Mark Minasi's Windows Networking Tech Page
Issue #55 July 2006
To subscribe, visit http://www.minasi.com/nwsreg.htm.
To unsubscribe, link to http://www.minasi.com/unsubs.htm.
To change e-mail address, switch between HTML or text format, etc., link
to http://www.minasi.com/edit-newsletter-record.htm.
Visit the Archives at http://www.minasi.com/archive.htm.
Please do NOT reply to this mail; for comments, please link to www.minasi.com/gethelp. RSS
feed at
http://www.minasi.com/rss.xml. Document
copyright 2006 Mark Minasi.
What's Inside
- News
- Advance sales offer for new "Getting Ready For Vista" 3-CD set
- Tech Section
- Editorial: An IT Hero Joins Microsoft
- Longhorn Has a Name, Sort Of
- The Five Most Interesting Things In Vista That You Might Not Know
- Conferences
- Bring a Seminar to Your Site
News
Sorry I've been gone so long, I've been writing like crazy and I'm
finally done with Mastering Windows Server 2003, Upgrade Edition for
SP1 and R2 (which looks like it'll hit the stands in late September)
but just starting work on a short book on what I see as the most
important changes in Vista.
This month, I wanted to offer a few thoughts about a big event today.
Mark Russinovich, a guy who's spent the last ten years, writing and
giving away great system tools and top-quality insights into how Windows
works, is joining Microsoft as a sort of minister-without-portfolio.
I also wanted to pass along my list of the five most interesting things that I've
seen in Vista that most folks seem not to know. But first, a word from our sponsor...
Advance Sales Offer: "Getting Ready For Vista"
In the past few months, I've been working on two equally important
projects. First, I was squeezing all of the juice that I could out
of 2003 SP1 and 2003 R2 for the Upgrade Edition book coming this
September. Second, and no less important, I've been drilling down
on the insides of Vista. I honestly don't care much about the new
pretty GUI; no, I'm fascinated by the plumbing in Vista. In an
attempt to make an operating system that is secure with a capital "S,"
Microsoft has changed what's under the hood in Windows in ways that
should be invisible to the average user, but that are as big as the
changes from Windows 3.1 to Windows NT 3.1. These changes are
generally good, but, well, they're changes, and understanding
them is essential to planning for Vista.
Soon I'll have a two-day Vista planning, deploying, managing and
troubleshooting class, but it'll be a few months before it's ready. Meanwhile,
however, I put
together a three-CD set of audio lectures that I think are the fastest
way for you to get your feet wet on Vista. In these lectures, I
consider Vista's new deployment tools, the productivity part of its new
UI, its new storage capabilities, its extensive security upgrades (this
is the part that I mean when I say that the plumbing's changed), the new
aspects of Vista networking, its new administrative tools -- including few surprises in group policies
-- and finally its
performance-enhancing utilities.
I've already got it recorded, but it's going to be a few weeks before
I can get it produced. When it's finally done, it'll be a three-CD
set with an extra CD containing the PDFs of the accompanying PowerPoints. The
sets will run $59.95 domestic, $69.95 international. But it'll
take a while to get the CDs all edited and laid out, so I'm offering
these sets for anyone buying them before 5 August for $20 off.
I'm only offering this through this newsletter, so if you want the
$39.95 domestic / $49.95 international price, then please order through
one of these links:
To order Getting Ready for Vista domestically at the pre-release
$39.95 price, please click here.
To order Getting Ready for Vista internationally
at the pre-release $49.95 price, please click here.
Again, this offer's only available until 5 August 2006. We'll
have the CDs ready by then and the price goes up twenty bucks. (Of
course, we won't charge your credit card until we ship the set.)
Thanks!
UPDATE 7 August 06...
We're shipping out the Vista CD sets -- so sorry, but the pre-release
prices are no longer available. (But it's still a great deal at
the regular price!) The above links will take you to the normal
price. Thanks for your support!
Tech Section
Two stories this month and a short news item. First, I want to pass along some
breaking news and offer an opinion, and then briefly highlight five
things that I've found really interesting in the upcoming version of
Windows.
An IT Hero Joins Microsoft: Russinovich Becomes a Technical
Fellow
If you could pick one geek to get an influential role at Microsoft,
who would you pick? I know who I'd pick, and mirabile
dictu, it happened today.
On 18 July 2006, Microsoft announced its intention to purchase
Winternals, the Austin, TX-based firm that offers ERD Commander, a
popular system recovery tool. Its owners, Mark Russinovich and
Bryce Cogswell, will join Microsoft. Mark will become one of about
a dozen people holding the position of "technical fellow" at Microsoft.
