Escolar Documentos
Profissional Documentos
Cultura Documentos
How can I configure the authentication dialog box to use a local account rather than a
domain account?
A. Typically, when an authentication dialog box prompts for a username, it defaults to the
domain name, or you can specify the domain by using the format (NetBIOS domain
name)\user (e.g., savilltech\john) or user@(FQDN of domain)--for example,
john@savilltech.com.
If you want to use a local account on the machine, just pass the machine name instead of the
domain name--for example, localmac\bob. If you can't remember the local computer name,
just use a period (.) instead--for example, .\bob.
Directories
-----------
Its nice to have deep, multi-branched directory trees; I like the logical organization, keeping separate
types of files neatly sorted.
The bad news: Deep trees can really slow things down. The good news:
Its easy to tidy up deep trees so they dont slow things down. Here are the details:
Under NTFS, each directory is a file just like any other, but with a special internal structure called a
B+ Tree. Its fairly complicated, but for our purposes its enough to say that it is a very good
structure for a directory tree, but can be weak on handling changes. In other words, the more changes
you make, the more complicated it gets internally, so the longer it takes to locate your file. Since files
are listed in the directory file alphabetically by file name, adding new files (or directories) can require
changes in the middle of the tree structure. Many such changes can make the structure quite complex,
and more complexity means less speed.
Files are located by searching through the directories. If you are looking for a file in a tree that is ten
levels deep, you have to locate ten directories before you get to the one that points to the file itself.
That takes a lot longer than locating a file that is only three levels deep. Plus, if the directories have
been changed a lot so that their internal structure has become complex, finding files can become very
slow.
Directories tend to grow, but rarely shrink. Sometimes when you add a new file or directory, it can be
fitted into the space left by a deleted file, but often it uses a new space. The directory grows and can
fragment, slowing down access even more.
Diskeeper 3.0 can defragment directories, which helps a lot, but this will not handle the internal
complexity. To clean that up and restore the directory to its initial perfect state, just copy the directory
(with the copy under the same parent directory as the original, of course), giving it a new name, then
delete the original, then rename the copy to the original name. This should be done periodically (once
or twice a year?) if you frequently create and delete files, or whenever you delete a large number of
files from a single directory. Since this changes the location of the directory file, its a good idea to
make a list of all of the directories that you want to clean up, and do them all at once. Then use
Diskeeper to do a boot-time consolidation afterwards. This will move the directories together and
defragment them.
One additional thing: Long file names can cause directories and the MFT to fragment. The way the
file names are stored, each character requires two bytes. For computer efficiency, the DOS 8-dot-3
format is best. On the other hand, for human efficiency, 20 to 30 character names are much better. Of
course, there are exceptions, such as files on a CD-ROM or an archive partition where they wont be
re-written, but in general, dont go over thirty characters.
Cluster Size
In the article called Cluster Sizes (eLetter Volume 2, Issue 15), I described the pros and cons of
NTFS cluster sizes. New data regarding the MFT and its internal functions leads me to recommend
4096KB as the best cluster size, especially if you will have a very large number of files or will be using
compression. Never use less than 1024KB, as this will allow MFT records to fragment, and never
exceed 4096KB, as compression and Diskeeper will not work.
DEALING WITH THE PRINT SCREEN
If you press Print Screen, Windows NT copies the entire window to the Clipboard; if you press Alt-
Print Screen, NT copies only the active window to the Clipboard. But what about printing the screen in
Windows NT 4.0? If you press Print Screen to copy the screen to the Clipboard, you can use Paint to
print the Clipboard contents. Just open Paint and choose Edit, Paste. This will paste all Clipboard
contents into Paint. Now you can use Paint to print the screen: Simply choose File, Print.
MEMORY USAGE
by Lance Jensen, Executive Software Technical Support Representative
There are a number of things you can do to increase system performance and productivity. One of the
first things we usually think of is simply to plug in more memory. While this will likely boost your
system performance, there are settings in Windows NT that can enable more efficient use of your
systems memory.
Here are some of the most significant ones that I have found workable:
L2 Cache
If you have more than 256KB of L2 cache, Windows NT may not be using all
of it. To correct this,
1. Run Regedt32.exe
2. Bring up the window HKEY_LOCAL_MACHINE (on the local machine)
3. Select System \CurrentControlSet \Control
\SessionManager\MemoryManagement
On the right side of the window you will find SecondLevelDataCache.
This defaults to 0, which is the correct value for 256KB of L2 cache. Double-click
SecondLevelDataCache to bring up the DWORD Editor. Click the Decimal radio button, enter the
amount of L2 cache you have, then click OK. Exit RegEdt32, and your machine should be a lot
faster.
If you dont know how much L2 cache you have, you may be able to find out during boot-up. Each
brand of BIOS has its own display format, but look for L2 Cache, Secondary Cache, or
something like that. The value should be 256, 512, or 1024.
I/O Rate
If your system is fairly I/O intensive, you may benefit from raising the I/O Page Lock Limit, which can
increase the effective rate at which data is read from or written to the hard disks.
First, benchmark your common tasks. See how long it takes to load and save large files, how long it
takes to search a database or run a common program; just do your normal tasks, timing them to record
how fast they are. Then follow these steps:
1. Run Regedt32.exe.
2. Bring up the window HKEY_LOCAL_MACHINE (on the local machine)
3. Select System \CurrentControlSet \Control
\SessionManager\MemoryManagement
4. On the right half of the window, double-click IoPageLockLimit
5. Click the Decimal radio button
This value is the maximum bytes that can be locked for I/O operations. A value of 0 defaults to
512KB. Raise this value by 512KB increments (simply entering the number 512, 1024,
etc.), then exit regedt32 and benchmark your system after each increment. When an increase
does not give you a significant performance boost, go back and undo the last increment.
Caution: There is a limit to this. I recommend you do not set this value (in bytes) beyond the
number of MB of RAM times 128. That is, if you have 16 MB RAM, do not set
IoPageLockLimit over 2048 bytes; for 32 MB RAM, do not exceed 4096 bytes, and so on.
Thats the safe method. You may be adventurous or impatient and want quick results. If so, try
this:
1. Benchmark
2. Calculate your maximum IoPageLockLimit value (MB of RAM times 128)
3. Set IoPageLockLimit to this value
4. Benchmark again
If you get little or no improvement, work down by 512 byte decrements till you note a drop in
performance, then go back up 512 bytes. If you did see an improvement, continue with step 5.
5. Raise IoPageLockLimit to maximum
6. Benchmark again
If you get little or no improvement in the third benchmark, work down in 512 byte decrements.
If you do get improvement, work up from maximum. And if the first increase from shows
little improvement, work down from .
Unless you dont do much I/O, this should give you a significant boost in performance.
Co to the hive HKEY_LOCAL_MACHINE on the Local Machine. Click on the key called System,
then the CurrentControlSet, then Control, then Update. Once you have done that, you will notice the
value UpdateMode in the right-hand window. Double click it, which will bring up the DWORD Editor.
In the DWORD Editor, put in a 0.
For this to take effect, you ll needto log out, then log back in.
The conclusion is clear. Lock up your servers and use long and random passwords! Having a tool that
scans for weak passwords and alerts you which ones they are helps too, but in any case lock up those
servers. Microsofts passfilt.dll from Service Pack 3 can help you enforce your security policies. I
suggest you read L0phts technical rant at http://www.l0pht.com/l0phtcrack/rant.html, but its
conclusions are softened up with Microsofts suggestions at
http://www.microsoft.com/security/l0pht20.htm. If you want to learn more about hashing passwords,
this is the best place to start:http://www.rsa.com/rsalabs/newfaq/q94.html
If you installed Microsoft Internet Information Server (IIS) 4.0, and you do not have Exchange Server,
chances are you also installed the SMTP server. Using this server, you can send mail from your NT
Server to any e-mail address, as long as you are on the Internet and have a valid DNS. To configure
your SMTP server to send mail from your local machine, you will have to change the Relay
Restrictions. Launch the Internet Service Manager and expand the Internet Information Server node.
Double-click on the Default SMTP Site node to display the Default SMTP Site dialog box. Next, select
the Directory Security tab and click on Edit in the Relay Restrictions section to launch the dialog box
shown in Figure C. Select the Allowed To Relay radio button and click OK. Apply the configuration
changes and your SMTP server is ready to send e-mail. You will need to configure your mail reader to
use the local host IP address of 127.0.0.1 as the outgoing mail server.
E-MAIL VIRUSES
I'm sure you have all received e-mails warning you of dire consequences if you read e-mail with
subjects such as "Good News!" or "AOL4FREE". These are hoaxes intended to damage free
communication by making people afraid to use e-mail. When you consider the time wasted reading and
forwarding such things, they are as destructive as the real thing.
It is not possible -- NOT POSSIBLE -- to get a virus by just reading an e-mail, unless the e-mail
contains a macro or attachment that you then execute.
Here are two simple rules that, if followed, will protect you from any e-mailed virus:
1. If you open a mail message and get a warning that the mail contain macros, make sure you select the
option to disable macros before you continue.
2. If you receive a mail message from someone you do not know and that mail contains an attachment,
do not open the attachment till you have made sure the attachment does not contain a virus. There are
programs on the market that can be used to check such things.
You should also be aware that both Microsoft Excel and Microsoft Word have a built-in macro checker
that will alert you to the existence of a macro in a file that you open as long as you do not disable this
function.
The next time you get one of these hoaxes, instead of forwarding it, please reply to it with this article.
Sources of Viruses
Computer viruses are not as common as most people believe, and rather easy to avoid. Commercial
software on commercial CD-ROMs is almost guaranteed to be virus-free, but any software on floppy
disks or non-commercial CDs can be a risk. Anyone can make floppies and non-commercial CDs, and
can put anything they want on them. It doesn't matter who wrote the program; someone else can add to
it or alter it. Commercial CDs have data, usually the name of the company that burns the CDs, burned
into the inside track and visible to the naked eye. Recordable CDs lack this, and usually have a batch
number on the unsilvered area of the hub. Be wary of any CD that lacks this identification, and
certainly of anything with a stick-on label. Of course, even a commercial CD could be infected, since a
criminal could hack into the manufacturer's system and plant a virus before the CD master is made, but
this is extremely unlikely. By far the most common source of a virus infection is downloaded software.
Anything downloaded can be infected, even from big, reliable, long-established companies. It's not
easy for criminals to break into such systems, and it certainly is very rare, but it has been done. A
public bulletin board (BBS) is probably the easiest place to plant a virus. A good Sysop (the System
Operator for the BBS) can keep the BBS clean, but some are careless. Some viruses attach themselves
to programs on the infected system, and are transmitted to other systems when the programs are copied.
If a friend gives you a copy of a program, check it for a virus, even if you trust your friend; his system
may be infected.
Protection
It is a good idea to have an anti-virus program; they are cheap, easy to use, and easy to keep updated.
