Clive Watson's Blog

Clive Watson, Datacenter Technical Specialist, Microsoft UK

Blogs

NAP webcast

  • Comments 1
  • Likes

NAP continues to be a hot topic, see this very recent webcast by Joseph Davies (also link to a whitepaper) for more details.

http://support.microsoft.com/kb/921070

Comments
  • Server biggest problem:

    The biggest problem with Windows Server 2003 (R2) 64-bit goes unattended, the default security which prevents everything from running.

    This  is a crossover problem from the mass market driven workstationware.  In trying to protect all mass users and place them in a bubble, Microsoft has placed all newly installed servers in the same bubble.  This means that, among other things, nVidia and other motherboard hardware are completely prevented from doing their job.

    nVidia's Network Access Manager is a necessity on Asus 64-bit architecture using AMD 64-bit microprocessors.  It is run on a Frontend Apache, which is to say, similarly to Active Directory in that administration is done using a web interface.  I have worked workarounds, but that is simply not good enough, now that Windows Server is preventing everything from running without the slightest documentation on how to applications outside of the Microsoft proprietary set running.

    Where is the complete documentation on Windows new security features?  It does not exist.

    They did not understand Data Execution Prevention [DEP], an hardware concept designed some 30+ years ago in mainframes [I know, I was one of the designers!], nor the Execution Bit nor the Tag Bits used in the design and architecture when they implemented DEP.  And they wrote no effective documentation as they built their new security features.

    So that things like drivers will install, but once a Windows Server is given the role of Primardy Domain Controller [PDC], these drivers will no longer function.  The interface to the administration of the configuration is killed by the server software, and a lengthy and costly process begins with reconfiguring the quarantined, but perfectly legitimate, necessary drivers and software for the hardware.

    Secondly, if one has an Apache website and wishes to move it or migrate it to a Windows Server without using Internet Information Server [IIS] as the http daemon [web server service], it will fail with Access Denied to the millions of users and customers worldwide that make up your business.

    Third, instead of concentrating on fixing the bad case insensitivity of Microsoft Operating Systems, the teams simply chose to ignore this major problem and go on as if everything were "A OK," and their statements about Windows Migration had some grain of truth in them.  I'd hardly call two months worth of manhours an easy migration, and we're not done yet.  And I've been a Microsoft Partner from the beginning.  Is anyone in Redmund, Washington State listening?  You have serious problems with your 64-bit servers and your proposed Vista.

    One visit to my site will show you exactly what problems are going to come back to haunt Microsoft.

    And lastly, there is no way to report problems to Microsoft.  At least not for a computer design engineer who has vastly more experience than anyone at Microsoft.  This means if someone knows the answer to your problem, they can't tell you quickly and effectively because, in terms of Simon & Garfunkle, you've become an island.

    No, Microsoft, you do not know more than some of us, especially those of us who designed the first 64-bit systems and software and someone at Microsoft would do well to start seeking out the advice and criticisms of those aboriginal engineers while you still have time.

    Someone needs to be weaned off the security addiction so they can be taught how to defend themselves while still leading a productive life, and, a bonafide document on just how this new Execution Bit and the Code Segement Tag Bits are supposed to work, followed by a dissertation on how to get Microsoft to execute necessary programs in spite of itself.

    Terry James
    Design Engineer
    64-bit Architecture.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment