Errors in the Microsoft Press Books



Errors in "Windows Server 2008 Inside Out" book-ISBN 13: 978-0-7356-2438-2, William Stanek


The "directory" term is used for the file folders all thru the book. Instead of this term "folder" should be used.


Page 3: In the "What!s New in Windows Server 2008" the author should mention about the "Server Core".


Page 6: "Windows Server 2008 Datacenter ...using a minimum of 8 processors..."

Wrong. Windows Server 2008 Datacenter can use minimum 1 processor. This mistake is repeated on page 62 also.


Page 8: "The WOW64 subsystem isolates 32-bit applications from 64-bit applications. This prevents file system and Registry problems."

Wrong. Using 32-bit and 64 bit applications together can't do any harm to file systems or Registry.


Page 40: "WINS: Windows Internet Naming Service."

Wrong. WINS means "Windows Internet Name Service". This mistake is constantly repeated all thru the book in different pages.


Page 42: "From an IT perspective, the fewer employess that have Internet access, the better."

Nonsense. In this age of connected world how dare you suggest to limit the number of people accessing the Internet?


Page 56: "Windows 2000 native mode... which offers additional features."

Additional to what? This part is copy-paste from the author's Windows 2000-2003 book in which he explains the Windows 2000 native mode's additional features over Windows 2000 mixed mode. And in this book there is no mention of the mixed mode.


Page 71: The explanation about Active and System partitions is wrong. The author didn't understand them at all. Same wrong explanation is on page 429.


Page 79: "By using multiple partitions, you can separate operating system files from application data. Not only does this enhance security, it permits the use of services that require installation on nonsystem partitions."

Wrong. Separating the partitions does not enhance the security. And I don't know any service that requires the installation on nonsystem partitions.


Page 97: The discussion about the non-plug and play devices is unnecessary altogether. There is no non-pnp device anymore.


Page 109: " used with computers running versions earlier than Microsoft Windows 2000."

The statement should read as " used primarily with..." It is because post-2000 operating systems also can make use of this service.


Page 111: "Nslookup checks the status of a host or IP address when used with DNS."

This is the siliest explanation about nslookup! Nslookup is only with DNS (not "when used with DNS") and it does not check the status of a host or IP. It only queries the DNS server and gets info from it, like the IP address of a host, host name of an IP etc.


Page 111: "Route manages the routing tables on the system."

How many tables are there? There is only a single routing table.


Page 116: "Domain controllers don't have local users or groups.."

Wrong. They do have local users and groups. Just, they are hidden in normal operation and visible only in the Directory Services Restore Mode.


Page 130: "Documents (folder) stores your word processing documents."

Wrong. It also stores spreadsheet files, powerpoint files, etc.


Page 161: "Active Directory Domain and Trusts"

It should read as "Active Directory Domains and Trusts"


Page 217: "For a USB or FireWire device, simply insert the device..., restart the computer, and then let Windows Server 2008 automatically detect the new device."

Wrong. There is no need to restart. Windows detect USB devices whenever they are plugged in. And, remember it a Server; you shouldn't restart it for a new device.


Page 220: In the Note section the author should also tell the yellow exclamation mark for a device.


Page 241: The discussion about the ISA devices is completely unnecessary. There is no ISA device you can find around in a server environment.


Page 252: "HKLM: Stores all the settings that pertain to the hardware currently installed on the machine."

Wrong. HKML is the Registry itself; the other main trees are just shortcuts to some locations under HKLM. So, it stores EVERY configuration info, software as well as hardware.


Page 257: "Services contains a subkey for each service installed on the systems."

It contains also info about every driver. Windows treats services and drivers the same.


Page 268: Exporting whole of the registry to a reg file and importing it does not work in NT-based, secure operating systems. It can't be a method of backing up the Registry.


Page 273: "Maintaining the Registry" title is completely unnecessary and useless.


Page 277: Recommandation about preventing the use of regedit.exe using the NTFS permissions is completely unnecessary and useless. Instead, the author should mention about the GPO settings to prohibit the use of Registry editing tools.


Page 282: "This includes Directory Replicator service.."

Directory Replication was an NT stuff. There is no place for it in windows 2008.


Page 307: "This means no paging file is configured, and it will drastically reduce the server's performance."

Wrong. It can't reduce the performance at all.


Page 308: " must understand is the distinction between an application, an image name and a process".

Wrong. Image name and the process are the same thing.


Page 309: "No single command-line tool performs all the same functions as Task Manager. The closest tools ..are get-process and get-service cmdlets."

There is also Tasklist.exe and tskill.exe. The author shouldn't skip these tools.


Page 310: "Because get-process is text will use fewer system resources than Task Manager"

Wrong. You couldn't get any noticeable performance difference when you use get-process. It is Linux supporters’ claim that command-prompt operations are better from the performance view-point. And it is baseless. The same claim is repeated on page 338 also.


Page 326: “Right-clicking the session and choosing Disconnect forcibly end a user’s session.”

Wrong. Disconnect does not end it up; it just disconnects the user but user’s session is not affected.


Page 327-328: All the log size units must be KB, not MB.


Page 341: What is Winrm listener? The author should explain this.


Page 348: “Performance object: Database-ŕ monitors performance for instances of the embedded database management system used by Windows Server 2008”

What is this? Is there any such thing?


Page 356: “The server cannot perform at its optimal level when you install the recommended amount of memory either.”

Just  funny!


Page 435: “The first three volumes on a basic drive are created automatically as primary partitions.”

Wrong. There is no automatic decision. The administrator chooses the partition type.


Page 456: “Before you move a system disk from one computer to another, you must ensure that the computers have identically configured hard disk subsystems. If they don’t, the Plug and Play ID on the system disk from the original computer won’t match what the new computer is expecting.”

Wrong. There is no such restriction.


Page 459: “upgrade Disk 0 to a dynamic disk and then upgrade Disk 1...”

Disks can be upgraded to dynamic all at once.


Page 463: “During the creation of the mirror...”

The title of the subject is RAID 5 and author explains how to create one.


Page 467: “Windows Vista and Windows Server 2008 include the Encrypting File System (EFS)...”

Windows 2000, XP, and 2003 also include EFS.


Page 467: “Although EFS offers excellent protection for your data, it does not safeguard the computer from attack by someone who has direct physical access.”