TFs are big brains that Microsoft hires and apparently gives a fair
amount of leeway to research what they feel like. One technical
fellow invented C#. Another started MSN Labs, and yet another is
the person who invented data mining. Not a bad company to end up
amongst.
What'll Russinovich do? No one can know immediately -- he's
still wearing an "I can't believe how cool this is" look -- but a glance at
his previous work would certainly generate great expectations.
He's the guy who annoyed Microsoft ten years ago by demonstrating that
just a few Registry changes would convert NT Workstation into NT Server.
Then he went on to point out a number of vulnerabilities that Microsoft
ignored, until he wrote applications to demonstrate the vulnerabilities.
(This was back in the days before Microsoft shipped patches monthly with
thanks and credit to the people who found the vulnerabilities.) Later, he
developed and gave away a raft of invaluable tools on his and Bryce's www.sysinternals.com site, including Process Explorer, Regmon, Filemon,
the pstools suite and a host of other great stuff. (If you've
never been to the site, go. Many of the techies that I know
couldn't do their jobs without these tools; I know I couldn't.) He
gained interest in the stealth-variety of malware that are generally
called "root kits" early on. That led him to develop and give away
Rootkit Revealer, and that tool caused him to stumble upon and reveal
Sony's incomprehensible use of a root kit against its own customers -- a
practice that they say they've stopped, but have never apologized for
and would never have been caught at without Mark's clever detective
work.
Do I sound like a Russinovich fan? Okay, mea culpa; he's
been a good friend for years, but personal bias aside, he's one of the
smartest guys that I know and an ideal candidate for "Microsoft
insider." This is a good move for him and, I think, in the long run for
us all. His presence in Redmond has to be a force for sound
architecture, openness and innovation. Maybe one day we'll see a
Microsoft presentation where instead of hearing a bigwig yell 39 times
that the most important thing to Microsoft was "developers!," someone
will be shouting for us admin types. And reliable software.
Who knows?
But could it be that Microsoft hired Mark for the wrong job?
After all, Microsoft's about to lose someone who's very intelligent
(if controversial), a
guy with vision and rock-solid understanding not only of the computer
business but of computers themselves. A guy who, years ago, pulled
off
some pretty impressive programming feats. Maybe when Gates leaves, why
not tap someone who's smart, already well-known in the industry and even
well-liked? Could it be... nah. One hardly ever hears news
that good...
Longhorn Has a Name, Sort Of
It's now "Windows Server 2007." Or "Windows Server 2008,"
depending on when it ships. Blackcomb still doesn't have a name, but
it's got a new beta code-name: "Vienna." Maybe its modular
design is supposed to make us think of Vienna sausages?
The Five Most Interesting Things In Vista That You Might Not Know
As I mentioned in the blurb about the Vista CD set, I've been delving
into Vista recently. I knew much of what I saw and was only
looking more deeply, but there are a few things that I think are cool or
just plain surprising.
NTFS and the Registry are Transaction-Based
Both the file system and the Registry are now transaction-based in
Vista.
This surprised me because it was supposed to appear in Server 2007 but
it's in Vista. "Transaction based" means that you can take a
number of separate file, copy, move or whatever operations and
essentially package them up so that they're all or nothing. If one
of the operations fails, then you just "roll back" and everything done
so far is un-done. Here's an actual example run:
Microsoft Windows [Version 6.0.5456]
(C) Copyright 1985-2005 Microsoft Corp.
C:\Users\mark>transaction /start
A transaction has been successfully started.
Transaction ID: {1288b5a4-4b58-4006-88d8-6bc86f4b8ad3}
C:\Users\mark>md newfiles
C:\Users\mark>copy con newfiles\test
hi there
^Z
1 file(s) copied.
C:\Users\mark>dir newfiles
Volume in drive C has no label.
Volume Serial Number is 4834-858C
Directory of C:\Users\mark\newfiles
07/17/2006 06:48 PM <DIR> .
07/17/2006 06:48 PM <DIR> ..
07/17/2006 06:48 PM 10 test
1 File(s) 10 bytes
2 Dir(s) 15,731,507,200 bytes free
C:\Users\mark>transaction /rollback
The current transaction has been rolled back.
C:\Users\mark>dir newfiles
Volume in drive C has no label.
Volume Serial Number is 4834-858C
Directory of C:\Users\mark
File Not Found
C:\Users\mark>
Here, I start a transaction, then create a new folder and put a file
in that folder. But then I cancel the transaction, and it's all
undone; asking for a directory listing of the new folder yields "File
Not Found." In contrast, typing "transaction /commit" would have said "transaction's
over, make it all permanent." Where will this be useful?
