Certified Mail: April 2003

Printer troubles; security tracks; success with FUD; and ethics unveiled

I Can See You
I have a problem connecting Windows 98, Windows 2000 Professional, Win2K Server and Windows XP Professional. Win2K and XP can access Win 98 resources, but Win 98 can’t access Win2K, Server or XP resources. Yet, I can ping them and see those operating systems in Win 98’s Network Neighborhood. Win 98 is running FAT32 and the others have NTFS. Can you help me?
—Dennis Daria, MCP, CCNA
Quezon City, Philippines

You have a peer-to-peer network (no domain) with a mix of Win 98, NT and Win2K machines. When you connect to a share point on an NT or Win2K machine from a Win 98 machine, you’re prompted for a password to IPC$. The prompt for an IPC$ password is the Windows server saying, “You want to create a secure channel using the Inter-Process Communication stub, but you haven't given me any credentials I can validate.” You can solve the problem by creating user accounts on the target machines that have the same name and password as the user account on the Win 98 machine. This permits the Win 98 user to be authenticated transparently.
—Bill Boswell

Printer Migration Blues
I’m having trouble with printer migration. I’ve tried using the print migration tools in Win2K on an NT 4.0 Service Pack 6a cluster to a Win2K SP3 cluster, and the product couldn’t see any printers. Any suggestions? We’re planning to have the night shift add 280 printers manually. This means they’ll also have to compare all the device settings for memory and other variables.
—R.J. Vaughan, MCSE
Tampa, Florida

The Windows 2000 Resource Kit (supplement 1) has a Printer Migrator 2000 tool, Printmig.exe version 2.0, designed to do this sort of work. In addition, printer configurations aren’t migrated to all nodes on the cluster; each node must be updated using the tool. You can learn more here: http://support.microsoft.com/?kbid=315983.
—Bill Boswell

Security Track
Does having the Certified Information Systems Security Professional (CISSP) certification give someone more job opportunities? This is a tough job market, as we all know.
—John Lowe, MCP, Network+, CCNA
Neptune, New Jersey

It’s provided me with respect from some people who value the certification. This may have helped me win some business, but there’s no way to judge. Certainly, it wasn’t the sole factor in any decision. It’s not a panacea, a trophy or a magic bullet.
—Roberta Bragg

What’s your thought on which security certification is most recognized by the general IT industry—the CISSP, the Global Information Assurance Certification (GIAC) or perhaps another? I’m planning to get a security certification in the near future, and I’m trying to decide which to get or—if both are required—which one to get first.
—John E. Fiess, MCSE
Alexandria, Virginia

They’re two different paths. The CISSP is for those with four or more years of experience in information systems security. It’s broad-based and covers everything, but not in depth. It’s not highly technical on covering management issues and so on. The CISSP is well respected in the info sec world. The GIAC has many different exams, mostly all technical. This one is well respected by technical folks. Take a look at sister site Cert-Cities.com for reviews of the exams. That should help direct your decision.
—Roberta Bragg

I’ve just finished the MCSE (six-plus months of school and prior networking knowledge) and am interested in a career involving IT security. Currently, I’m enrolled in the Information Systems program at Kennesaw State University for my bachelor’s degree, and I plan to take the security classes with a computer forensics elective. Is this the best route, or is holding a cert and attaining the Associate of Applied Science degree a better choice?
—John Bradley, MCSA, A+, Network+
Atlanta, Georgia

Only you can make the right decision. I’m very much in favor of education—legitimate education, and as much of it as you can get. I’m also in favor of certification—when it makes sense. And that depends on the industry. Some titles are entry-level recognition of minimal skills. Others are only awarded after demonstrated success in the industry. Sometimes we look at the successful, experienced person with a credential and think that getting the certification was what made that person successful. The industry doesn’t help us when it seizes on that idea as well and rewards titleholders with no experience for more than what they’re worth.

You have experience plus education and now certification. Evaluate what your schooling can bring to the table vs. certification alone. And don’t forget that the market for job seekers isn’t good right now. It’s a good time to acquire new skills via education; but only you know your financial needs and where your heart is taking you.
—Roberta Bragg

Ethics by the Numbers
In February’s “Professionally Speaking” column, Greg Neilson’s comment that the IT profession needs an ethical framework is somewhat confusing. Doesn’t it already exist?

Although the article points out several professional organizations that have established codes for their members, these are organizations of professionals and not the professions themselves. I could complete the necessary college courses and pass the required state/local exams to become an engineer but not necessarily join a professional organization. Am I bound by the code of the organization that the majority in my profession have joined? I doubt it. However, I am subject to contractual obligations and the laws and statutes that govern and regulate the profession I practice.

Steve Crandall mentioned, “Instances of ethics lapses...” by various individuals and businesses as reported in the press in recent years. Were these individuals and businesses violating a “code” that governs their profession? I’m not sure; but they did violate the laws and statutes that govern the business process and individual rights of consumers.

