Re: Change computername with MS Server 2003 Web Edition
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 04/22/04
- Previous message: Jeff Cochran: "Re: Windows Media"
- In reply to: Coen Boef: "Re: Change computername with MS Server 2003 Web Edition"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 22 Apr 2004 15:23:25 -0700
Nah, this is far from a flame war; I do not think we are that far apart at
all. Please hear me out completely, including my final paragraph.
> intelligent gene pool. But this doesn't mean that MS has to
> _force_ them options and deny them other options.
Wait a minute. IIS did not deny you the option to make IUSR/IWAM match up
with the computer name. I just told you how to do it, in several ways. It
may not have been the way you were thinking (this is not a "feature" of the
product, after all), but that's why you originally asked for assistance.
A good system allows such "unplanned" behavior to happen, but it is fair to
assume that the user has sufficient knowledge to pull it off. I do not see
this as "denying", "forcing", or limiting anything at all. In other words,
I absolutely disagree with the idea that someone says they want to be able
to do anything, in the way that they want, without knowing anything.
> I take it as an insult that MS feels the need to protect me to my
> own mistakes; they're mine to make.
I agree with your point. However, please be aware that the world is not a
vacuum and that there are also equally vocal people out there that feel that
MS needs to protect them from their own mistakes. It may not be possible to
reconcile both sides all the time.
Can we enlist your aid to tell those customers to just grow up and learn to
deal with their mistakes? Would make things a lot easier for everyone...
because you know, we can't do that because the customer is supposed to be
always right. :-)
> Best of both worlds. If you want to point and click, use the GUI,
> if you want to control what you're doing, open a terminal.
Umm... I think you have a bad example, and here's my counterpoint.
The knobs may not be out there in a text file like *nix, but they're
definitely there. Most things from the GUI can be controlled via the
commandline. However, if you really want to get under the hood of Windows,
you want to start scripting (or like in *nix, you start piping, perling, and
greping).
For example, the scripting interface for IIS can configure 100% of its
features. The UI and commandline tools each cover about 65%, with about 50%
overlap. The scripting interface for IIS assumes the user is in total
control and there are no training wheels. The UI places more logical
restrictions (sometimes annoying), and the commandline does something
similar.
In other words, if you're assuming the GUI or commandline should do anything
for you and that IIS is "forcing" or "denying" you options, then we've
missed the point. The GUI and commandline are intended for the 90% mass
public where giving all the knobs and options are absolutely going to
confuse them. For the elite folks that know what they want, they tend to
NOT want a GUI and want total control -- and for them, we reserved the
powerful scripting interface which can do anything you want. Yes, it takes
a little more knowledge, but elite folks are smart enough to deal with that.
Now, if you want the power of the scripting interface but you still want to
pipe/perl/grep... I will agree that it's a bit out of design, but it is not
sufficient to say that we're "denying" any options.
So, we can have a discussion about why IIS doesn't have the "advanced" GUI
or a do-it-all commandline script, but you cannot say that IIS is "denying"
you options. If you want an "advanced" GUI for IIS, feel free to build it;
no one is stopping you. Just don't assume that the IIS team has to build it
for you.
> Security and stability isn't achieved by denying complete control
> to your users and handing it over to the system
I agree with your points on this (even though this is getting way off topic
from the original points). I believe that security and stability is a
combination of:
1. proper configuration (requires cooperation between software vendor and
user input)
2. policy (user is responsible for this)
3. lack of unintended vulnerability (software vendor is responsible)
People tend to think security is just #3 and therefore argue that the
software needs to do more, but like you, I disagree. As a user, I firmly
believe that I should be able to do #1 and #2 however I want, and it'd be
nice if the software gives me some hints about #1 when I ask for it.
> (ever tried to kill a system process in 2K/XP? It can't be done...
Hmm, I think you've picked another bad example. I do not see this
limitation on W2K/WXP. I just killed every process on my XP system,
including the ones which cause a system reboot if they are killed. I had no
problems doing this -- I am in control of the system. Now, I know how to do
this, but that is no different than a user needing to know the -9 switch of
kill. To the user that doesn't know about the -9 switch, they see both *nix
and Windows as controlling. Knowledge is power.
Bottom line -- I do not think we are that far apart at all. I think the
main thing dividing our viewpoints is our comfort-zone and knowledge base.
If you're expecting to configure IIS like Apache or Windows like *nix, using
perl/pipe/grep ... that is a bit unfair. Each system has their own way to
do things, and an individual that is set in their ways will only complain
that tactics in one system is not the same as another... while a flexible
individual will simply expand their knowledge set, embrace the difference,
and take advantage of it. I much rather be in the latter group than the
former because the computing industry is way too young to have that
mind-set.