You do have to keep getting the updates, because these programs use an anti-virus database to
recognize viruses, and this database must be upgraded when new viruses are discovered. Sometimes an
anti-virus program will interfere with the installation of new software, especially if you are installing a
Service Pack. That means you should disable the anti-virus when installing new software, but that
leaves you unprotected should there be a virus. What now? The best defense is to have a test machine,
not on a network, not connected to anything else. You disable the anti-virus on the test machine, load
the new software, then start the anti-virus and test. Once you have established that the software is
clean, you can load it onto your production system. Or, since most of us can't afford to have a machine
we only use for virus checking, the next best solution is a test disk. On my home machine, Disk 0 is a
2GB IDE disk, with two 1GB partitions. The first is a secondary Windows NT installation which I use
to repair my primary system partition as needed. The other partition has Windows NT installed, but the
disk configuration only sees the two partitions on Drive 0. I boot to it and do virus checks. I figure the
worst a virus can do is wipe out the two partitions on Disk 0, and they are easily rebuilt. Naturally, no
system or procedure can guarantee absolute safety. But if you are reasonably careful, use an anti-virus,
always virus-check new software, and keep your backups updated, you should never have any
significant trouble from a virus.
http://kumite.com/myths/home.htm
http://sassman.net/virus
In this article, we lay out the procedures for creating clean NTFS partitions. For an article about the
MFT itself, click here:
<http://www.execsoft.com/tech-support/articles/art-0004.htm>
<http://www.execsoft.com/tech-support/articles/art-0020.htm>
Most Partitions
The Boot partition is the one that your BIOS checks to start the boot process, usually C:. The System
partition is the one on which Windows NT is installed. Usually this is also the Boot partition. If the
partition you want to convert is not Boot or System, you can convert from FAT to NTFS by simply
copying the entire partition to a tape or another partition, reformatting the partition as NTFS, and
copying the files back. This does not work on System because that's where you have the files used to
do the formatting, or on Boot because the reformat would wipe out the boot sector and you would not
be able to reboot your machine.
The system partition created while installing Windows NT is a FAT partition. If you choose during
installation to use the NTFS format, the partition is still created as FAT, and only converted to NTFS
after the first boot. This means you get the initial system files written to the beginning of the disk, then,
when the conversion is done, the MFT is created.
If you are installing Windows NT on a new disk, select to install it to C:, making C: a FAT partition, not
NTFS. Do a minimum installation, because you will be deleting these files shortly. When the
installation completes, Bring up Disk Administrator (click Start, go to Programs, Administrative Tools,
and click Disk Administrator) and create a new partition with NTFS format.
If you already have Windows NT installed on your boot partition, create a new NTFS partition as
described above (or select an existing one). Now do your full installation of Windows NT to the new
partition and boot into it; this is now your permanent system partition.
If Boot is also the System partitionl create a new system partition as described above.
When a partition is created as NTFS, about 12% of the partition is pre-allocated as the MFT zone,
which is expansion space for the MFT. The MFT is placed at the start of the MFT zone. Thus you have
a large contiguous expansion space, and the MFT should not fragment unless you fill the partition too
full. But when you convert a partition from FAT to NTFS, there are already files at the start of the
partition, so the MFT zone has to be placed wherever there is space available. It is very rare to have
12% of a partition as contiguous free space, so the MFT zone is created as dozens or hundreds of
fragments. As the MFT extends, it too becomes very fragmented.
Using the method described above, you empty the partition completely, then put back one file. Now all
you have is the C: folder and boot.ini. When you reboot, the "next free space" pointer for C: is reset to
point to the very first free space, right at the start of the partition. Now when you run the convert
command, the MFT zone goes at the start of the disk where it belongs. You may have the C: folder file
and boot.ini in the MFT zone, but that only adds two fragments to the MFT; two fragments is not
significant.
Incidentally, never use a 512 byte cluster size on an NTFS partition. The MFT records are all 1024
bytes, so the smaller cluster size means MFT records may get fragmented. Don't worry about wasting
disk space. First, files that are small enough are stored entirely within their MFT records, and second,
disk space is so cheap now that the time you lose because of slow I/O is much more expensive.
KILL A TASK
Suppose you have a task running that you want to kill, but it just wont die. The solution is a little
utility in the Windows NT 4.0 Resource Kit. The command is TLIST. If you type TLIST at a command
prompt, you will see all tasks that are running on you server. From there, you can use the KILL
command to get rid of the task. For example, KILL 204, where 204 is the task number. But sometimes
the task just won't die.
Use TLIST again but with the -T extension. This will show you the child or children of each task. Now
you can kill the right task without shutting down your server.
Can't boot your Windows NT installation? Misplaced your rescue disk? Here's how to make another
one: Boot from a DOS diskette. Run NTFS4DOS (www.sysinternals.com) to mount your NTFS
volume (if that's where your NT system directory is-this directory is usually called WINNT). Switch to
the NTFS volume. Find the REPAIR directory in your system directory. Copy all the files you find in
the REPAIR directory to a blank disk. You just made a brand new recovery disk.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Powerdo
wnAfterShutDown and set it to 1.
Next, tell NT to shut down and see if the machine turns itself off after shutting down. If it doesn't,
change the value back to 0 to restore normal operation.
The next time the system crashes, an administrative alert will be sent that may provide the first sign of
the crash.
You can also make NT log the crash in the event log by changing the value of
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CrashControl\LogEvent to 1 instead of its
default 0. Now, the exact time of the crash will be permanently recorded.
To prevent users from saving passwords, add the REG_DWORD value DisableSavePassword value to
the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters key and
set it to 1. Once this is done, DUN will no longer display the Save Password checkbox and it will
forget all the passwords it had been told to remember.
I was recently at a client site that needed to update its virus program with a new DLL that ran as part of
a Windows NT service. We wanted to update the service by copying the new file using a logon routine,
but the desktop was locked down with a policy that did not let users stop a service. Because we couldn't
stop the service, we couldn't delete the old file in preparation for the new file copy. We got around the
problem by renaming the DLL with a different extension and copying the new DLL. Because the old
DLL was already loaded in memory, the service did not change and did not appear to behave strangely-
the system scanned and disinfected files as expected. Later, we restarted the machine, which loaded the
new DLL. I have done this with other services and, unless the directory where the file is also has NTFS
permission restrictions, it appears to work just fine. I hope this tip makes someone's job a little easier.
USE ALL OF YOUR L2 CACHE
If you have more than 256KB of L2 cache, Windows NT might not be using all of it. To correct this:
On the right side of the window you will find SecondLevelDataCache.This defaults to 0, which is the
correct value for 256KB of L2 cache. Double-click SecondLevelDataCache to bring up the D_WORD
Editor. Click the Decimal radio button, enter the amount of L2 cache you have, and click OK. Exit
RegEdt32.
I have found significant performance increase when using this tip!
A current Emergency Repair Disk (ERD) is one of the vital tools needed tomaintain a Windows NT
system. Unfortunately, most Windows NT sites do notmaintain their ERDs because many
administrators have never been taught howto use them. We would like to help correct that situation.
In this article the designation, "%systemroot%" will refer to the system folder. The default name is
WINNT, but whoever actually installed Windows NT on your system may have given it a different
name.
Many of the files in the %systemroot% tree are hidden files, and many are read-only. To see hidden
files, start Windows Explorer, go to the Menu Bar and click "View", "Folder Options", and the "View"
tab. In the Advanced Settings box, under "Hidden files", click the "Show all files" button, then OK.
You will now be able to see all files. Before you can copy or edit a read-only file, you must right-click
the file, then click "Properties". Under the General tab, in the Attributes section, uncheck the Read-only
box.
The ERD is a floppy disk containing the files in the %systemroot%\repair folder, that are the
configuration files and Registry information. If your Registry or startup environment become damaged
in any way, the ERD will usually be able to fix it. However, the ERD is not a substitute for a full
backup. It's more like a "Backup Lite" which can frequently save you from having to do an entire
restore from backup.
The files "sam._" and "security._" on the ERD are often not kept updated, because they can be too big
to fit on a floppy. You probably won't see this except on a server with over a thousand users and groups.
If these files are too big for a floppy, you can back them up using your regular backup utility or the
regback.exe utility in the Windows NT Resource Kit, and you can save copies in a special folder on the
disk.
I strongly recommend keeping several ERDs for each machine. The first one should be made when you
first install Windows NT. If you did not make one at that time, now is a good time to do so. Then make
a second copy and store one off-site. As you expand and change your Windows NT system, keep these
original ERDs as a safety measure. For convenience, you could also create a second repair folder (let's
call it \repair2) and copy the original files from \repair into it.
If you do back up the "sam._" and "security._" files (which you should do if you can), you may some
day find that you can no longer fit all of the files on a floppy disk. Remember that the entire contents of
the %systemroot%\repair folder are copied to the ERD, so you must keep its size under 1.44MB.
Should the folder grow too large, take the ERD from the original Windows NT installation (or from
\repair2) and copy ONLY the "sam._" and "security._" files into the %systemroot%\repair folder. The
folder should now be small enough to make an ERD. If it's not, you need to reduce the size of
setup.log. Edit setup.log and locate the line "[Files.WinNt]", which is followed by a long list of file
names. You can safely delete any of these file names that do not begin with %systemroot
%\SYSTEM32\. At some point in this list you may find a line "[Files.InRepairDirectory]"; do not
delete anything after this line!
1. The files "sam._" and "security._" contain your security database. If these files are included on the
ERD, then your system could be invaded if a criminal should get his hands on it. Keep all copies of the
ERD safe and secure, from theft as well as from damage.
2. When you do a repair from an ERD, the "sam._" and "security._" files may be replaced with the ones
from the ERD. If these files were too large to fit on the ERD, you have to recover them from someplace
else. The easiest handling for this is a third folder, \repair3, in which you copy just the "sam._" and
"security._ files".
Making an ERD
The ERD is created using the RDISK utility. You should make a new one whenever you make any
significant change to the system, such as adding a new application or Service Pack, or changing the
Registry. This is the procedure to use if you are including the security data on your ERD:
1. If you have not already done so, create \repair2 and copy the files from \repair into it. If you do not
have an original ERD, make one now by using these steps, but leave off the /S switch in step 3.
2. Click Start, go to Programs, and click Command Prompt.
3. Type RDISK /S <ENTER>.
4. When prompted "Do you want to create an Emergency Repair Disk?", respond "Yes".
5. Follow the prompts.
6. Label and date the ERD.
The /S switch in step 2 is necessary because the files in the %systemroot%\repair folder are not updated
when your system is modified; you have use RDISK to do it manually. The /S switch tells RDISK to
update the repair files, including the "sam._" and "security._" files. This is the procedure to use if you
are not including the security data on your ERD:
1. If you have not already done so, create \repair2 and copy the files from \repair into it. If you do not
have an original ERD, do steps 6 to 9 now to make one.
2. Click Start, go to Programs, and click Command Prompt.
3. Type RDISK/S- <ENTER>. (The /S- switch updates the files, but does not proceed to create an
ERD.)
