Business Continuity Planning and Disaster Recovery

November 24, 2003


Disaster Recovery (Business Continuity Planning) is one of the most important but widely overlooked projects that a business can implement. Here are some great resources to get started on creating a DR (or BCP) Plan.

Business Continuity Planning - A Primer for Management and IT Personnel - Step by Step Tutorial for DR Planning. - Tons of Articles/Information/Resources.

Labmice Disaster Recovery Resources - Great collection of links by LabMice!

House Passes Federal Anti-Spam Bill


House Passes Federal Anti-Spam Bill: "Tauzin said the bill makes it a criminal offense, subject to a maximum five-year prison sentence, to send fraudulent e-mail using such standard spam tactics as false headers and misleading subject lines. The bill calls for statutory damages of $2 million for violations, tripled to $6 million for intentional violations and unlimited damages for fraud and abuse.
Tauzin also said the legislation gives the Federal Trade Commission (FTC) the authority to establish a Do-Not-Spam registry based on the FTC's popular Do-Not-Call database for unwanted and unsolicited telemarketing telephone calls. "

Speed up & Browse Windows 2000 faster.

November 18, 2003


WinXPcentral - Speed up & Browse Windows 2000 faster.: A fix to speed up Browsing remote shares by not scanning for Scheduled Tasks.

Open up the Registry and go to :
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Explorer/RemoteComputer/NameSpace
Under that branch, select the key :
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} - and delete it.

Gramm-Leach-Bliley and Sarbanes-Oxley


Gramm-Leach-Bliley and you: "The Safeguards Rule, which went into effect during 2003, requires that included institutions take proactive steps to ensure the security of customer information. At a minimum, institutions must:

- Appoint an individual or group to bear specific responsibility for GLB compliance.
- Identify risks to customer information and assess existing safeguards.
- Implement safeguards that are needed to fill any gaps.
- Monitor the effectiveness of all safeguards.
- Ensure service providers are capable of meeting GLB requirements.
- Adjust the organization's security program as necessary when circumstances change. "

Find more information about the act here. Or find out more on the FTC website here.

Five Things IT Needs To Know About Sarbanes-Oxley Compliance is another good link for yet another piece of legislation that has something to do with IT. Take a look. For more info on Sarbanes-Oxley, look here.

Force NumLock to Behave

November 17, 2003


I get tons of complaints about NumLock's behavior.. such as it turns on during boot-up when the user doesn't want it to, or it doesn't turn on during boot-up, etc. Here's the solution: - Force NumLock to Behave

Solution #3 (Windows 2000/XP only):

Run the Registry Editor (REGEDIT.EXE).
Open HKEY_CURRENT_USER\Control Panel\Keyboard (If the Keyboard key isn't there, add it.)
Double-click the InitialKeyboardIndicators value on the right. (If it's not there, select New from the Edit menu, then String Value, and type InitialKeyboardIndicators for the name of the new value.)
Change the value to any of the following:
0 - all indicators off
1 - Caps Lock on
2 - Num Lock on
4 - Scroll Lock on
Or, combine them by adding the corresponding values:
3 - Caps Lock and Num Lock on
5 - Caps Lock and Scroll Lock on
6 - Num Lock and Scroll Lock on
7 - Caps Lock, Num Lock, and Scroll Lock on
Close the Registry Editor when you're done; the change should take effect the next time you start Windows.

Workstation Proof of Concept Released


New Windows Worm on the Way?

With the posting Wednesday of proof-of-concept exploit code
for one of the newly discovered vulnerabilities in Windows, the
familiar chain of events that often leads to the release of a
worm has begun.

Less than 24 hours after Microsoft issued the fix, two members of the BugTraq security mailing list posted exploit code for the vulnerability. The author of one of the exploits said the code had been tested only on a Windows 2000 machine with Service Pack 4 installed and the FAT32 file system running. The other exploit is designed for machines running Windows XP. However, experts said it would take little effort to adapt the code for other Windows machines.

And, more importantly, the Workstation vulnerability appears to be a prime candidate for a worm

Computer viruses now 20 years old


Happy Birthday Job Security!!