Nonsense! All the purpose of EFS has allways been protecting the data from physical tampering. Difference lies in the fact that with BitLocker, we can encrypt the whole drive instead of specified folders.


Page 477: “For example, a user could use a boot disk to boot the computer and reset the administrator password.”

But resetting the password destroys the EFS keys, so the intruder cannot access the encrypted files in that case also. The author didn’t understand the situation.


Page 499: “For FAT, for example, the first cluster used by the file has a pointer to the second cluster, and the second cluster has a pointer to the next, and so on.”

Wrong. The pointers are not in the clusters, they are in the File Allocation Table’s entries.


Page 500: “Root directory table, which defines the starting cluster of each file in the file system.”

Wrong. Root directory table only defines the files in the root directory of a volume. It does not contain any information about files in the other directories, or subdirectories of the root directory. Similar mistake is repeated on page 535.


Page 500: “FAT features: You can use Windows files sharing but have limited control over remote access to files and folders.”

Wrong. Share permissions have ultimate limitations on remote access to files. We have limited or no control over the local access to files and folders in FAT.


Page 501: “Table 16.2: Supports network file and folder sharing”  

What is network file and folder sharing?


Page 506: Figure 16-3 is so bad that I couldn’t understand very much.


Page 520: “Windows Server 2008 uses Self-Healing NTFS”

Wrong. Self-healing NTFS is not a new technology.


Page 521: “...and they remain compressed even if you later move them to an uncompressed folder on an NTFS volume.”

Partially true. If you move it to a folder on the same volume, it remains compressed but if you move it to other volumes, they inherit the compression attribute of the folder.


Page 525: “Using disk quotas, you can monitor and control the amount of disk space people who access the network can use”

Disk quotas are not limited to network access. They are functional when you access files locally.



Page 547: “You can enable standard file sharing only on disks formatted with NTFS.”

Wrong. Folders on FAT formatted volumes also can be shared.


Page 550: “ might want to share this drive...”

The sentence should read as “you might want to share this folder...”


Page 554: “All drives, including CD/DVD ROM drives have a special share to the root of the drive.” 

Wrong. In fact it is a murder to say so. CD/DVD ROM drives do not have hidden administrative shares.


Page 554: The author should tell also about removing administrative shares using Registry editing.


Page 561: “Granting read access instead of Full Control by default is an important security change for Windows Server 2008.”

The author is surely joking. In Windows 2003 also the default share permission is Read.


Page 565: “...but the user should have only Change permissions, configure the share to deny Full Control to that user”

Wrong. After you deny full control to a user, that user cannot access this share at all.


Page 592: “After you configure shadow copying, you must install a client on computers throughout the organization.”

Wrong. Previous version client program is necessary for XP and Windows 2000.


Page 608: “Windows Server 2008 allows two active administrative sessions. This change from previous configurations allows: 1. One administrator to be logged on locally and another administrator to be logged on remotely.2. Or two administrators to be logged on remotely.”

Wrong. The information is completely wrong. Windows 2008 allows 3 simultaneous sessions in this configuration: One local and up to two remote sessions. And this is valid for 2000 and 2003 also.


Page 610: “The Remote Desktop Users group has been added to Windows Server 2008 Active Directory.”

Wrong. Remote Desktop Users group is not new to 2008; it has been in XP and 2003 also.


Page 627: “TCP/IP is a protocol suite consisting of Transmission Control Protocol (TCP) and Internet Protocol (IP).”

Wrong. TCP/IP consists of more than 200 protocols. TCP and IP are just the most famous ones.


Page 628: “public Internet..”

What is public Internet? Is there any not-public Internet? This term is repeated all thru the book.


Page 634: “Class E addresses begin with a number between 240 and 247.”

Wrong.The number is between 240-255.


Page 637: “The broadcast address is obtained by setting all the network or host bits in the Ipv4 address to 1 as appropriate for the broadcast type.”


Wrong. Broadcast address is obtained by setting the host bits to 1, not network bits.



Page 652: The author skips HOSTS, LMHOSTS, and broadcast methods when he mentions the name resolution mechanisms.


Page 653: A domain name identifies a network in DNS.

Wrong. Doman names are logical identities and they have nothing to do with the networks.


Page 654:” WINS works best in client-server environments where WINS clients send queries”

The author didn’t understand the WINS at all. He confuses WINS with NetBIOS. WINS always works in client-server environments; there is a WINS server and there are WINS clients.


Page 655: “Although WINS can provide both client-server and peer-to-peer name-resolution services..”

Wrong. Because of his confusion the author says WINS provides peer-to-peer name-resolution. No, it can’t provide peer-to-peer name-resolution service.


Page 657: “Windows Server 2008 uses TCP/IP as the default wide area network protocol”

Nonsense. It also uses TCP/IP as the LAN protocol; in fact no other protocol is installed for LAN or WAN.


Page 661: “To perform most TCP/IP configuration tasks, you must be a member of the Administrators group.”

The author should also mention about the “Network Configuration Users” group.


Page 667: “This lets users work with host names, such as, or”

Wrong. or are URLs (Uniform Resource Locator), not host names.


Page 667: “...configure DNS specifically for an individual user or system...”

Wrong. It is not possible to specifiy DNS address for users; it is a system wide parameter, valid for all users. A similar mistake is for WINS on page 669.


Page 668: “... supported only by BIND 5.1..”

Wrong. It should be BIND 8.2.1


Page 678: The author skips Route add, Route print and the other Route commands.


Page 679: “On computers running Windows XP or later, IPSec is configured using Windows Firewall with Advanced Security.”

Wrong. IPSec is configured using “IP Security Policy Management” snap-in.


Page 679: The last paragraph is completely wrong because the computers do not retain their former DHCP configuration. They always get new TCP/IP info when they are booted.


Page 682: The note section is completely nonsense.


Page 689: The author didn’t understand the reason why the Windows servers are authorised to operate as DHCP servers. The author cannot explain it. The reason for the authorization is that:The authorised DHCP servers stop when they recognize that some other unauthorised servers are distributing IPs and records the situation in their logs. So, the administrator can clearly understand the rogue DHCP servers.


Page 691: “Typically, the messages sent by DHCP clients and servers are limited by the logical boundaries of the network.”