Well, File and Registry-based transactions will be pretty useful for
applying patches. Heck, you could actually install and test a
piece of software, and then un-install it via a transaction rollback.
But that'd only work if the software didn't require a reboot; any
reboots act as a "transaction /rollback." I suspect we'll plenty
of pretty neat uses for this.
Vista's Event Viewer Lets You Centralize Logs
Provided that all of your systems are in the same forest, Vista makes
it fairly easy to choose one Vista machine to act as a central
collection point for your other Vista machines' event logs. It's
called "subscription" and works very nicely. You can even be
choosy about which events to collect and which to ignore. Okay,
it's only "syslog lite," but it's nice to finally see it in Windows!
Vista Does Basically "Bare Metal" Backups, in Virtual
PC/Server Format
I don't know about you, but I hate doing disaster recovery on
an XP box. Yes, there's the very nice Files and Settings Wizard
and tons of other tools, but it's so blasted complex backing everything
up or, perhaps I should say, it's so complex restoring things.
With Vista, that changes. Vista has a separate backup routine
that backs up an entire system. Called CompletePC, this backs
up your whole system to ... are you ready? ... a VHD file. For
those who don't know, that's a "virtual hard drive" for Microsoft's
desktop virtual machine manager, Virtual PC. You can use something
called the Windows Recovery Environment to restore that VHD to a new
piece of hardware or, potentially, you could just mount it as a virtual
system. (You'd have to fiddle with the drivers a bit.)
Pretty cool.
Undelete Comes To Windows For Real!
If you've ever used System Restore for XP, then you know how useful
it can be. System Restore takes periodic snapshots of the state of
your operating system and lets you roll back to before you installed the
Driver From Hell or that antivirus application that seems to work by
crashing your system, which is of course one way to keep you from
getting malware, although not the optimal one. Now, with Vista, System Restore does the same
thing for your files. Right-click any file or folder and
choose Properties, and you'll see a tab named Previous Versions.
That's right, versions with an "s." Decided that your version of
the Great American Novel was better two days ago and you didn't back up?
No worries; check out Previous Versions and just grab the version from a
couple of days ago.
64-Bit Vista Will Only Accept Signed Drivers
As with all software vendors, Microsoft would love for us all to dump
our old stuff and "live 64-bit." It's good for their bottom line,
certainly, but it's also easier to secure an OS running only the newest
stuff. Any 16-bit application that's network-aware is probably a
security risk, so you can see their point. On the other hand, many
of us are forced to live with old apps built back in the Napoleonic Era
either because we don't have the source code any more, or the app's
vendor just plain isn't around any more.
Microsoft tries to chivvy us into cutting our ties with older stuff
now and then through restrictions of their OSes. I like XP x64,
but find it annoying that I can't run any old DOS game... I mean,
applications, nor can I run Windows 3.x applications. There's a
simple workaround for this -- just run VMWare or Virtual PC on your
64-bit OS and create a 32-bit OS to run the old app in -- but it's still
annoying. But perhaps it's not that bad a compromise after all;
with virtual machine technology I get to run my older, leaky apps, but
without compromising my actual computer. By putting the old and
un-securable apps into a "virtual sandbox," we get the best of both
worlds.
In any case, Microsoft's taken a very large step with 64-bit Vista by
requiring that any kernel code -- and this means pretty much all drivers
-- be digitally signed, and cross-signed by Microsoft. I don't
mean to be alarmist here, but this troubles me a bit. There are a
number of vendors who Microsoft's authorized to issue code certificates
cross-signed by Microsoft, but no one's really been able to answer a big
question: how hard is it to get one of these certs, and how
expensive is it?
I can't tell you how many times I've run up against some kind of
problem in Windows, only to find a useful free utility on the Web that
solved that problem. Many of these applications run some kind of
kernel code, and so would need a certificate. But if those
certificates are either very hard to get or prohibitively expensive to
acquire, then this could have the chilling effect of killing many great,
free utilities in the cradle. I honestly don't understand the
cross-signing process well enough yet to sound any alarms... but it's
something that bears watching. You can read about it here:
http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx
Four interesting new features and one to contemplate; there's plenty
of things to consider in Vista, and that's just the tip of the iceberg.
Vista seemed for a long time to be nothing more than Windows with a new
Mac-like interface, but what I've seen come out of Redmond in the past
few months has changed my mind. This should be fun!
|