4. Copy the "sam._" and "security._" files from \repair into \repair3.
5. Copy the "sam._" and "security._" files from \repair2 into \repair.
6. Type RDISK <ENTER>.
7. Click the "Create Repair Disk" button.
8. Follow the prompts.
9. Label and date the ERD.
The ERD just created can be used to get your system running again if something goes wrong while
modifying your system. Now go ahead and make the system changes. When you have finished and
tested and you are satisfied that the change is done, repeat the steps to update your system with your
new modifications, and make two new ERDs. The second ERD should be stored with your offsite
backups. If you don't keep offsite backups, you may not want a second ERD; I like to have one in case
the first copy gets damaged. Is the ERD Really Needed?
You may never have made an ERD, or you might lose it, or it might get damaged. If you ever have to
do a repair without an ERD, you have several options:
1. Sometimes you can do a repair without any ERD at all. If the repair procedure can find your
Windows NT install directory, it may be able to directly access the repair directory. Sometimes it
works, sometimes it doesn't.
2. If that fails, you may be able to create a new ERD. First you need a floppy disk that was formatted
on a Windows NT system. If the %systemroot%\repair folder is on a FAT partition, you can boot to a
bootable DOS floppy and copy the repair files to the new floppy. Some are hidden, so be sure you get
them all. The files are:
autoexec.nt
config.nt
default._
ntuser.da_
sam._
security._
setup.log
software._
system._
It's harder to access the folder if it's on an NTFS partition, but here are some ways to do it:
A. There are applications available that run under DOS and can read NTFS partitions. You can use one
of these to create the floppy as described above.
B. You could move the hard disk to another machine that is running Windows NT and create the floppy
there.
C. You could make another Windows NT installation on the same machine, boot into it, and make your
new floppy.
3. Last, you may be able to copy the files from a backup tape. You might restore %systemroot%\repair
folder, or copy it to another machine.
4. If all of this fails, you must reinstall Windows NT. As you can see, it's a lot simpler to make sure you
always have a current ERD.
If you've ever used a UNIX shell, such as the C Shell (CSH) or the Bourne Again Shell (BASH), you'll
fondly remember the wonders of tab filename completion. By typing the first few characters of a
filename and pressing [Tab], the entire name would appear on the command line. Well, you can have
that same feature at your Command Prompt by adding a REG_DWORD value named
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar and setting its
value to the hex value of the character you wish to use for command completion. The tab character is
0x09.
CHKNTFS:
HOW TO PREVENT CHKDSK AT REBOOT AFTER THE DIRTY
BIT IS SET
When you select CHKDSK /F in Windows NT 4.0 you have set the "Dirty Bit".The Dirty Bit is a flag
that tells Windows NT to force a CHKDSK /F at the next reboot if one can not be performed
immediately. But what if you change your mind? Perhaps there is a vital deadline coming up, and you
can't afford the time to let CHKDSK run. There is no way to clear the Dirty Bit once it is set, except by
running CHKDSK /F, but there is a way to keep CHKDSK from running on NTFS Partitions at the
next reboot.
As you may already know, Service Pack 4 includes a ten-second window at reboot where you can
cancel a CHKDSK /F when the Dirty Bit is set. Canceling the CHKDSK /F does NOT clear the Dirty
Bit. It will just prevent the run at this time; at the next reboot, CHKDSK /F will run unless canceled
within the same ten second window until it is finally allowed to run. As mentioned above, ONLY A
CHKDSK /F CAN CLEAR THE DIRTY BIT.
But there is another option on NTFS Partitions: You can use Service Pack 2's CHKNTFS command-
line utility to prevent CHKDSK from automatically running during reboots when the Dirty Bit is set.
>From the COMMAND PROMPT:
D:\>chkntfs /?
CHKNTFS drive: [...]
CHKNTFS /D
CHKNTFS /X drive: [...]
CHKNTFS /C drive: [...]
If no switches are specified, CHKNTFS will display the status of the dirty bit for each drive.
Here's an example of a call with no switches specified, and CHKDSK /F not set:
D:\>chkntfs d:
The type of the file system is NTFS. D: is not dirty.
When you set CHKDSK /F for the d: partition, you will get this display:
D:\>chkntfs d:
The type of the file system is NTFS. D: is dirty. You may use the /C option to schedule chkdsk for this
drive.
Even if you do not use /C a CHKDSK /F will be run at the next reboot. You can use the /X switch to
exclude a drive from the default boot-time check.
D:\>chkntfs /x d:
The type of the file system is NTFS.
After invoking the above command, CHKDSK will not run at the next reboot. But it does not clear the
dirty bit, it adds a key to the BootExecute Regedt32 key that reads like this: Under the
HKEY_LOCAL_MACHINE subtree, in the following subkey:
\SYSTEM\CurrentControlSet\Control\Session Manager
was:
autocheck autochk *
is:
autocheck autochk *
autocheck autochk /k:D *
D:\>chkntfs d:
The type of the file system is NTFS.
D: is dirty. You may use the /C option to schedule chkdsk for this drive.
But it keeps chkdsk from running on this partition until the setting is cleared regardless of the amount
of rebooting that occurs. When the /X is canceled by /D:
D:\>chkntfs /d
autocheck autochk *
autocheck autochk *
D:\>chkntfs d:
The type of the file system is NTFS. D: is dirty. You may use the /C option to schedule chkdsk for this
drive.
There is a caveat to this: With the /X set, this partition will NEVER run CHKDSK /F on the specified
partition, even if the system crashes. This can be a bad idea and cause you to lose data if a CHKDSK /F
is truly needed. If you use the CHKNTFS utility, only use it as a short term solution and be certain to
restore the defaults with a CHKNTFS /D for normal Windows NT operation.
Instead of making a standard folder and creating shortcuts from the standard Control Panel, you've just
created a real Control Panel that is dynamic and runs through the Control Panel class just like the
standard Control Panel. Any new Control Panel applications that you might install will show up
automatically.
BACKUP STRATEGY
There are some pretty crafty Administrators out there! What they are doing is this: They have another
install of Windows NT from which they do a complete backup of their working system. They have
loaded their Tape Device drivers or CD Writer and backup software. When they boot to this
installation, the original boot is dormant. All files are closed which gives them the ability to make a
perfect image of the WINNT directory and Program Files and all the rest. They do not worry about
getting the system back perfectly when an unrecoverable crash occurs. They simply boot to the second
install and restore the complete system.
Have you ever needed to alter file permissions - after the fact? For example, your partition has already
been in use for some time, with all of your users creating files and sub-directories with security
restrictions, and now you need to make a change globally to file permissions. How can you do it
quickly and easily?
The best way is to go to the Command Prompt and run CACLS (Change ACLs).Here's a question I've
had to deal with, which makes a good example of how to use CACLS: Do you have an NTFS partition
without SYSTEM group access?
While security may be tight on your network, you should always allow the group SYSTEM to have
FULL CONTROL over all files and directories on all NTFS partitions. This group represents the
Windows NT operating system and having it included allows such actions as creating a pagefile on a
partition and defragmenting all files. If you have no real restrictions on security, (if you leave
EVERYONE with FULL CONTROL for instance), then this is not an issue.
You could use Explorer to modify security settings globally on the partition/directories/files, but there
is a problem with this. This is in fact a destructive method of applying security settings, because it
replaces the existing settings; Explorer is fine for changing permissions in one directory or one file, but
it should only be used globally if you want to set all permissions on all files and/or sub-directories to
the same values. If you want to add or remove permissions without destroying the existing ones, you
need to use the CACLS command line interface executed from the root of the partition:
D:\>cacls/?
Displays or modifies access control lists (ACLs) of files
CACLS filename [/T] [/E] [/C] [/G user:perm] [/R user [...]]
[/P user:perm [...]] [/D user [...]]
filename Displays ACLs.
/T Changes ACLs of specified files in
the current directory and all
subdirectories.
/E Edit ACL instead of replacing it.
/C Continue on access denied errors.
/G user:perm Grant specified user access rights.
Perm can be: R Read
C Change (write)
F Full control
/R user Revoke specified user's access rights (only valid
with /E).
/P user:perm Replace specified user's access rights.
Perm can be: N None
R Read
C Change (write)
F Full control
/D user Deny specified user access.
Wildcards can be used to specify more that one file in a command.You can specify more than one user
in a command.
SPECIAL NOTE: You must be at the root directory level of the partition in question. Use this
command:
CD drive_letter:
CACLS * /e /t /g SYSTEM:F
SPECIAL NOTE: If you see this message: "Unable to perform a security operation on an object which
has no associated security" you are executing this from a FAT partition. ACLs are only used on NTFS
partitions.
The /e switch tells the CACLS command to EDIT the ACLs rather than REPLACE the existing
permissions, and the /t switch tells it to apply the edit to subdirectories. Any number of
ACCOUNT:PERM sets may follow the GRANT (/g) switch. As you can see from the above listing,
there is additional flexibility built into the CACLS command - its only limitation is the extent of
selections for PERM values.
You may also need to add SYSTEM to the drive itself. Do that through Explorer with these steps:
1) Start EXPLORER
2) Right click the partition in question
3) Click PROPERTIES
4) Click the SECURITY tab
5) Click the PERMISSIONS button
6) If SYSTEM is not listed, click ADD and select SYSTEM
7) Highlight SYSTEM
8) Set TYPE OF ACCESS to FULL CONTROL
9) Clear the REPLACE PERMISSIONS ON EXISTING FILES check box (it is checked
by default)
10) Click OK
CACLS is an excellent addition to your Windows NT toolbox. It can definitely pull you out a jam when
NTFS permissions are not set properly
I spend most of my day looking at remnants of files with mysterious extensions (e.g., *.waa *.me
*.abc). I've found that by placing a notepad.exe shortcut in my C:\WINNT\Profiles\All Users\SendTo
directory, I can view the file by right-clicking Send To. In addition, I have a multipurpose viewer that
views almost anything. I've added a shortcut to this in my C:\WINNT\Profiles\All Users\SendTo
directory.
One feature that many power users and administrators find annoying is CD-ROM AutoRun. Each time
you put a new CD into the drive, AutoRun kicks in and starts the CD's install program. While this may
be helpful to users who don't know how to use NT Explorer, it's of little value to most technical users.
To turn this feature off, simply add a REG_DWORD value named:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\AutoRun and set its value
to 0. The next time you slip a CD into your drive, you won't have to sit and wait as it tries to help you
install it.
Many people spend too much time looking at remnants of files with mysterious extensions (e.g., *.waa
*.me *.abc). By placing a notepad.exe shortcut in the C:\WINNT\Profiles\All Users\SendTo directory,
you can view the file by right-clicking Send To. In addition, if you have a multipurpose viewer, you can
add a shortcut to that viewer in the C:\WINNT\Profiles\All Users\SendTo directory.
Each user has a Favorites folder used by Internet Explorer and Microsoft Office to store shortcuts and
documents most often used.You might find it helpful to create a networked Favorites folder so all users
can see and use these favorite files.
In order to create a network Favorites directory, you must first create the directory and share it from
one of your file servers. Be sure to set the appropriate share and NTFS permissions. Next, on each
machine you want to use the network Favorites folder, change the value of
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell
Folders\Favorites from its existing path to the Universal Naming Convention (UNC) path of the new
folder. For example, the new Favorites directory could point to a shared Favorites directory on the
server Jupiter, which has a UNC path of \\Jupiter\Favorites. You may also want to make this change to
the HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell
Folders\Favorites value so each new user will also share the network Favorites folder.
Have you ever wanted to change a user's password stored in a local directory database without having
to visit the user's computer. Here's how you do it. Click Ctrl+Alt+Del and select the Change Password
button. In the Username box, type the username for the local account, and in the Domain text box, type
the computer name where the local account is held. Enter the appropriate Old Password, New
Password, and Confirm New Password. You should receive a message indicating "Your password has
been changed."This tip also applies to directory databases on domain controllers and is especially
useful if you want to change a password in a directory database that is outside your domain. A trust
relationship doesn't need to exist between the domains, and you don't have to be logged on with
administrator rights. This tip is also useful when users need to change their password outside the
allowed logon hours or when the password has expired and the user is not able to log on.
If you'd rather that Autoplaying CDs didn't, you can turn off the Autoplay facility by changing a setting
in the registry. Using REGEDT32, navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom. Here you will find an
entry called Autorun. Edit the entry by double-clicking on it and then changing the data field from 1 to
0. You will need to re-boot for the change to take effect. After you have made the change, if you do
want a CD to Autoplay, you can double-click on the CD icon in Explorer or My Computer. The
Autoplay will then run as if you had just put the CD in.
This command configures the server service and works on Windows NT Workstation and Server. The
command creates a dword value "hidden" with the value set to 1 in the Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
This parameter works with the server service, so you can still attach to shares on the hidden machine,
which is something that hiding a machine by stopping the server service wouldn't allow. And although
this change hides the machine, it doesn't mask the workgroup or domain. If you don't want a
suspicious-looking empty workgroup, you can put the machine in a group with other, visible members.
For more information on this change, including how to undo it, see Microsoft Support Online article
Q128167.
An easy way to reduce the administrative overhead of creating large numbers of user accounts is to
make template accounts for each type of user or area in your organization. Set the template accounts up
with all of the necessary file permissions, account restrictions and user rights. Then when you want to
create a new account, highlight the template user and press [F8], or select Copy from the User menu. If
you start the names of all your template accounts with an unusual character such as a dollar sign ($)
then they will always appear at the top of the list when you start User Manager.
Make sure that you type the number exactly and include the brackets. Now, when you click on the
Start button you should have a menu option called Control Panel. Click on the Folder Icon and a new
fold out menu will appear with all of the Control Panel icons on it.
POP3 is quick and simple to use. Employees can use just about any program to retrieve e-mail
remotely. The disadvantage is that unless users set the option to leave messages on the server, their e-
mail client won't be in sync with the computer on their desk.
IMAP helps keep remote and local desktops in sync by downloading only the message headers to the
remote desktop unless users specifically download the messages themselves. The disadvantage of
IMAP is that it can be slow over a dial-up link, due to the extra work it's doing in the background to
keep everything in sync. To operate offline with IMAP (without a live connection to your Exchange
server), users will have to download all messages to be viewed.
If your company doesn't want to deal with supporting remote client problems, your users can use a
standard Web browser. If they do, they will be able to reach their mailboxes from just about any
computer.
By default, Windows NT posts an alert when the amount of free space remaining on your hard disk
falls below 10 percent. To alter this behavior, you need to edit a Registry key. Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters and
add the value DiskSpaceThreshold with a type of REG_DWORD. Set this value to the percentage of
free disk space remaining before the OS sends an alert. The allowable range is 0 to 99 percent.
CHANGING LOCAL PASSWORDS EASILY
Want to learn a neat way to edit the local PCs SAMs? Go to the User Manager menu for Domains, and
choose Select Domain. You typically use this setting to edit other PDCs in other domains, but if you
type \\computername in the same field you would usually enter the domain name, you will be editing
the local SAM database on that PC and you can change passwords, add local groups, and more.
Try this one on your PDCs and BDCs because this shortcut is much faster than Server Managers'
kludgy interface:
You can add your favourite applications to the Send To menu Windows NT displays when you right-
click on a file. Just create a shortcut to the application and drop it in the %systemroot
%\profiles\username\sendto folder where "username"is the user name. For example, if you frequently
use Microsoft Word, you can add it to your Send To menu. When you right-click on a file, you can then
send the file to Word.
Note: The Send To folder is usually hidden, so make sure you set your folder options to show all files
(Explorer | View | Folder Options | View | Hidden Files | Show All Files in Windows NT 4.0).
Now check the ADD/REMOVE PROGRAMS box again. The entry should be gone; however, this
procedure will not remove the program.
By default, Windows NT displays its logo (either Windows NT Server or Windows NT Workstation)
behind the Logon dialog box. You can change this graphic by editing the Registry. You might want to
change this graphic if you want to have Windows NT display your company's logo instead of the
default logo.
To change the graphic, begin by starting Registry Editor. Access the key
\HKEY_USERS\.DEFAULT\Control Panel\Desktop. In the right- hand pane, double-click on the
Wallpaper value. By default, Microsoft displays the data in the Wallpaper value as (Default) which tells
your computer to display the Windows NT logo. To change this value, type in the path and name of the
bitmap file you want to display instead. For example, to display a file named "logo.bmp" that you've
stored in the c:\winnt folder, you would type c:\winnt\logo.bmp. (Note: Whatever graphic you want to
use will need to be in the bitmap format.)
Q: I'm doing capacity planning. How can I determine the average bandwidth used by Windows NT
Server 4.0, Terminal Server Edition clientsessions?
A: Although Microsoft claims that each terminal client session will use 2-6Kbps of network bandwidth,
I have found that this estimate isn't always accurate. To get a more accurate picture of how Terminal
Server sessions will affect your network, you can use Network Monitor in conjunction with
Performance Monitor. First, install the Network Monitor Tools and Agent in the Services tab of the
Network Control Panel. This will add the Network Segment object to Performance Monitor (the other
object you'll need--Network Interface--should already exist as it installs with TCP/IP).Monitor the
%Network Utilization counter of the Network Segment object to track the total bandwidth being used
on the network segment where the terminal server is. The Network Interface object's Bytes
received/second and Bytes total/second counters provide the total bytes received or processed
(respectively) by the server's adapter. If possible, use the version of Network Monitor that comes with
Systems Management Server (SMS) or a third-party software product such as Data General's NetXRay,
not the NetMon that comes with NT or Windows 2000(Win2K). NT's NetMon can only monitor the
traffic to and from its own adapter, and I've found this version's % Network Utilization counter to be
unreliable at times, especially on Fast Ethernet and 100Mbps networks.
In a previous tip, we showed you how to turn off the AutoRun feature permanently on your server by
editing the Registry. You can selectively prevent Windows NT from running the AutoRun on a CD-
ROM by holding down your computer's [Shift] key whenever you insert a new CD into your drive.
Windows 9x
command.com /k cd "%1"
or
Windows NT
cmd.exe /k cd "%1"
Now right-click a folder, and the new option of "Open Command Prompt..." should be available.
If you've ever clicked the Shutdown button by mistake (and then had to suffer through waiting for your
computer to reboot), here's a cool tip. Once you've started the Shutdown process, but before you see the
small window, which shows the status of the Shutdown, press [Ctrl][Alt][Delete]. You'll then see the
Windows NT Security dialog box. Click Logoff, and Windows NT will simply log you off rather than
shutting down your server.
You can configure a Windows NT-based computer with the information it needs to automatically log on
as a specific user rather than prompting for a username and password. Although this can be a security
risk on a work computer, you might use an automatic logon on your home computer. You configure an
automatic log on by editing your computer's Registry. Begin by making sure that the DefaultUserName
value contains your username (or the user you want to use for the automatic logon). This value is stored
below the HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon
key. Next, add the following values (replace "password" with your username's password):
AutoAdminLogon REG_SZ: 1
DefaultPassword REG_SZ: password
If you're using Novell's Client32, you'll also need to add the following values to the
HKEY_LOCAL_MACHINE\SOFTWARE\NOVELL\NWGINA\ Login key:
If you've upgraded your Windows NT computer to Service Pack 4, you might notice that Windows NT
uses a longer grace period before prompting you for a password whenever the screen saver is activated.
You can change this grace period by adding a value to your computer's Registry. In Registry Editor,
access HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. Add
the value ScreenSaverGracePeriod with a data type of REG_SZ. In the Data Type text box, type the
number of seconds to which you want to set the grace period. By default, Service Pack 4 sets the grace
period to five seconds. You can set it to a number from 0 to 2,147,483 seconds.
If you find that you frequently open a Command Prompt window and change to a specific directory,
you can add the Command Prompt to your shortcut menu. This option enables you to right-click on a
folder within Windows NT Explorer and choose the Command Prompt--which opens a Command
Prompt window with that folder as your active directory.
Begin by creating a batch file. For example, you could create a batch file named StartPrompt.cmd. Add
the following commands to your batch file:
@echo off
cd /d %1
Title %~f1
Save this batch file to your Windows NT root directory (which is usually C:\WINNT). Next, open
Windows NT Explorer. Choose View |Options to display the Options dialog box. Select the File Types
tab. In the list of Registered File Types, select Folder then click Edit. Next, click New to display the
New Action dialog box. In the Action text box, type Command Prompt. In the Application Used To
Perform Action text box, type:
Click OK to close the New Action dialog box, then click Close twice. Open Windows NT Explorer,
then right-click on a folder. You should now see a new option called "Command Prompt" on the
shortcut menu. If you choose this option, Windows NT opens a new Command Prompt window with
the selected directory as your current directory
If you need to connect to an ftp server that uses a non-standard ftp port, you can't simply connect to the
server by using the ftp client utility. Instead, you must connect by performing the following steps:
Replace ftp_site with the name of the ftp server to which you want to connect (such as
ftp.company.com). Replace port_number with the port number assigned to the ftp server.
Have you ever wanted to prevent users from changing their drive mappings? If so, you can prevent
Windows NT users from mapping new drives or disconnecting their existing drives by modifying the
Registry. Begin by accessing the Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer. Next, add
the value NoNetConnectDisconnect with a data type of REG_DWORD and a value of 1. This value
removes the Map Network Drive and Disconnect Network Drive from the menu in Windows NT
Explorer and from the shortcut menu displayed when users right-click on the Network Neighborhood
icon.
(Note: Your users must be using Windows NT with Service Pack 2 or later to support this setting.)
If you have a service or device driver that you want to remove, in Control Panel /Services or /Devices,
locate the service or driver and Stop it (if it is started). If it won't STOP, configure StartUp as Disabled
and reboot. In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services, locate the object,
highlight it, and delete it.
By default, Windows NT doesn't enable the [NumLock] key when a user first logs on to a Windows
NT-based computer--and even if the user turns on [NumLock], Windows NT turns it off again
whenever the user logs off if he is not a member of Administrators. You can make the [NumLock] key
stay on for non-administrative users by editing the Registry.
Note: You must either log on as the user or have the user log on and edit their Registry remotely. To
turn on the [NumLock] key, set the following Registry value to 2: HKEY_CURRENT_USER\Control
Panel\Keyboard\InitialKeyboardIndicators
By default, Windows NT sets the InitialKeyboardIndicators value to 0 (which turns the [NumLock] key
off). You can turn on the [NumLock] key in the default profile so that all new users who log in to a
computer have NumLock enabled by setting the following Registry value to 2:
HKEY_USERS\.DEFAULT\Control Panel\Keyboard\InitialKeyboardIndicators
Deleting a folder and its contents in Windows NT
If you want to delete a folder, including all files and folders within the folder, you can use the rd
Command Prompt utility. (This command is very similar to the DOS deltree command.) To delete a
folder and all of its contents, type the following:
rd x:\folder /S
Replace x:\folder with the drive letter and name of the folder you want to delete. If you don't want rd to
verify that you really do want to delete the folder and everything below it, you can type the following
commandz
rd x:\folder /S /Q
Adding the /Q parameter runs rd in "quiet" mode--which means you won't be prompted to confirm the
deletion of the folder and its contents. (So be careful!!)
If you want to have a common Favorites folder for all users on your network:
1. Create a folder on a network share and set the share and folder permissions appropriate to your
environment.
2. Use Regedt32 to navigate to each user's
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell
Folders
3. Double-click the Favorites value name and set the String to the UNC path to the common
Favorites share. Example: \\ServerName\FavShrNm. To verify that this worked, start Internet
Explorer (IE) and click Organize Favorites on the Favorites menu.
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/
Once you have configured a primary time server to set its time by
the Atomic Clock, you can configure your other Windows NT-based
computers to set their clocks by the primary time server by using
the net time command or by installing TimeServ as a service on
their computers. If you use the net time command, you'll need to
permit Domain Users to change the date/time on those computers by
modifying User Rights in User Manager for Domains. If you use
TimeServ to set their clocks, you'll need to edit the timeserv.ini
file to indicate that the client obtains its time from your primary
time server.
One of the Windows NT Resource Kit utilities, TimeServ, enables you to configure your Windows NT-
based computers (running Windows NT version 3.5 or later) to synchronize their clocks either by
modem or over the Internet. TimeServ enables you to configure a computer to synchronize its clock
with a number of different time sources including the National Institute of Standards and Technology's
Atomic Clock. Before you use this utility, make sure you download the latest version of it from
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/
Microsoft has documented a bug with the version of timeserv.exe that originally shipped in the
Windows NT Resource Kit. You should configure one computer on your network to act as a primary
time server by having it synchronize its clock with an official time server. You can then configure all of
the other computers to set their time via your primary time server. To install TimeServ on your primary
time server, log on as a user with administrative privileges and copy timeserv.exe and timeserv.dll to
your server's \%SystemRoot%\System32 folder. (For example, if you installed Windows NT Server to
C:\WINNT, you should copy these two files to C:\WINNT\SYSTEM32.) Next, Copy the file named
timeserv.ini to \%SystemRoot%. Finally, start TimeServ by running either timeserv - automatic or
timeserv - manual from the command prompt. (If you use the automatic parameter, Windows NT will
automatically restart the service whenever you reboot your server. If you use the manual parameter,
you must manually restart the TimeServ service yourself.) Note: By default, the timeserv.ini file
configures your computer to dial the United States "atomic clock." In addition, it assumes that your
computer is using a standard modem on COM1 and doesn't dial a PBX prefix (such as 9). If you want
to configure your computer to use different settings, you'll need to edit the timeserv.ini file to reflect
those settings. You'll find detailed instructions on how to edit the timeserv.ini file in the TimeServ
documentation (TimeServ.htm) included with the Resource Kit. Once you have configured a primary
time server to set its time by the Atomic Clock, you can configure your other Windows NT-based
computers to set their clocks by the primary time server by using the net time command or by installing
TimeServ as a service on their computers. If you use the net time command, you'll need to permit
Domain Users to change the date/time on those computers by modifying User Rights in User Manager
for Domains. If you use TimeServ to set their clocks, you'll need to edit the timeserv.ini file to indicate
that the client obtains its time from your primary time server.
In a previous tip, we explained that you can press the Windows key along with the letter "E" to launch
Windows NT Explorer with all drives collapsed. We've since found other uses for the Windows key
including:
Administrators commonly disable browsing on public terminals by defining a system policy that
revokes user access to Windows Explorer, the Run command, and the Find command. But even after
you've removed Explorer, users can access disabled features using shortcuts with the Microsoft
Windows logo key (e.g., logo key+E). Here's a quick script you can use with the Microsoft Windows
NT Server 4.0 Resource Kit utility regini.exe to disable the right and left Windows logo keys and lock
down your public or high-security systems. Create a file with an .ini extension, enter the commands
below, and run the script by entering its full name (e.g., nologoskey.ini) at a command prompt. You
must reboot the system to disable the Windows logo keys. Of course, you can also make these
modifications manually with a Registry editor and reboot.
The KeepRasConnections value entry in the Registry's Winlogon key controls whether RAS maintains
active connections after a user logs off. If you want your dial-up or VPN connections to remain live, go
to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, add
the value entry KeepRasConnections: REG_SZ: 1, and reboot. This entry doesn't typically appear in
the Winlogon key; you must create it with a Registry editor. See Microsoft Online Article Q158909
(http://support.microsoft.com/support/kb/articles/q158/9/09.asp) for more information.
Default Windows NT configuration gives guests the ability to view event logs (system and application
logs). The security log is protected from guest access by default; it's viewable by users who have the
"Manage Audit Logs" user right. To restrict guest access to the event log files, use the Registry Editor
to open the key \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\.
For each [LogFileName] add (or change) the key value as follows:
RestrictGuestAccess
data type: REG_SZ
value: 1
Set the value for each of the logs to 1. The change takes affect on the next reboot. Needless to say,
you'll have to change the security on this key to prevent access to everyone except Administrators;
otherwise, malicious users can reset these values.
When you install certain applications such as WinZip, they add choices to your shortcut menu in
Windows NT Explorer. (You get the shortcut menu whenever you right-click on a folder or file.) You
might find that if a program doesn't uninstall properly that you'll need to manually remove these menu
choices. While removing menu choices from the SendTo folder is easy (simply delete the shortcut from
the SendTo folder below your profile), removing other options isn't quite as easy. If you find that you
want to remove menu choices from your shortcut menu, you can do so by editing your Registry. Begin
by accessing the Registry key HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers. Within the
ContextMenuHandlers key, you should see a key for each of the menu options added to your shortcut
menu. If necessary, delete the keys that correspond to the menu options you want to remove.
If you find that you frequently access computers that aren't in your domain or workgroup, you can add
shortcuts to those computers in your Network Neighborhood folder. Windows NT displays only the
computers in your domain or workgroup in the top-level of the Network Neighborhood. To add a
shortcut to another computer to your Network Neighborhood, begin by double-clicking on the Network
Neighborhood icon on your desktop to open the folder. Next, from the Start menu, choose Find |
Computer. In the Named text box, type the name of the computer you want to create a shortcut, then
click Find Now. When you see the computer name, right-click and drag it to your Network
Neighborhood folder. From the shortcut menu, choose Create Shortcut(s) Here. You'll now have a
shortcut to that computer in your top-level Network Neighborhood folder--even if the computer is in a
different domain or workgroup.
I have a quick tip that might be helpful. If you need to replace a DLL that the system is currently using,
you won't be able to remove or rename the DLL using Windows Explorer; however, you can remove or
rename it using the command line. First, copy the new DLL to the correct location (e.g., xxx.dll_new).
Then, replace the current DLL using the following syntax:
Reboot the machine. Upon startup, the system will be using the new DLL. You should always keep the
old DLL in case of any problems on startup.
If you hold down the Shift key when you insert a CD-ROM, the AutoPlay feature will be disabled.
This is advantageous when upgrading an application such as Diskeeper which requires that the original
CD-ROM be inserted. If the original CD-ROM AutoPlays, you may accidentally reinstall the original
instead of the upgrade.
If you hold down the Shift key when logging on, any program that is in the Startup folder will not
automatically start. This is useful when you are troubleshooting, or any other time you do not want to
wait for any automatic program startups.
If you press Tab while holding down the Alt key, a list of icons for your open applications will appear,
with a frame around one. (Keep holding down the Alt key to continue to view this list; releasing the
Alt key causes the framed application to become the current window). Pressing the Tab key again,
while still holding down Alt, will move the frame to the next icon. Holding down Shift while you press
Tab (still depressing the Alt key) moves the frame in the other direction. As noted above, when you
release the Alt key, the application represented by the icon currently in the box will become the current
(top) window. If the application is minimized, it will be expanded.
With several applications open in windows on your desktop, Alt-Esc brings up the next application, and
Alt-Shift-Esc brings up the previous one. (Note that this won't work with minimized windows). If you
only have a few applications active, this can be faster than using Alt-Tab.
Print Scrn will put a snapshot of the entire screen into the Clipboard; "Alt-Print Scrn" will save only
the active window. After capturing the snapshot, open Paint (or your favorite graphics editing
program) and Paste the snapshot into a new file. Use "File/Save as" to save the image. This tool can
be invaluable when communicating a problem to Tech Support, as it shows us the exact error message
displayed.
In Windows NT Explorer and in Microsoft Outlook, if you select a folder then press "*" on the numeric
keypad (Num Lock can be on or off), the entire tree of sub-folders under the selected folder will be
expanded. Pressing "-" on the keypad will collapse the tree again. However, if you now click on the
"+" by the folder name, the entire tree will appear again. To go back to the default of displaying a
folder's immediate sub-folders only, you must either click each "-" individually, or exit Windows NT
Explorer or Microsoft Outlook and then re-open it.
You can open the Start menu by pressing Ctrl-Esc; Ctrl-Shift-Esc will open Task Manager.
If you print a lot of documents, try "drag-and-drop" printing. Select Control Panel / Printers, then click
and hold the printer you usually use and drag it to the desktop. Now you can drag a file from Windows
NT Explorer (or Microsoft Outlook or any similar file list) and drop it on the printer icon. If it's a
printable file, it will print.
Your Interface
There are many ways to set up the interface between you and your computer. Each has advantages and
disadvantages, so the only advice we can give is try different things and use what suits you. I make
shortcuts to all of my commonly used programs and drag them to the desktop, then use the Microsoft
Office suite Desktop toolbar. I keep it "Always on Top" and "Auto Fit into Title Bar area". The
applications I want to keep open, such as Microsoft Outlook, are accessible from the Taskbar. The rest
I access from the Microsoft Office Toolbar and close when I'm finished.
Did you know you can set a shortcut to open a program in the size window you prefer? Highlight and
right click the shortcut. Click Properties, select the Shortcut tab and pull down the menu in the Run
field. Here you will find MINIMIZED, NORMAL WINDOW and MAXIMIZED. The default is
NORMAL WINDOW.