Wrong. They are limited by the physical boundaries.


Page 692: The last paragraphs explaining the DHCP packets is unnecessary.


Page 702: The explanation of Superscope is completely wrong. The aim of the superscopes is to provide more than one scope to the same physical network. Without superscopes, ýt wouldn’t be possible to deliver IP addresses from different subnets to a single physical network.


Page 713: The author fails to explain the main reason for the IP reservation. He says it is a way to assign a permanent lease to a client. Rather, it is there to show the clients with static IP addresses. Reservations are generally created to display these clients, not to give permanent IP addresses to them.


Page 734: “If a computer is assigned the same unicast IP address as another, one or both of the computers might be disconnected from the netwok.”

Wrong. Only the latter one, that caused the conflict, will be disconnected.


Page 743: “Reverse lookups are primarily used by computers to find out who is contacting them so that they can communicate  directly using an IP address rather than a host name. This can speed up communications in some cases because name queries aren’t necessary.”

Wrong. Reverse lookup allways slows down the communications. Second, the aim of the reverse lookup is to verify the identity of the remote computer, not directly communicate with it.


Page 749: “SRV records are created in the forest root zone.”

Wrong. SRV records are created for the subdomain zones and tree zones in a forest also. All domains have SRV records associated with them, under their zones in DNS.


Page 759: “Using secure dynamic updates allows you to put security mechanisms in place to ensure that only a client that created a record can update a record.”

Wrong. Main reason for the secure updates is to allow computers that have computer records in Active Directory to update their records dynamically and to prevent the unknown computers from adding their records to a zone.


Page 767: “On a domain with Active Directory, DNS is required to install the first domain controller.”

Wrong. DNS is not required for the first DC. You can just install DNS after the first DC.


Page 771: “DNS setup:...This is telling you to create a scope so that the clients can get IP addresses dynamically assigned by this server.”

Funny! This sentence is direct copy from DHCP section! No place for it in here.


Page 788: The author fails to explain the reason of the subdomain delegation (“preventing overburdening a DNS server”). The reason is just to partition the management of the DNS system.


Page 791: “Active Directory zone transfers...”

The replication of zone information cannot be called as zone transfer. Because in the AD integrated zones, there is no primary zone-secondary zone distinction.


Page 797: “DNS round-robin: As requests come in, DNS will respond in a fixed circular fashion with an IP address.”

Wrong. DNS server gives the client all the IP addresses but in an order so that second client receives the IP addresses in an order different than the first one.


Page 798: “A blank entry specifies that the mail exchanger name is the same as the parent domain name.”

Wrong. A blank entry for the “host or child domain name” field indicates that the server is responsible for the parent domain, not for a child domain under the parent domain.


Page 800: “When you make changes manually to records in standard zones, you must update the serial number in related zone or zones to show that changes have been made.”

Wrong. There is no need to update the serial number; it is updated (incremented by one) each time you make a change.


Page 802: The author fails to explain how to set priority and weight values for a DC using registry editing tools.


Page 809: “...ipconfig /registerdns. This works only for dynamic updates.”

Wrong!!! This command works for all clients, whether they are dynamically or statistically configured.


Page 813: “Like DNS clients, DNS servers have a resolver cache. The cache on servers is for query responses to lookups the server has performed either on behalf of clients or for its own name resolution purposes.”

Wrong. The DNS server cannot make use of the content of its own resolver cache when it replies to its cilents. DNS server service is not even aware of the machines’s resolver cache.


Page 813: “Rather than trying to navigate multiple tabs and dialog boxes to find the configuration details, you can use Dnscmd to help you out.”

Nonsense! It is unbeliavable to suggest such a thing to the Windows admins. GUI is always easier than command prompt equivalents.


Page 824: “The NetBIOS scope is a hidden 16th character (suffix) for the NetBIOS names.

Wrong. It is unbeliavable to hear such a thing. 16th character in a NetBIOS name shows the NetBIOS service on th client. NetBIOS scope is a very different beast.


Page 824: “..on page 717 details on setting teh NetBIOS scope for computers...”

There is no info about it on page 717.


Page 844: The diagram and explanation of the printing process is unnecessarily detailed and useless. I think the author has been using this diagram from the NT times. Not a good stuff!


Page 855: “To set up a local printer, you’ll need to use an account that is a member of the Adminstrators or Print Operators group.”

Wrong. In Vista and 2008, ordinary users can set up a local printer as long as the driver is signed.


Page 860: “All printers configured for sharing on Windows server 2008 systems are automatically listed in Active Directory.”

Wrong. In Windows 2008, the shared printers are not automatically listed in Active Directory. The same mistake is repeated on page 895.


Page 860: “You can set up a network-attached printer using an account that is a member of the Administrators or Print Operators group.”

Wrong. In Vista and 2008, ordinary users can set up network attached printers as long as the driver is signed.


Page 881: “Authenticated Users are given Read & Execute permissions so that an authenticated user can access the spool folder and create files and folders.”

Wrong. Read & Execute permissions does no t give file/folder creation rights.


Page 903: The explanation for Sysprtj.sep is wrong. It is sysprint.sep for Japanese.


Page 904: Separator page variables table is completely unnecessary and useless.


Page 981: “When you install Terminal Services, the properties pages of users are updated to include two additional tabs: Remote Control and Terminal Services Profile.”

But there are Environment and Sessions tabs also, which governs additional settings for TS.


Page 981: “If you want to ensure that permission is required to view or interact with a user’s account...”

Wrong. Instead of “user’s account”, “user’s session” term should be used.


Page 988: In the figure 29-1, just below the Win32 application box, there should be “Win32 subsystem” box, not “win32 appliaction” box again.


Page 990: In figure 29-3, “Net Logon” box should be dimmed instead of “LSA Server” box. On a computer which is not a part of a domain, Net logon service is not used.


Page 999: “you need special access permissions and priveleges to work directly with schema.”

The author fails to explain which permissions or priveleges are required.


Page 1002: “A domain that trusts another domain is referred to as a trusted domain.”

Wrong as well as funny. The sentence should read as “a domain that is trusted by another domain is referred to as a trusted domain.”


Page 1002: “Enterprise administrators can manage and grant access to resources in any domain in the Active Directory forest.”

