Mark Minasi's Windows Networking Tech Page
Issue #55 July 2006

To subscribe, visit To unsubscribe, link to To change e-mail address, switch between HTML or text format, etc., link to  Visit the Archives at  Please do NOT reply to this mail; for comments, please link to  RSS feed at Document copyright 2006 Mark Minasi.

What's Inside

  • News
    • Advance sales offer for new "Getting Ready For Vista" 3-CD set
  • Tech Section
    • Editorial:  An IT Hero Joins Microsoft
    • Longhorn Has a Name, Sort Of
    • The Five Most Interesting Things In Vista That You Might Not Know
  • Conferences
  • Bring a Seminar to Your Site


Sorry I've been gone so long, I've been writing like crazy and I'm finally done with Mastering Windows Server 2003, Upgrade Edition for SP1 and R2 (which looks like it'll hit the stands in late September) but just starting work on a short book on what I see as the most important changes in Vista. 

This month, I wanted to offer a few thoughts about a big event today.  Mark Russinovich, a guy who's spent the last ten years, writing and giving away great system tools and top-quality insights into how Windows works, is joining Microsoft as a sort of minister-without-portfolio.  I also wanted to pass along my list of the five most interesting things that I've seen in Vista that most folks seem not to know.  But first, a word from our sponsor...

Advance Sales Offer: "Getting Ready For Vista"

In the past few months, I've been working on two equally important projects.  First, I was squeezing all of the juice that I could out of 2003 SP1 and 2003 R2 for the Upgrade Edition book coming this September.  Second, and no less important, I've been drilling down on the insides of Vista.  I honestly don't care much about the new pretty GUI; no, I'm fascinated by the plumbing in Vista.  In an attempt to make an operating system that is secure with a capital "S," Microsoft has changed what's under the hood in Windows in ways that should be invisible to the average user, but that are as big as the changes from Windows 3.1 to Windows NT 3.1.  These changes are generally good, but, well, they're changes, and understanding them is essential to planning for Vista.

Soon I'll have a two-day Vista planning, deploying, managing and troubleshooting class, but it'll be a few months before it's ready.  Meanwhile, however, I put together a three-CD set of audio lectures that I think are the fastest way for you to get your feet wet on Vista.  In these lectures, I consider Vista's new deployment tools, the productivity part of its new UI, its new storage capabilities, its extensive security upgrades (this is the part that I mean when I say that the plumbing's changed), the new aspects of Vista networking, its new administrative tools -- including few surprises in group policies -- and finally its performance-enhancing utilities.

I've already got it recorded, but it's going to be a few weeks before I can get it produced.  When it's finally done, it'll be a three-CD set with an extra CD containing the PDFs of the accompanying PowerPoints.  The sets will run $59.95 domestic, $69.95 international.  But it'll take a while to get the CDs all edited and laid out, so I'm offering these sets for anyone buying them before 5 August for $20 off.   I'm only offering this through this newsletter, so if you want the $39.95 domestic / $49.95 international price, then please order through one of these links:

To order Getting Ready for Vista domestically at the pre-release $39.95 price, please click here.

To order Getting Ready for Vista internationally at the pre-release $49.95 price, please click here.

Again, this offer's only available until 5 August 2006.  We'll have the CDs ready by then and the price goes up twenty bucks.  (Of course, we won't charge your credit card until we ship the set.)  Thanks!

UPDATE 7 August 06...

We're shipping out the Vista CD sets -- so sorry, but the pre-release prices are no longer available.  (But it's still a great deal at the regular price!)  The above links will take you to the normal price.  Thanks for your support!

Tech Section

Two stories this month and a short news item.  First, I want to pass along some breaking news and offer an opinion, and then briefly highlight five things that I've found really interesting in the upcoming version of Windows.

An IT Hero Joins Microsoft:  Russinovich Becomes a Technical Fellow

If you could pick one geek to get an influential role at Microsoft, who would you pick?  I know who I'd pick, and mirabile dictu, it happened today.

On 18 July 2006, Microsoft announced its intention to purchase Winternals, the Austin, TX-based firm that offers ERD Commander, a popular system recovery tool.  Its owners, Mark Russinovich and Bryce Cogswell, will join Microsoft.  Mark will become one of about a dozen people holding the position of "technical fellow" at Microsoft.  TFs are big brains that Microsoft hires and apparently gives a fair amount of leeway to research what they feel like.  One technical fellow invented C#.  Another started MSN Labs, and yet another is the person who invented data mining.  Not a bad company to end up amongst.