BBC NEWS | Technology | Computer viruses now 20 years old: "This week computer viruses celebrate 20 years of causing trouble and strife to all types of computer users. "

Admin Checklist


A good (although not complete) list of daily, nightly, weekly, monthly, etc Admin tasks... brought to you by W2Knews™, May 10, 2001


Check event log of every server, fix/try to fix as needed.
Creating new directories, shares, and security groups, new accounts, disabling/deleting old accounts, managing account policies.
Make sure backup runs and make sure the restore works as planned.
Plugging Security holes, in both the OS and apps like IIS.
Exchange Management including DL's, users, etc.
Train the training people, helpdesk people, and end users.
Answer all important emails from CFO/CEO/IT-MIS Director.
Glance over T1-hookups, switches, hubs, make sure everything is green.
Check router logs.
Check firewall logs.
Check if Disaster Recovery Systems are still functioning
Various calls to MS Support for things that really aren't your fault.
Check for free space on all servers, for file pollution and quotas.
Ensure that all server services are running.
Ensure that antivirus definitions are up-to-date.
Run defrag and chkdsk on all drives.
Monitor WINS replication.
Monitor directory replication.
Maintain performance baseline data.
Monitor RAM for runaway processes or memory leaks.
Monitor network traffic with sniffer or NETMON to keep performance up.
Keep Service Pack (and/or) hotfixes current as per company policy.
Monitor Web traffic for indications of attacks.
Install software for users
Monitor user email for corporate policy violations.
Check Print Queues.
Keep a log of everything you have fixed or performed maintenance on.
Make sure all apps are shared.
Permissions and filesystem management.
Check for bad system and .ini files on database server (Btrieve).
Make sure load on database server is acceptable and ghosted users are cleared as well as multiple logons.


(Next Applies to Terminal Server admins only)
Reboot each Citrix server.
Delete all autocreated printers stuck.
Clear out rogue local profiles.


Clean Servers, check for .tmp files, and other file pollution.
Implement any new policy, permission, logon script, or scheduled script modifications.
Research, Research, Research.
Change any active monitoring & alerting (third party tools) as needed.
Update Website, External and Intranet, process website log reports.
Check PerfMon, NetMon, (or 3rd party tools) for OK baselines.
Reboot Servers if needed.
Keep up-to-date on IT news regarding my networks.
Evaluate software for System Admin purposes.
Try to get some MCSE study time in.
Performance Monitoring/Capacity Planning- Budgeting for the future.
Uptime/Downtime reports.
Auditing network for unauthorized changes, ideally both from the inside but also outside-in.
Plan for W2K migration.


Rebuild Databases as needed.
Gather statistics on Webservers. Send to CEO/CIO/CTO/CFO (Whomever).
Clean exchange mailboxes.
Change Service Account Passwords (not doing this is Russian roulette).
Convincing your boss that most of this stuff _needs_ to be done.
Extended testing backups with restores.
Maintaining applicable Service Level Agreements.
Set System and Application priorities: If more than one thing is broken, what needs to be fixed first.
Managing off-site storage of backup tapes, whether you take them home or a service picks them up.
IT System vulnerability analysis: like "This mail server uses this mail router- what's the impact if one or both are down (if mail server is down mail router will store inbound mail and may run out of disk space).
Periodically reviewing all of the above, is documentation up to date? Has the Disaster Recovery Plan been updated to reflect changes in the environment?
Periodically reviewing workload. Are some things no longer done?
Periodically review company technical environment. How can it be improved?

Initial or Occasionally:

Disaster Recovery to alternate site, in case of emergency.
Configure and maintain DNS - Internal and External, DHCP, WINS, TCP/IP, etc.
Document the full network.
Rebuild corrupt servers.
Test the Restore Procedure.
Reconfigure domain structure.. again.
Get a performance baseline for things like %Processor Time, PageFaults, Disk Queues.
Initial checklist should include status of administrative and service passwords, status of the backups, check out DHCP scope(s), WINS, DNS, remove unnecessary protocols.

W2Knews is a great weekly newsletter brought to you by Sunbelt Software - subscribe here.

Port Requirements for Microsoft Windows Server System

November 16, 2003


Download details: Port Requirements for Microsoft Windows Server System - This spreadsheet shows what network ports are used by the system services utilized by the Microsoft Windows Server System products.

This could be quite useful, so take a look.