Wrong. Enterprise Admins group is a member of Administrators group in each domain in a forest, so they can manage and grant access to resources only on the DCs, not the ones on the members.


Page 1003: “External trusts are manually configured and are always nontransitive.”

Wrong. Forest trusts are also external trusts but they are transitive.


Page 1035: The author skips the role of DNS in the trusts. The DCs in the domains must access the information about the DCs in the other domain. Remote domain info can be transferred to the domain’s DNS server as a secondary zone, or conditional forwarding can be configured in the DNS servers, or, simply, assign a second DNS server IP address as to be the remote domain’s DNS server.


Page 1047: The author skips the normal transfer of the FSMO roles, that is, when you just demote a DC, the FSMO roles on it are automatically transferred to the other suitable DCs.


Page 1050: The author skips an important function of the PDC Emulator; PDC Emulator is responsible from the time synchronization in the domain. It is a very important function, more than the explained functions.


Page 1052: “After seizing operations master role, you may need to remove the related data from Active Directory.”

Wrong. There is no related data that should be removed after a FSMO role is seized.


Page 1059: “...servers within a domain should all be configured with the same language.”

Nonsense and not applicable.


Page 1060: “using multiple domains sometimes makes sense particularly if your organization has multiple business locations.”

Wrong. For business locations we have a structure, sites.


Page 1063: “An inetOrgPerson object is used to represent user accounts that have been migrated from other directory services.”

Wrong. InetOrgPerson object is there for the LDAP compatibility. InetOrgPerson object is defined in RFC 2798 and it is “user” object in LDAP. Because Microsoft didn’t call the object InetOrgPerson, it caused some compatibility problems so it was added as an add-on to Windows 2000, and then natively supported in Windows 2003.


Page 1079: Figure 32-3 and the explanation of it is completely useless and unnecessary.


Page 1081: Figure 32-4 and the explanation of it is completely useless and unnecessary.


Page 1082: “Domain Name Referral Cache contains the host names and fully qualified names of the local domain...”

Wrong. Host name is used only for the computers not for the domains.


Page 1084: In the table 32-1, SMTP port should also be listed.


Page 1085: “Active Directory’s multimaster replication model is designed to ensure that there is no single point of failure.”

Wrong. The main reason for the multimaster model is not fault tolerance; it can be acheived without multimaster model also, as in the NT domains. The main advantage of the multimaster model is to allow the updates to directory on any DC.


Page 1090: “Thus, intersite replication is really concerned with getting changes from one site to another across a site link.”

It is an unnecessary sentence.


Site discussion stop on page 1106 and then continues again on page 1283, Chapter 37. Why?


Page 1108: “The hardware you choose for the domain controllers should be as robust as the hardware for your database servers.”

Wrong. There has never been such a requirement for DCs. Database servers have allways been the most expensive and robust ones. You cannot expect the DCs to be as expensive and as robust. It is a very bad advice.


Page 1112: “Any server running Windows Server 2008 can act as a domain controller.”

Wrong. Web server edition cannot act as a domain controller.


Page 1113: There are two contradictory sentences about the DC installation:

  1. “It is not necessary for the server to be a member of the domain, as you will be given the opportunity to join the domain controller to the domain if necessary.”
  2. “As you are installing an additional domain controller, the server should already be a member of the domain.”


Page 1122: “ typically want to create secondary zones for all existing domains...”

Wrong. When you create additional domains in a forest, there is no need to create secondary zones. It was the requirement of the Windows 2000 domains, and the author seems he didn’t update his knowledge.


Page 1143: “If an application tries to use a serverless bind operation to write to an RDC...”

What is a serverless bind operation?


Page 1144: “Kerberos Target (krbgt) accounts”

Wrong. It is Kerberos Ticket Granting.”


Page 1145: “ Ticket-Granting Target...”

Wrong. It is Ticket Granting Ticket.


Page 1155: “This special password is used only in Restore mode and is different from the Administrator password.”

Wrong. It is the Administrator’s password. But it is the local Administrator password. The local administrator is in the local user database of DCs and this database is normally hidden.


Page 1173: “If you want to validate every ticket session...”

Wrong. It is session ticket.



Page 1174: “4. ...that is a member of Schema Admins.”

Wrong. The account must be a member of the Enterprise Admins, not Schema Admins.


Page 1181: Allow logon locally right is granted to “users” group, practically everyone,  on machines which are not DCs. And, groups for “Allow logon Through terminal Services” right is listed as None. It is not none. This right is granted to Administrators and Remote Desktop Users group, by default.


Page 1184: “As a member of the Account Operators, Enterprise Admins, or Domain Admin group, you can use AD Users and Computers...”

In addition to these groups, members of the Administrators group in Active Directory also can create users, etc. using AD Users and Computers console. This note is valid for Page 1225, 1226, 1282 also.


Page 1186: Inside Out title must be “Creating User Accounts at the command line”


Page 1188: “For example, adding Exchange mail services will add multiple property sheets..”

Wrong. Exchange 2007, the current mail server version, does not add property sheets.


Page 1193: Screen shot displays a wrong address format for the Logon Script field. This address should not include the UNC addresses. This mistake is repeated on page 1194.


Page 1193: “Profile path: Profiles provide the environment settings for users.”

Wrong. Profile path stores the roaming user profile path for the user.


Page 1194: “Also, you shouldn’t use logon scripts to specify applications that should run a startup. You should set startup applications by placing the appropriate shortcuts in the user’s startup folder.”

Wrong. Also it is the dumbest thing I’ve ever heard. The whole reason for the logon script is to specify the startup programs for the users.


Page 1195: “..clear the Unlock Account check box.”

Wrong. Just the opposite. Check this box to unlock a locked account.


Page 1196: “ storing the information on domain controllers...”

Wrong. Roaming user profile information can be stored on any server, not only on DCs.


Page 1198: “For mandatory user profiles, the shares ... should have permissions set to read-only.”

Wrong. It is not necessary to set the permissions to read-only.


Page 1198: “5. Save a local profile to the %SystemDrive%\Documents and Settings...”

Wrong. In Vista and 2008, the profile must be saved to %SystemDrive%\users... folder.


Page 1200: Configuring Roaming User Profiles: The path can be local path on the user’s computer...”

