FYI3 01cover des.fin

ON GUARDHow to stay one step ahead of the hacker. 0

THE INSIDER’S GUIDE TO MICROSOF T TECHNOLOGY// SEPTEMBER 04

THE PERFECT BALANCEHow can Microsoft Partnershelp the IT pro? Page 8

ORCHESTRATING ITGet the best out of Active Directory. Page 18

REGULARS14. DEPLOYMENT:How to deploy IIS 6.0

16. SOLUTIONS IN ACTION: .NET Framework for the Inland Revenue

23. EMERGING TECHNOLOGY:Business Intelligence with SQL

26. HIDDEN GEMS:Office secrets, part II

30. MODEL ENTERPRISE:The benefits of .NET Framework

FEATURES4. UPDATE:Including online communities, lifecyclesupport and IT Forum preview

29. FACE TO FACE: With Microsoft’s mobile services director

34. FAQS:Your questions answered

03

Dear all,Welcome to the Autumn 2004 edition of FYI magazine. It’s been nearly a year since we began evolving this publication and your input, feedback andsupport has been invaluable in shaping a magazine that I hope is bothinteresting and useful.

Inside this issue, we explore system security, a high priority for all of us, andyou’ll find practical advice on making sure you have the best defence strategyin place. We give you step by step guidelines on how to make the move to ActiveDirectory® and in the Deployment feature we focus on successfulimplementation of IIS 6.0. In the Model Enterprise feature we find out how theinternal Microsoft IT team has made beneficial use of the .NET Framework andyou can read a case study on the technology behind the Inland Revenue’sswitch to an online PAYE system.

I’m keen to make sure that FYI continues to fulfil your informationrequirements and invite you to complete the survey enclosed. The survey is brief, and I would greatly appreciate you taking the time to complete it – if you do, you get the chance to win one of three fabulous i-mate GSM/GPRSPocket PCs.

I hope that you enjoy the magazine.

Kind regards

Claire SmythIT Professional Audience Manager

P.S. To get your copy of FYI, subscribe FREE at www.microsoft.com/uk/fyi or fill in the

subscriptions card with this issue.

EDITOR’S VIEW

FYI is published for Microsoft Ltd by Just, 76-80, Southwark Street, London, SE1 OPN. Telephone: 020 7837 8337Editorial enquiries: [email protected]

For Microsoft Ltd IT Pro Audience Manager Claire Smyth IT Pro Audience Communication Manager Julie Kertesz

For JustManaging editor Lisa Finnis Deputy editor Liesl Hattingh Sub editor Louise Stewart Art Director Steven Price Production controller Eleanor Woods Account manager Miles Wratten Repro by Zebra Printed by Wiliams Lea Group© 2004 Microsoft Corporation. All rights reserved. Microsoft, the Microsoft logo, Active Directory, Visio, Encarta,Visual Studio, MapPoint, MSDN, Windows, Windows Server System, InfoPath,Windows NT, Outlook, Visual Basic andVisual C# are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.All other trademarks are held by their respective companies.

COVER PHOTOGRAPHY: Getty Images

Microsoft contributorsJohn Allwright – Product Marketing ManagerJacqueline Boyle – Breadth Partner Marketing Team ManagerCheryl Bradley – Programme Manager, Support PolicyRenaud Besnard – Product Solution Marketing ManagerKeith Burns – Data Platform Technical SpecialistLisa Clegg – Partner Development Manager, Certified Partner Programme Mary-Alice Colvin – Product Manager, IISRam Dhaliwal – Partner Development Manager, Training and Certification Michael Emanuel – Director in Enterprise Management DivisionRob Gray – Data Platform Technical SpecialistJo-anne Handley – Product Manager, Visio, Publisher and OneNoteNeil Laver – Group Product Marketing ManagerRichard T Manion – Partner Technical Lead, Microsoft EMEAStuart Okin – Chief Security OfficerRandy Ramusack – Senior IT Account ManagerDave Sayers – Technical SpecialistTim Sneath – Architectural Engineer, Developer and Platform GroupMark Spain – Director, Windows MobileMatthew Stephen – Data Platform Technical Specialist Mark Tenant – Windows Server Product Manager Dianne Terry – Project Marketing ManagerMelita Walton – Communities Marketing ManagerJonathan Wells – Product Manager, .NET Framework Microsoft CorpHilary Wittmann – Server Solutions Marketing Manager

WELCOME SEPTEMBER 2004

If you ve enjoyed TechNet events or webcasts, this month s cover mount

should appeal to you. It contains all you need to enjoy Radio TechNet. This is

audio-only content aimed at IT professionals, and is usually available on the

Microsoft TechNet web site at

www.microsoft.com/technet/community/tnradio/default.mspx

Each month, TechNet Radio features broadcasts from Microsoft

insiders on the most current issues of the day. Recent broadcasts

include how Microsoft handles patch management tasks and

performs security updates on one of the world s busiest corporate

websites; and how Microsoft Information and Technology group

develops key security strategies, manages risks, and maintains its

security environment.

UPDATE

An overview of upcoming events, products in the pipeline and key new initiatives update

04

Customers buying or upgrading to Visio¤

Professional 2003 can make Visio even more

useful by taking advantage of a special offer

on the Microsoft Office Visio 2003 Resource

Kit for IT Professionals. Visio 2003 lets you

create business and technical diagrams that

document and organise complex ideas,

processes and systems.

By adding the Resource Kit for IT

Professionals, you can increase the

usefulness of Visio in your role as an IT

Pro. The kit will auto discover the layout

and contents of your local area network,

and you can make use of thousands of

manufacturer-specific equipment shapes to

produce a network diagram that clearly and

accurately reflects the structure and contents

of your infrastructure.

The kit gives you access to Fluke Networks

LAN MapShot (a product valued at US$495),

and to Altima Technologies NetZoom

Stencils for Visio (valued at US$299), but

costs just US$18.95 plus shipping and

handling. The offer expires on 1 January 2005.

LAN MapShot discovers all the IP and

NetBIOS devices, including switches,

servers, routers, printers, hubs, hosts and

Fluke Networks tools, as well as IPX

servers and printers, in your local broadcast

domain. This data is collected,

automatically exported to Visio 2003, and

a diagram of the infrastructure devices is

created including slot, port and line speed

between connected devices.

NetZoom allows users to create network

designs and documentation, presentations

and proposals with Visio 2003.

The full NetZoom collection consists of

over 60,000 manufacturer-specific

equipment shapes from over 2,000 popular

computer, network, telecommunications and

audio/video equipment manufacturers. The

Visio kit includes the most popular 28,000

shapes from the NetZoom collection.

Visiospecial offer

If you can t find a shape to meet your

requirements, you can subscribe to the full

copy of NetZoom, and Altima will create the

shape you need.

For more information and to order please

go to http://microsoft.order-9.com/

visiopro/splash.htm

Your FREETechNet Radio CD

UPDATE

05

Microsoft relaunched its product support

lifecycle policy in June with the intention of

offering IT professionals a cycle time that fits

more closely with their internal IT lifecycles.

You ll know from the product launch date what

the support lifecycle of the product will be, so

you can plan investment before you buy the

product. You will be able to build your IT

plan for five or seven years into the future.

Now, most Microsoft business and

developer products will have 10 years of

product support from the date launched, split

into five years of mainstream support, and

five years of extended support. Mainstream

support covers incident support, security

updates, and requests for non-security

hotfixes. Extended support includes paid

assisted support and security update support

at no extra cost. Non-security related hotfix

support requires a separate Extended Hotfix

Support contract to be purchased. Find out

more at www.microsoft.com/lifecycle

Supportlifecycle

IT ForumpreviewThe theme at this year s IT Forum is Security,

and the conference for IT managers, systems

and applications architects, specialists and

administrators will be held in Copenhagen

from 16-19 November. The keynote speaker

is Bill Gates and the conference offers over

200 sessions covering areas including

security; messaging and mobility; planning

and deployment; administration and

management; all designed to help you plan,

deploy and manage the secure connected

enterprise. Attendees will also have the

opportunity to take part in hands-on labs

to try out the latest versions of Microsoft

software. To register, go to

www.microsoft.com/europe/MSITforum

TechEd 2004

As an IT pro or developer you re probably already a

member of several user groups or communities and

fully aware of the benefits they bring. If you re not,

here s a quick summary of what they can offer you.

The many active user groups around the UK are a

great source of support and understanding from

people who are in similar roles to yourself, so you

can talk about your software and what you re using it

for. Many of the user groups run events, often

featuring leading speakers, who can be pretty

inspirational. And at IT events such as these there are

usually opportunities for having fun and networking.

As an example of the type of group you might join,

the UK SQL Server Community has over 7,500

members in the UK. It offers free membership,

events, comprehensive FAQs, forums, and SQL

blogging. Like many groups, it is run by a Most

Valued Professional (MVP), and it has access to most

of the world s leading SQL Server and

database professionals. You can find

details of all the UK user groups on the

MSDN¤ site — check out the

Communities link at

www.microsoft.com/uk/

msdn/community/usergroups.asp

If you can t see the group you want, or you have

other questions relating to communities and user

groups, send an email to [email protected]

If you do choose to join a group, you ll find that

the combination of experts and other professionals

using the same software as you means that you

become part of a community who understand the

challenges you re facing.

You’renot alone

Over 6,500 IT pros and developers attended this year s

TechEd Europe in Amsterdam to hear announcements of new

products and to attend the hundreds of technical sessions

on every aspect of Microsoft products. The event kicked off

with a keynote address where every attendee was given an

African drum and encouraged to take part in an impromptu

recital. Being in a crowd of 6,500 people drumming out

rhythms was quite an experience! Leading on from this

extravaganza, attendees heard details about the new

Microsoft Express product line, a set of lightweight software

development tools designed for use by people who want to

try out programming in Visual Studio¤ .NET but who don t

have the full product. It s envisaged that the product will

appeal to hobby programmers and students.

The other major announcements at TechEd were the

release of Visual Studio 2005 Beta 1 for testing and

evaluation; and real-time locations services for MapPoint

Location Server — thanks to a partnership involving

Microsoft MapPoint¤ , O2 and TeliaSonera AB. In the future,

companies will be able to use the service to improve the

way they locate, track and manage their mobile assets and

mobile work force.

september 2004

UPDATE

06

Q: What exactly is System Center?

A: This is a new product suite that will include both Systems

Management Server (SMS) and Microsoft Operations

Manager (MOM). System Center will make use of the

new version of Systems Management Server.

The great thing about it is that it will join all the information

together that SMS and MOM create. At the moment, the

information ends up in two separate stores — the SMS database

and the MOM database. This means that system

administrators can t easily take information from MOM, say,

and compare it against actions taken by an SMS operator. For

example, it would be very useful to correlate an error reported

by MOM, with changes reported by SMS. With System

Center this will be possible.

The missing piece that will provide this is integration

of a common data repository that coordinates data from both

sources. The third piece, System Center Reporting Server

2005, won t affect any use of MOM or SMS individually, but

it will synchronise data from MOM and SMS and join the two

into a powerful data reporting back end. It will be based on

data warehousing and data mining techniques. The process

is quite sophisticated. If you get a record in from SMS, and the

data store has received similar data relating to the same thing

from MOM, the reporting server must resolve the conflict.

It must also ensure that timestamps are synchronised so that

reports can provide information such as What changes have

we made since yesterday at two o clock?

System Center Reporting Server will become the basis of

your decision support centre. It s based on SQL Server and

SQL Server Reporting Services, which is a key fact.

IT has grown up as a separate science from everything else.

People have invested vast amounts of money on custom

applications, where you just wish that if only you could use

standard Office tools, the solutions would be a lot cheaper.

Excel offers a great way to visualise data, couldn t I use it

against my standard SMS system, couldn t I use it against

my SMNP system that s monitoring my network? Often today

the answer is that it s too difficult. But if we could start using

standard SQL reporting tools, then potentially you can use all

business intelligence tools against it, even to the point of

integrating your enterprise resource planning (ERP) system

into your IT system.

This would all help the idea of ERPfor IT, of IT governance.

ACFO of an organisation is responsible for knowing where

every penny goes — if they re running a manufacturing plant,

they will know where every piece of capitalised equipment is,

they ll know how much all their plant costs, how they re

depreciating it, they ll know about everything — except, they

just gave this much money to the IT department, and they

don t know what happened to it. And why not? The answer

is, the information is probably there, but it s in a different

database. Of course it would be very nice if the tools used by

the IT staff would feed standard business tools. And that s

exactly what we ll be able to do with System Center.

The other thing we ll be providing at that level, which has

already begun with MOM 2005, is a web services layer on top

of the alerting services of MOM.

MOM is able to look at all the events that are flying around

the network in a day, and find one problem — often hidden

among potentially tens of millions of pieces of data. It s great

to be able to pop that one problem up onto the screen for the IT

staff to deal with, but if we can publish that same alert and the

history behind it to a web services layer where everyone could

subscribe, that would mean other systems could be alerted and

take appropriate action — not just other management systems

with dedicated integration gateways, but any business system.

