Computer Performance, Windows 2003 Vista Best Practice

Best Practice Ezine #105 - Vista Brings Opportunities
Real time network monitor

Take the pain out of network traffic analysis.

Download your copy of the SolarWinds' free Real-time NetFlow Analyzer.

Free SolarWinds Subnet Calculator

The subnet calculator will assist you in managing IP addresses.

To let you into a secret, this utilities is fun to use, even if you don't have a pressing need to calculate your IP address space.

Get your free advanced Subnet calculator

Best Practice Ezine #105 - Vista Brings Opportunities

This week I encourage you to think about this - 'What opportunities will Vista bring for me?  I ask this question because the imminent birth of Vista reminds me of when Window 95 was launched and how I got my big break in computing.  I am not, repeat not, recruiting employees myself, nor am in anyway involved with hiring staff.  Even if you are not contemplating a career move, I hope that my advice on Vista migration and security will help you in your present job.  But firstly, I have good news for those wishing to turn off Vista's nagging UAC.

Topics for Vista Opportunities

UAC (User Account Control) Update - New way to turn it off

Last week I challenged readers to research Vista's new features and give each a dollar value.  One matter arising was the UAC.  Many of us find it annoying when the UAC box asks us to confirm all administrative changes.  Craig kindly wrote in explaining a new way to disable the irritating UAC in Vista RC1.

Stage 1)  Display Vista's Administrative Tools.  Right click the Task Bar, Properties, Start Menu, Customize, Advanced, scroll to the bottom and find System Administration Tools, place the radio button next to 'Display on the All Programs menu'. Turn Off UAC

Stage 2)  From the Administrative Tools, find the Local Security Policy, then the Security Options folder.

Stage 3)  Locate the family of settings beginning with 'User Account Control'

User Account Control: Behavior of the elevation prompt for administrators.....
Set to: Elevate without prompting

User Account Control: Admin Approval mode for the Built-in Administrator Account.
Set to: Disable

What opportunities will Vista bring for you?

My two threads to this week's article are, what can Vista do for your company?  And what can Vista do for your career?   As Vista is new, 'old timers' no longer have the edge.  Anyone who learns Vista suddenly becomes the new expert.  Two areas where computer specialists will always be in demand are security and migration.

If you are looking for handy network utilities, try some of the free downloads at Tools4Ever

Migration Strategies

The problem with migration projects is that you always have to start from scratch.  Your last migration was so long ago that you have probably forgotten how you did it, and even if by some miracle you have the procedure documented, the technology has moved on (even if the principles remain the same).

When a new system like Vista arrives, it has new features to make migration even easier, but nobody tells you that it takes about a week on a test network to perfect and document these improved techniques.  Busy people just employ a migration expert.  Alternatively, that migration expert could be you.

Guy's strategic advice is avoid upgrades.  Instead always install the new operating system from scratch and absorb the pain of transferring user specific files and settings.  The secret is to beg steal or borrow a test machine or two and practice in the privacy of your computer room.  Resist showing off by starting with a live machine, only to lose the managing director's files.  Or worse, the managing director's secretary's files.

Once you have build the new Vista machine, it's time to migrate users' settings from XP to Vista.  For this task, investigate the improved User State Migration Tool (USMT) and new the PC Migration Assistant.

For a big roll-out of Vista, look out for new technologies like WDS (Windows Deployment Service).  WDS is like a son of RIS. The key new feature in WDS is that it supports Windows Imaging format (WIM).  It is also possible to include applications such as office in the Vista image. The concept behind WDS is that you start with a new 'virgin' machine with no operating system.  When you boot this machine, its PXE network card finds the DHCP server, from there it contacts the WDS (RIS) server and downloads Vista. The killer advantages over Ghost are that you can control the machines with Group Policy from day one.

Career wise, any half-decent techie can set up as migration consultant and make a nice living.  The good news is that there will always be migrations, by the time the laggards migrate to Vista it will be 2010 and time for the pioneers to migrate to the next system.  Begin by migrating a few small businesses and graduate to larger, more lucrative roll-outs.

Three tips to finish this migration section. 

  1. Migration projects always over-run on both time and budget by 25%.  Therefore, ask for extra time and money at the outset.
  2. Lay down a marker and ask for a good selection of test machines.
  3. Keep a roll-back option for as long as possible into the project.

Improved Vista Security

While I like migrations and they suit my personality, I will never be at home with security projects.  It seems I am not alone, half of the IT community fears security, the other half is bored by it.  Consequently, if you want to establish a niche as a security expert there will be numerous opportunities for well paid jobs.  Alternatively, if you just want to get the most from Vista, here is a list of topics that I suggest you investigate.

If you played last week's game of valuing Vista's features, then you may have give assigned a relatively large value to 'Vista's security'.  This week I want to expand the nebulous heading 'Vista Security' and introduce sub-headings, for example:  Service Hardening, NX and NAP.  There is also UAC and BitLocker drive encryption, which I have covered on my website.