Within the same shortcut tab, you will see a field called SHORTCUT KEY. Select that and type in any
key you like. This will cause the shortcut to be called when ever you select Ctrl + Alt + the key you
selected - instant hot key! Be aware that if you use that same key again in another shortcut, it no longer
will point to the previous one; one key per shortcut.
If you don't like having shortcuts on your desktop, you can put any shortcut you like into your Start
menu:
a. Create a shortcut to any program you will use by selecting the .exe file in Windows NT Explorer,
right clicking and selecting CREATE SHORTCUT.
Viola, you have loaded your shortcut into the start menu!
You may want to set the TASK BAR PROPERTIES to SHOW SMALL ICONS ON START MENU if
you have a lot of shortcuts in there:
a. Right click on an unused area of the task bar (usually at the bottom of the screen).
b. Select PROPERTIES.
To create a file containing your user and group accounts, usethe following syntax:
For example, to export the users from a computer named sales_server to a file named users.txt, you
should use thefollowing syntax:
Once you've created an export file containing your users and groups, you can then import it into a
server by using the following syntax:
For example, if you want to import the file named users.txt into a server named acctg_server, use the
following syntax:
The best way to open a command prompt in a selected folder in Explorer is to add a context menu
option to folders that will then open a command prompt at the selected folder.
Use regedit.exe to browse to HKEY_CLASSES_ROOT\Folder\Shell. Add a new key (using the Edit
menu) called MenuText. Double-click the default of this new key and enter the text you want to display
when you right-click a folder (e.g. "Open Command Prompt").
Select the key MenuText and add a new key under it called "Command." Double-click the default of
this key and enter <system dir>\system32\cmd.exe /k cd "%1"--where system dir is your system
directory (e.g., c:\winnt). Close the Registry editor.
You don't have to reboot the machine for this to work. Now, when you select a folder in Explorer and
right-click, a new option in the menu called Open Command Prompt takes you to the currently selected
folder.
LOGON CREDENTIALS
Windows NT's default configuration caches the last logon credentials for a user who logs on to a
system interactively. This feature is provided for system availability reasons, such as a situation in
which the user's machine is disconnected or one in which none of the domain controllers is online.
Even though the credential cache is well protected, in a highly secure environment, you may want to
disable this feature. You can do so by setting the following Registry key:
Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: CachedLogonsCount
Type: REG_SZ
Value: 0
Hive: HKEY_LOCAL_MACHINE\SOFTWARE
Key: \Microsoft\WindowsNT\CurrentVersion\Winlogon
Name: AllocateFloppies
Type: REG_SZ
Value: 1
To allocate CD-ROMs during logon, use the Registry Editor to create or assign the following
Registry key value:
Hive: HKEY_LOCAL_MACHINE\SOFTWARE
Key: \Microsoft\WindowsNT\CurrentVersion\Winlogon
Name: AllocateCDRoms
Type: REG_SZ
Value: 1
If the value does not exist or is set to any other value, disks or CD-ROM devices will be available on
the system for all processes to use. The value you set will take effect at the next logon. If a user is
already logged on when this value is set, it will have no effect for that log on session. For the device(s)
to be allocated, the user must log off and log on again.
Note: NT lets all users access, read, and write to any tape in the drive. In general, this access is not a
concern because only one user at a time is interactively logged on. However, in rare instances, a
program that a user starts can continue to run after the user logs off. When another user logs on and
puts a tape in the tape drive, the first program can transfer what might be sensitive data from the first
tape to the second tape. If this is a concern, restart the computer before using the tape drive.
When you're ready, begin by choosing Start | Run. Type regedit in the Open text box, and then click
OK to start Registry Editor. Next, you'll need to navigate to the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Network key.
Create a new value in this key by choosing Edit | New | DWORD Value. In the New Value #1 text box,
enter DisablePwdCaching. Double-click on the DisablePwdCaching value to open the Edit DWORD
Value dialog box, and enter 1 in the Value Data text box. Click OK; you should now see this value in
the right-hand pane of Registry Editor. Your last step is to close Registry Editor and restart your
computer.
1. Copy the DLL(s) in question into the same directory as your application.
2. Create an empty text file using Notepad. Save it with the name: <app>.exe.local (replace <app> with
the name of the .exe file for your program)
Run the program as usual. The dummy <app>.exe.local file acts as a flag and causes Win2K to load the
copy of the DLL from the local directory instead of from the Windows/System32 directory tree.
A: Although "act of God" failures will always be a problem for computers, you're in luck: Microsoft
has included a new tool in Win2K Pro called the System File Checker. It's designed to check the files
on your system for data corruption, improper versions, and missing files. If the System File Checker
finds any questionable files, it will replace the file with a known good copy.
Launch the System File Checker by running sfc.exe from a Win2K command prompt. You'll see
several options; you'll probably want to choose the /SCANNOW option to immediately scan your
system. Sfc.exe checks every protected file on your system (most .sys, .dll, .exe, .ttf, .fon, and .ocx
files). If any of the protected files on your system are missing, corrupt, or an incorrect version, SFC
retrieves a replacement from the cached copy in the folder %systemroot%\system32\dllcache, or from
your Win2K Pro CD-ROM. If this process doesn't correct your situation, your problems are probably
application specific, and you need to reinstall your third-party applications. Good luck!
ADJUSTING scrolling with a wheel mouse
If you've made the move to a wheel mouse, you know just how handy using the wheel to scroll through
Office documents and Web pages can be. By default, wheel mice move up or down three lines for each
notch you roll on the mouse wheel. While you can adjust this setting within the software that came with
your mouse, you'll typically be able to choose between the following settings: 3 Lines, 6 Lines, Screen,
and None. If you have one of the larger monitors and are using a high resolution setting, you'll
probably find that you'll want to use a setting other than these. You can fine-tune how far your mouse
scrolls with each one-notch rotation by editing the following Registry value:
\HKEY_CURRENT_USER\Control Panel\Desktop\WheelScrollLines
You can set the WheelScrollLines to a value from 0 to 4294967294. A value of 0 disables scrolling
altogether, and 4294967294 configures your mouse to scroll one page with each one-notch rotation.
1. Launch regedit.
2. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon.
3. In the right pane, right-click and create a new string value EnableQuickReboot and set the text string
to 1.
4. Exit regedit and reboot.
Some descriptions of this process indicate that it writes an unexpected event shutdown message to the
system log. When I tested the procedure while writing this tip, it generated no system log message.
Remember, if you have open applications with unsaved data, you'll lose that data if you enable this
feature.
If you've defined a dial-up network connection on your system, you can use this command to
automatically log on, assuming you've saved the username and password information associated with
that dial-up connection. For example, if you have a dial-up networking connection called "Earthlink,"
you simply type "RASDIAL Earthlink" on a command line to remotely log on to the network. From
there, you can build a batch routine to copy files from one location to another, do an FTP file transfer,
or perform other functions. After you complete your transactions, disconnect your system with the
following command:
RASDIAL <pre-defined ras entry name> /DISCONNECT
CHANGE THE DEFAULT LOCATION OF THE PROGRAM
FILES DIRECTORY
If you're like a lot of Windows power users, you have more than one drive installed on your computer.
And I'm willing to bet that your location of choice for installing new applications isn't the same drive
that hosts your system files. So every time you install a new application, you have to edit the path so
the application doesn't install itself in the local Program Files folder. If you want to change the default
location to another drive or directory, you can perform a simple registry edit.
Even though passfilt.dll is included in Service Pack 2 and later, it isn't active until you install it. You
install it by completing the following steps:
1. Open Regedit.
2. Open
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-
BFC1-08002BE10318}\0000.
3. Open the Edit menu, and select New | DWORD Value
4. Name the new value EnableUDMA66.
5. Set the data value to 1.
6. Close Regedit and reboot.
MSIEXEC starts the Windows Installer service. The /f switch informs the Windows Installer service
that you want to repair a product. The e option next to the /f switch tells the Windows Installer service
to reinstall missing files or tells it whether an equal or older version is installed. A number of options
are available for the /f switch, including:
The packagename.msi file is the .msi file for the application that you want to repair, such as Office
2000.
You might still have application problems, but with the ability to easily repair them, you shouldn't have
as much of a problem in the future.
Windows NT's Performance Monitor Counter lets you know if your hard drive is too slow. Before you
can run the disk counter, you must activate the physical and logical disk counters. To do this, you must
be logged on as a member of the Administrators group.
At the command prompt, type diskperf to view a Help document about how to turn diskperf on and off.
(Type diskperf -y to set the system to start disk performance counters.) This will also show you whether
the disk performance counters have already been activated. Restart the computer to activate the disk
performance counters.
Let this counter run for several days. A value greater than 20 KB indicates that the disk drive is
generally performing well; low values result if an application is accessing a disk inefficiently, and you
should consider replacing it with a faster drive.
PERSONALIZED MENUS
The Personalized Menus in the new Microsoft products can be infuriating. You can use the following
steps to disable them:
To turn off Internet Explorer's (IE's) Close Unused Favorites folders in Win2K, change "yes" to "no" in
the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FavIntelliMenus
You can disable COM port checking by modifying the boot.ini file. Windows NT uses this file during
the boot process. Begin by opening Windows NT Explorer and accessing C:\. You'll find the boot.ini
file in this folder. Because this file is automatically configured with the Read-Only and Hidden
attributes, you won't be able to see it unless you've configured Windows NT Explorer to show hidden
files. (If you don't see the file, choose View | Options. Select Show All Files, and uncheck Hide File
Extensions For Known File Types. Click OK.) Next, you'll need to remove the Read-Only attribute
from the boot.ini file by right-clicking on it and unchecking Read-Only.
You're now ready to edit the file. Double-click on boot.ini-and Windows NT will automatically open
Notepad and the boot.ini file. To disable the checking of your serial ports, add /NoSerialMice to the end
of each line you see in the [operating systems] section of the boot.ini file. Finally, save the file and
close Notepad. Windows NT will no longer attempt to automatically detect devices on your computer's
serial ports.
Typing "runas" at the command line returns these instructions for its use:
RUNAS USAGE:
RUNAS [/profile] [/env] [/netonly] /user:<UserName> program
Examples:
> runas /profile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""
This will give it some color in the background. Now change the width andheight values from 100% to,
say 50%.
<div align=right><object ID="DISystemMonitor1" WIDTH="50%" HEIGHT="50%"
Reset the wallpaper selection and voila--you're all set. You can still right-click the other parts of the
desktop to access context menus."
1. Right-click on the Start menu and choose either Explore or Explore All Users. Choosing
Explore All Users enables you to modify the shortcuts that are the same for all users on your computer.
2. Browse your Start menu's folders until you find the shortcut for the application for which you
want to assign hotkeys (or create the necessary shortcut).
3. Right-click on the application shortcut and choose Properties.
4. Click in the Shortcut Key text box, and then press the combination of keys you want to use as
your hotkeys for that application. (Note: Windows NT automatically forces your hotkeys to include
[Ctrl] and [Alt].)