After all, if I know that my web servers are having some

trouble, that might have an impact on my ability to take orders.

So it would be very nice to be able to feed the alert that says

Your web servers are under-performing to the person who s

responsible for the ordering system, so they realise that the

backlog of orders in their queue is due to the problem with the

web servers rather than any other cause.

The three components that make up System Center in

the first version will be the change management, operations

management, and the reporting server back-end. The change

management, for reasons of history, is called SMS, and the

operations manager is called MOM. If we were starting from

scratch, they d be called System Center Change Manager and

System Center Operations Manager. We re leaving the names

intact because we want to make it clear to customers that they

don t have to buy all three. However, if you use two or three

of the components, the systems integrate and complement

each other to give a better together experience.

Q: If customers already have SMS, MOM, and the

Reporting Services from SQLServer under Software

Assurance, will they need to buy the System Center

as a separate product?

A: We will be able to give them the additional pieces to integrate

the elements together. If they own the elements but don t have

Software Assurance, SMS and MOM will still be fine, but

they ll need to buy System Center Reporting Services at the

back end, and that will integrate the other two pieces.

For more informationwww.microsoft.com/management/sc-overview.mspx

Looking aheadto System CenterMichael Emanuel, Director in the Enterprise Management Division

of Microsoft Corp, tells FYI about what System Center will offer

“System Center Reporting Server… will synchronise data from MOM or SMS and join the two into a powerful data reporting back end.”

september 2004

UPDATE

06

Q: What exactly is System Center?

A: This is a new product suite that will include both Systems

Management Server (SMS) and Microsoft Operations

Manager (MOM). System Center will make use of the

new version of Systems Management Server.

The great thing about it is that it will join all the information

together that SMS and MOM create. At the moment, the

information ends up in two separate stores � the SMS database

and the MOM database. This means that system

administrators can�t easily take information from MOM, say,

and compare it against actions taken by an SMS operator. For

example, it would be very useful to correlate an error reported

by MOM, with changes reported by SMS. With System

Center this will be possible.

The missing piece that will provide this is integration

of a common data repository that coordinates data from both

sources. The third piece, System Center Reporting Server

2005, won�t affect any use of MOM or SMS individually, but

it will synchronise data from MOM and SMS and join the two

into a powerful data reporting back end. It will be based on

data warehousing and data mining techniques. The process

is quite sophisticated. If you get a record in from SMS, and the

data store has received similar data relating to the same thing

from MOM, the reporting server must resolve the conflict.

It must also ensure that timestamps are synchronised so that

reports can provide information such as �What changes have

we made since yesterday at two o�clock?�

System Center Reporting Server will become the basis of

your decision support centre. It�s based on SQL Server and

SQL Server Reporting Services, which is a key fact.

IT has grown up as a separate science from everything else.

People have invested vast amounts of money on custom

applications, where you just wish that if only you could use

standard Office tools, the solutions would be a lot cheaper.

Excel offers a great way to visualise data, couldn�t I use it

against my standard SMS system, couldn�t I use it against

my SMNP system that�s monitoring my network? Often today

the answer is that it�s too difficult. But if we could start using

standard SQL reporting tools, then potentially you can use all

business intelligence tools against it, even to the point of

integrating your enterprise resource planning (ERP) system

into your IT system.

This would all help the idea of ERPfor IT, of IT governance.

ACFO of an organisation is responsible for knowing where

every penny goes � if they�re running a manufacturing plant,

they will know where every piece of capitalised equipment is,

they�ll know how much all their plant costs, how they�re

depreciating it, they�ll know about everything � except, they

just gave this much money to the IT department, and they

don�t know what happened to it. And why not? The answer

is, the information is probably there, but it�s in a different

database. Of course it would be very nice if the tools used by

the IT staff would �feed�standard business tools. And that�s

exactly what we�ll be able to do with System Center.

The other thing we�ll be providing at that level, which has

already begun with MOM 2005, is a web services layer on top

of the alerting services of MOM.

MOM is able to look at all the events that are flying around

the network in a day, and find one problem � often hidden

among potentially tens of millions of pieces of data. It�s great

to be able to pop that one problem up onto the screen for the IT

staff to deal with, but if we can publish that same alert and the

history behind it to a web services layer where everyone could

subscribe, that would mean other systems could be alerted and

take appropriate action � not just other management systems

with dedicated integration gateways, but any business system.

After all, if I know that my web servers are having some

trouble, that might have an impact on my ability to take orders.

So it would be very nice to be able to feed the alert that says

�Your web servers are under-performing�to the person who�s

responsible for the ordering system, so they realise that the

backlog of orders in their queue is due to the problem with the

web servers rather than any other cause.

The three components that make up System Center in

the first version will be the change management, operations

management, and the reporting server back-end. The change

management, for reasons of history, is called SMS, and the

operations manager is called MOM. If we were starting from

scratch, they�d be called System Center Change Manager and

System Center Operations Manager. We�re leaving the names

intact because we want to make it clear to customers that they

don�t have to buy all three. However, if you use two or three

of the components, the systems integrate and complement

each other to give a �better together� experience.

Q: If customers already have SMS, MOM, and the

Reporting Services from SQLServer under Software

Assurance, will they need to buy the System Center

as a separate product?

A: We will be able to give them the additional pieces to integrate

the elements together. If they own the elements but don�t have

Software Assurance, SMS and MOM will still be fine, but

they�ll need to buy System Center Reporting Services at the

back end, and that will integrate the other two pieces.

For more informationwww.microsoft.com/management/sc-overview.mspx

Looking aheadto System CenterMichael Emanuel, Director in the Enterprise Management Division

of Microsoft Corp, tells FYI about what System Center will offer

“System Center Reporting Server… will synchronise data from MOM or SMS and join the two into a powerful data reporting back end.”

september 2004

pre-sales technical assistance via the Web or

over the phone.

Gold Certified PartnerThis is the top level partnership. To achieve

Gold certification an organisation would have

demonstrated expertise in one or more areas

of Microsoft technology and have proven

customer success stories in one or more

Competency areas. They are offered additional

benefits including co-marketing support and

top level ranking in partner directories.

Balancing expertise Already there are over 2,000 Microsoft

Certified Partners, nearly 200 Gold Certified

Partners and over 7,000 Registered Members

in the UK. The 92 per cent renewal rate

of Certified Partners indicates a high level of

programme satisfaction.

Microsoft would expect many organisations

to join at the Registered Member level and then

progress through the partner grades to become

a Certified or Gold Certified Partner.

The level that an organisation achieves

is based on what are called Partner Points.

By achieving various objectives a partner

company gains points allowing them to

register at an appropriate level.

Points can be awarded across a range

of activities such as gaining a Microsoft

Competency, having Microsoft Certified staff,

servicing and supporting Microsoft based

solutions, customer references, customer

satisfaction and developing software. During

AGENDA

september 2004

08

The new Partner Programme, launched in

April 2004, represents a distinct change for

the better as partner organisations can now

be measured on their practical capabilities

and reference capability as well as through

their certification levels.

There are three levels of partner

membership. Each level contains a set of

benefits which are added to incrementally

as the partner progresses through the ranks.

Registered MemberThis represents the entry level of partnership

and can be gained by any partner

organisation, irrespective of skills or

engagement profile. This level is free of

charge to join, and provides access to some

key Microsoft resources, including free

Business Critical Telephone Support —

which allows a partner to contact Microsoft

directly in order to obtain telephone

technical support for its customers who

are in a system-down situation.

Certified PartnerThese partners have already demonstrated

expertise in areas of Microsoft technologies

and engagement with customers. In addition

to this they will hold Microsoft certifications.

Access to software for internal use is a major

incentive for Certified Partners and can

significantly offset the costs of joining the

programme (currently £1,000 +VAT per

year). Certified Partners are also assigned a

telephone account manager at Microsoft and

The Microsoft Partner Programme is one of

the most successful customer engagement

models in the IT industry. We look at what

the Partner Programme consists of and

what it means to you

ESSENTIALSUMMARY

The Microsoft Partner Programme

provides a robust framework for the

successful deployment of Microsoft-

based business solutions. IT pros using

partner organisations to deliver

solutions can be assured of the best

skillsets outside of Microsoft itself.

BUSINESS VIEWPOINT

Benefits of using a Microsoft

Certified or Gold Certified Partner

■ Confidence in the knowledge the

partner has been approved by

Microsoft and they are supported

through training, tools and regular

updates. You can be confident they

are well qualified to give you the

right advice.

■ Confidence in the technical

understanding of the partner and

their quality, as all partners have

access to fully road-tested

techniques and architectures –

supplied by Microsoft.

■ Confidence in the commitment to

Microsoft-based technologies made

by the partner. All Microsoft Certified

Partners have Microsoft Certified

professionals working for them.

Perfect partners: getting the balance right

AGENDA

09

september 2004

FOR MOREINFORMATION

Find a partner

If you’re looking for a partner go to

www.microsoft.com/uk/experts

Microsoft Partner Programme

For more information, or to join, visit

www.microsoft.com/uk/partner/programme

Partner Training and Events Centre

Microsoft is developing programmes

and offers in conjunction with its

Gold Certified Partners for Learning

Solutions (CPLS – formerly CTECs)

to assist partners in achieving the

relevant training and certifications

required per competency. Find out

more at

www.microsoft.com/uk/partner/

trainingandevents

Partner Update

To subscribe to the new-look Partner

Update magazine, visit

www.microsoft.com/uk/partner/

partnering/subscription

The next issue is out in October.

2004 the programme will mature further and

additional categories will attract points such

as unit sales of Official Microsoft Learning

Products and revenue generated by credited

sales of Microsoft software licences.

The rationale behind the points system is

to clearly balance expertise across the board.

Partners are many and varied, and developing

a fair framework to measure an organisation s

competencies is difficult, but this goes a long

way to address this problem. No more is it a

case of just having as many Microsoft

Certified Professionals (MCPs) as possible,

now a partner needs to demonstrate practical

use of their skills if they wish to progress to

become a Gold Certified Partner.

CompetenciesAs mentioned, a partner can define an area of

specialisation known as a Competency. These

Competencies cover a range of recognised

expert solution areas and to gain a Competency

a partner needs to demonstrate technical and

business skills in a solution area, backed up

by customer references.

Partner Competencies include networking

infrastructure, security, business intelligence,

information worker and learning solutions.

Each of these Competencies has been fine-

tuned by Microsoft to represent industry best

practices and by achieving a Competency,

partners can demonstrate to their potential

customers that they really do understand a

solution area. For the partner, the benefits of

achieving a Competency include additional

access to tools, services and content tuned to

that solution area.

The benefit of joining the Microsoft

Partner Programme is significant, and any

organisation selling IT-related services

should seriously review the opportunities

it presents. Even for organisations with wide

skill sets, Microsoft software is so prevalent

it is a fair bet it will touch many of the

customer solutions or business requirements

that partners are involved with.

Finding the right partner Microsoft partners come in all shapes and sizes.

Due to the breadth of the new programme it is

possible to register at the basic level as a one-

person operation. At the other end of the

spectrum, Microsoft has huge partners such as

Computacenter and HPcapable of delivering

large global solutions.

The benefit of the programme is absolutely

in the knowledge that to achieve a level of

membership there is a requirement to

demonstrate proven expertise. Probably one of

the most beneficial aspects of the programme

is the customer references. The references give

potential customers the security of knowing

that existing customers have been happy with

the way the partner has treated them, and that

the projects undertaken have ended

successfully. This reduces concerns about

committing a large amount of time and money

to a new venture with a partner with whom the

customer has not previously worked.

Finding a partner is now a lot easier as

you can base your choice on Microsoft

Competencies — finding a partner who has

delivered a similar solution to your sector

is a great place to start. The partner search

tools on the Microsoft web site also allow

searches based on technical expertise and

geographical area covered. Additional

information about your vertical industry helps

to refine the result set.

The perceived independence of a Microsoft

partner would be of concern to many IT

professionals. By becoming a member of

the Microsoft Partner Programme, an

organisation is, of course, making a public

statement about their endorsement of

Microsoft based technologies. Does this mean

that a partner would force an inappropriate

solution on a customer simply because it is

from Microsoft? The answer is no — the major

factor in the success of a partner is its ability to

stay in business. Despite being aligned with

Microsoft many partners are also aligned

with other vendors so that customers have a

broader choice. The major disadvantage of

this may be that some partners spread their

expertise too thin on occasions as they attempt

to understand competing technologies. Again,

the choice is ultimately down to the customer.

What type of activity would a partner get

involved in? Turn that around and ask what

sort of problem or issue are you trying to

solve? Maybe you have a need to deploy

Windows¤ XP, maybe you have an Exchange

upgrade requirement or maybe you need to

get a business solution developed. Microsoft

partners are able to work through all of these

and many more requirements.

Looking at the cross section of partners

Microsoft has, most are in the infrastructure

and software roll-out area. Quite a few are

training providers and then you have the niche

providers typically undertaking bespoke

software development using products such

as Visual Studio and the .NET Framework.

ConclusionThe Microsoft Partner Programme has

evolved considerably since it started many

years ago. Back then it was a question of

paying money, meeting Microsoft

certifications and joining the programme,

which allowed a variable quality of partner.

The new Partner Programme delivers an

effective, quality engagement model that

an IT professional can rely on to help them

achieve their objectives. After all, this is

what it is all about! ■

september 2004

10 Hackers, their tools, their expertise and their

ability to subvert security mechanisms are

improving all the time. Long gone are the days

when installing a firewall on your perimeter was

‘enough’. With the open architectures of today’s

IT infrastructures hackers have the ability to

reach right into our back end systems, through the

firewall and via our web applications that feed

into our database servers. Open design and end-

to-end communication, while good for doing

business, have made it easy for the attacker.

A firewall cares not about what’s inside

a packet travelling on the network wire, it

only troubles itself with packets sent to

Defeating the

hackerEveryone knows hackers are out there. We

all wonder when and where they will strike

next and whether we will be a target. David

Litchfield takes a cool-headed look at the

problem and poses the question ‘Are your

defences robust enough to stop an attack?’

SECURITY BULLETIN

ESSENTIALSUMMARY

As IT pros we’re all very well aware

that we’re living in a world where

system security is a vital requirement

but an endless task to deliver. We have

to be constantly aware of all the

potential threats and dangers and be

equipped with strategies to defend

our systems. This article refreshes our

understanding of how to keep one step

ahead of threats to system security.

unauthorised channels; and to do business we

are required to allow traffic to our public

web servers. We need something more than

a simple firewall if we’re to defeat the hacker,

something that understands data. The problem

is exacerbated by external hackers not being

the only threat to our digital assets. It’s an

accepted fact that our users on the ‘inside’

can potentially pose even greater risks than

those on the ‘outside’.

An effective defenceTo defend our systems effectively we need to

change the way we think about our networks.

We should no longer consider them to be a

collection of machines and software but rather

a continuous flow of dynamic data with

entry and exit points, jump offs and

stores. Defend these and you

defend the network.

Defence and security are

many layered affairs with

mulitple levels of responsibility in which

everyone has a role to play, however minor.

There are lots of great security solutions

available, but you should always be aware that

100 per cent security is difficult to achieve.

The key is to put enough defence in place to

hold up the attackers while still allowing

routine business transactions and operations to

occur. Time is the crucial factor. Bank vaults

aren’t sold directly on how strong they are but

how able they are to withstand attack,

measured in time. How long will it take a

safecracker armed with a blow torch to break

the vault? If this time is sufficiently long, then,

it is hoped that someone will notice the would-

be thief and stop them.

Enough on the theory behind defeating the

attacker: let’s examine some of the practical

measures that can be employed as part of

SECURITY BULLETIN

11

september 2004

but segregated into distinct business areas.

There’s no reason why a temporary

employee or contractor working in the

marketing department should be able to

gain direct access to the accounting

department’s database servers.

■ Segregate your network.

■ Enable logging on all security devices

and ensure that the logs are regularly

reviewed by someone with the relevant

experience. If you’re not keeping an eye

out for attacks you’re not going to know

when one is actually underway. Network

and host based Intrusion Detection/

Prevention Systems can help here.

■ Consider deploying such systems but again,

it’s important to stress that these devices are

useless unless they are well configured and

regularly monitored.

an in-depth defensive strategy that still

allows for the openness we need to actually

run our businesses.

Practical measuresWhile it may sound obvious to say it, for an

attacker to break in they have to exploit a

security vulnerability. Security vulnerabilities

come in many forms such as software bugs,

configuration errors and even process and

policy based problems.

■ Fix, or patch, as many of the known

vulnerabilities as possible. This includes

fixing security weaknesses in your own

custom code. The fewer holes there are in

the system, the less likely a hacker is to

succeed with a break in. How many of us

truly know what security vulnerabilities

exist in our networks that we need to fix?

You can’t fix something unless you know

it’s broken. The quickest and most cost

effective way of discovering what’s broken

on the network is to perform regular

vulnerability assessments.

■There are many good commercial and free

packages out there that automate this; as

a word of advice don’t just rely on one

scanner. Ensure your security toolbox

contains two or three. Further, scanners

that are able to audit bespoke or custom

applications should be in everyone’s toolbox.

■ Install (and configure well) devices that can

filter traffic like a firewall but are also

capable of understanding the higher levels

of the OSI model such as Microsoft’s ISA

Server (see side panel on page 12). But just

rolling such devices out ad hoc is not

enough. Networks should not be flat

FOR MOREINFORMATION

Security Advice

For security advice and further

information from Microsoft, visit

www.microsoft.com/security/default.mspx

IT Showcase

Visit IT Showcase to see how Microsoft

manages its security at

www.microsoft.com/services/

microsoftservices/sec_sol.mspx

ISA Server 2004... differs fromtraditional firewalls because itperforms deep inspection ofInternet protocols

>

■ Use, where possible, strong authenticated

access. A good example would be on B2B

web applications. By requiring client

certificates, only those with a valid

certificate can interact with the application.

This helps to reduce the attack surface from

those that shouldn’t be using the application.

Reducing attack surface is one of the key

tenets of securing a system and this will be

explained in the next point.

■ Only run those services that are needed as

a strict business requirement. Not only does

this reduce attack surface but it also boosts

performance; the CPU time and memory

are freed up.

■ The final two points are not technical but

rather human based. Empower your

system administrators. How many people

out there would feel absolutely

comfortable pulling the plug if they

noticed that something serious was

happening? If your main public business

web server was compromised by a hacker

would your system administrators feel

empowered enough to disconnect it from

the network? These are questions that

need to be anwered.

■ The final measure is to educate your users.

They need to be taught what is considered

as acceptable behaviour and what is not;

they need to be taught that emails bearing

executable attachments should not be

opened. A security education programme

for your users can go a long way to helping

keep attackers out and your networks

secure.

All of these measures need to be framed in

a well considered security plan, backed up

with workable security policy. The system

succeeds or fails as a whole and any area of

weakness should be stamped out. ■

David Litchfield is an industry expert on

security and a speaker at Microsoft

events. He is the MD of NGSSoftware.

BUSINESS VIEWPOINT

The key business benefits that set

Microsoft ISA Server 2004 apart from

other firewall solutions include:

■ Advanced protection capabilities

which enhance security against the

new generation of attacks

■ Ease of use making it flexibile and

easy for administrators to use

■ Simplifies firewall setup by

installing both firewall and Web

caching components, automatically

■ Ability to provide fast and secure

Internet access fully integrating VPN

functionality into the firewall

architecture, accelerating Web

caching, and maximizing firewall

filtering speeds

■ Built-in IPsec tunnel mode to connect

to branch office VPN providers

Focus on ISA Server 2004

A key product in the battle to keep IT infrastructures secure is Microsoft Internet

Security and Acceleration (ISA) Server 2004. This combines an application-layer

firewall, virtual private network (VPN), and web cache solution.

At the heart of ISA Server 2004 is its application-layer-aware firewall. This differs

from traditional firewalls because it performs deep inspection of Internet protocols

such as Hypertext Transfer Protocol (HTTP), which enables it to detect threats hidden

inside the traffic. ISA Server also supports stateful filtering and inspection of all VPN

traffic. This means that ISA Server can work out which packets will be allowed to pass

through to the secured network circuit and application-layer proxy services. Stateful

filtering opens ports automatically only as needed and then closes the ports when

the communication ends.

ISA Server 2004 also stops attacks against email servers, both through Secure

Sockets Layer (SSL) decryption, which enables SSL traffic to be inspected for

malicious code, and through HTTP filtering, which provides deep inspection of

application content. In addition, ISA Server 2004 uses preauthentication to prevent

anonymous user logins, a key attack vector aimed at internal servers.

It can also help prevent potentially dangerous anonymous requests from reaching

Microsoft Exchange Server, and can be used for attachment-blocking and session

time-out settings to prevent users’ email sessions from being left open indefinitely

for others to use.

Web servers provide critical infrastructure for

modern businesses. Internet-facing servers

manage customer and partner interactions,

carrying your brand to the world — and

delivering valuable services to your business

processes. Internal servers handle collaboration,

delivering enterprise portals and web-based

applications to the desks of your users. It s

important to make sure you ve deployed your

web servers so that they can operate effectively.

To ensure minimum attack surface for

Windows Servers, Internet Information

Services (IIS) 6.0 is locked down and not

installed by default on Windows Standard,

Enterprise and Datacenter editions. Install it

manually if you want to implement a Windows

web server — and the initial install will only

serve static content.

You ll need to configure active content

support through the management console or

directly through the XML metabase or via

command line. The Windows Server System“

includes a new member, the dedicated Web

Edition, which is a low-cost version of Windows

Server for dedicated hosting and web farms —

giving the ability to roll out identical servers

quickly, ready to deploy applications from a

central store. For information about the Web

Edition version of Windows Server 2003, see

www.microsoft.com/windowsserver2003/

evaluation/overview/web.mspx

Once you ve started working with IIS 6.0,

it is worth planning how you intend to deploy

it. There are four basic scenarios:

1. Installing a completely new web server

2. Upgrading an existing web server

3. Migrating existing IIS web sites to a new

web server

4. Migrating non-IIS web sites to a new

web server

DEPLOYMENT

september 2004

14

ESSENTIALSUMMARY

Internet Information Services (IIS) 6.0

is available with all versions of

Windows Server 2003 and together

they provide the newest web server

software from Microsoft. It provides a

highly reliable, manageable and

scalable web application infrastructure.

If you want to run web applications,

you need IIS. We show you what you

need to do to get the most from IIS

under all circumstances.

BUSINESS VIEWPOINT

The business benefits of IIS 6.0 include:

■ Increased reliability of Web server

infrastructure – greater continuous

uptime and increased site and

application availability to users

■ Easier server management resulting

in decreased operating and downtime

costs, more efficient, standardised

administration and better monitoring

and problem response

■ Server consolidation and compression

capabilities, resulting in reduced costs

and faster site applications, and so

increased operational efficiency

■ Faster application development

■ Increased security of systems and

decreased system management costs

development tool, and Microsoft has

developed a set of server extensions that allow

page designers to quickly deploy active

content on their sites. FrontPage Server

extensions can be installed with IIS 6.0

through Add/Remove Windows Components

in the Control Panel. Also check out Windows

SharePoint Services, which offer many similar

functions such as the FrontPage extensions, as

well as giving you the platform for quickly

deploying collaborative web sites.

Network storageIT consolidation has meant that many

businesses have begun to rely on network-

attached storage. This approach can cause

problems for web servers, as authenticating

web users against remote storage systems can

be difficult. While IIS 6.0 supports a single

server username to proxy file requests (just

like IIS 5.0), it also implements pass-through

authentication . This will take user credentials

and use them to determine whether IIS can

deliver a file. This is a helpful tool, as it allows

system administrators the use of familiar

Windows access control lists to manage access

to files over the Web — giving web application

users the same rights they would have through

a standard Windows network connection. Read

the white paper on using remote content with

IIS 6.0 at www.microsoft.com/technet/

prodtechnol/windowsserver2003/

technologies/webapp/iis/remstorg.mspx

Application poolsIf you re planning to run more than one web

application on your Windows web server, then

you ll want to take advantage of the application

isolation features in IIS 6.0. These allow you to

run web applications in separate memory pools

Internet Information Services is a key component of the Windows Server System. More than

just a web server, it’s a tool for delivering reliable and secure web applications. It’s an ideal

technology for delivering web services as well as web pages, and is ready for use with the

latest ASP.NET dynamic web page technologies. Simon Bisson takes a look

A very modern approach

Anew server is the easiest approach — all

you need to do is install your server, and

you re ready to start building ASP.NET

applications. The upgrade process handles

most of the issues related to migrating,

keeping as many of your settings as possible.

You ll need to do a little more work when

migrating applications from one server to

another, while migrating from non-IIS

technologies like Apache can be more complex.

You ll need to plan for how you ll deploy

and tune your web services, configuring them

for the services you want to provide, and the

technologies you want to use. Internet

Information Services is a complex application,

with a lot of low-level features that can be

tuned to give your site the optimum

performance. It s a good idea to start by

downloading the IIS 6.0 Resource Kit and its

associated tools. Download the Resource Kit at

www.microsoft.com/downloads/

details.aspx?FamilyID=80a1b6e6-829e-

49b7-8c02-333d9c148e69&DisplayLang=en.

Download the Resource Kit Tools at

www.microsoft.com/downloads/details.asp

x?FamilyID=56fc92ee-a71a-4c73-b628-

ade629c89499&DisplayLang=en.

These will provide set-up and migration

guidelines that get you started quickly,

configuring your web servers and handling

the delicate process of migrating applications

to the new platform. The resource kit uses

checklists to guide you through setting up

and deploying your servers, while the toolkit

includes software to help you move your web

applications over from earlier versions of IIS.

You ll also find that it includes tools and

guidelines to help you bring sites from the

open-source Apache web server to IIS 6.0.

Microsoft FrontPage is a popular web

DEPLOYMENT

15

september 2004

requests and more and can automatically

restart applications based on your criteria.