In every certification course I’ve taken, I was reminded of the illegalities of copying/using software not properly licensed. As an IT professional, I have an obligation to provide my customers with the best product or service I can and to provide my employer with the best performance I can offer. I believe this “ethical framework” exists in all IT professionals. Some people in our chosen field need reminders now and then. Perhaps we should form an association for IT professionals so we can remind each other of our ethical framework.
—R. Wayne Kirby, MCSE, MCP+I, CCNA
Lexington Park, Maryland

Thanks for your comments, Wayne. You’re right about the distinction between professions and these professional bodies. Unfortunately, our field is still very young, so we don’t have this type of body in place. Who knows? Maybe sometime in the future when we all need to have a license to practice in IT, we will. The breadth of these ethical codes is often much bigger than respect for copyrights and for us to strive to perform well in our jobs. They include our responsibilities to our profession and society as a whole.
—Greg Neilson

Vertical Limit
In February’s “Editor’s Desk” by Dian Schaffhauser, I really appreciated the comments about people in related industries sharing their IT challenges. I’m a firm believer in networking, and the article does a great job of illustrating that principle: Even though IT people may do the same “job,” we aren’t necessarily competitors.

In the Puget Sound area, I belong to a group of IT professionals that owns small businesses in related IT fields. We meet once a month and focus on our strengths and interests to pass each other referrals. Many of us do the same thing, but the PC people give referrals to the Mac specialists; the early morning people give their evening referrals to the night owls; and the people who live 50 miles from a potential client have seen the wisdom of passing that referral to someone closer to the client, who will return the favor when the time comes. In short, we cooperate with each other, and our businesses grow. Thank you for reminding everyone that there are advantages in cooperation and sharing information.
—Ed Ebel, MCSE, MCSA, MCDBA, Network+
Bellevue, Washington

I work in the oil and gas industry, and we have similar issues regarding IT challenges. Demanding users—such as engineers, geologists and geophysicists—know computers are just tools, so they should be able to do what they want. We had a guy complain to us about not having 1500GB free space for diagrams he wanted to view. The same guy complained to management that we were blocking e-mail attachments (he tried sending a 1.2GB zipped file as an attachment).

I could go on about security rights, printing, connectivity and application compatibility issues, but it all boils down to understanding clients' needs and expectations.
—Greg,
Alberta, Canada

Employers Who Want It All
I’m a systems administrator currently out of work, and I see a lot of strange requirements for jobs. I’ve read ads where the company wants everything from a cable rat to a security manager all in the same person. The employer wants it all and wants it for a low salary. Some of my search engines return the same results using different keywords. I see systems administrator, network administrator and security put into the same hat and sometimes into the same ad. I can perform systems administration well. I do network administration well enough to keep my own private network protected and secure. I can do security well enough for my small private network, but I’m not a certified security expert, and I don’t expect I would be after taking a one-week class. When a prospective employer wants all three of these job descriptions put into one hat (to save costs, of course), you have to wonder what they’re really thinking.
—Gregory C. Ekholm, MCSE
Colorado Springs, Colorado

This is so true. Do they really expect to get that? I think many times it’s a clueless HR person writing the ad—or maybe it’s someone dreaming. Still, no one said you have to say you possess all those things before you apply for the job. Who knows? Maybe they realize they’re shotgunning and actually will like your credentials.
—Roberta Bragg

Licensing 6.0 and FUD
Now wait a second. If, as Em C. Pea writes in her February column, “Of Profit and Pickles,” successfully extorting money from customers is a measurement of success, then we need to re-examine our yardsticks. The “success” of Licensing 6.0 has only encouraged Microsoft to continue its policy of FUD—fear, uncertainty and doubt—when it comes to future availability of software and upgrades. (Do we need to replace our software suites every three years?) Yet Licensing 6.0 is built around this premise and the fear that upgrades aren’t economically available to retail users. People flocked to Licensing 6.0 not because of sound economic reasons, but because they thought that they’d lose their ability to upgrade. Perhaps that success has led to Microsoft’s new tact, recently revealed, that all terminal services connections in Windows Server 2003 will carry a cost through a purchased TSCAL (previously free for Win2K and Win XP clients). There’s nothing like giving away something for free and charging for it later.

I’m a longtime Microsoft supporter, but its recent strategy to extort money from users by any means possible has moved my company and me to open-source solutions. Sure, they’ll cost more to support and implement, but being a proficient technologist, I can handle it. What I can’t handle is capricious and predatory pricing by our friends in Redmond.
—Pete Helgren, MCSE
Salt Lake City, Utah

Auntie’s point was not to comment on the fairness (or otherwise) of Licensing 6.0. I said my piece regarding that months ago. My point was simply that the market has spoken—and according to the market, it was a fair deal. Apparently, people such as you who moved to other vendors were outnumbered by those who decided not to choose that path.
—Em C. Pea

Featured