2 Cows for IT

November 14, 2003


You have 2 cows.
You're paid to build, support, fix, maintain, and show users how to milk the
The users rarely listen to your instructions and they break the cows.
The manufacturer realizes there are critical flaws in the cows.
You upgrade your 2 cows for one new super cow.
The users rarely listen to your instructions and they break the cow.
The manufacturer realizes there are critical flaws in the cow.
You quit and become a sheep herder.

More on Scheduling Defrag in W2K

November 12, 2003


Everyone knows Windows 2000 defrag can't be run from the command line nor can be scheduled in the Task Scheduler. I've tested a free (everything I use is free or close to it) program that schedules defrags called AutoDeFrag but I've had a few problems with it (at least in my test environment).

In my quest to find the (free) solution to my defrag needs, I've come across 3 scripts that can be scheduled to automate Win2000 defrag: : Clean Temporary Files and Run Defrag : Automating Defrag : Defragment All Hard Drives



This should help with all of those patches:

JSI Tip 3709. QChain.exe is a safe way of installing multiple hotfixes with a single reboot.

296861 - How to Install Multiple Windows Updates or Hotfixes with Only One Reboot

Download details: Windows 2000 & NT4.0 Reskit Utility: QChain.exe

Make a batch file such as:

@echo off
set PATHTOFIXES={some path}
%PATHTOFIXES%\{patch name}.exe /Z /M
%PATHTOFIXES%\{patch name}.exe /Z /M
%PATHTOFIXES%\{patch name}.exe /Z /M
%PATHTOFIXES%\qchain.exe c:\hotfix.log

and enjoy the fun!

November's Security Bulletins Released!

November 11, 2003


November's round of patches starts now, with 4 new Security Bulletins:

Microsoft Security Bulletin MS03-048 - Cumulative Security Update for Internet Explorer (824145) - Critical

Microsoft Security Bulletin MS03-049 - Buffer Overrun in the Workstation Service Could Allow Code Execution (828749) - Critical

Microsoft Security Bulletin MS03-050 - Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527) - Important

Microsoft Security Bulletin MS03-051 - Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360) - Critical

A little tip from me: Pay extra attention to MS03-049...

PC security audits for businesses? | CNET


PC security audits for businesses? | CNET "Publicly traded U.S. corporations would have to certify that they have conducted an annual computer security audit, according to a draft of long-awaited legislation the U.S. House of Representatives is preparing. "

Currently, publicly traded companies must follow a detailed set of rules when filing annual reports with the Securities and Exchange Commission. Putnam's proposal, seen by CNET, would extend that annual reporting requirement to include the audit that would follow standards to be set by the SEC.

It does say, however, that the certification in the annual report "shall not include specific proprietary information and shall not contain any information identifying, directly or indirectly, any specific vulnerability of the (company's) computer information."

Dealing with winmail.dat and unreadable email attachments

November 06, 2003


This is a rare Outlook problem, but a good thing to know when you do have to deal with it:

Dealing with winmail.dat and unreadable email attachments: "Email users sometimes find that they receive email messages with a strange file attached, called winmail.dat. When they attempt to open this file, either it can't be opened at all, or it contains 'garbage' data. "

Microsoft to Place Bounty on Virus Writers | Reuters


Microsoft to Place Bounty on Virus Writers
: "LONDON (Reuters) - Microsoft Corp. and security organizations are set to offer cash bounties for information on the authors of the crippling MSBlast and Sobig computer bugs, industry sources said on Wednesday.

Technology news service CNET reported late on Tuesday that the software giant would offer $500,000 for information leading to the arrest of the writers of two of the costliest computer bug outbreaks to hit the Internet. "

Red Hat recommends Windows for consumers


Red Hat recommends Windows for consumers - News & Technology - CNETAsia: "Red Hat's chief executive has said that Linux needs to mature further before home users will get a positive experience from the operating system, saying they should choose Windows instead. "

NewsForge | Red Hat tells customers, 'No more freebies!"

November 04, 2003


NewsForge | Red Hat tells customers, 'No more freebies!": "'Red Hat does not plan to release another product in the Red Hat Linux line.' "In an email to Red Hat Network customers, the company has announced today that it "...will discontinue maintenance and errata support for Red Hat Linux 7.1, 7.2, 7.3 and 8.0 as of December 31, 2003," that "Red Hat will discontinue maintenance and errata support for Red Hat Linux 9 as of April 30, 2004,"