It s important to note ASP.NET applications

need more resources than ASP, so you may find

that you need to use more powerful hardware

or more servers when migrating a site from

ASP to ASP.NET. It s good to spend some time

planning how many application pools you want

to run on each web server, before you deploy

your systems. While IIS is more reliable than

earlier versions, performance may be degraded

if you deploy too many application pools.

Improved securityYou ll find that IIS 6.0 improves your server

security by implementing a number of features

that provide in-depth defence, starting with a

locked-down server. This may require modifying

existing applications, but will result in a reduced

attack surface area — protecting your company s

web assets. Security features include:

■ IIS installs in a locked-down mode

■ IIS serves only file types defined in the

server s Multipurpose Internet Mail

Extensions (MIME) type list

■All dynamic functionality, including ASP

and ASP.NET are disabled by default

■ASP parent paths are disabled by default

■Global.asa events are run as anonymous user

■Anonymous password synchronisation is

disabled by default

■ Only configured executables (CGI and

ISAPI) can be requested.Access is restricted

for executables

These are a comprehensive set of features that

add defence in depth to your IIS 6.0 deployment.

ConclusionOnce IIS is deployed to take full advantage of

your network infrastructure, you ll find it easy

to manage your web applications. All it needs is

some initial planning. Microsoft provides tools

and guidelines to help you take advantage of the

features of IIS 6.0, and to deploy successfully. ■

Simon Bisson is a freelance technology

consultant and writer. He has run the

technical side of a national ISP, as well

as worked as a consulting architect on

many larger web applications.

and processes, increasing reliability, security

and performance. It s a technique to allow you

to treat web sites and applications as separate

entities with their own resource requirements.

IIS 6.0 is built on top of a new kernel driver that

acts as an HTTP listener, which places HTTP

requests into a queue that feeds applications

running in an application pool. The applications

are run in processes called worker processes,

the friendly name for w3wp.exe. These

communicate directly with the kernel HTTP.sys

driver. This means that if one application fails

the rest of your applications carry on running.

The IIS Manager is used to create

application pools and to assign the various

applications that make up your web sites to

application pools. You can use application

pools to separate web sites and web

applications, as well as to give different pools

different access rights on your systems. One

advantage of the application pool approach is

that it can help debug your web applications,

allowing you to isolate unreliable applications.

IIS 6.0 monitors applications for health,

memory usage, CPU usage, number of

Web serversprovide criticalinfrastructure formodern businesses

FOR MOREINFORMATIONIIS 6.0

Learn more about deploying and

configuring Internet Information

Services by downloading the IIS 6.0

resource kit from Microsoft’s TechNet

site or by viewing the resources on

www.TryIIS.com and

www.microsoft.com/uk/technet

InetinfoInetinfo

Administration&

Monitoring

AdministrationAdministration& &

MonitoringMonitoring

WWW ServiceWWW Service

HTTPCacheCacheQueueQueue

Kernel modeKernel mode

User modeUser mode

XMLXMLMetabaseMetabase

RequestRequest ResponseResponse

Application PoolsApplication Pools

��XX

IIS 6.0 Request Processing

As part of the UK s e-government initiative, all

employers will have to file their Pay-As-You-

Earn (PAYE) returns electronically by 2010.

Companies who fail to comply with the

appropriate deadline will have to pay a penalty

of up to £3,000 per annum per PAYE scheme,

in addition to any existing late filing penalties.

Incentives of up to £825 over five years are

being offered to small companies to encourage

early adoption of e-filing.

Project requirementsSoftware developers, Digita, are one of the

many suppliers providing client side services

which make use of the Inland Revenue s PAYE

filing interface.

The need for all companies to make use of

electronic PAYE filing will involve all kinds

of business administrators and managers and

SOLUTIONS IN ACTION

september 2004

16

enterprise-wide business processes and data.

Digita wanted to build a web service

capable of validating the data before packaging

it and securely transmitting it to the Inland

Revenue Online Filing service through the

Government Gateway.

An elegant solutionWhen Digita had to choose the right

technology for the work, they opted for the

Microsoft .NET Framework. According to

Craig Buckler, lead developer at Digita, The

.NET Framework is excellent for creating web

services. It treats everything as objects. There

are other technologies, but we haven t found

any set of tools that makes web services as

simply. Everything in Visual Studio .NET and

the .NET Framework is very coherently tied

together. Not only that, but compliance with

some of them may not be confident users

of computers or the Internet. Therefore, an

essential requirement of the payroll service

was that the solution should make the

transition from manual to electronic systems

as easy as possible, and avoid the need for

businesses with little automation to learn

complex payroll packages/systems.

With this in mind, Digita deployed the

front-end using Microsoft Office System

components so that users would have a

familiar interface to work in. InfoPath¤ 2003

provides forms for companies who do not

require record-keeping facilities, while Excel

2003 workbook components provide payroll

record-keeping facilities for organisations

who need them. The aim was to create a

front-end solution that was powerful yet

intuitive, and one that could be used with

ESSENTIALSUMMARY

Service-Orientated-Architechures

(SOA) enable IT systems to match agile

companies’ demands through easily

re-composed networks of re-usable

web services. Web services built upon

the .NET Framework reduce development

cost, speed-up project delivery and

ease integration with existing software.

Visual Studio .NET enables developers

to use their preferred language in a

familiar environment to simply create

re-usable, standards based web services

with a minimum of hand-coding.

By May 2006, larger companies will be required to file their PAYE returns electronically,

and the requirement will cover all companies by 2010. The electronic facility for PAYE

returns has been implemented using web services

PAYE the taxman his dues

SOLUTIONS IN ACTION

17

september 2004

client payroll returns can be completed and

stored on the user s own PC, ready for

transmission to a web service on a secure

Internet server whenever an Internet

connection becomes available.

Digita now has a web service that sits

between the client application and the

Government Gateway. Previous applications

written to use the Government Gateway

involved creating and validating a large XML

document, having to manage various dialogues

with the Gateway to pass data, and receiving

reports confirming pass or fail and what errors

there were, if any. The web service simply sits

between the client and the Gateway, so that

service-aware client applications can file very

quickly with minimal complexity.

BenefitsDigita s view is that the .NET Framework

offers an exceptionally efficient technical

environment, providing savings in development

time, cost reductions and faster deployment.

Paul Duffield, Product Manager at Digita,

estimates that on projects that typically would

have taken eight to nine months, Digita is

achieving time savings of 65-70 per cent.

Much of this is achieved by simply not

having to hand code, as we have done in the

past, and by being able to re-use code. Once

components have been coded for the

application, regardless of the language, the

.NET Framework makes it possible to re-use

them across all web applications. This, in

turn, reduces the time required for testing,

bug fixing and re-testing. Typically, it took

two or three months work to create one of our

client products for the Government Gateway.

Now the web service has been built, the time

it is taking us to build other clients has

reduced to an average of a week.

This is a huge saving in development effort

and in commercial terms represents a cost

saving to Digita of about £75,000.

Protection for dataDealing with personal financial data, its

transmission through different systems and

its presentation to the Government Gateway

means that security has been a key issue

throughout the payroll service project. Digita s

work in the financial services sector has

provided much experience in this and Digita

is confident that the .NET environment can

meet the most exacting demands.

As Buckler explains, If tomorrow we

wanted to create a solution based around

another technology it would be quite

straightforward. We d just point it at the web

service to get the object, populate it with data

and post it. We can also evolve the web service

over time, adding more procedures as required

by new client applications, without affecting

any of the applications already using it.

The Digita payroll service enables key

financial decision-makers in business to:

■ Comply with mandatory e-filing at the

appropriate time

■ Qualify for e-government incentives (small

companies only)

■ Use a simple, easy-to-use, low-cost solution

based on familiar Microsoft tools

■ Increase productivity by managing end-of-

year PAYE reporting and PAYE payslip

production through a single solution.

By using the payroll service, business

owners can improve employee productivity,

increase collaboration and reduce costs.

The .NET Framework has simplified the

development of the payroll service — on both

the Web and client sides — allowing for

timely delivery along with considerable

savings in time and costs. ■

Taken from the .NET Live case study

booklet series. For information and

downloads, visit www.microsoft.com/

uk/visualstudio/casestudies

industry standards means that anyone using a

services-capable application will be able to use

our payroll filing gateway.

The coherence between the front-end

components and the .NET Framework was also

important, particularly in ensuring usability

and the ability to continue development of the

payroll service in an efficient fashion.

Buckler s view is that InfoPath focuses on the

electronic reproduction and use of forms,

making it an ideal tool for the payroll filing

easy to talk to a web service because, once

pointed at the service, InfoPath automatically

creates the necessary forms for you.

Consequently, once the web service was in

place, the client-side development was very

straightforward.

As the solutions are off-line, users can

control the security of their own data. Smart

BUSINESS VIEWPOINT

■ Minimise code and test effort by re-

using web services within the same or

related projects

■ Industry standard interfaces ensure

interoperability with existing software

and applications

■ Remain flexible in your choice of client

platform. Web Services can be

accessed by traditional Web Browser

clients or by smart client applications

such as InfoPath, Word or Excel

■ Deploy and access secure, reliable

web services using the .NET

Framework and Microsoft Web

Services Enhancements (WSE) for

advanced Internet applications

■ Accelerate change through

Service-Orientated-Architecture (SOA)

principles. Compose new business

applications from existing re-usable

web services to accelerate time-to-

market, decrease costs or lead-times

to gain competitive advantage

FOR MOREINFORMATION

.NET Framework

To find out more information on the .NET

Framework, visit

http://msdn.microsoft.com/netframework

Focus on .NET Framework

An integral component of the Windows operating system, the .NET Framework is for

building and running the next generation of applications and web services. It provides

a highly productive, standards-based, enterprise-ready, multi-language environment

that simplifies application development, enables developers to take advantage of

their existing skill set, facilitates integration with existing software, and eases the

challenges of deploying and operating Internet-scale applications.

The Framework consists of two main parts: the common language runtime and

a unified, hierarchical class library that includes a revolutionary advance to Active

Server Pages (Microsoft ASP.NET), an environment for building smart client

applications (Windows Forms), and a loosely coupled data access subsystem

(Microsoft ADO.NET).

FROM A TO B

september 2004

18

Microsoft Active Directory provides a number

of benefits to organisations of all sizes.

Many organisations, however, may not be

using Active Directory (AD), or not using it

to its fullest extent. For example, an

organisation could install Active Directory

as an upgrade of older, inappropriate domain

structures, with the result that costs are

higher than need be and management savings

are not realised.

AD is the information hub of the Windows

Server network. It was first introduced with

Windows 2000 Server in February 2000 with

a later version as part of Windows Server 2003

in April 2003.

There are some perceptions evident today

around AD: it is only for larger organisations;

deploying it will take years, is complex and

not worth the risk. These are in fact misplaced,

as businesses of all sizes today are seeing the

benefits of using the technology and most

organisations in the UK deploy within eight

months without any hitches.

In this article, we ll dispel the fears around

it, discuss what it is, what it offers in terms

of both technical and business benefits,

examine why you should use it, and explain

how to set up a successful structure. Even if

you already have AD, read on to see if you are

using it to its full potential.

What is AD and why should you use it?AD provides a central repository of

information about objects in a network such

■ I need to manage and enforce security

policies from a central location

■ I want to provide the ability to sign on once

and access all our systems

■ I want to protect my company s sensitive

information from unauthorised access

■ I need to enable users to quickly find people,

schedules and resources such as printers

■ I want to provide users with secure access

to information assets over any network and

from any location

■ I want to provide a guaranteed bandwidth

to users or groups when they really need it

■ My external partners need controlled

access to my data and systems

■ I need my users to log on from any PC and

get their own settings and documents

■ I want to specify what users can and cannot

do when using their PC

■ I want to provide users with the applications

they need depending on their job role

If these are issues or requirements that you

have then AD can address all of them.

It provides three key business benefits

to organisations:

■ Simplified IT management The IT

systems in place in most organisations today

can be time-consuming to manage. All too

often, when you add an application to your

portfolio, you need to hire more personnel

to distribute software to the desktop

appropriately and manage the multiple

applications. AD enables you to reduce

management costs by providing a single

place to manage users, groups and network

Orchestrating IT from the Active DirectoryIt sets the tone for the entire Windows Server network whatever the

size of your organisation. Thomas Lee finds there are a number of

tools that will help you install and get the best out of Active Directory

ESSENTIALSUMMARY

Active Directory (AD) is Microsoft’s

directory service, it is the focal point

for the Windows Server network,

providing the ability to define and

manage users, groups, computers and

other objects. Using this repository,

administrators can manage the rights

and permissions of all users, secure

the desktop, deploy software, and

delegate administrative control.

as users, computers, network shares and

printers, in a hierarchical fashion. It then

provides this information to users and

administrators, as well as to network

components, enabling users to obtain

appropriate access to resources across an

organisation s network, using a single sign-on.

It also provides the mechanism to lock down

user desktops, thereby minimising both

security and help desk issues.