From reading Microsoft's White Paper Microsoft 'Windows Vista™Security Advancements', it was clear that Microsoft have redesigned Vista from scratch, making security a priority for each component.  The buzzword for this new way of looking at security is SDL (Security Development Lifecycle).  While this is a good idea, backed up with tools like PREfix and PREfast, I guess even Microsoft would agree that SDL is something they should have started a long time ago.  When I looked at Vista in the flesh what surprised me the most was, not that it was different from XP, but that despite the under-the-covers changes, Vista had a similar look and feel to XP. 

As ever my goal is to just to get you started, this is not exhaustive list of Vista security items, that Microsoft White paper ran to 25 pages.  An example of Microsoft's holistic approach to security is the link between Service Hardening and Firewalls; for example Services can be individually identified and confined to using only the ports they need for their day jobs.

Another example of a unified approach to security is the concept of NX (no eXecute).  Where Vista code only needs to read or store data, NX hardware and software combine to stop Services and other software from executing code in these areas. The effect will be to prevent viruses attacking using buffer overrun tricks. Although NX is possible with 32-bit processors, a 64-bit processor uses NX protection by default.

NAP (Network Access Protection).  The idea behind NAP is to allow only 'Healthy' machines access to the network.  In a nutshell, this is a system designed to stop rogue laptops joining your network, because of the risk of them infecting your machines with viruses.  Don't confuse NAP with NAT (Network Access Translation) or network quarantine.  NAP is a client server technology to identify machines that you want on your network.

A Security View from an Old-Timer

Microsoft's Security is often compared unfavourably with Unix.  Even if Vista (and Longhorn) reached Unix levels of security, they won't be perceived to be secure for some time yet.  My friend 'Barking' Eddie has an interesting take on parallels between the development of Unix security and Microsoft security.

Eddie believes that 30 years ago Unix had just as many security flaws as early Microsoft projects such as NT, the biggest difference, according to is Eddie, is that Unix hushed up any security bugs, whereas each Microsoft flaw is aired in public.  In fact Eddie tells the sob story about how he is the only Unix programmer who was ever sacked.  In a nutshell, Eddie job was to fix security and other bugs in early Unix systems.  Eddie's immediate boss could then say, 'Problem - there is no problem.'  It worked well until Eddie's boss's boss asked, What actual does Eddie do?  What are we paying him for?'  Because the cover up worked so well, it seemed that Eddie never did anything, consequently, his boss's boss sacked him.  I could never separate the truth from Eddie's bluster, but I do remember his anger at becoming surplus to requirements.  Fortunately, the saga has a happy ending as Eddie formed his own security company and is doing very well. 

Another of Eddie's hobby-horses is that Microsoft never learnt from Unix's errors, for example they have been slow to tackle things like stack overflow and buffer under-run, which Unix cured very early on. 

With computer security there is an element of always fighting the last battle. As a gross over simplification, Vista will cure all security ills, but only for about 6 months, then the hackers and 'bad boys' will find new handles to attack.  The only consolation is that if you stick with XP then you will be even more vulnerable to their dastardly tricks.

Guy Recommends:  A Free Trial of the Orion Network Configuration Monitor (NCM) v6Review of Orion NCM v6

Config management of routers, switches and firewalls is fun with NCM (Network Configuration Manager.  Furthermore, it can help to achieve your compliance policy, for example, pinpoint devices not backed up and discover access infringements or even weak passwords.  This Solarwinds NCM suite can not only detect violations, but also upload scripts to correct the problem.

Most computer problems arise from configuration changes.  Thus it makes sense to get a proper monitoring system so that you can double-check that that all the settings confirm to your security policy.

Download your free trial of Orion's Network Configuration Monitor.

Summary of Vista Brings Opportunities

I would like to finish by giving inspiration to those who see Vista as chance for a career change.

When Windows 95 was launched, my then boss gave me an opportunity, he made me part of his team which learned the new product inside out.  This gave me my big break in computing.  The launch of Vista reminds me that there will be lots of opportunities for those stuck in a rut to become expert in Vista and thus obtain a higher paid more rewarding job.  Just to say that I am not recruiting, merely making the observation that now is a classic time to have fun, learn a new product and get a better job.  See more in my Windows Vista Section

Will and Guy Humour

Last week I linked to the wrong page, this week you really will get to Will and Guy's Religious Jokes

 

 *

Google

Web  This website

Guy Recommends: SolarWinds Engineer's Toolset v10Engineer's Toolset v10

The Engineer's Toolset v10 provides a comprehensive console of utilities for troubleshooting computer problems.

There are so many good gadgets, it's like having free rein of a sweetshop. Thankfully the utilities are displayed logically: monitoring, discovery, diagnostic, and Cisco tools.  Download your copy of the Engineer's Toolset v 10

 

Home Copyright © 1999-2010 Computer Performance LTD All rights reserved.

Please report a broken link, or an error.