Wrong. The roaming user profile cannot be on the local user’s computer. It must be on a share.


Page 1200: “Uniform Naming Convention (UNC)”

Wrong. UNC means Universal Naming Convention.


Page 1203: “Using folder Redirection: This data is synchronized between the network storage site and local copies in the background.”

Wrong. In the folder redirection, files are stored only in the remote place and they are not sychronized back to local disks.


Page 1211: In the Moving User Accounts section, the author should mention about the drag and drop functionality also.


Page 1224: “Moving or renaming groups can alter the effective permissions of users and groups in unpredictable ways.”

Nonsense! The permissions are assigned according to the SIDs of users and groups. The names are not important for the permissions.


Page 1247: “Password policy-determines the default password policies for domain controllers...”

Wrong. Password policy determines password policies for users not domain controllers.


Page 1282: dcgpofix /target:domain

Why the “domain” is in italic?


Page 1297: The Inside Out section, titled “Intersite transport options” is useless.


Page 1301: Articles 1 and 4 explanations must be just the opposite.


Page 1303:The author should also mention about  Replmon command.


Page 1336: “FTP over TCP/IP, HTTP over TCP/IP, HTTPS over TCP/IP,etc...”

Is there any FTP or HTTP or whatever protocol mentioned here, that is not over TCP/IP? “over TCP/IP” term is used for mechanisms that have more than one alternatives. For example, RPC mechanism can be used over any protocol, so whenever we use it over HTTP we specify that as “RPC over HTTP”. But FTP or HTTP or SMTP, etc. can be only over TCP/IP.


Page 1347: In Figure 39-12, “Cluster” statement must be replaced by “Shared Storage”.


Page 1377: “...your backup data is available and that you can logon with an account that has the appropriate permissions.”

Wrong. To do a CompletePC Restore you are not asked to logon.


Page 1407: “If you are prompted to provide your logon credentials, enter the user name and password for an account with owner or co-owner permission...”

Wrong. Read permission is enough.


Page 1415: “To clean up references to the failed domain controller in the Active Directory, you are going to need to use ntdsutil.”

Wrong. These references can be cleared up by using GUI tools, such as ADSIEdit.msc, AD Users and Computers, AD Sites and Services.


Page 1417: “Last Known Good Configuration: Starts the computer in Safe Mode...”

Wrong. This mode start the system normally with the last working configuration.






Errors in the "Windows Vista Inside Out" , ISBN-13 : 978-0-7356-2270-8

Page 33: In addition, the drive on which is currently installed must be formatted as NTFS and not FAT32.

There is no such “must”. You can only say “should”. This point is clear in the article


Page 33: Table 2-2 says that Windows XP Home can be upgraded to Vista Business. It shouldn’t be upgraded to Business.


Page 39: Windows Boot Manager program, bootmgr.exe

The name of the files just “bootmgr” not “bootmgr.exe”


Page 39: Windows NT-style legacy OS loader (Ntldr.exe)..

The name of the file is just “ntldr”, not “ntldr.exe”. The same error is repeated on page 42.


Page 42: Each time you install a version of Windows, it rewrites the MBR…

Wrong! New OS writes the name of its loader to the PBR, not MBR.


Page 47: Because the activation mechanism assumes (mistakenly) that you’ve tried to install you copy of Windows on a second computer, internet activation will not work.

Wrong! In such cases the OS will be activated 5 times over the Internet.


Page 66: Figure 2-15 …but most involve esoteric networking options..

I think “egzotic” will be a more suitable word in the sentence.


Page 84: For the explanation of the screen savers, the authors should mention the Security also besided the “fun” factor (security in sense of password protection the computer”.

Page 146: Runas command down not work with MMC shortcuts.

Wrong! It does Work!


Page 250: …commonly used envrionment variable, %UserProfile%

The variable is “userprofile”. %userprofile” is not the variable but, variable’s data. Similar errors are repeated for the other variables also throughout the book (for example, on page 252, “variable %appdata% ”).


Page 298: Many servers (SMTP servers) require that you log on to the POP3 server first before being allowed to send messages.

Wrong! There is not an SMTP server over there that requires the POP3 authentication first. The authors are misled because most of the times we use the same info we entered for  the POP3 server to log on to the SMTP server. But these are two different animals. In fact, SMTP server is not aware  that there is a POP3 server on the same computer.


Page 331: With Remote Desktop Connection, the target computer must be on the same network and it cannot be behind a NAT router.

Wrong! We frequently create virtual server definitions on NAT devices (or NAT software) which allow certain traffic (for example, TCp/3389 RDP traffic) to pass thru NAT and to be directed to the specified computer. It is not rare. You should mention about this.


Page 342:  Remote Assistance uses a dynamic port assignment.

What? Doesn’t it use the normal RDP port, TCP/3389?


Page 344: The last two items in the guidelines are not practical (Reduce the visual complexity..,turn off desktop animations..). When I try to connect to an end-user’s computer how can I follow these principles or how can an end-user do these?


Page 366: Network protocol: The type of traffic, such as Internet protocol (IP)

Wrong example! In the packet filtering you will not fitler IP, because all the traffic is IP. You shoul give higher level protocols, like POP3 or SMTP etc.


Page 367: … transport protocols other than TCP or UDP…

Wrong! There are no other transport layer protocols. Only TCP and UDP exist there.


Page 381: Windows Server “Longhorn”…

It is Windows Server 2008 now.


Page 381: Viruses can infect …boot sector and partition table.

Wrong! The viruses infect files that are executable. In the Master boot Sector (MBR) of a hard disk there is a small program, so viruses can infect this program (infect MBR) but there is no executable file in PBR, so no virus can infect it.


Page 398: 5. Restart your computer.

You should also say “from the command prompt, issue the GPUPDATE command”. It does the same thing without restarting.


Page 409: If a SID on a Security tab doesn’t change to a name, it is because it’s a SID for an account that has been deleted.

If we have a multiboot system, those SIDs that don’t change to names may belong to the other OS’s users.


Page 413: Domain-based accounts and groups are also known as global accounts and global groups.

Wrong! In a domain there are domain local and universal groups also. Global groups are special groups whose scope is different than the domain local groups and universal groups. So, your definition is a very confusing one. You could go ahead without it.