There are a number of benefits this provides

to organisations including:

■ The power to apply companywide policies

such as desktop lockdown

■ Provide secure access for internal

and external users to resources through

single sign-on

■ Provide central administration to the

IT department as well as allow delegated

administration

■ Provide users with the ability to quickly

locate people, schedules and resources such

as printers

■ Provide the ability to target and therefore

automatically deploy applications to

individual users or groups.

Will AD meet my business requirements?When it comes to IT management and identity

systems there are a number of typical issues

and demands I hear from customers:

■ My help desk costs are high

■ I ve too many identity stores and the cost of

managing them is too high

BUSINESS VIEWPOINT

Active Directory offers benefits to

organisations of all sizes, such as:

■ Increase efficiency of managing

your IT through reduced complexity

and costs

■ Manage and enforce security policies

from a central location

■ Provide users with a single sign-on

to systems, applications and

networks

■ Enable users to quickly locate

people, schedules and resources

such as printers

■ Give users secure access to

information assets over any network

and from any location

FROM A TO B

19

september 2004

resources, as well as a consistent way to

distribute software and manage desktop

configurations.

■ Strengthened network security

AD provides a number of features that enable

you to improve your network security,

including the ability to deploy additional

security controls over user access, such as

smart cards and X.509 digital certificates, and

IPSec for additional network and data security.

■ Extended and improved interoperability

With organisations deploying a diverse

collection of applications and application

directories, interoperability and consistency

are often significant issues. AD enables you to

interoperate with your existing applications,

and thus take full advantage of existing

investment. Using AD s open interfaces,

connectors and synchronisation methods, you

can easily interoperate with other directories.

These benefits are important to both large

and small organisations. Organisations of all

sizes need the ability to simplify the

management of user desktops, and/or to ensure

network security. For small business with a

few locations and limited bandwidth, AD s

Site facility can cut down replication traffic, as

compared to Windows NT¤ 4.

Migration to AD While AD will benefit all organisations, there

are some features which only larger

organisations will decide to deploy. These

include the support of multiple forests/

trees/domains, plus the ability to link forests

with cross-forest trusts. These features can

take time and effort to design and deploy

(and can require a higher level of maintenance

and skills to manage and control). For many

smaller organisations a very simple AD

design — a single domain with a single site —

is perfectly adequate.

In terms of basic platform, Windows Server

2003 combined with Windows XP is the

platform of choice, offering better

performance, scalability and flexibility,

although you can deploy AD using Windows

2000 for both client and server. Having said

that, with AD, you can mix and match as

appropriate to your organisation: you can mix

Windows 2000 clients, Windows Server 2003

DCs or XP clients and Windows 2000 DCs.

Irrespective of your specific platform,

before you start you need to do some basic

planning. Agreat starting point is Microsoft s

Windows 2003 Deployment Kit, which

contains a wealth of detailed deployment

Businesses of allsizes today areseeing the benefitsof using AD andmost organisationsin the UK deploywithin eight monthswithout any hitches

>

FROM A TO B

september 2004

advice. You can access this at:

www.microsoft.com/

resources/documentation/WindowsServ/

2003/all/deployguide/en-us/

Default.asp?url=/resources/documentation

/ WindowsServ/2003/all/deployguide/

en-us/dpgDSS_overview.asp

Specific issues you need to cover include:

■ AD Logical Structure and Site topology

You need to determine your forest and domain

structure and your physical site structure.

Akey design goal is to keep it as simple as

possible. See www.microsoft.com/



dssbc_logi_overview.asp?frame=true for

more information on designing your AD

logical structure, and www.microsoft.com/



dssbd_topo_overview.asp?frame=true for

more information on site design.

■ DNS Namespace and DNS Service

DNS is fundamental to AD, and is required by

both AD clients and domain controllers. The

first key design decision concerns

the DNS domain name you will use for

your AD implementation. Although you

have several options in terms of your DNS

namespace design, www.microsoft.com/



Default.asp?url=/resources/documentation/

windowsserv/2003/all/deployguide/en-

us/dssbc_logi_tgny.asp has more details

on designing your DNS infrastructure.

■ Disaster recovery You need to consider

carefully your strategy for dealing with

disasters such as fire and flood. See

http://go.microsoft.com/fwlink/?LinkId=85

97 for a white paper outlining an approach to

AD disaster recovery.

■ Security settings AD provides you with a

variety of security settings that can be

confusing given the nature and scope of these

settings. Microsoft s Active Directory Security

Center provides additional practical

information and in-depth security resources, at

www.microsoft.com/technet/security/

prodtech/ad/default.mspx

Migration from NT4 Server 4.0If you are currently planning your migration

from Windows NT Server 4.0 (NT4) to

Windows Server 2003 and AD, a key issue for

you is how much of your existing structure is

taken forward. To some degree, the answer to

this will depend on the complexity of your

current infrastructure as well as what you are

trying to achieve.

For organisations still running NT4, one of

the first issues in deploying AD will be

whether to migrate to either Windows 2000 or

Windows Server 2003 or whether to start from

scratch with a new, pristine AD forest.

Creating a pristine forest can provide a more

robust basis for moving forward, but can

involve time and resources, for example, to

provide new user IDs for all users, moving

computers into the new domain and updating

Access Control Lists on all resources based on

the new users and groups.

Depending on how well your current domain

model meets your business needs, you may find

either a simple upgrade, or upgrade combined

with migration and consolidation, can be less

complex than a complete new forest.

There are three broad scenarios to consider:

■ If you currently have a single NT4 domain

(ie the single domain model). In this case, an

upgrade is likely to be both the simplest and

most straightforward approach. This leaves

your current domain name and user names

the same and enables you to avoid any

re-ACLing (updating the access control

lists with new account information) of

your resources.

■ If you have a master account domain

with one or more resource domains (ie the

master domain model). In this scenario, you

Depending on how well your currentdomain model meets your business needs,you may find either a simple upgrade, orupgrade combined with migration andconsolidation, can be less complex than a complete new forest

20

1. Have clear goals for what you want AD

to deliver.

You should do some up-front planning to define

your AD goals, ensure you have some method

of measuring achievement and require that your

business and IT groups align their priorities.

2. Determine whether to migrate or

start afresh.

Some organisations deployed NT4 in a less

than organised way, the result being a mish-

mash of domains, trusts, and permissions.

In such cases, it may be easier to start

afresh and create a pristine AD forest, then

migrate users over.

3. Create a good inventory of users,

computers, applications and your

network components.

You need to know where you are starting from

in order to work out how to get from where you

are to where you want to be.

4. If you do not already have one, create

a testing lab.

This lab should contain examples of all the

hardware you want to support, based on your

earlier inventory. Also, consider using tools

such as Virtual PC or VMware to support your

testing activities.

5. Ensure you have a DNS service defined

and working before you start AD migration.

DNS has traditionally been a major source of

customer problems – so make sure DNS is

designed, implemented and monitored carefully.

6. Ensure you monitor your AD service

(including DNS) on a regular basis

CHECKLIST Use this 10-point checklist to ensure a successful migration:

speed. Specific training courses you might

consider taking include:

■ 2283: Migrating from Microsoft

Windows NT to Microsoft Windows Server

2003 This three-day instructor-led course

provides students with the skills and

knowledge needed to migrate an organisation

from Windows NT4.0 to Windows Server 2003.

■ 2282: Designing a Microsoft Windows

Server 2003 Active Directory and Network

Infrastructure This five-day course teaches

the design principles and considerations for

designing an Active Directory and network

services infrastructure in a Microsoft Windows

Server 2003 environment.

■ 2279: Planning, Implementing, and

Maintaining a Microsoft Windows Server

2003 Active Directory Infrastructure This

five-day course provides the knowledge and

skills necessary to plan, implement, and

maintain a Windows Server 2003 active

directory infrastructure.

ConclusionAD offers many advantages, and some forward

planning is needed to ensure all goes well.

There are a variety of tools and services

providers to assist you in planning and

deploying Active Directory. ■

Thomas Lee, Windows editor on FYI, is a

Microsoft Regional Director and MVP who

writes, teaches and consults on Windows

2000/2002/XP and Windows networking.

FROM A TO B

FOR MOREINFORMATION

AD in Windows Server 2003

For more information on Active

Directory in Windows Server 2003, see

the Windows Server 2003 AD portal at

www.microsoft.com/windowsserver2003/

technologies/directory/activedirectory/

default.mspx

Action points

1. Review all the AD related material

noted in this article

2. If you are currently running on

Windows NT4, start planning your

migration (assuming you have not

yet done so)

3. Take a course or two, and upgrade

your MCSE/MCSA certification. To find

training courses, please visit

www.microsoft.com/uk/learning/find-training

4. Take a look at the online news-

groups at http://www.microsoft.com/

backstage/bkst_column_43.mspx

run the DCPROMO.EXE tool to install AD on

your domain controller. If you have more than

one domain and you plan to upgrade, you need

to create the initial domain, the forest root

domain, then add in any additional domains.

Once you have your new first domain

created, you can begin migrating users, groups

and computers into the new domain by using

Active Directory Migration Tool (ADMT).

ADMT is also useful where you want to

collapse an existing domain into a new AD

domain, for example, when you want to

collapse a second NT4 account domain into

your new AD domain. You can download the

latest version of ADMT from

www.microsoft.com/downloads/details.asp

x?FamilyID=788975b1-5849-4707-9817-

8c9773c25c6c&DisplayLang=en

KB Article 325851 contains details on how to

set up ADMT for a Windows NT4 to Windows

Server 2003 migration. See Professor Window s

column at www.microsoft.com/technet/

community/columns/profwin/pw0402.mspx

which contains a more detailed look at the

migration process.

While ADMT is a great free tool, for more

complex migrations, you may need to consider

third party tools, such as the Aelita Domain

Migration Wizard from Quest.

Useful training When planning your migration from Windows

NT4 to Windows Server 2003, you need to

consider training as a quick way to get up to

can upgrade your account domain, then

migrate and collapse the resources into this

single resource domain. You may need to

consider additional domains, possibly

to bound replication, or to enable different

security settings.

■ If you have multiple account and resource

domains, possibly with resources and accounts

not well segregated, (ie either the multiple

master domain model or the complete trust

domain model). This is more complex, and

typically involves a combination of migration

and collapsing, as in the previous case.

However, with users and group definitions

in multiple domains, you have to take great

care in ensuring you migrate everything in

the correct order.

For more information on how to determine

your AD design and deployment requirements,

see: www.microsoft.com/resources/

documentation/WindowsServ/2003/all/depl

oyguide/en-us/Default.asp?url=/resources/

documentation/windowsserv/2003/all/

deployguide/en-us/dssbb_over_vgfc.asp

Tools available to help youThere are a number of Microsoft and third-

party tools to assist you in migration. For

simple domain upgrade (ie migrating a single

NT4 domain to an AD domain), you just need

to upgrade your Domain Controller to Windows

Server 2003 (or Windows 2000), starting with

the Primary Domain Controller (PDC). When

the OS upgrade is complete, the OS will then

21

both during deployment and subsequently.

You should pay particular attention to AD

replication, File Replication service or DNS

failures. Errors from any of these services

may stop your AD from working as designed.

Consider using Microsoft Operations Manager

to monitor your service.

7. Avoid data duplication.

For larger organisations, it may be that the

definition of users is based on an ERP or HR

system. Rather than re-entering user details into

AD, consider using tools such as Microsoft

Identity Interation Server (MIIS) to co-ordinate

user details across disparate systems.

8. Avoid schema changes unless necessary.

While AD allows you to change your schema,

many organisations find it prudent to only

make such updates when absolutely required.

9. Consider using AD Application Mode

(ADAM) for internally created applications.

While corporate applications could be developed

to take advantage AD’s rich information storage

and retrieval facilities, it may be simpler to use

ADAM to store application data, while leaving AD

to store application generic user/group

information.

10. Automate, automate and automate!

Automation is an important tool in driving down

the costs of management and thereby improv-

ing TCO. AD provides you with the ability to

automate many key tasks, through the use of

scripts as well as lower level interfaces such

as ADSI and WMI and MIIS. Take advantage of

this, and use tools such as MIIS to automate

as much of your daily operations as you can.

september 2004

EMERGING TECHNOLOGY

23

september 2004

Databases, as the name suggests, store data.

So, perfectly reasonably, that s what we put

into them. Rather less reasonably, what we

want to pull out of the database is not data but

information. Decision makers rarely want to

look at the raw numbers, they want some form

of synthesised aggregation of the data that will

give them a greater understanding of their

business. Which is exactly what Business

Intelligence (BI) is all about — extracting

information from a mess of data. BI

techniques let you find the hidden trends and

underlying business truths that are inherent in

the data held in your databases.

The only problem is that BI tools have, over

the years, acquired a certain mystique — a

reputation for being expensive and difficult to

set up and use. In fairness, a major reason for

this perception is that many products that were

developed in the late 1980s and early 1990s

were precisely that. The net result is that some

people still shy away from using them.

However, since SQL Server“ 7.0, Microsoft

has been bundling BI tools with the product

which are genuinely powerful, easy to use

and simple to install. And if you already use

SQL Server, these tools are about as cost

effective as it gets.