5. Click OK to close the Properties dialog box for your application.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
There are quite a few values here, but we're concerned with only three of them:
AllocateFloppies
AllocateCDRoms
Allocatedasd
With AllocateFloppies and AllocateCDRoms, the default value is 0, which lets all users access the
device. Changing this value to 1 lets only locally logged-on users access the removable disk or CD-
ROM. To enable this restriction, you also need to delete the administrative shares that are created by
default.
Allocatedasd (DASD is an old mainframe term for Direct Access Storage Device--a hard drive) has
three possible values to control access:
- 0 Only members of the computer's Administrator group.
- 1 Only members of the Administrator and Power Users groups.
- 2 Only members of the Administrator group and the local current user.
If you add a folder to your SendTo menu, you can then send a file to this folder simply by right-
clicking on the file, choosing SendTo | shortcut_name. Note that when you "send" a file, you're actually
moving that file. If you want to copy the file instead of moving it, hold down the [Ctrl] key when you
choose the folder name on your SendTo menu.
You can use any of the following techniques to run a 16-bit application in a separate memory pool:
--Choose Start | Run. In the Open text box, type the name of the 16-bit application you want to run (or
browse for the appropriate file). Before you click OK to run the application, check Run In Separate
Memory Space.
--On your desktop, create a shortcut to the 16-bit application. Modify the properties of the shortcut.
Select the Shortcut tab, then check Run In Separate Memory Space. Make sure you save your changes
to the shortcut.
--Open a Command Prompt window. Run the 16-bit application by running the command start
/separate <application_name>. For example, if the name of the executable file for your 16-bit
application is wpdos, you would start it from the command prompt by running the command: start
/separate wpdos.
REGISTRY TWEAK
Here's a little registry tweak that lets you right-click a file without an extension, or a file that doesn't
have a program associated with it. The registry gives you a menu option that lets you open the file with
Notepad, and you don't have to see the "Open With" window.
Navigate to HKEY_CLASSES_ROOT\Unknown\Shell.
Add a new Key named Open With Notepad. Open the new key.
Add another new key named "command."
Add string REG_SZ and make the value "c:\windows\notepad.exe %1" for Windows 9x and
"c:\winnt\system32\notepad.exe %1" for Windows 2000 and Windows NT.
By default, Windows NT workstations cache the last ten sets of logon credentials received from a
domain controller. This reduces the number of times a workstation has to contact a domain controller
for verification of a logon request, and it often makes it possible to log on to a domain even when the
domain controller isn't available on the network.
There's a registry tweak you can employ if you want to prevent these credentials from being cached.
Using Regedt32, add a REG_SZ value named CachedLogonsCount beneath the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon subkey.
Set its value to 0 to prevent any caching, or to the number of cached credential sets you're willing to
allow. This edit will work with Windows 2000 Professional as well.
If you have Windows 2000 DNS secondary, they will get the change immediately thanks to update
notification. If you have non-Windows 2000 secondary, you may need to force a zone transfer to
propagate the change throughout your network.
Little changes like this in Windows 2000 can be very frustrating if you are not aware of them.
Hopefully, this tip will help to reduce a Windows 2000 gotcha that you may have been experiencing.
dir c:\ && Echo Drive Exists || Echo Drive Doesn't Exist
displays the listing followed by 'Drive Exists' when used with a defineddrive letter, and displays 'Drive
Doesn't Exist' when used with anundefined drive letter."
For this procedure to work properly, the first command on the line must have some way to indicate to
the system whether it succeeded or failed. Simple commands, such as DIR, will work correctly, but not
every command-line program behaves in the same manner; you'll have to try the procedure on your
own commands to see whether it works. For the commands that work, this is a great capability.
1. Open regedt32.
2. Go to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
Policies\Explorer.
3. Using the Edit menu, select Add Value and create a value named StartMenuLogOff with a data type
of REG_DWORD.
t. Set the value of the entry to 1 to enable it.
The first thing I do with a new laptop or desktop is clean out all the applications and installation
routines that the hardware manufacturer preloaded on the system. The task is annoying and time
consuming, but not difficult. What's even more annoying is how many little (useless) tools
automatically load themselves into my system tray.
Unloading items from the system tray can be tricky, depending on how well the application vendor
wrote the software; some application developers want you to see their product's icon all day long, so
they make removing it difficult. But system tray icons take up memory, so if they don't serve a purpose,
I recommend you remove them. Here's how:
1. Check the program. Sometimes, if you right-click a system tray icon, it lets you unload it and never
have it load again. My compliments to software vendors who follow this user-friendly standard.
2. Check your startup folders. Right-click your Start button, and select Open. Navigate to Programs,
Startup. Look for any icons in the start up folder. If you don't want a program to load at startup, remove
the icon by either deleting the icon or moving it somewhere else. Repeat the process for the "Open All
Users" option.
3. Check the registry. This approach is a bit trickier. Back up your registry, run regedit.exe, and
navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
Anything in this key runs at startup. Delete items carefully here because some items might be necessary
for your system to function correctly. Always note the command-line value for each entry you delete, in
case you need to add it back.
4. Check .ini files. Some old software programs still follow this standard. Before the registry existed,
Windows used .ini files to store configuration information, including which programs should load at
startup. For backward compatibility purposes, these files are still maintained today. Using Notepad,
open %SystemRoot%\win.ini and %SystemRoot%\system.ini, and look for any load= or run=
statements. If you see those statements, with references to programs, try removing the statements.
Again, remove them carefully because some files might be necessary for the proper operation of your
system.
Alert reader Claude Turner caught a few additional registry keys that slipped past me:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\IniFileMapping\Win.ini, System.ini; and winfile.ini"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\Run
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\Load
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinLogon\ParseA
utoexec (If you set this value to 1, commands in the autoexec.bat file will run.)
So, that's about eight different places that Microsoft lets vendors hide system tray icons that come up at
startup. Again, each of these icons takes resources (memory) from your system, so if you don't want
'em, clean 'em out!
If you follow the above methods, you can remove most of the clutter from your system tray. Your
boot times will be quicker because Windows doesn't need to load all of the extra items, and you'll have
more usable RAM in your system.
If you don't specify a path, FIND searches the text typed at the prompt or piped from another
command.
FIND is very fast, and it's useful if you're looking for a simple expression in a known group of files.
But when I need a complex search that lets me search entire directory trees for files that contain
something I can't quite remember (the "I know it said something like xxx" search), I use the FINDSTR
command:
FINDSTR [/B] [/E] [/L] [/R] [/S] [/I] [/X] [/V] [/N] [/M] [/O] [/P]
[/F:file] [/C:string] [/G:file] [/D:dir list] [/A:color attributes]
[strings] [[drive:][path]filename[ ...]]
Use spaces to separate multiple search strings unless the argument is prefixed with /C. For example,
"FINDSTR 'hello there' x.y" searches for "hello" or "there" in file x.y. "FINDSTR /C:'hello there' x.y"
searches for "hello there" in file x.y.
For more information about FINDSTR regular expressions, refer to the online Command Reference.
I usually create a FINDSTR search using Notepad and save it as a batch file with the results
redirected to a file that I can then search through. This approach lets me create very complex string
searches to sort through the hundreds of Word documents I've stored in multiple folders in the same
directory tree. When you've been writing for a living as long as I have, this search can be incredibly
useful.
So, if you're a Web developer, writer, or anyone that works with lots of text files and document files
(though all of these commands can also search for text in binary files), I'm sure you'll find these
command-line options useful.
Hide Control Panel applets from local Administrators
When faced with this management dilemma, a system administrator can give users Administrator rights
to their systems, but hide the functions that can get them into trouble. Here's a tip that lets you hide
Control Panel applets. The applets are still on the system, and users can access them from the command
line, but by hiding them, you prevent users who are just playing around with the system configuration
from easily doing damage to their system setup. You can make these changes using System Policies,
but you can also implement them directly in the registry.
1. Launch regedt32.
2. Open
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
3. Add the REG_DWORD value DisallowCPL, and set the data value to 1.
4. To hide an applet, add a REG_SZ key named DisallowCPL with a value formatted like so:
- 1REG_SZ access.cpl
- 2REG_SZ appwiz.cpl
This approach only hides the icons; it doesn't restrict access to the applets from the command line.
This approach places the ICQ button on the IE 5.0 toolbar and tools menu. If the button doesn't appear,
right-click Toolbar and click Customize. Then find the ICQ button on the left panel and drag it to the
right panel.
You could use Windows Explorer also, but don't forget to select theoption to show all files in the View
tab of the Options dialog box.
SUMMARY
You can allow validated FTP users to logon to their own directories without having to change
directories.
MORE INFORMATION
When you use FTP under Microsoft Windows NT Server version 4.0 with Internet Information Server
(IIS), and when you access the FTP site, you go to the default FTP directory.
To go to a personal directory upon login without having to change directories, a virtual directory alias
named with your FTP account name has to be established.
NOTE: On the Service tab, make sure the Allow Only Anonymous Connections check box is clear (not
selected). By default, the user account must have Log On Locally rights.
You must have permission to see both the FTP root directory, and the directory you want them to FTP
to.
Select the Directories tab. Click Add.
Click Browse, and select the directory on the hard drive you would like the user to have access to.
Select the Virtual Directory radial button. In the Alias: edit box, type the name of the user. This is the
same name the user will use to log onto the FTP server.
NOTE: To allow the user to upload files to this directory, the user must have "WRITE" rights.
Click OK.
In the FTP Service Properties for (selected computer) dialog box, click Apply. Click OK. The user upon
logging onto the FTP server with his or her account should now be placed in the virtual directory you
created.
This change will start Windows Explorer with My Computer instead of with C: fully expanded.
DISABLING AUTODISCONNECT.
Windows NT uses two different autodisconnect parameters; one for disconnecting Remote Access
Service (RAS) connections and another for disconnecting LAN connections. The RAS Autodisconnect
parameter is well documented in the Windows NT Server Remote Access Service manual on page 82,
but the LAN version is undocumented.
You can find the LAN autodisconnect parameter in the registry at:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
Purpose: The function is to disconnect idle sessions after a set number of minutes. The number of
minutes can be set at a command prompt using the Net Config Server command. For example, to set
the autodisconnect value to 30 minutes:
Net Config Server /autodisconnect:30
The valid value range of this REG_DWORD value is -1 to 65535 minutes at the command line. To
disable autodisconnect set it to: -1
Setting Autodisconnect to 0 does not turn it off and results in very fast disconnects, within a few
seconds of idle time. (However, the RAS Autodisconnect parameter is turned off if you set it to a value
of 0.)
NOTE: It is preferable to modify the LAN autodisconnect directly in the registry. If you modify it at
the command line, Windows NT may turn off its autotuning functions.
The valid value range if you edit the LAN autodisconnect parameter in the registry is 0 to 4294967295
(Oxffffffff). If you configure the autodisconnect option to -1 at the command prompt, Autodisconnect
is set to the upper value in the registry. This is approximately 8,171 years (not tested should be long
enough to be the equivalent of turning autodisconnect off.