Page 419: You can delete any account except one that is currently logged on.

Wrong! You can delete the currently logged on user, even your own account.


Page 448: …with a shared transport layer and framing layer.

What is “framing layer”?


Page 456: Transfer the configuration settings to the wireless Access point…

I don’t know any Access Point which we can transfer configuration settings. A similar and equally nonsense thing is told again on Page 461: Remove the UFD from your computer and plug it into the router.


Page 472: This class of hardware typically uses network address translation (NAT) to assign private IP addresses..

Wrong! What assigns the IP addresses to the computer is not the NAT machanism but DHCP protocol.


Page 474: leave the default gateway field blank when configuring network settings.

Wrong! The computers that are to be connected to ICS must nýt leave this field blank. To this field, they must write the IP address of the ICS’s internal adapter’s IP address. Or, best, the computers must obtain IP addresses automatically; ICS automatically assings all the info (including the default gateway parameter) to the other computers.


Page 495: With Simple File Sharing you can share only folders, not files.

But it is true also with other files sharing (not the simple one). Only folders and volumes can be shared.


Page 496: ..if you have a mixed network…it’s essential for enabling computers on the network to see each other.

Not so essential. They could browse eact other easily when they open the other Workgroups.


Page 502: Confusingly when you share…. Vista creates a network share for the Users folder-not fort he folder you shared.

Wrong! When I shared c:\users\murat folder only that folder was shared not the Users folder.


Page 510: C$, D$,E$: …allows…to the root folder of a hard drive.

Wrong! Allows to the root folder of a volume (or a partition) on a hard disk.


Page 510: Print$: is used for remote administration of printers.

Rather, it is used for downloading the printer driver from that computer.


Page 519: But if you have trouble with complex print jobs being interrupted by pages from another documnet, select Start Printing After Last Page is Spooled.

Wrong! The printing of the document is not interrupted by the other documents even if they are higher in priority than the current one.


Page 540: .. to clear the DNS cache: ipconfig /flushdns.

Or, the user may repair the network connection; reparing does many things including the flush of the DNS cache.


Page 559: ..when the CD drive is set for analog playback.

Analog playback of CDs? What is it?



Page 703: …or S-Video connecters.

S-Video connectors.


Page 719: Only two switches are avaliable fort his version ; /p, /r.

Wrong! Vista Recovery environment does not have this restriction. On the contrary, there are no /p switch in it fort he chkdsk command.


Page 720: …ISO image files, and virtual hard disks.

ISO images and virtual machine hard disk files. There is no such thing as “virtual har disk”.


Page 724: 7. ..choose the Paging File option and then click set.

Set to what?


Page 741: You end the backup chapter abruptly. You didn’t mention about the restorrin of the CompletePC Backup for example.


Page 750: a fragmented har disk, in which files are stored in discontiguous sectors.

Not sectors, it should be “clusters”.


Page 811: For unmountable boot volume stop error you should also offer theuse of the  chkdsk command. In my experiences, this command resolved many such problems.


Page 817: Every time you successfully start Windows in normal mode, the OS makes a record of all currently installed drivers….

Wrong! Not when it is started. It is made when a user successfully logged on.


Page 824: You can use… local hard drive or on a set of CDs and DVDs.

Or on external hard disks also.


Page 826: diagnostic utilities and start and stop services (with Net start and Net Stop).

Wrong! You can’t do that. Because, when you are in the Recovery Environment, no service is running.


Page 831: If you specify a logon account othe rthan the Local system account, be sure that account has the requisite rights….

No, it is not necessary to be sure about it. When you specify such an account, Windows automatically grants the necessary rights.


Page 843: descriptions of the first two service are the same. They should be corrected.


Page 851: You should also mention about the SC command to stop, to start services. Net stop-start commands are old commands, SC command is the next generation command.


Page 865: Vista does not provide a registry monitoring tool.

Wrong! We can audit the Registry changes.


Page 919: The fourth is created as an extended partition.

Wrong. The fourth partition also can be created as a primary partition. It is not necessary to create an extended partition.


Page 923: When the advantages of the NTFS are told you should also mention about the shrinkability.


Page 924: Inside out section about the alignment of the clusters is completely nonsense.


Page 941: Windows Recovery Environment’s fixmbr command…

There is no “fixmbr” command in the Vista’a Recovery Environment. It was in the Recovery Console of the 2000, XP and 2003.


Page 959: Effective permissions for NTFS is not new to Vista. It existed and stil exits in Windows 2003 also, four years before the launch of the Vista.


Page 963: As the owner, you can allow the other user to take ownership of the object.

We can also directly assign the ownership to other users. This point is neglected on the page 964 also.


Page 981: schtasks command, a replacement for the venerable At command..

AT command stil exists in Vista. Schtasks command came in addition to it, not instead of it.


Page 985: 4. In advanced settings select Hide Extensions …

No, do not select, just clear it.


Page 998: CDIR notation specifies the number of bits in the subnet mask.

No, it doesn’t. It specifies the number of “1”s in the subnet mask.


Page 1000: Dst-ip: Destination IP; IP address of your computer.

Why the address of our computer? It can be any IP address that is specified in the destination IP address of the packet, that’s all.


Page 1008: Allow logon locally and deny logon locally rights can not be at the same time assigned by default.


Page 1009: No events are written to the Security log until you enable auditing.

Wrong! There are many things that are audited by default (for example, logoff-logon activities).


Page 1029: …to see two directories in side-by-side Windows.

Instead of directory folder term should be used. (on page 1041 also).


Page 1065: page 11xx

Page 437.


Page 1071: System Control Panel..

It is System applet in Control Panel.





The errors in "Configuring Windows Vista Client", ISBN-10: 0-7356-2390-2

Page 298: If information is being passed to another device within a subnet, the datagram is sent to the appropriate internal IP address. If the datagram is sent to a destination that is not on the local subnet, IP examines the destination address, compares it to a route table and decides what action to take.

Wrong! Examination of the routing table is always done whether the packet is destined to the local subnet or external network. In fact, the presence of such a local subnet can only be understood thru the routing table. Second error is the use of the “datagram” term. The authors keep using this term instead of “packet”. But, terminology is not like this. Terminology goes like this: UDP “datagrams”, TCP “segments”, IP “packets”. Only the UDP information should be called as “datagram”.