What users ask forThe best place to start is, of course, with the

users requirements. Ask a random set of users

(myself included) how they want information

presented to them for analysis and they will

usually answer in terms of graphs, grids and

reports. In other words, they want to see the

data as bar charts and pie charts, as

spreadsheets and as reports (sometimes

printed, sometimes on the Web). Users often

like to see summary or aggregate views of

The business intelligence tools bundled with SQL Server offer you several ways

to extract the information you need from the jumble of data available. In this

article Mark Whitehorn explains which ones to use, when and where

their data. Traditional data structures, such as

relational tables, are excellent for managing

transactional data but are less than optimal for

supporting this kind of analysis. No problem,

we can simply take a copy of the data and

reorganise it as a multi-dimensional structure.

These are also known as On-Line Analytical

Processing (OLAP) cubes. Once created, a user

can connect to a cube using a visualisation tool

such as ProClarity and can browse through the

data in an entirely graphical way. The enormous

attraction of this kind of analysis is twofold.

First it is graphically driven, which means that

you can navigate through, and query, the data

simply using a mouse. Secondly, it is

blisteringly fast. Several years ago, Microsoft

demonstrated a cube that was created from 1.2

Tbytes of relational data and had a 7.7 billion

row fact table. Given a 16 processor server

with 3.8 Gb RAM and 50 concurrent users,

Business intelligence with

If you already useSQL Server, thesetools are aboutas cost effectiveas it gets

EMERGING TECHNOLOGY

24

ESSENTIALSUMMARY

SQL Server’s business intelligence tools

hone in on the data you need to create

a robust business model. They are

powerful, easy to use, simple to install

and cost effective. On-line Analytical

Processing (OLAP) cubes present data

in clear graphic formats that are quick

and easy to navigate. Integration with

Office (via BI Accelerator scorecards)

and Reporting Services are also key

to the success of this advanced data

mining technology.

BUSINESS VIEWPOINT

Bundling business intelligence tools with

SQL Server allows businesses to:

■ Provide end-users timely access to

enterprise-wide data to make decisions

faster, integrating disparate data points

■ Enable users to perform Business

Intelligence (BI) functions across all

leves of the organisation

■ Facilitate cross-group collaboration,

decision-making and coordinated

actions to improve business productivity

■ Simplify measurement, reporting and

management of metrics and strategies

■ Improve ROI by leveraging information

assets across the organisation

half of the queries ran in less than 0.08

seconds (median response time) and the mean

was just 1.2 seconds. Oh, and that included

the network delay...

To put this into perspective, before OLAP,

we lived in a world where business users

struggled to query their own databases. They

either needed a human translator (who could

speak both Human and SQL) or they needed

a significant level of understanding of

relational database structures; even if they

were using a query-by-example tool. They

also had to put up with response times often

measured in hours. Post OLAP, given a mouse

they can surf through their data graphically,

essentially in real time.

In fact, once you get your brain around these

multi-dimensional structures, they turn out to

have other huge advantages. For example, in

relational databases there is no concept of the

relative position of data. So they don t

inherently understand that February comes

after January and before March. This makes

it very difficult, even for a skilled database

person, to write an SQL statement that, for

example, calculated a year-to-date value

for each month. Which is unfortunate because

such questions are a very common business

requirement. Microsoft has developed a multi-

dimensional equivalent of SQL called MDX

(Multi-Dimensional eXpressions). Since this

language is built to address a structure where

the data is inherently ordered, the resulting

year-to-date calculation is completely trivial,

for example:

Sum(YTD(Time.CurrentMember),

Measures.Sales)

In other words, not only do business users

find OLAP structures much easier to

understand and query, so do the technical staff

who support the users.

OK, so that takes care of the users graphical

requirements. Spreadsheets are easy, because

you can hook directly into an OLAP cube from

within Excel. Therefore business users who are

familiar with Excel (and there are many of

them) can utilise the power of OLAP from

within a familiar environment.

Indeed, Microsoft sees the integration of

Office and BI as essential and, to that end,

has released a variety of BI Accelerators for

Office 2003. The most recent of these,

announced on 2 June 2004, are the Microsoft

Office Business Scorecards Accelerator and

the Microsoft Office Excel Add-in for SQL

Server Analysis Services.

The Business Scorecards Accelerator is a

web-based application that makes it easier to

simplify the measurement and management

of key performance indicators. It can help to

automate the process of collecting and

analysing strategic business data.

The scorecard project will enable us to

manage our business more effectively, said

Bill Bradford, Senior Vice President of sales

and marketing for ON Semiconductor. The

toolset allows for prioritisation of key issues

and a drive to action , so we can allocate

resources to achieve our critical goals and

objectives faster and with a higher probability

of success than ever before.

The Excel Add-in for Analysis Services

makes it very easy for users to access and

analyse data held in OLAP cubes directly

from Excel.

Reporting is also easy. Microsoft has

relatively recently added Reporting Services

to the BI armoury. This highly adaptable tool

can draw data from either relational or

multi-dimensional sources. It provides the

user with a graphical environment where

reports can be laid out and designed. Once

they are completed, they can be published to

the Web. Each time the report is viewed, the

data source can either be queried afresh and

the most recent information presented in the

report or the report can use a cached copy of

the data which can provide consistency and

enhanced performance by reducing the load

on the database.

Not only that, the reports can be designed

so that the users can select the data that they

see in the report. For example, imagine that

you have to roll out identical reports to five

different regions, on about six different

product lines over three different years. That

makes 5 x 6 x 3 = 90 different reports. With

Reporting Services, you can design one report

and equip it with three combo boxes. The

users simply choose the region, product group

and year, the query extracts the relevant data

from the database and generates the

appropriate report.

What users don’t ask forAll the foregoing can be delivered by BI and it

can do much else besides. Unfortunately, given

the historical pain that some users have

suffered, many don t even consider asking

for more. Agood example of this is the

English Query feature.

Formalised data structures are traditionally

used for storing transactional data: the most

common structure is the relational database

with its constituent tables. The easiest way to

query a formalised data structure is by using a

formalised query language: SQLdominates the

field. Database administrators learn to love

SQL but users learn to hate it and, in the early

database days, asked repeatedly for the ability to

write queries in understandable English. At the

time this was simply too technically difficult.

Now, English Query has became part of SQL

Server s feature set.

Essentially, English Query relies upon

semantic mapping of the database, which

means tying English words to entities in the

database and relationships between them.

During the mapping process the database is

taught that entities referred to in tables, for

example in a Customer table, can also be

referred to as buyers, purchasers or clients.

Similarly, entities from a Product table could

also be called items, goods or units sold.

The complex many-to-many relationship

between those two could be termed bought,

purchased or sold.

Cleverly, huge sets of words and

associations come ready loaded into the

English Query tool and as long as the database

uses sensible English words for its tables and

fields, much of the hard work can be

performed painlessly. The result is that users

can type in questions like, What are the total

sales of shrimp to customers in the

Birmingham area over the last four years?

and expect an accurate answer. Any queries

september 2004

25

that cannot be translated are stacked for the

database administrator s attention and once

the required semantic information is added,

the query will run.

English Query makes it easy to ask

questions, but what if you don t know what to

ask? It is often suspected that large stores of

data hold interesting information but nobody

knows what to ask to release it. The English

Query posed above is a very specific question:

finding sales in defined areas is interesting,

but far more relevant to the business as a

whole might be the fact that males under 30

who buy olive oil also buy the most fish.

However, if nobody has a hunch that this is

so, the question never gets asked.

Data mining provides a way of looking at

large sets of data and flagging interesting

information. So it will ask millions of

questions of the data and only flag those which

give statistically significant answers.

For instance, an insurance company rings

its existing customers when their policies fall

due for renewal. Using data mining techniques,

it was found that the single most important

factor for a successful renewal was a close

correlation in age between the customer and

the agent. Prior to the mining, nobody had

even suspected that matching ages for caller

and customer had any bearing on renewal rates.

There is a whole variety of mining data

algorithms and SQL Server 2000 comes

with two built in and ready to use. These are

clustering and decision trees.

Clustering is a descriptive algorithm and is

usually used with demographic data: it could

reveal that females over 35 in the high income

bracket and from the south-west buy more

branded than own-brand goods in their

supermarket shopping.

Decision trees are predictive: after learning

the sort of data that is usually recorded a

prediction is made about future behaviour.

Incoming data can now be matched against the

prediction and deviations from normal

behaviour spotted: for example, this can be

used to detect fraudulent credit card usage.

With such wide-ranging applications, BI tools

should be an indispensible addition to your IT

infrastructure and a key means of accessing

essential data across the business. ■

Mark Whitehorn runs a consultancy and

lectures at Dundee University.

FOR MOREINFORMATION

Resources

Find a wealth of BI information at

www.microsoft.com/sql/evaluation/bi/

default.asp

Training

Read about Microsoft training

courses at

www.microsoft.com/learning/solutions/

intelligence.asp and

www.microsoft.com/uk/learning/

find-training

Direct downloads

Find Business Scorecards at

www.microsoft.com/office/solutions/

accelerators/scorecards/default.mspx

Find the Excel add-in at

www.microsoft.com/office/solutions/

accelerators/exceladdin/default.mspx

Find Reporting Services at

www.microsoft.com/sql/reporting

EMERGING TECHNOLOGY

september 2004

Users can type inquestions like,“What are the totalsales of shrimp tocustomers in theBirmingham areaover the last fouryears?” and expectan accurate answer

Word■ Fonts and sizes

Although normal best practice for selecting

fonts and sizes in a Word document is to use

paragraph styles, there are occasions when

you want to make ad hoc changes. There are

some keyboard shortcuts that allow you to

achieve results quickly. For example, suppose

you want to increase the font size of a head-

ing or headline. Select the text and press

Ctrl+] repeatedly until it s the desired size.

This key combination increases font size by

one point. If you want to decrease font size

then Ctrl+[ works in the same way. This tech-

nique can easily result in a non-standard font

size being used. If you want to ensure that

you only use font sizes available in the

Formatting toolbar s drop-down list use

Ctrl+Shift+> to increase the font size and

Ctrl+Shift+< to decrease the font size.

HIDDEN GEMS

september 2004

26

layout in a multi-chapter document with

each one starting on a right-hand page.

■ Bullets and numbering

Bullet characters in Word can be symbols or

can follow a numbering scheme. But what if

you wish to use a short text item, such as NEW

or NOTE to precede multiple indented points in

place of a bullet character? Do this by creating a

custom bullet using the Bullets and Numbering

dialog accessed either via the Format menu or

from the pop-up menu when you right-click on

text. Go to the Numbered tab and choose one of

the formats that you don t intend to use. Click

the Customize button to open the Customize

Numbered List dialog. In the Number format

box, type your text and use the Font button to

select an appropriate point size and set its style

to bold. You can enter up to 30 characters in the

box but 10 is a more reasonable maximum.

secrets

■ Layout

You want to create a professional looking

layout — for example an initial paragraph that

spans the page followed by newspaper style

columns for the main document reverting to

single column layout to accommodate

footnotes or a bibliography. The key to this

versatility is to use section breaks. As well as

being able to vary the number of columns in

different sections they can also have different

margins, paper size or orientation. Headers and

footers, line numbering and page numbering

are other aspects that can be controlled within

sections. Use the Break command on the

Insert menu to insert a section break. There

are four options; Continuous is the one to

use for the scenario described above. The

others are to start the section on the next

page or on the next odd or even page, which

are useful options if you want a consistent

Office Part 2: Become more effective in

your use of Office – Janet Swift shares

tips and tricks to save time and add

professional touches

HIDDEN GEMS

27

september 2004

Outlook■ Date and time

Although there s a date picker in Outlook¤

it s often quicker to type in a date rather than

select it. Outlook also has some date shortcuts

that make forward planning easier still. By

using the Appointment dialog if you want to

set up the next quarterly meeting, you don t

need to consult the calendar and count 13

weeks, instead simply type 13w into the

Start time box and Outlook will work out

the date. If an appointment is for 4 weeks

on Friday and today is Wednesday enter

4w2d. It also accepts the shortcuts mo for

month and y for year. There are similar time

shortcuts using m (minute) and h (hour).

When entering a specific time you don t need

to type the colon — Outlook will interpret 945

as 9:45 and 1630 (or 430p, where p stands

for PM) as 16:30.

Publisher■ Working with watermarks

When you circulate a draft document you

may want to add a watermark that reminds

your readers of its status. Equally, when you

produce a final report adding a company logo

as a watermark adds a professional touch. The

first step is to locate or create the picture you

want to convert to a watermark. For the Draft

watermark you could use WordArt — if so use

Save as Picture and then Insert Picture to

modify it. Right-click on the picture and

select Format Picture. Choose Washout from

the dropdown list for the Color box in the

lower part of the dialog and click OK. Now

save the picture under a suitable name in the

My Pictures directory.

There are two distinct options for using

this watermark as a background. In both cases

go to the Master Page of your publication

(using Ctrl + M or via the View menu). One

option is to Select Background from the

Format menu. Click on More Backgrounds,

then in the Fill Effects dialog click Select

Picture, choose your watermark file and click

the Insert button. Clicking OK takes you back

to the Master Page that now appears filled

with a repeating pattern of the watermark.

