Wednesday, May 10, 2006

3 great articles at Setup32.com

Saved for future reference

Using the new DFS in Windows Server 2003 R2

R2 is an interim or "upgrade" release of Windows 2003. It is an optional upgrade, but has some very nice features such as the new DFS. Look here for more details on R2. Before we continue this discussion, it is important to note that "DFS" previously referred to shares and namespace management. Beginning with the Windows Sever 2003 R2 release, "DFS" is an umbrella term that refers to both namespaces and replication. The term "DFSR", at lease as it is used at this time, refers to the new replication engine.

Active Directory scripting secrets: When GUI just isn't enough

While it's true that Active Directory provides a number of easy, wizard-driven Graphical User Interface options to create objects and perform many common administrative tasks, to be a truly effective admin you'll often need to get away from the GUI and find a more efficient way to operate.

Extracting Active Directory info quick and easy with LDIFDE

As mature as Active Directory is, it still amazes me how many admins I talk to who have no idea how to write simple LDIFDE.exe commands to gather data for routine operations. My next few articles will give you some simple instructions on how to take advantage of this tool to gather AD data without using those painful UIs - even for the scripting impaired!

Monday, May 01, 2006

CompTIA; end-User Training Is Critical To Security

Companies that don’t provide security training to their employees are leaving open pathways into their corporate networks, according to a recent survey.

Customers are well aware of the threats they face from viruses and worms, but a survey of some 550 small and midsize businesses found that human error was the primary cause of nearly 60 percent of security breaches during the past year, said Brian McCarthy, COO of the Computing Technology Industry Association (CompTIA), Oakbrook Terrace, Ill., which sponsored the study.

“The alarming part is that little is being done to change cultural behavior,” McCarthy said. “End-user awareness [of security issues] is a big problem in companies. Organizations that provide security training to employees will see ROI.”

Brian Haboush, vice president of business development at Intelligent Connections, a Royal Oak, Mich.-based solution provider, agreed. “We find the biggest vulnerability in corporate networks to be caused by misconfiguration of equipment due to lack of training,” he said. Haboush sees increasing demand for security training and is expanding his training offerings for IT staff and for the executive ranks.

Most of the flaws that emerge in the security and vulnerability assessment realm are due to misconfigurations and poor application of corporate security practices, which points to a need for training, said Paul Rohmeyer, a professor at Stevens Institute of Technology, Hoboken, N.J., and former COO of North Brunswick, N.J.-based security solution provider Icons.

VARs should include security training in the solutions they offer to help companies effect cultural change and minimize human error, McCarthy added. “There are opportunities to bring a training solution into the equation to make sure products they have installed are fully realized,” he said.