Page 304: UDP can be used for browsing, e-mail, and video streaming.

The authors used “browsing” for Web browsing throughout the book. If this is the case, the sentence is wrong because Web browsing (http protocol) uses TCP, not UDP. But, if the intended browsing is Computer Browsing (that is listing the computers in the My Network Places then the sentence is true; Computer Browsing mechanism uses UDP. In any case, there is  a confusion here. In addition to that, e-mail appllications and protocols NEVER use UDP. For example, POP3 protocol uses TCP, SMTP protocol uses TCP.


Page 305: The description of the Domain Name System (in the book it is incorrectly defined as “Domain Name Service” is to much confusing. It is not clear, vague and partially wrong. Take this sentence: DNS provides a connection-specific DNS suffix for e-mail addresses. What is this? Is DNS about just e-mail? Nonsense.


Page 310: If you need to resolve a computer name on your internal network to an IP address (for example, if you entered ping Glasgow in the command prompt window), then the DNS service on your WAP or ICS computer provides the IPv4 address that corresponds to the computer name. If, on the other hand you needed to resolve an FQDN on the Internet then the FQDN is resolved over the Internet.

Completely wrong! First, there is no DNS service on WAP or ICS. They can be called as DNS Proxies only. They accept the DNS queries from the clients and connect to the DNS servers on the Internet, receive the answers and send the answers back to the clients. And local name-to-IP address resolution can not be done thru WAP or ICS because there is no name database on these devices. So, these names are resolved to IP address using the internal DNS servers or NetBIOS broadcasts.


Page 314: might need to change their TCP/IP settings, typically rebooting.

Wrong! It is not necessary to reboot. The changes immediately take place. If not, repairing the connection or disabling-enabling the adapter refreshes the configuration. There is no need to reboot.


Page 338: you can test that DNS is working internally on your network by pinging your computer name-for example ping Glasgow.

Wrong! Pinging the name of the machine we currently use does not show that DNS is working. You can ALWAYS ping your computer whether the DNS is available or not. The reason for that is when the computer tries to resolve the name, the first thing it does it to compare it to its own address. If there is a match then it ping local loopback address. Pinging the host names of the computers on the same subnet does not help either. Because even if there is no DNS server available, using the NetBIOS broadcasts, these names can be resolved easily.


Page 341: If you want to reconfigure IP settings on a Workstation you can reboot it.

Wrong again! There is no need to reboot.


Page 344: If you do not secure your wireless network, a thief no longer needs to break into your home. He or she can sit in an automobile outside your front gate… steal your passwords, and empty your bank account.

Wrong! If the wireless network is not secures, the intruders get into our network but after that what can be done is strictly limited. For example, when we make some transactions using the Bank’s Web site, the communication is encrypted using 128-bit SSL. 128-bit SSL connections are close to impossible to decipher. All the intruder can see is some scrambled data. He/she can not have Access to our computers also because they do not know our passwords either.  If our passwords are left blank, even in this case, the intruder can do nothing because XP, 2003, and Vista do not allow connections using blank passwords.


Page 345: Enable MAC address filtering.

Useless! Because the MAC address is can be easily (without any third-party program) changed.


Page 345: Disable SSID broadcast.



Page 346: Consider assigning static IP addresses to wireless devices.



Page 620: However, one situation in which it is a good idea to encrypt files is after you have copied them to CD-R, CD-RW, or DVD..

Wrong! You cannot encrypt files on CD-Rs, CD-RWs or DVDs.  The files system on these media is not NTFS.


The errors in "Microsoft Exchange Server 2007", ISBN-13: 978-0-7356-2586-0

Page 13: “Microsoft Exchange Transport” service is listed twice, with different descriptions.
Page 24: For optimal performance, you should place the database and the transaction log on separate disks
This is one of the most useless advices. We generally (always) use hardware RAID disks on our servers and we can not differentiate which disk is which; all we see is a set of disks. These disks are hidden from the OS and OS sees this set as a single disk. The same is true fort he TMP folder also.
Page 30: If you have any servers running Exchange 2000 Server or Exchange Server 2003, you need to prepare Active Directory and the domain for extensive Active Directory changes...
It is not necessary for the most of the installations. Generally, we have an access to the admin accounts in our shops and these changes will take place automatically during the installation.
Page 31: However, you can use only the Exchange Management shell to move malibox recipients from Exchange 2000 Server and Exchange Server 2003 to Exchange 2007.
Wrong! You can do this move using the GUI console in 2007.
Page 32: The author skips public folder relocation when he summarizes the migration in three steps.
Page 39: may need to restart the server.
Wrong! In no way we may need to restart it. And it has been so since the first version of Exchange. In 2007, you have to restart the server to install some prerequsite components PRIOR to the installation. That's all.
Page 44: Microsoft Exchange server:…users can check mail on an e-mail server and download the mail to their inbox.
Wrong! The Microsoft Exchange Server account in Outlook connects to the mailbox and just dipslays the content of the mailbox. By default, it does not download anything. Only when you define a personal folder and specify that the new mails should be delivered to the personal folder, the e-mails are downloaded (to the personal folder).
Page 45: If you configure Outlook 2007 after configuring Windows Mail, Outlook does not offer to import mail from Windows Mail.
Wrong! This statement contradicts with another statement on Page 46:note: If you’ve previously configured Outlook Express or Windows Mail, you’ll see e-mail upgrade options page.
Page 48 (also on page 50): note: if you’re connecting to Exchange with POP3 or IMAP4, enter the fully qualified domain name for the Exchange server instead of the host name.
Wrong! It is not a “must”. In a local area network, you can comfortably use host names.
Page 58: Whenever you use Outlook 2007 to connect to Exchange Server, you can use the Exchange Server Service to optimize the way...
What is this "Exchange Server Service"?
Page 60: With personal folders, mail delivered to the user's inbox is no longer stored on the server.
Not necessarily! When you have a personal folder, you may still have your mails saved in the Mailbox on the server unless you specify that the new mails should be delivered to the personal folder.
Page 60: Users with personal folders lose the advantages that server-based folders offer-namely single-instance storage…
Wrong! Single-instance storage is not an important issue anymore, as you can read in

Page 67: The active mail profile defines the service setup for the user who is logged on...