I would only point out that if I do not know how to do something, I do not
assume that someone else is oppressing/forcing/denying me the ability to do
it. I also consider whether I just don't know about alternatives or just
lack the knowledge and/or skills to do it.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Coen Boef" <coen_boef@hotmail.com> wrote in message news:d071316f.0404220352.7f8c4e3c@posting.google.com... This is turning into a flame war and I know that I'm resposible for this, but I feel the urge to respond to this utter bullsh*t of yours. First off, I'm not the last to agree with MS' company policy (or so it seems) that their users (or should I say Lusers as you so eloquently put it in your lusermgt) aren't amongst the people spawn out of the intelligent gene pool. But this doesn't mean that MS has to _force_ them options and deny them other options. I take it as an insult that MS feels the need to protect me to my own mistakes; they're mine to make. To make an example of a system that combines the ease of use for newbies (to which I can't help but count MS users as well) and the complex configuration options that *nix has to offer I use Mac OS X. The GUI is quite intuitive and the underlaying system is *nix based. Best of both worlds. If you want to point and click, use the GUI, if you want to control what you're doing, open a terminal. Security and stability isn't achieved by denying complete control to your users and handing it over to the system (ever tried to kill a system process in 2K/XP? It can't be done... now try kill -9 <<random pid>> on *nix; I rule my system and it's not my system who rules my system). Why do I use W2K3 if I hate it this much you say? Because of an ASP application we inherited when we took over hosting services for a company who had it built in ASP instead of something cross-platform *coughs*morons*cough*. Looking forward to your reply Sincerely, Coen Boef "David Wang [Msft]" <someone@online.microsoft.com> wrote in message news:<OSem1FFJEHA.1764@TK2MSFTNGP12.phx.gbl>... > > It isn't that I'm "ultra-concerned", it's just that it annoys me > > that it's yet again not possible for MS products to be flexible and > > do it the way _I_ want. > > Let me rephrase your question and please tell me your answer. For every > task, 1 user wants to do it one way, 2 users want to do it another way, 3 > users want do not care but don't want to be told what to do, and 4 users > have no idea and expect hand-held HOWTO instructions. > > Thus, for a product to satisfy every user, it has to offer a gazillion > choices, some of them may be conflict (how can the product appease the 3 > users that don't want to be told what to do AND the 4 users who need to be > hand-held while still making sure the three other users get their two > choices...), still be usable, released on time, and with few defects. > > Now, how should a product accomplish this? > > Consider your feature for a moment -- automatically cascading changes > throughout the system when you change a computer name will highly irritate > the other meticulous user who expects a computer name change to be only > that -- with no random cascading changes throughout the system (suppose you > had attached filesystems -- should they change? What if they were recently > detached -- should the changes still cascade when/if they re-attach? What > if this username was stored by some third-party app -- how would IIS ever > know to change that app? etc.) I'm sure you expect that the changes cascade > automatically AND no applications break, etc... but frankly what you want to > do seems random to me and highly dangerous. > > I'm in engineering, not marketing, so I only believe in giving customers > what they want but NOT how they want it. You have a perfect example here. > I am absolutely glad that IIS does not do it the way you want. And now, I > will tell you HOW to do what you want (applying a little more system > knowledge), and hopefully, you will see why you should do it my way. > > 1. Go to NT User Manager (lusrmgr.msc) and Rename the IUSR and IWAM user > accounts to what you want. Do not recreate the accounts since that will > change SID, which then forces you to re-ACL everything > 2. Assuming you haven't customized the anonymous and WAM user accounts (if > you have, go propagate that change yourself to everywhere that you've > customized): > CSCRIPT %SYSTEMDRIVE%\inetpub\adminscripts\ADSUTIL.VBS SET > W3SVC/AnonymousUserName <new IUSR name> > CSCRIPT %SYSTEMDRIVE%\inetpub\adminscripts\ADSUTIL.VBS SET W3SVC/WAMUserName > <new WAM name> > > > You have just changed the IUSR/IWAM user accounts to the new computer name > in the system, didn't have to cascade any ACL changes, and changed IIS to > use those user accounts. If you created additional dependencies on the user > names, you'll have to take care of them, of course. > > Yes, this is a more tactical change, but it requires the user to know a lot > more. > > In any case, I think my way is better than your way. What the customer > wants is always right. How the customer wants to do it is highly debatable. > ;-) > > -- > //David > IIS > This posting is provided "AS IS" with no warranties, and confers no rights. > // > "Coen Boef" <coen_boef@hotmail.com> wrote in message > news:d071316f.0404122340.1924c48b@posting.google.com... > Thank you for you reply. > Only thing I was after was to try and have a little consistency in my > windows system. > It isn't that I'm "ultra-concerned", it's just that it annoys me that > it's yet again not possible for MS products to be flexible and do it > the way _I_ want. > > Solved it the good old fashioned MS way... reinstall. > > But thanks for your reply. > > > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message > news:<u9t4GrqHEHA.2128@TK2MSFTNGP11.phx.gbl>... > > > Is there any way to change the name of 2003 Web server and to > > > make that change cascading onto the entire system? > > > > It doesn't make sense for a computer name change to "cascade onto the > entire > > system". In particular, for the IIS user names, they are just names -- it > > could have been IUSR_foobarbaz for all intents and purposes. > > > > Since you are ultra-concerned about the names of IIS user, and IIS > > determines those names based on the computer name at the time of IIS > > installation, you could try to first install IIS with your final machine > > name but NOT have it on the network (so IUSR/IWAM is the name you want), > > then you can rename the server to something else so that you can put it on > > the same network as the old server, and now you can transfer/configure IIS > > as you wish... until you need to make the final switch by first renaming > or > > removing the old server from the network and then renaming the new server > > appropriately. > > > > -- > > //David > > IIS > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > // > > "Coen Boef" <coen_boef@hotmail.com> wrote in message > > news:d071316f.0404080010.40883d6f@posting.google.com... > > Hello all, > > > > Recently I installed a 2003 Web edition server which was to replace a > > 2000 server after it had been fully installed. > > > > The problem was that eventually it had to have the same name as the > > server it had to replace. So I named the new server "server_temp" and > > was going to change it to "server" after the old one was replaced. > > After I did this I noticed that a lot of features (eg usernames for > > IIS) were dependent on the server name. > > > > Is there any way to change the name of 2003 Web server and to make > > that change cascading onto the entire system? > > > > Thanks in advanc
- Previous message: Jeff Cochran: "Re: Windows Media"
- In reply to: Coen Boef: "Re: Change computername with MS Server 2003 Web Edition"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
