Notes on BD Windows NT software, network, etc.

IMAPServer2 change on 9/3, advice from Brian Drendel, 8/29/00

There has been some concern regarding the IMAPSERVER2 changeout that will occur on Sunday. I talked to Jack Schmidt from Computing Division this morning. He says that you don't need to do anything to prepare for the IMAPSERVER2 changeout that will occur this weekend. If you are curious, here is what will happen this weekend.

1. At 3am on Sunday, they will turn off mail delivery to IMAPSERVER2. Your incoming mail will be held until after the update, and then sent to your account. You will not be able to login to IMAPSERVER2 at this time.

2. Computing Division will do a complete backup of all of the IMAPSERVER2 accounts. This includes all of your imap folders, your inbox and even your trash.

3. Computing Division will replace the old IMAPSERVER2 computer with a new faster computer.

4. Computing Division will restore all of the email accounts. This includes every IMAPSERVER2 folder, all of your INBOX messages, IMAP stored Send messages, and even the messages in your trash.

5. Computing Division will then activate mail delivery IMAPSERVER2 by 5pm on Sunday. All email sent to you between 3am and 5pm on Sunday will then be forwareded to your accout. At that time, you will again be able to login to your IMAPSERVER2 account.

I guess what all of this means, is that you do not have to do anything to prepare for the IMAPSERVER2 changeout this weekend. The only thing that I would ask you to do is, if you are an IMAPSERVER2 user, close down all of your Netscape windows before you leave on Friday (or preferrably, as always, logout of your beams account and leave your computer powered on).

Netscape security fix, from Brian Drendel on 8/21/00

Netscape 4.75 was released by netscape on Friday. It patches the Java Vulnerability (see below for details on this security hole). The installation has to be done by an account with localadmin priviliges.

Netscape - Java Vulnerability

August 8, 2000 15:00 GMT
Number K-063
---------------------------------------
PROBLEM:

This vulnerability allows a hostile web site to start a server process on the browser system. That server can access arbitrary files on the browser system and locally connected networks through "file:" URLs. PLATFORM: All versions of Netscape Navigator and Netscape Communicator versions 4.74 and earlier are vulnerable when Java is enabled. DAMAGE: A hostile web server can start a server process on the browser system with no warning to the browsing user. This process can access any file on the local (browser) machine or the locally connected network through normal file sharing, if it is accessible by the browsing user. Additional code and external URLs can also be distributed by the running server, resulting in self-propagation and feedback to the hostile site.

6/20/00 virus alert, Brian Drendel

The latest computer viruses and worms are getting popular enough to make local newscasts. The latest worm, VBS.Stages.A, is infecting a lot of corporations. I have not seen any occurances of this one in Beams Division yet.

To quote symantec, "This worm appears as an attachment titled LIFE_STAGES.TXT.SHS. Execution of this attachment will open a text file in Notepad displaying the male and female stages of life. Whilst the user is reading the text file the script is executing in the background. This worm spreads itself using Outlook, ICQ, mIRC and PIRCH.". To read more information on this latest email worm, go to this location.

If you see any occurances of this, do not open the attachment and delete the message.

Multiple users and Netscape profiles, Brian Drendel, 6/16/00

We have had requests for additional documentation outlining specifically how to fix borken Netscape profiles. This mostly is an issue for local administrators that have multiple users reading their email from one computer. We have new documentation addressing this issue which can be found on our web page at this location. If you have any questions let me know.

Netscape security advisory, from Brian Drendel on 5/17/00

Below you'll read the CERT security advisory forwarded to us by Mark Kaletka. It summarizes a security hole in some versions of Netscape (4.72, 4.61, etc..) that could allow a "malicious web site to masquerade as a trusted web site, revealing confidential information, such as credit card numbers." Netscape's solution is to upgrade to Netscape 4.73. So, if you have any computers that you were thinking about upgrading Netscape on, this would be a good reason to do so. I have installed Netscape 4.73 on a few computers and have not had any problems with it yet.

I have put the Netscape 4.73 installation file on Beamssrv1. Go to \\Beamssrv1\apps\Windows\netscape\cc32e473.exe to install it.

For more information see augmented information.

IE security vulnerability, from Brian on 5/17/00

Below is a message from Jack Schmidt informing us of a security vulnerability with IE 5.0 that allows email viruses to spread without opening your email attachments! I do not know if IE 4.01 is effected by this. The good news is our IE 5.01 installation (see our last local admin meeting slides) already has the patch for this vulnerability in place. To upgrade to IE 5.01, you can run:

\\beamssrv1\apps\Windows\Ie 5.01\Ie 5.01 install.bat

The process is automatic and requires a minimum of user intervention.

Poll on Office 2000 & served applications, Brian message of 5/18/00

We had a few discussions that were not covered in the transparancies. We would like your feedback on these topics.

1. Roaming Profiles (keep them or trash them?)

   Profiles contain the network & printer connections, screen background, hardware and software configurations specific to the user and not the computer. Roaming profiles allow users to become more portable. A users roaming profile is stored on Beamssrv1, with a cached copy on the local computer at C:\winnt\profiles\"user". Everytime a user logs in the profile is downloaded from Beamssrv1 to their comptuer. Everytime they logout, the profile is updated by writing it back to Beamssrv1.

   Advantages

   
   A user's account is ideally more portable. If the user runs Exceed over the network on computer x, they can walk over to computer y and run exceed with all of their personal settings in tact. A person's printers and extra network connections will also be in tact. The profiles are backed up, so if a user destroys their comptuer, their profile is still in tact.

   Disadvantages

   
   Due to differences in configuration and hardware between computers, the roaming profiles often give errors on startup (even for software uninstalled on the same computer). We have seen cases where applications such as MS Word will not even function until we reset the users profile. We also have a lot of problems with profile size. Many applications, especially MS apps, like to make the default document and cache locations in your profile. Examples are IE internet cache files, MS Office documents, Outlook or Outlook express email files. If your roaming profile gets too much larger than 2MB, they your login and logout times increase greatly. When they start getting in the >60MB range, you will see slow network connection errors. Also, when profiles are overwritten you can lose files. Profiles don't easily transfer to Win 2000 servers.

   We would like some feedback on how much your groups take advantage of roaming profiles and whether or not to use them in the future.

2. Office 2000

   We are working on the Office 2000 upgrade. We have found the following. We will have an administrative installation point from Beamssrv1 or other server. From that administrative installation local administrators will be able to install Office 2000 on their computers. We will be setting up the installs to be as automated as possible.

   One option we have is we can either install the entire set of applications on the local computer or run the applications off of the server. Full installations of both Office 2000 disc 1 and disc 2 takes 814MB on your hard drive. An install of disc 1 (Word, excel, powerpoint and access) takes about 355MB. A network installation will still install about 100MB worth of files on your computer. Early tests show that the performance of the network installation is not as bad as expected, but of course not as good as when run locally.

   I will be setting up two computers in the comptuer room: one with Office running locally and the other with Office running off the network, for anyone who wants to see how it performs. An additional disadvantage of running off of the network, is I would have to take the Office share away anytime I wanted to upgrade to a new service release. We would like to run Office locally, but we know there are a lot of computers that do not have 800MB of spare disk space. Local admins might have to install additional hard drives in some computers if we go with the local installations.

   We would like your feedback on this topic as well. Would your preference be to run local or off the network?