If you want a single occurrence of the

ghostly text draw a rectangle (or other shape).

Right-click this container and select Format

AutoShape. In the dialog choose Fill Effects

from the dropdown list of options in the Color

box. Click on the Picture tab in the next dialog

and then on Select Picture. Again choose the

watermark file, click the Insert button and

then OK. Use Ctrl-M to close the Master

Page view. ■

Janet Swift is a computer consultant

and author with an extensive

knowledge of Office applications.

Her specialism is spreadsheet

modelling, a topic about which she

has written several books.

Ensure that the Number style is set to (none)

and consider whether to adjust the Number

position — the distance from left margin at

which the bullet text will appear. Increase the

Indent if the paragraphs being preceded by

bullet points are longer than a single line and

you want subsequent lines to be left-aligned.

Excel■ Conditional formatting

Conditional formatting is normally used to

highlight cells to draw the user s attention to

exceptional or important results. However, the

same technique can be used to hide or

downplay insignificant information, which can

be distracting by providing unnecessary detail.

For example, to hide zero values make sure the

Conditional Cell Value is equal to 0 and set font

colour to white — the same colour as the

background. You might prefer to apply a wider

condition — such as values between —1 and +1 —

and make them barely visible by selecting light

grey as the font colour. You can specify up to

three criteria to be applied simultaneously and

can use the cell s border or background as well

as font. For example, you could apply a

multiple condition that added a bright yellow

background to results that out-performed a

target, displayed negative values in red at the

same time as hiding near-zero values in a range.

■ Date and time

There are two well-known functions in Excel

that enter the current date using your PC s in-

built clock into a worksheet. They are

=TODAY() which returns the date in the

default date format and =NOW() which gives

both date and time. The disadvantage of these

functions, if you want to record the time and

date at which something happened, is that the

values entered will change with the passage of

time if these functions are active. You can fix

them by converting them to values (by using

Edit, Copy followed by Paste Special and

selecting Values) but there s a much easier

solution. The keyboard shortcut Ctrl + ; enters

the current date as a fixed value and Ctrl +

Shift + ; enters the time. If you want both date

and time a quick solution is to enter =NOW()

into the cell above the one in which you want it

and then use the shortcut Ctrl + Shift + which

copies the value from the cell above.

FOR MOREINFORMATION

Office Secrets Part 1

Download Part 1 of Office Secrets in

the archived February 2004 issue of

FYI at www.microsoft.com/uk/fyi

Office

To find out more about Office visit

www.microsoft.com/uk/office

29

september 2004

Perhaps you could start by explaining the

overall mobile strategy within Microsoft?

MS: We�re investing in the tools and

programming environments that will enable

developers worldwide to create a wide range

of applications that will differentiate mobile

devices running Microsoft technology from

those running software from other companies.

Companies can then deploy the technology

to their mobile workforce. We want to extend

the value to customers who are using our .NET

servers, so that they can use mobile devices as

part of their corporate IT infrastructure.

JW: Because we offer the .NET Framework

on mobile devices, it�s now really easy for

developers who are already familiar with

our Visual Studio development platform

to create applications that will run on

mobile devices.

Why should an IT pro be interested in

what Microsoft is doing in terms of the

.NET Framework?

JW: The .NET Framework also brings

advantages for the IT pro. It makes it easy to

deploy applications on mobile devices. The

way the Framework itself is deployed means

that the actual applications are small,

simplifying the task of distributing the

software to the mobile devices. And the use of

the Framework makes it easier for developers

to deploy and maintain their code.

Finally, the use of the Framework means

that developers can use familiar programming

environments such as Visual Basic® on their

PCs to create their own applications to run on

mobile devices, so reducing costs and adding

flexibility to the mix. We envisage IT pros

will create applications to monitor server

processes, for example, with the results

provided in SMS messages to mobile devices,

or other �make my life simpler�type

applications that help IT pros to be more

effective in their day to day roles.

MS: Our stated goal is to empower people so

that they can reach their full potential. If you

think about that with respect to mobile devices,

we have the potential to offer richer levels of

information, which in turn will make

organisations and individuals more effective.

If we look in particular at the knowledge

worker level, for mobile professionals the

important thing about mobile devices is �it�s

in my pocket, with me at all times�. That

enables us to build a wide range of applications

to assist mobile professionals in their work.

If a company is selecting a particular type

of mobile device as the company standard,

how can they make the ‘right’ decision

whilst providing a level of future proofing?

MS: Looking to the future, I believe the

market will both widen and become more

focused. That sounds contradictory, but

I foresee a wider range of devices in terms

of the form factors, the physical types of

device. But at the same time, it�s reasonable

to expect convergence, a blurring between

what are currently different device categories.

If a device lets you make phone calls, type

emails, run applications, and store multimedia

files, is it a Smartphone, or a PDA, or what?

From a Microsoft perspective, the most

important thing is to offer a powerful

platform that is familiar to the end user and

consistent to the developer, with a standard

operating environment. It�s a similar

situation to that of current laptops � you might

choose a laptop with a low weight, small

screen and lack of expandability for some

purposes, while other users would choose a

large screen, lots of expansion options, and

be willing to accept the increased weight that

comes with those features. But a user of the

lightweight small laptop could confidently

sit down in front of the high-end machine

and be able to use it without trouble.

Mobile devices are carried around away

from the corporate environment. If they are

increasingly used to access corporate IT

resources, how can IT pros ensure that

security is maintained?

JW:This is one of the advantages of using

the .NET Framework, because it�s built with

security in mind from the ground up, which

means it�s easy to crank out secure applications.

MS: It�s also important to look at mobile

security in the context of Microsoft�s overall

commitment to Trustworthy Computing.

For the Windows Mobile� business, security

is core from the standpoint of making sure

that every level of the stack has security

factored in. In addition to the security that

is found in other sectors, mobile devices also

need to be secured to prevent unauthorised

access. It�s possible to provide a range of

security measures � authentication measures,

encryption for files or data stored on the disk.

There are also some great examples of ways

that mobile devices can be secured using their

own strengths. For example, over the air

provisioning policies enable companies to

send a set of commands to a device. So, if

a user reports their Windows Mobile device

as lost or stolen, commands can be sent to

lock the device, delete sensitive data, and turn

it off with instructions not to restart.

Those commands will be executed

immediately � as soon as the next incoming

message is received, or the next time the device

is turned on. Of course, over the air

provisioning isn�t just used for security � it

can be useful to update client software on the

device, so avoiding the need to recall devices

for software updates.

How do you see the use of mobile devices

changing in the future, particularly with

relation to corporate IT infrastructures?

MS: We recognise that companies have

investments in terms of their infrastructure

products and their desktop applications, and

that they are familiar with their tools and

developer products. Mobility is becoming

baked in across the board, particularly in the

current set of products.

For example, if you look at Exchange

Server, in the 2000 release, there were extra

licences to be acquired and configuration to

be carried out in order to extend high fidelity

messaging to users of mobile devices. In

Exchange Server 2003, the mobile support is

integrated as a core attribute, so every set of

customers has the integrated capabilities.

The same model applies across the board �

SQL Server, Visual Studio, Office, Windows

Server 2003 � our current releases of products

come with built-in support for mobile devices

to allow customers and partners the ability to

maximise their investments.

JW: From the developer�s perspective, we�ve

extended the tools to target mobile devices,

with the goal of turning PC developers into

mobile developers. The great thing is that it�s

just a matter of awareness.

We�ve got millions of developers with both

the knowledge and the software to develop

applications for mobile devices, and the route

towards creating applications is easy. The

message is very clear � now is the time to

have a look at mobile.

For more information

www.microsoft.com/windowsmobile

For information about the .NET Framework,

visit www.microsoft.com/net

For Microsoft mobile devices UK, visit

www.microsoft.com/uk/windowsmobile

FYI talks with Mark Spain, Microsoft’s Director of Worldwide Developer

and Partner Programs for Windows Mobile, and Jonathan Wells,

Product Manager of the Microsoft .NET Framework

The future of mobile

Q & A

Mark Spain

Director of Worldwide Developer

and Partner Programs for

Windows Mobile

MODEL ENTERPRISE

september 2004

30

As with other large enterprises, the adoption of

new technologies across Microsoft s existing

systems is incremental. However, unlike other

organisations, Microsoft IT has the added

objective of trialing new solutions to ensure the

oganisation remains a model enterprise by

demonstrating the value of Micrsosoft products

and solutions. As major projects arise for new or

upgraded internal applications, they are

implemented using the .NET Framework and

XML-based technologies. The three projects

reviewed here used different .NET technologies

available at the time to deliver both measurable

and qualitative benefits.

Release Services ManagerAn early success (in 2001) for .NET within

Microsoft, was the 2.0 version of Microsoft s

Release Services Manager (RSM). RSM is a

line-of-business application that supports the

electronic delivery of product information to

manufacturing vendors and business partners

and provides Microsoft with real-time access to

product and release data. The application

requires a complex User Interface (UI) and the

previous ASP-based UI involved time-

consuming navigation through many pages.

For RSM 2.0, a smart client application

was developed with less effort than the

planned project modifying the web-based

UI. This Windows Forms application uses

.NET Framework classes to manipulate files

on the client computer. Multithreading

techniques maximise performance and let

the UI remain responsive.

RSM ExplorerWindowsForms

Executable


Executable


Executable


Executable

QueryingWeb Service

Win

dow

s S

ervi

ce(c

ache

s ap

plic

atio

n an

d us

ersp

ecifi

ed s

ecur

ity in

form

atio

n)

ServiceRequest

Web Service

Common Classes(DataLayer, Common, XML Helper, Error Handler)

RSM 2.0 Windows Forms Smart Client

Presentation Tier

Middle Tier

Database Tier

Microsoft ADO.NET

HTTPS/SOAPtransport

.NET Remotingcaching datastored andtransferred

Fig 1: RSM 2.0 Smart Client ApplicationArchitecture

.NET stepsup to the markAndy Thomson reviews the benefits that .NET tools and languages

have brought to some of Microsoft’s own business systems and

finds out what types of project .NET had been used for and how

successful these projects have been

Transaction ServerSQL Server 2000

ESSENTIALSUMMARY

.NET isn’t just important to developers,

it has implications for IT pros as well.

This article explains how Microsoft has

implemented and is making use of

.NET, identifying the benefits the

organisation has gained as a result and

illustrating how you as an IT pro can

make the best use of it.

BUSINESS VIEWPOINT

The benefits of an XML and ASP.NET-

driven system are:

■ Solutions based on .NET are flexible

and accessible from smart clients

or URL-activated Windows Forms

applications are easy to deploy

■ Clients can access the main business

logic very flexibly using web services

technologies

■ A sound technical and management

infrasctructure simplifies and

standardises the development of

reusable web services

■ For ASP.NET web applications, custom

handlers can be linked to XML content

to create an efficient yet flexible

framework for even the largest

corporate web site

MODEL ENTERPRISE

31

september 2004

The smart client interacts with several XML

web services that provide the middle tier

business logic [see Figure 1 (left)]. These,

in turn, communicate with the SQL Server

2000 database using ADO.NET. Web services

technology enables lightweight, distributed

components to work in environments

employing firewalls and Network Address

Translation (NAT) software, as well as

abstracting the inner workings of a component

and the clients using it. The web services also

interact with a Windows Service specifically

written to support caching of application-

specific or user-specific security information.

The icing on the cake, with regard to smart

client Windows Forms applications like the

RSM 2.0, is deployment to a user s machine by

means of one-click URL-activation. This

means the smart client executable files and

DLLs are made available from an Internet

Information Services (IIS) server virtual root.

When the user navigates to the web site to use

the application, the files are downloaded and

installed automatically on the user s

workstation. Also known as no-touch

deployment , the server is checked for updated

components and the client updated

automatically whenever the code runs.

The smart client version (2.0) of RSM

yielded several benefits, including:

■ Increased application functionality

and automation

■Aricher and more flexible user interface

■ Better performance in the user interface with

background processing

■ Fewer deployment issues, by virtue of URL-

activation and automatic updating, which

improves application supportability

■ Reduced application maintenance costs

■ Improved security because downloaded

applications run under the code access

security policies enforced by the common

language runtime.

Account Explorer and AlchemyAdifferent approach was taken for the Account

Explorer web-based application, developed by

the Sales and Support IT team to address the

issue of customer and partner information being

held in different databases, each with its own

front-end application, security credentials and

query mechanism.

Rather than force sales users to repeatedly

query each system, Account Explorer users see

a My Accounts home page, which provides

a choice of customer data views, drawn as

required from the Microsoft Sales database,

a Siebel CRM application, the Clarify Product

Support Services tracking tool and a

worldwide marketing database.

Account Explorer was, in fact, a client to an

important set of web services, known as

Alchemy, which provides the information

integration services. Written using Microsoft

Visual Studio .NET and the Microsoft .NET

Framework 1.0 in just eight weeks, this

integration layer exposes all four data-source

systems through a single set of web services.