The term "service" hasn't been used for decades in Outlook.

Page 83: ..the wireless device must be with a wireless carrier whose network uses GSM, GPRS or CDMA.

GPRS is not a different kind of wireless technology like CDMA or GSM. It is the data transmission technique used in GSM networks.

Page 85: With RPC over TCP/IP, remote procedure calls are nested within standard TCP/IP packets, which can either be encrypted with SSL or not encrypted with SSL..

Wrong! Normal RPC (RPC over normal TCP/IP) uses its own encryption mechanism and never uses SSL.

Page 91: All "RCP over TCP/IP" statements should be corrected, to read "RPC over TCP/IP".

Page 102: With Exchange 2007 organizations, all organization information is stored in Active Directory.

Not wrong, but it is also true for Exchange 2000 and Exchange 2003.

Page 105: Thus, mail-enabled recipients can receive messages but can’t send them.

Not exactly right. When you mail-enable a public folder and specify Send-as permission on that folder to a user, the user can send mail on behalf of public folder.

Page 108: The location of this file (AD database,MY)... must be on an NTFS drive..

No, NTFS is not necessary for the AD database. It may reside on a FAT drive also.

Page 109: By default, the first domain controller installed in a domain is designated as the Global Catalog server.

Wrong! Only the first DC in a forest is designated as GC by default, not first DC in a domain.

Page 111: Although the .stm file was previously used to store message attachments,...

Wrong! The .stm files had been used to store MIME formatted messages, not the attachments.

Page 113: Information about single-instance storage must be changed because the author does not give information about the changes the way single instance storage works now in exchange 2007. In exchange 2007, only the attachments are single-stored and this is radical shift from the previous versions.

Page 210: Security groups can have different scopes-domain local, built-in local, global and universal.

Domain local and built-in local groups are the same.

Page 225: When you create a mail-enabled group, default e-mail addresses are created for SMTP and X.400.

Wrong! X.400 addresses are not created any more.

Page 245: In exchange Server 2007, management of permissions is greatly simplified over Exchange Server 2003. The reason for this change is that all Exchange information is now stored in Active Directory.

Completely nonsense! In Exchange 2000 and 2003 also, all the Exchange information was stored in Active Directory. The author did not update his knowledge since Exchange 5.5.

Page 247: The description about “Exchange Install Domains Servers” group and Exchange Servers group are completely wrong. The description about the first one says “members of this group include domain controllers on which exchange is installed”. Nonsense! The description about the second one says “members of this group can manage teh Exchange information store...” This group has nothing to do with management!

Page 248: Again the description about ”Exchange Install Domains Servers” group is wrong. And, the description of the ExchangeLegacyInterop group is simply absent.

Page 281: You cannot enable circular logging if LCR is enabled.

Wrong! You can comfortably enable circular logging even if LCR is enabled.

Page 282: If you enable circular logging .... you won’t be able to successfully apply changes contained in differential or incremental backups that were created after the last full backup.

Wrong! You can’t take incremental or differentail backup after you enabled circular logging. So there is no problem of restoring these backups.

Page 282: Thus, the simple act of renaming a storage group has a definitive impact on Exchange.

What is this impact then?

Page 306: To recover the mailbox database, you must restore the database file.

But, we should try repair operation first using the ESEUTIL command.

Page 308: Users need to exit and then restart Outlook before they can access the newly mounted database.

No. It is not necessary to restart Outlook because Outlook notifies the user about the connection state and then continously monitor the connection. When it is back (whether it is from a network problem or a database dismounted) it connects to exchange Server without restarting.

Page 313: Deleting a database removes the database and all the public folders or mailboxes it contains.

Wrong! Before deleting a database you MUST delete or move the mailboxes first. Only after that you can delete the database. So, deleting a database does not delete the mailboxes it contains.

Page 337: Newer clients, such as Office Outlook 2007, can access public folders using Hypertext Transfer Protocol.

I do not think Outlook 2007 accesses public folders using HTTP. I think the author confused about the downloading of the Offline Address Book.

Page 366: Exchange automatically creates the Send connectors required for mail flow.

Wrong! Send connectors are created manually.

Page 374: The default delay notification is four hours.

Wrong! It is 24 hours.

Page 439: The description of the “Limit bandwidth usage” field is wrong. It says “when you are trying to prevent a virtual server from becoming overloaded, you might want to limit the bandwith available to the site...” It is completely wrong! The reason for bandwidth limitation is to provide other Web sites on the same computer with enough bandwiths. The same error is repeated on page 452.

Page 447: By default, POP3 and IMAP4 are disabled in Exchange Server 2007 and no longer have associated HTTP virtual servers/

Not disabled, only manually started. And what is this “associated HTTP virtual servers”? Completely nonsense.

Page 448: Secure SMTP port info is absent (it should be 587).

Page 450: ...including plain-text authentication logon using integrated Windows authentication.

Integrated Windows authentication is not plain-text authentication.This error is repeated on page 451.

Page 453: By default, POP3 and IMAP4 use the iCalendar standard for retrieval of calendar items.

Wrong! POP3 does not retrieve calendar items.

Page 482: In the file list there should also be .txt files.

Page 515: Typically, you need to reboot a server when the CPU utilization is stuck..

No, we need not to. The first thing to do is to end the process with high CPU utilization.

Page 526: ...backup the following” section includes “Exchange configuration data” and “System State data”. But Exchange configuration data is not a seperate thing; it is included in the system state data of the DCs. The same thing is repeated on page 531 and on page 542.

Page 526: Storage groups are the smallest units of backup.

No, it is not. The smallest unit is a store.

Page 527: The ability to recover an individual database from backup is a great improvement over early releases of Exchange Server.

It is very funny! It seems that author has never restored a backup in the earlier versions. In the earlier versions also we could recover a single database (store).

Page 532: With offline backups, you can’t archieve Exchange configuration or user data.

Wrong! You can backup the Exchange user data (stores) offline.

Page 533: The account you use for backup and restore should be a member of both the Backup Operators and Server Operators groups.

Why is it necessary yo be a member of both groups? Only the backup ops is fine.

Page 543: The explanation of  “ Restore Junction Points, Not The Folders And File Data They Reference” is completely wrong. Junction points have nothing to do with the network mappings.