that I write for, Windows and .NET Magazine, holds its next Windows
Magazine Live! conference in Orlando this November. It's a jam-packed set
of great talks by some great speakers including of the Microsoft tech world's foremost
megacephaloids like Mark Russinovich, Intel's Sean Deuby, IIS Answer Man Brett
Hill, Uberscripter Bob Wells and more — great speakers all and really smart
guys. I'm also doing three talks, more details on that as the show gets
closer. Watch www.winconnections.com
for more info on this show, coming to The Land Of The Mouse.
Bring Mark to your site to teach
I'm keeping busy doing Windows Server 2003/2000 and XP seminars and writing, but I've still got time to visit your firm. In just two
days, I'll make your current NT techies into 2000 and/or 2003 techies. To join
the large educational, pharmaceutical, agricultural, aerospace, utility, banking, government,
transportation, and other organizations that I've assisted, either take a peek
at the course outline at www.minasi.com/2003outln.htm,
mail our assistant Jean Snead at Assistant@Minasi.com,
or call her at (757) 426-1431 (only between 9-5 Eastern time, weekdays, please).
Until Next Month...
Have a quiet and safe month.
Please share this newsletter; I'd like
very much to expand this periodical into a useful source of NT/2000/2003/XP information. Please forward it to any associates who might find
it helpful, and accept my thanks. We are now at over 25,000 subscribers and I hope to use this to get information to every single Mastering
2003, XP, NT and 2000 Server reader. Thanks for letting me visit with you, and take
care. Many, many thanks to the readers who have
mailed me to offer suggestions, errata, and those kind reviews. As always,
I'm at http://www.minasi.com/gethelp and
please join us at the Forum with technical questions at www.minasi.com/forum.
To subscribe, visit http://www.minasi.com/nwsreg.htm.
To change e-mail, format, etc., link to http://www.minasi.com/edit-newsletter-record.htm.
To unsubscribe, link to http://www.minasi.com/unsubs.htm.
Visit the Archives at http://www.minasi.com/archive.htm.
Please do NOT reply to this mail; for comments, please link to http://www.minasi.com/gethelp.
All contents copyright 2003 Mark Minasi. You are encouraged to quote this
material, SO LONG as you include this entire document; thanks.