Within the Alchemy layer, the development

team achieved integration with Clarify and the

marketing database by using ADO.NET and

standard database calls because no updates were

needed in these systems [see Figure 2 (right)].

They took advantage of the COM Interop

feature in the .NET Framework to re-use

existing Siebel business objects. By taking this

approach, they were able to easily achieve read

and write access into Siebel data without having

to worry about the low-level details of how the

application actually stores this information.

The major benefit of the web services-based

Alchemy layer is re-use cost savings. Originally

developed for use with Account Explorer,

Alchemy services have since been leveraged in

many other applications that draw on

customer-related data.

The .NET Platform Strategy Group used the

Alchemy web services interface into Siebel in

building a tool called the .NET Evangelism

Factory. This tool allows users to view relevant

data in whatever manner makes the most sense

— by customer, events, initiatives, products,

technologies, or supporting content. Because

the Alchemy layer returns data to the application

in XMLformat, developers enjoyed complete

freedom in determining how to present

information to the user. The application was

delivered just weeks after the Alchemy layer

had been completed, and also takes advantage

of other web services within Microsoft.

Web Services Development andManagement SolutionAlthough projects like RSM 2.0 and Alchemy

HTTP Request

Return XML Data Format

Fig 2: The Account Explorer andAlchemy hardware architecture

COM-basedapplications

had been highly successful, Microsoft IT

recognised that there was too much diversity

among developers of web services with respect

to tools, languages, configuration settings,

deployment methods and variations of

standards. This gave rise to an IT management

and infrastructure initiative — the Microsoft IT

Group s Web Services Development and

Management Solution — designed to reduce

duplication of effort, apply standards and get the

most benefit from web services-based projects.

The Web Services Development and

Management Solution involved creating two

main subsystems: the Alchemy Backend and

the Alchemy Interface . The Alchemy Backend

The major benefit ofthe web services-based Alchemy layeris re-use... Alchemyservices have sincebeen leveraged inmany otherapplications thatdraw on customer-related data

Web Server

Web ServiceServer

SQL Server

MODEL ENTERPRISE

september 2004

32

provides services for data management,

transaction history storage, service registration

and execution verification. It also handles the

interaction and storage of web services

configuration data including system users, roles

and operational metrics. The Alchemy Interface

handles all incoming and outgoing Simple

Object Access Protocol (SOAP) request/

response transactions. An identical Alchemy

Interface runs in-process in the consuming

Visual Studio.NET 2002

WSE 1.0

.NETFramework 1.0

Visual Studio 2005

2002 &Prior

Visual Studio.NET 2002

.NETF ramework 2.0

WSE 2.0

BizTalkServer 2004

SQLServer 2005

2006 andbeyond

Win FX (partof Longhorn)

Visual StudioOrcas

.NETFramework 1.1

Fig 3: Microsoft IT Web Services Development and Management Solution

Fig 4: Masthead, Navigation and FooterElements surround the central content pane

application and the web service provider. By

default, interaction with the Alchemy Interface

is abstracted entirely from the host application.

The implementation of the Alchemy Interface

was based on Microsoft .NET Framework 1.0

[see Figure 3 (left)]. Web services

enhancements (WSE) is based on the latest

enhancements to web services, as standardised

by WS-I.Org. These evolving web services

specifications provide support for binary

MODEL ENTERPRISE

33

september 2004

message attachments and security features such

as digital signatures and encryption.

Furthermore, WSE will interoperate out-of-the-

box with non-Microsoft platforms that

implement the WS- series of advanced web

services specifications. The internal web

services development and management solution

now supports most of the organisation s web

services and provides a number of benefits:

■Aframework for building, deploying,

maintaining and managing web services

■ The solution abstracts away most

configuration settings as administrative

parameters that can be configured

centrally. These include settings for

authentication, digital signing and

encryption and messages.

■Acommon set of administrative tools are

used to deploy web services in development,

test and production environments.

■ Reduced time and effort required to develop,

test and deploy new web services. Based on

the experience of Microsoft IT with several

projects, a web services implementation

that, in the past, required four to six months

of effort is reduced to four to six weeks.

■ Proactive management of service level

agreements for web services

Microsoft.comOriginally, the vast Microsoft.com domain

embraced a loose federation of disparate

websites, designed and built as required by

individual business units and product groups

within Microsoft. Although this model was

attractive to those content-owners, different

navigation mechanisms, styles and layouts

led to an inconsistent customer-experience.

Astandard corporate look and feel was needed.

The key to this standardisation is a

presentation framework developed on the

Microsoft .NET Framework and written in

Visual C#¤ , ASP.NET, XML, and XSLT.

The framework includes a custom ASP.NET

HTTPhandler written using C#. Pages that use

the presentation framework have the .mspx

filename extension, which is registered in

Microsoft Internet Information Services (IIS)

on the web servers. When a Microsoft.com

web server receives a request for an .mspx page,

this custom HTTP handler intercepts the call

and passes it to the framework for processing.

The presentation framework locates and

retrieves the XML content from the data

store to construct the page. Both the page

and the XML content are cached for

subsequent requests.

Within the file that holds the content for the

page, XMLtags identify the content template to

be used. The framework retrieves the appropriate

template and uses a series of XSLTs to assemble

the page, including the masthead, the footer, and

the primary navigational column, finally

rendering the content within the content pane.

The specific elements of each page (for

example, the template, branding elements and

locale) are identified in a set of XML

configuration files [see Figure 4 (page 32)].

Generally, site owners maintain the

configuration files, which hold information

for all the pages within a site.

The centre of the page displays the page s

unique content using a choice of 15 XML-

based templates. The templates include

XML schemas that define the content

types and XSL transformations to render

the display.

From these examples, we can see that .NET

has enabled Microsoft to build solutions in

acelerated timeframes using the architecture

model that was right for the business. ■

Andy Thomson is a Principal Technologist

with QA, the UK's leading independent

IT Training provider.

GlossaryACLAccess Control List. A list of security

protections that applies to an object. An

entry in an ACL is an access-control entry

(ACE). There are two types of ACLs:

discretionary and system.

ADAMActive Directory Application Mode. An

independent mode of AD, minus

infrastructure features, that provides

directory services for applications. It

provides a data store and services for

accessing the data store.

ADMTActive Directory Migration Tool. It

provides an easy, secure and fast way to

migrate from Windows NT to the Windows

2000 Server AD service. It can also be

employed to restructure Windows 2000

AD domains.

ADSIActive Directory Service Interfaces.

Abstracts the capabilities of directory

services from different network providers

in a distributed computing environment to

present a single set of directory service

interfaces for managing network resources.

COM InteroperabilityAservice that enables .NET Framework

objects to communicate with COM

(Component Object Model) objects.

Data miningThe process of using automated methods to

uncover trends, patterns, and relationships

from accumulated electronic traces of data.

IPSecInternet Protocol Security. Aframework of

open standards for ensuring private, secure

communications over Internet Protocol (IP)

networks, through the use of cryptographic

security services.

MDXMulti-Dimensional eXpressions. Asyntax

used for defining multi-dimensional objects

and querying and manipulating multi-

dimensional data.

OLAPOnline Analytical Processing. Atechnology

that uses multi-dimensional structures to

provide rapid access to data for analysis.

SOAPSimple Object Access Protocol. Asimple,

XML-based protocol to exchange structured

data and type information on the Web.

WMI Windows Management Instrumentation.

Acomponent of the Microsoft Windows

operating system and is the Microsoft

implementation of Web-based Enterprise

Management (WBEM), which is an

industry initiative to develop a standard

technology for accessing management

information in an enterprise environment.

WSEWeb Services Enhancements. The WSE for

.NET provides access to features specified

in the XML web services architecture, also

known as the web services specifications,

by building on the programming model for

web services created using ASP.NET.

.NET projects

Find out more about RSM 2.0, Account

Explorer, Alchemy and other major .NET

projects at www.microsoft.com/services/

microsoftservices/msnet_sol.mspx

Microsoft.com technology

Get further details of the microsoft.com

web site technology at

www.microsoft.com/backstage/

bkst_column_46.mspx

Microsoft case studies

To access information relating to

Microsoft case studies, please visit

www.microsoft.com/uk/casestudies

Microsoft training

For information about training, visit

www.microsoft.com/uk/learning/find-training

Microsoft.NET framework

www.microsoft.com/net

Don’t miss the webcast follow-up

at 2pm on 23 September. Please visit

www.microsoft.com/uk/technet/

training/webcasts.mspx

FOR MOREINFORMATION

If you sometimes find you need a little help keeping up with the latest industry terminology, take a look at our list below. If you stillcan’t find what you’re after you may track it down at: www.microsoft.com/resources/glossary/default.mspx

september 2004

34

Windows Server 2003I’ve just upgraded to WindowsServer 2003 from Windows 2000Server. Prior to doing the upgrade,I backed up the System Stateusing the Windows Backup utility. I started a manual restore to getback the System State, but thecomputer won’t restart. Why?The reason this happens is that the System

State restore operation was started when

Windows Server 2003 was installed in the

C:\Windows folder, whereas the System State

backup was created when Windows was

installed in the C:\Winnt folder.

By default, Windows 2000 is installed in

the C:\Winnt folder. Therefore, when you

upgrade to Windows Server 2003, Windows

uses the C:\Winnt folder. However, when you

perform a new installation of Windows Server

2003, Windows is in fact installed in the

C:\Windows folder. Because the System State

was backed up from the C:\Winnt folder, the

Backup utility cannot find the Windows

installation in the C:\Windows folder.

This issue does not occur when you use

the Automated System Recovery (ASR)

wizard to save and restore the system files

and configuration settings.

The solution to the problem is to perform a

second installation of Windows Server 2003.

When you do this, Windows discovers the

existing installation in the C:\Windows folder,

and then you are prompted to specify another

folder for the installation. When this occurs,

you can specify the C:\Winnt folder. You can

then restore the System State by using the

backup that now matches the location of the

Windows installation in the C:\Winnt folder.

Windows UpdateWhen I use the Windows Updatescan feature, the scan quicklyreaches 100 per cent, and thendisplays the ‘There are no updatesavailable at this time’ message.The log file contains error0x800c0008 or 0x80072EE4. The error is caused by Secure Socket Layer

(SSL). The scan process requires SSL and if

the date and time on your computer varies too

much from the valid date and time of the SSL

certificates on Windows Update, the process

will fail. Make sure that your computer�s date

and time are accurate and that the Internet

Explorer language option is not empty.

You can do this from Internet Explorer�s

Tools menu, from where you should select

Internet Options, Languages. Make sure at

least one language is listed in the �Language

Options� dialog box. You should also delete

the Internet cache and cookies using the

Internet Options from the Tools menu. Click

�Delete Cookies�, then click �Delete Files�.

MOMWhen I am using the MicrosoftManagement Console (MMC) in

Microsoft Operations Manager(MOM), if I click the All Agentsoption, some of the agents display a red down-arrow. The red down-arrow is an indicator that the

Consolidator does not pick up a �heartbeat�

signal from those agents. The arrow remains

until the agent has successfully sent a signal

to the Consolidator at the next heartbeat. You

don�t need to worry if the red arrows appears

to stay for some time, as this is normal

behaviour if the interval between heartbeats

is long. The default interval is 10 minutes.

You may sometimes see all MOM

components displaying a red down-arrow.

This happens if the agent on the Consolidator

misses a heartbeat.

You can reduce the amount of time that the

arrows remain on display by specifying a

shorter time between agent heartbeats. In the

Microsoft Operations Manager MMC, go to

Global Settings under Configuration.

In the right pane, double-click Agents.

Click the Heartbeat tab, and then set the

heartbeat interval to a shorter time period, for

example 60 seconds. Click OK. Right-click

Rules, and then click Force Configuration

Changes Now.

To verify the change, click All Agents

under Monitor, and then note the Last

Contact time.

SQL ServerHow can I set the database to

single user mode and restrict theaccess to dbo use only?In SQL Server 2000, a database cannot be in

single-user mode with dbo use only. Instead,

several alternative options are available by

using the ALTER DATABASE command.

The choices are:

■ ALTER DATABASE database SET

SINGLE_USER.

■ This command restricts access to the

database to only one user at a time.


RESTRICTED_USER.

■ This command restricts access to the

database to only members of the

db_owner, dbcreator, or sysadmin roles.


MULTI_USER.

■ This command returns access to the

database to its normal operating state.

Do I need to use the multi-protocol network library to enable encryption?No, Microsoft SQL Server 2000 can use the

Secure Sockets Layer (SSL) to encrypt all

data transmitted between an application

computer and a SQL Server instance on a

database computer. The SSL encryption is

performed within the Super Socket Net-

Library (Dbnetlib.dll and Ssnetlib.dll) and

applies to all inter-computer protocols

supported by SQL Server 2000. ■

FAQS

Our panel of Microsoft support experts tackle

some of your frequent product issues

Expert advice: The Microsoft PSS

team. If you want to pose a

question to the team, email:

[email protected]

QUESTION TIME

M992

FYI3 01cover des.fin

Documents

Transcript of FYI3 01cover des.fin