What'll Russinovich do?  No one can know immediately -- he's still wearing an "I can't believe how cool this is" look -- but a glance at his previous work would certainly generate great expectations.  He's the guy who annoyed Microsoft ten years ago by demonstrating that just a few Registry changes would convert NT Workstation into NT Server.  Then he went on to point out a number of vulnerabilities that Microsoft ignored, until he wrote applications to demonstrate the vulnerabilities.  (This was back in the days before Microsoft shipped patches monthly with thanks and credit to the people who found the vulnerabilities.)  Later, he developed and gave away a raft of invaluable tools on his and Bryce's site, including Process Explorer, Regmon, Filemon, the pstools suite and a host of other great stuff.  (If you've never been to the site, go.  Many of the techies that I know couldn't do their jobs without these tools; I know I couldn't.)  He gained interest in the stealth-variety of malware that are generally called "root kits" early on.  That led him to develop and give away Rootkit Revealer, and that tool caused him to stumble upon and reveal Sony's incomprehensible use of a root kit against its own customers -- a practice that they say they've stopped, but have never apologized for and would never have been caught at without Mark's clever detective work.

Do I sound like a Russinovich fan?  Okay, mea culpa; he's been a good friend for years, but personal bias aside, he's one of the smartest guys that I know and an ideal candidate for "Microsoft insider." This is a good move for him and, I think, in the long run for us all.  His presence in Redmond has to be a force for sound architecture, openness and innovation.  Maybe one day we'll see a Microsoft presentation where instead of hearing a bigwig yell 39 times that the most important thing to Microsoft was "developers!," someone will be shouting for us admin types.  And reliable software.  Who knows?

But could it be that Microsoft hired Mark for the wrong job?  After all, Microsoft's about to lose someone who's very intelligent (if controversial), a guy with vision and rock-solid understanding not only of the computer business but of computers themselves.  A guy who, years ago, pulled off some pretty impressive programming feats.  Maybe when Gates leaves, why not tap someone who's smart, already well-known in the industry and even well-liked?  Could it be... nah.  One hardly ever hears news that good...

Longhorn Has a Name, Sort Of

It's now "Windows Server 2007."  Or "Windows Server 2008," depending on when it ships. Blackcomb still doesn't have a name, but it's got a new beta code-name:  "Vienna."  Maybe its modular design is supposed to make us think of Vienna sausages?

The Five Most Interesting Things In Vista That You Might Not Know

As I mentioned in the blurb about the Vista CD set, I've been delving into Vista recently.  I knew much of what I saw and was only looking more deeply, but there are a few things that I think are cool or just plain surprising.

NTFS and the Registry are Transaction-Based

Both the file system and the Registry are now transaction-based in Vista.  This surprised me because it was supposed to appear in Server 2007 but it's in Vista.  "Transaction based" means that you can take a number of separate file, copy, move or whatever operations and essentially package them up so that they're all or nothing.  If one of the operations fails, then you just "roll back" and everything done so far is un-done.  Here's an actual example run:

Microsoft Windows [Version 6.0.5456]
(C) Copyright 1985-2005 Microsoft Corp.

C:\Users\mark>transaction /start
A transaction has been successfully started.
Transaction ID: {1288b5a4-4b58-4006-88d8-6bc86f4b8ad3}

C:\Users\mark>md newfiles

C:\Users\mark>copy con newfiles\test
hi there
1 file(s) copied.

C:\Users\mark>dir newfiles
Volume in drive C has no label.
Volume Serial Number is 4834-858C

Directory of C:\Users\mark\newfiles

07/17/2006 06:48 PM <DIR> .
07/17/2006 06:48 PM <DIR> ..
07/17/2006 06:48 PM 10 test
1 File(s) 10 bytes
2 Dir(s) 15,731,507,200 bytes free

C:\Users\mark>transaction /rollback
The current transaction has been rolled back.

