No More Service Packs for Windows 2000

I just read the official announcement concerning Windows 2000 SP5, or the lack thereof. I'm wondering about the "many customers" who told Microsoft they would prefer to leave Win2000 on SP4 until 2010, which is when support officially retires. Seriously--this is how long Win2000 will be in circulation given Microsoft's extended support lifecycle.

Here are some of my favorite quotes from the announcement FAQ:

"Because every update to Windows introduces the possibility of system instability at the customer's site (for example, an update to one part of the system causes some other part of the system--or an application--to fail), an Update Rollup will provide the maximum utility at the minimum risk of instability at this point in the Windows 2000 life-cycle."
**JC** Wait until the Linux zealots get a hold of this quote. Classic!

Q. Is this the first time Microsoft has done a rollup instead of a service pack?
A. No. Microsoft has done update rollups before. For information on previous rollups, visit the following links:

a. Windows NT 4.0 Post-Service Pack 6a Security Rollup Package
b. Windows 2000 Security Rollup Package 1 (SRP1)
c. Windows XP Update Rollup 1

**JC** Nice--we're comparing the forthcoming Windows 2000 rollup to these other earth shattering releases. I could understand if this was 2008 and we were discussing the end of Windows 2000 service packs. However, the last time I checked the calendar is just about to roll to 2005.

"Windows 2000 systems with SP4 deployed will be 'up to date' from a life-cycle policy perspective until the end of life (EOL) date of Windows 2000. The EOL date will be no sooner than January 1, 2010."
**JC** Again, where is the logic in this?

I can understand that Microsoft wants to move their "Sustained Engineering" resources onward and upward--but I believe this decision will rub a lot of customers the wrong way. Many customers I work with (mid-market, 1000-10,000 desktops) are planning to maintain their Windows 2000 Servers (mostly application servers) for quite some time. Granted, I see excellent momentum behind Windows 2003, especially for Active Directory domain controllers and Microsoft Exchange servers, just to name a few. However, I also know many customers who only recently migrated off NT 4.0 (which released in 1996).

Please don't think this is a Microsoft-bashing post, but instead just the honest opinion of someone who works in the trenches with techs and IT Managers on a daily basis. I can't think of one of them who would have said to Microsoft, "Sure, don't release any more service packs for Windows 2000".

Windows Update Services Beta 2

Earlier this week Microsoft released Windows Update Services (WUS) Beta 2 to customers and private testers. WUS is Microsoft's second-generation security patch distribution software. Microsoft anticipates a spring 2005 release for the final version of WUS.

The only difference between the private and public WUS betas is the fact that private beta testers have a direct line of communications with WUS developers at Microsoft. Other than that, the code is identical. You can register to download WUS Beta 2 at this Microsoft web site.

Here are some early screen shots from my dev/test lab (a.k.a. my home network). Click each image for a full-size screen shot. Machine names have been hidden to protect the innocent.

Screen Shot 1: WUS Administration Home Page

Screen Shot 2: WUS Update Catalog


Screen Shot 3: Example Status Report


Screen Shot 4: Detailed Computer Status

Check out the Windows Marketplace

Microsoft recently launched a new web site to showcase all the products and services that compliment Windows-based systems. Each product you find will have links to various online and brick & mortar retailers--including price comparisons. As a Microsoft MVP I've been writing reviews for numerous hardware and software products from Microsoft and 3rd party companies. Click on over to the Windows Marketplace and look for my reviews under the nickname KC_MVP. The Windows Marketplace should make holiday shopping easier for all the geeks in your family.

More Info on W32.Spybot.Worm

I've noticed several visitors are reaching this blog after searching for help with W32.Spybot.Worm. I am posting a few more knowledge gems with the hope that my experience can lessen the effect of this virus on other networks. Click here for my previous W32.Spybot.Worm blog entry.

Tools
We relied on a couple tools to gain an understanding of what W32.Spybot.Worm was doing on the network. The first tool is Autoruns from Sysinternals. Autoruns will search all relevant registry keys and startup folders for programs that are set to run at boot time. This is how we discovered that malicious files named WinUSB2 and bling.exe were executing at startup.

Another utility from Sysinternals that came in handy was PSKill (part of the PSTools Suite). This little command-line utility allowed us to kill the WinUSB2 and bling.exe processes on all infected workstations. We needed this tool because simply trying to end the task via Task Manager wouldn't work. PSKill can kill tasks on the local system, or it can be run across the network to kill processes on remote machines. We wrote a quick and dirty batch file which called PSKill to stop WinUSB2 and bling.exe. This helped ease network traffic, which had been overwhelming the edge router.