C:\Users\mark>dir newfiles
Volume in drive C has no label.
Volume Serial Number is 4834-858C

Directory of C:\Users\mark

File Not Found


Here, I start a transaction, then create a new folder and put a file in that folder.  But then I cancel the transaction, and it's all undone; asking for a directory listing of the new folder yields "File Not Found."  In contrast, typing "transaction /commit" would have said "transaction's over, make it all permanent."  Where will this be useful?  Well, File and Registry-based transactions will be pretty useful for applying patches.  Heck, you could actually install and test a piece of software, and then un-install it via a transaction rollback.  But that'd only work if the software didn't require a reboot; any reboots act as a "transaction /rollback."  I suspect we'll plenty of pretty neat uses for this.

Vista's Event Viewer Lets You Centralize Logs

Provided that all of your systems are in the same forest, Vista makes it fairly easy to choose one Vista machine to act as a central collection point for your other Vista machines' event logs.  It's called "subscription" and works very nicely.  You can even be choosy about which events to collect and which to ignore.  Okay, it's only "syslog lite," but it's nice to finally see it in Windows!

Vista Does Basically "Bare Metal" Backups, in Virtual PC/Server Format

I don't know about you, but I hate doing disaster recovery on an XP box.  Yes, there's the very nice Files and Settings Wizard and tons of other tools, but it's so blasted complex backing everything up or, perhaps I should say, it's so complex restoring things.

With Vista, that changes.  Vista has a separate backup routine that backs up an entire system.  Called CompletePC, this backs up your whole system to ... are you ready? ... a VHD file.  For those who don't know, that's a "virtual hard drive" for Microsoft's desktop virtual machine manager, Virtual PC.  You can use something called the Windows Recovery Environment to restore that VHD to a new piece of hardware or, potentially, you could just mount it as a virtual system.  (You'd have to fiddle with the drivers a bit.)  Pretty cool.

Undelete Comes To Windows For Real!

If you've ever used System Restore for XP, then you know how useful it can be.  System Restore takes periodic snapshots of the state of your operating system and lets you roll back to before you installed the Driver From Hell or that antivirus application that seems to work by crashing your system, which is of course one way to keep you from getting malware, although not the optimal one.  Now, with Vista, System Restore does the same thing for your files.  Right-click any file or folder and choose Properties, and you'll see a tab named Previous Versions.  That's right, versions with an "s."  Decided that your version of the Great American Novel was better two days ago and you didn't back up?  No worries; check out Previous Versions and just grab the version from a couple of days ago.

64-Bit Vista Will Only Accept Signed Drivers

As with all software vendors, Microsoft would love for us all to dump our old stuff and "live 64-bit."  It's good for their bottom line, certainly, but it's also easier to secure an OS running only the newest stuff.  Any 16-bit application that's network-aware is probably a security risk, so you can see their point.  On the other hand, many of us are forced to live with old apps built back in the Napoleonic Era either because we don't have the source code any more, or the app's vendor just plain isn't around any more.

Microsoft tries to chivvy us into cutting our ties with older stuff now and then through restrictions of their OSes.  I like XP x64, but find it annoying that I can't run any old DOS game... I mean, applications, nor can I run Windows 3.x applications.  There's a simple workaround for this -- just run VMWare or Virtual PC on your 64-bit OS and create a 32-bit OS to run the old app in -- but it's still annoying.  But perhaps it's not that bad a compromise after all; with virtual machine technology I get to run my older, leaky apps, but without compromising my actual computer.  By putting the old and un-securable apps into a "virtual sandbox," we get the best of both worlds.

In any case, Microsoft's taken a very large step with 64-bit Vista by requiring that any kernel code -- and this means pretty much all drivers -- be digitally signed, and cross-signed by Microsoft.  I don't mean to be alarmist here, but this troubles me a bit.  There are a number of vendors who Microsoft's authorized to issue code certificates cross-signed by Microsoft, but no one's really been able to answer a big question:  how hard is it to get one of these certs, and how expensive is it?

I can't tell you how many times I've run up against some kind of problem in Windows, only to find a useful free utility on the Web that solved that problem.  Many of these applications run some kind of kernel code, and so would need a certificate.  But if those certificates are either very hard to get or prohibitively expensive to acquire, then this could have the chilling effect of killing many great, free utilities in the cradle.  I honestly don't understand the cross-signing process well enough yet to sound any alarms... but it's something that bears watching.  You can read about it here:

Four interesting new features and one to contemplate; there's plenty of things to consider in Vista, and that's just the tip of the iceberg.  Vista seemed for a long time to be nothing more than Windows with a new Mac-like interface, but what I've seen come out of Redmond in the past few months has changed my mind.  This should be fun!