Machine Repair
We ended up using the updated Symantec AV definition files to let SAV repair the machines. However, if Symantec had taken any longer to get the defs uploaded (it took them almost 24 hours) we would have taken matters into our own hands. Possible options for removing the offending registry keys and files remotely would have been Kixtart, or maybe just WMI (since all desktops are 2000 or XP). I'm glad we didn't need to go down this path.

Firefox Use on the Rise

I thought I'd share my blog usage statistics with everyone to illustrate a point about browser usage.



As you can see from the above graph, Firefox 1.0 (which is still in testing) has reached 11% market share. I've been watching this number rise over the last couple weeks and figured now was a good time to bring this trend to light. What do you think about this new browser? Why are you using it? Do you still use Microsoft Internet Explorer for banking, Outlook Web Access?

Symantec Client Security Best Practices

I'm going to be posting a few blog entries about a recent experience implementing Symantec Client Security (the corporate version of Symantec/Norton antivirus). This first entry is dedicated to a problem with the default installation options when implemented on Exchange servers.

I was working with a client this week and one of my tasks was to assist them with an upgrade from Exchange 2000 to Exchange 2003. Given that this is a single server swing upgrade I knew it would be a slam dunk. Basically we would install the new server on new hardware, move the mailboxes during a maintenance window, then decommission the old server. Boy was I wrong.

Once the new server was in place we started by migrating a few pilot mailboxes. We immediately noticed that mail was not flowing reliably between the old and new servers. We were also getting some ambiguous errors in the event log. To make a long blog entry short, the problem was with Symantec Client Security's advanced e-mail scanning component. Here are the exact error messages we received in the event logs.

Event Type: Warning
Event Source: MSExchangeMTA
Event Category: Interface
Event ID: 9318
Date: 10/27/2004
Time: 11:06:54 AM
User: N/A
Computer: SERVERNAME
Description:An RPC communications error occurred. Unable to bind over RPC. Locality Table (LTAB) index: 7, Windows 2000/MTA error code: 9297. Comms error 9297, Bind error 9297, Remote Server Name MAIL [MAIN BASE 1 500 %10] (14)

Event Type: Warning
Event Source: MSExchangeMTA
Event Category: Security
Event ID: 9297
Date: 10/27/2004
Time: 11:06:54 AM
User: N/A
Computer: SERVERNAME
Description:Calling client thread does not have permission to use MTA RPCs. Windows 2000 error code: 0X80070005. Client user account: NT AUTHORITY\ANONYMOUS LOGON. [BASE IL INCOMING RPC 25 237] (14)

It turns out that the default install of Symantec Client Security 9 also installs and activates a component which should only be used on 2000/XP client machines. This component, referred to in the install routine as POP3 Scanner, was intercepting all mail to and from our Exchange server and basically messing up the mail flow. We simply re-ran the install routine and de-selected this component (as well as the Outlook scanning piece which was also installed by default) and after a reboot the server was back to normal. The above event log messages were also gone once the server rebooted--and they haven't come back since.

I'll write a future blog entry on the steps required to create a custom Symantec Client Security package. It is wise to have a separate package for desktops, laptops, and servers. I sincerely hope the search engines pick up this blog entry so that any other individuals who may be fighting this issue can find my solution. We burned about 3 hours fighting this issue--and believe me it wasn't an enjoyable few hours.

One more thing... while we were already aware of the necessary file exclusions for Exchange servers (in other words, this had nothing to do with the above problem) you may want to check out this Microsoft article for full details. There are quite a few do's/don'ts regarding file system antivirus scanners running on Exchange servers.

TechNet Magazine is Online!

If you can't wait for your printed copy of TechNet Magazine--head on over to this web site where you can read all the content online. This edition of TechNet magazine has excellent information on how to secure your Windows environment from the bad guys. There's also a cool article on integrating Cisco Unity and Microsoft Exchange ;)

Free Software for Windows XP Users

The following link will take you to a site where you can download some cool *free* software for Windows XP. I've tried some of the software already--and I can vouch for the "coolness" of the USB Flash Drive Manager and Post-it Software Notes. As for the rest, you're on your own.

Note: if you don't already have anti-virus software on all your PCs, or if your antivirus software is out of warranty and no longer receiving updates, download the CA eTrust antivirus product. The core product is free and offers 1 year of free updates as well.

http://www.microsoft.com/windows/partnerpack/default.aspx?prereq=true

Enjoy!