TechEd Hong Kong 25-27 September 2006

The fair city of Hong Kong may never be the same when Microsoft's Steve Riley, myself and a bunch of other speakers come to town to talk about Vista, Server 2007, tons of other MS products, and of course 2003 SP1.  Well, at least I'll be talking about 2003's SP1 when I present my step-by-step guide to using all of the goodies that you're not using in XP SP2 and 2003 SP1.  But that's just the start.  I'm also doing a full-day pre-conference session on Vista, as well as "Windows Logons Revealed" (featuring Tom and his Kerberos Tickets), "Troubleshooting DNS in an AD World," and "What's New in Vista Group Policies."

TechMentor Vegas October 9-13 2006

This Fall, the conference gods have decided that Las Vegas is The Place.  So whether you're a TechMentor or a Windows Connections fan, Vegas is where you're goin'. 

101 Communications' semi-annual techie conference with tracks that help you get your CCNA, MCSA, or MCSE, as well as tracks on Windows administration and troubleshooting, security, scripting and automation, and Linux/Windows integration.  I'm doing two new talks, my "XP to Vista in 75 minutes" talk and a three hour "crash course" in Vista.  I'm also doing my perennially popular Accidental DBA's Guide to MSDE and SQL Server 2005 Express Edition, and well as my "Windows Logons Revealed" talk, which tells what few know about the insides of Kerberos!

Windows Connections / Exchange Connections Vegas November 13-17 2006

What's that you say?  You want some terrific conference content but don't care that much about Linux, certifications, or Cisco stuff?  You say you want terrific sessions on Windows administration and troubleshooting, but also need the in-depth scoop on Exchange, and also need to become a SharePoint black belt?  Oh, and maybe you want to know about SQL Server, with a dollop of VB, .NET and all of that jazz?  Well, then, set your sights on Las Vegas' Mandelay Bay (yeah, I hate Vegas, but the Bay has a pretty neat aquarium) and the Connections folks have managed to wangle "Exchange 12 Rollout Show" status, as well as throwing together virtually all of the different shows that they do.  Best of all, if you sign up for Windows/Exchange Connections, you get to go to anything on the developer side.  Honestly, if you don't get "menu freeze" from this show, then I'll be amazed.

I'm doing my new "XP to Vista in 75 Minutes" talk, as well as a new "Vista Security Secrets:  The Stuff That Will Explode Your Head" presentation.  I'll reprise the talk rated #8 out of 450 sessions at TechEd 2006, "Service Pack Gold," as well as The Return of the Talk That Required TWO Standing-Room Only Sessions, "Command Line Gems:  Administering Windows from C: level."

Information at

Bring Mark to your site to teach

I'm keeping busy doing Active Directory and Security seminars and writing, but I've still got time to visit your firm.  In just two days, I'll make your current NT techies into 2000, XP, Active Directory and 2003 experts.  (And better yet they won't have to sit through any Redmondian propaganda.)  To join the large educational, pharmaceutical, agricultural, aerospace, utility, banking, government, telecommunication, law enforcement, publishing, transportation, military and other organizations that I've assisted, either take a peek at the course outlines at, mail our assistant Jean Snead at, or call her at (757) 426-1431 (only between noon-5 Eastern time, weekdays, please).

Until Next Month...

Have a quiet and safe month. 

Please share this newsletter; I'd like very much to expand this periodical into a useful source of NT/2000/2003/XP/Vista information.  Please forward it to any associates who might find it helpful, and accept my thanks.  We are now at over 40,000 subscribers and I hope to use this to get information to every single Mastering Vista, 2003, XP, NT and 2000 Server reader. Thanks for letting me visit with you, and take care.  Many, many thanks to the readers who have mailed me to offer suggestions, errata, and those kind reviews.  As always, I'm at and please join us at the Forum with technical questions at

RSS feed at  To subscribe, visit To change e-mail, format, etc., link to  To unsubscribe, link to Visit the Archives at Please do NOT reply to this mail; for comments, please link to

All contents copyright 2006 Mark Minasi. You are encouraged to quote this material, SO LONG as you include this entire document; thanks.