1. Launch regedt32.
2. Open
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.extension
\OpenWithList (where extension equals the file extension that you want to open).
3. Each program identified in the Data column is associated with aletter (a, b, c, d) in the Name
column. Delete the value name letterassociated with the errant application.
4. Edit the MRUList value name value data and delete the letter in that string that's the same as the
name you just deleted.
1. Launch Regedit.
2. Open HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.
3. Create the REG_DWORD NoManageMyComputer and set its value to 1.
4. If you want to run Computer Management after you remove it from these two locations, simply
open the Run command and type
compmgmt.msc <enter>
1. Launch Regedit.
2. Open
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.
3. Change the REG_DWORD NoFileAssociate data value to 1.
This change prevents any user of the machine from changing file associations through Windows
Explorer. If you want to prevent only the current user from making these changes, open
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and make
the same change.
In order to modify the W2K startup logo you have to be aware of a few things up front:
1. The logo is a 16 color (not bit) bitmap that is 640 by 480 in size. It is built into the
ntoskrnl.exe.
2. W2k file protection will not let you just modify this file and place it in the system32 directory,
it will be overwritten shortly thereafter with the original.
Knowing this you'll need a tool to pull apart the ntoskrnl.exe and replace the bitmap. I'm using a tool
called "Resource Hacker". This is available here:
http://rpi.net.au/~ajohnson/resourcehacker
It's a fairly simple program, just extract the files to a directory and run the exe. Once it's open, do a
"File/Open" and select your ntoskrnl.exe. This is located in X:\winnt\sytem32.
You'll get 3 main folders, Bitmap is the one we want to work with. If you are on W2k Pro, it's under the
directory "1" and is called "1033". If you run W2k Server, it's under "4" and is also called "1033".
You'll see the current boot time logo.
Now you can do "Action/Replace Bitmap". Select the bitmap you have created to replace the old
bitmap. Or, you could export the bitmap, modify it, then import it back in. It is very important that you
do not deviate from 640x480 w/ 16 colors. Here is a nice gallery of already created images that could
be downloaded and quickly converted to 16 color bmps:
http://www.littlewhitedog.com/reviews_other_00025.asp
In the Replace Bitmap browser once you have selected the new bitmap you'll need to select the bitmap
number in the bottom right that you wish to replace. "1" for Pro and "4" for Server (or Adv Server).
Now you need to do a "File/Save As" and save the file somewhere on your drive. Do *NOT* save it in
the same directory or it will be quickly snarfed up by Windows File Protection.
For the next step we'll need a tool that can open .CAB files as well as create them. I used WinAce:
http://www.winace.com
Now you'll need to open the latest service pack .cab file that you have in your system. This file is
located in X:\winnt\driver cache\i386 and will be called something like SP1.cab or SP2.cab. Extract the
contents of the most current one to a directory. Now take your modified ntoskrnl.exe and drop it in that
directory, it will overwrite the existing one.
Re-compress the all the files back into a .CAB and overwrite the original SP1.cab or SP2.cab (Back up
the original first just in case). Then drop your modified ntoskrnl.exe into X:\winnt\system32\dllcache
and X:\winnt\system32, in that order. This way Windows file protection has nowhere to get the original
ntoskrnl.exe and leaves well enough alone. At this point, you can reboot.
In order to modify the W2K startup logo you have to be aware of a few things up front:
1. The logo is a 16 color (not bit) bitmap that is 640 by 480 in size. It is built into the
ntoskrnl.exe.
2. W2k file protection will not let you just modify this file and place it in the system32 directory,
it will be overwritten shortly thereafter with the original.
Knowing this you'll need a tool to pull apart the ntoskrnl.exe and replace the bitmap. I'm using a tool
called "Resource Hacker". This is available here:
http://rpi.net.au/~ajohnson/resourcehacker
It's a fairly simple program, just extract the files to a directory and run the exe. Once it's open, do a
"File/Open" and select your ntoskrnl.exe. This is located in X:\winnt\sytem32.
You'll get 3 main folders, Bitmap is the one we want to work with. If you are on W2k Pro, it's under the
directory "1" and is called "1033". If you run W2k Server, it's under "4" and is also called "1033".
You'll see the current boot time logo.
Now you can do "Action/Replace Bitmap". Select the bitmap you have created to replace the old
bitmap. Or, you could export the bitmap, modify it, then import it back in. It is very important that you
do not deviate from 640x480 w/ 16 colors. Here is a nice gallery of already created images that could
be downloaded and quickly converted to 16 color bmps:
http://www.littlewhitedog.com/reviews_other_00025.asp
In the Replace Bitmap browser once you have selected the new bitmap you'll need to select the bitmap
number in the bottom right that you wish to replace. "1" for Pro and "4" for Server (or Adv Server).
Now you need to do a "File/Save As" and save the file somewhere on your drive. Do *NOT* save it in
the same directory or it will be quickly snarfed up by Windows File Protection.
For the next step we'll need a tool that can open .CAB files as well as create them. I used WinAce:
http://www.winace.com
Now you'll need to open the latest service pack .cab file that you have in your system. This file is
located in X:\winnt\driver cache\i386 and will be called something like SP1.cab or SP2.cab. Extract the
contents of the most current one to a directory. Now take your modified ntoskrnl.exe and drop it in that
directory, it will overwrite the existing one.
Re-compress the all the files back into a .CAB and overwrite the original SP1.cab or SP2.cab (Back up
the original first just in case). Then drop your modified ntoskrnl.exe into X:\winnt\system32\dllcache
and X:\winnt\system32, in that order. This way Windows file protection has nowhere to get the original
ntoskrnl.exe and leaves well enough alone. At this point, you can reboot.
You hose your system, it's not my fault... I've done it about 20 times on different systems and haven't
had a problem yet. Special thanks to www.littlewhitedog.com and their forums for supplying much of
the information in this report.
i386\dpcdll.dl_
i386\nt5inf.ca_
i386\oembios.bi_
i386\oembios.ca_
i386\oembios.da_
i386\oembios.si_
i386\pidgen.dll
i386\setupp.ini
i386\setupreg.hiv
i386\win9xupg\win95upg.inf
To change the protocol order your system uses to resolve network names, you first need to determine
which Control Set the system boots from. You can find this information by opening
HKEY_LOCAL_MACHINE\System\Select\Current. Compare the value to the values in the Default
(boot) and LastKnownGood keys. If a key's value ends in
1, the Control Set is ControlSet001, and if the value ends in
2, it's ControlSet002.
The Control Set version is important because making the following edit in the CurrentControlSet key
can cause the system to blue screen. You must make the edit in the Control Set that the system will boot
from, and restart the computer after you complete the edit.
1. Open Regedt32.
2. Open HKEY_LOCAL_MACHINE\SYSTEM\ControlSet(xxN)\Services\Tcpip\Parameters.
3. Add a REG_DWORD value named DnsNbtLookupOrder.
4. Set the value to 0 to use DNS resolution first; set the value to 1 to use NetBT first.
5. Exit Regedt32 and reboot.
1. Launch regedt32.
2. Open HKEY_CURRENT_USER\Software\Policies\Microsoft.
3. Create the key Internet Explorer.
4. Open the Internet Explorer key and create a key called Control Panel, so you end up with
_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel. This key might
already exist.
5. Add a REG_DWORD named HomePage and set its value to 1. This change disables the home
page controls.
6. Other valid REG_DWORD entries that you can add include Advanced, which controls the
Advanced tab check boxes; Cach, which controls the Setting button; and History, which lets you
disable the History settings controls.
NetMeeting presents an open door to security vulnerabilities and is a source of wasted bandwidth.
However, because NetMeeting is tightly integrated into Win2K, you cant use Add/Remove Programs
to delete the component; nor can you use the standard installation utility to remove it. Instead, you must
use a manual procedure to expunge NetMeeting from Win2K systems. Microsoft article Q267958
describes several situations where you might need to use this method to correct problems that older
versions of NetMeeting have caused. I plan to test the uninstall command and, if it works, apply it to all
end-user workstations.
To remove NetMeeting, open a command prompt and type the following command exactly as it
appears (note: the command is case-sensitive):
%SystemRoot%\System32\rundll32.exe setupapi,
InstallHinfSection NetMtg.Remove 132 msnetmtg.inf
To reinstall NetMeeting, copy the file msnetmtg.inf from the %SystemRoot%\Inf directory to the
desktop. Next, right-click the file and click Install. The install might prompt you for the Win2K CD-
ROM. When the install finishes, reboot to complete the installation.
You can use this method to create shortcuts for many of the Control Panel applets, too.
1. Launch regedit.
2. Open either
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer or
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer.
3. Note that the HKEY_CURRRENT_USER setting will override the HKEY_LOCAL_MACHINE
setting.
4. Add a REG_DWORD value name NoWelcomeScreen. A data value of 1 disables the screen, 0
enables it.
If you ever want to see the Getting Started screen after using this method to disable it, you can still
launch it from Start, Programs, Accessories, System Tools, Getting Started.
1. Launch regedt32.
2. Open
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters.
3. Add a REG_MULTI_SZ value named OtherDomains.
4. Enter the domain name you want to browse. You can add multiple domains--one on each line.
You can also use this tip to remove unwanted domains from your browse list. Just follow the same
steps, and delete the unwanted domains from the existing OtherDomains value.
1. Launch regedt32.
2. Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Url Template.
3. Click Edit, Add Value.
4. For Value Name, enter the next number available (by default that should be 4 or 5 depending on
your version of IE).
5. Select REG_SZ as the Data type.
6. In the String editor, use the syntax www.%s.[new TLD] (such as www.%s.biz).
7. Add additional TLDs as desired.
1. Launch regedit.
2. Open
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced.
3. Create a new DWORD value called EnableBalloonTips.
4. Give the entry a value of 0 to disable the tips and a value of 1 to turn them back on.
1. Launch regedit.
2. Open HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Preferences.
3. Add a REG_DWORD data type named MinToTray.
4. Set the data value to 1.
This process removes the ability for a local account to create a new account on that machine. An
administrator can reverse the process if necessary.
Unlike with many registry edits, you must log off and back on for this change to take effect. Reversing
the change, by setting the value to 0, will take effect as soon as you exit the registry editor.
Q. How can I run scheduled tasks in the background when they run as the currently logged-on user?
A. Scheduled tasks usually run under the SYSTEM context and run in the background. However, if you
change a service to run as a user account and that account is currently logged on to the machine, the
scheduled task will run in the foreground. To change this behavior, perform the following steps:
1. Start a registry editor (e.g., regedit.exe).
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon.
3. Double-click Shell (which is explorer.exe).
4. Modify this value to <c:\windows>\Explorer.exe, (dont type the quotes but do type the
comma) where <c:\windows> is your local machines system root.
5. Click OK.
1. Launch regedit.
2. For Win2K, open the
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer subkey.
3. For XP, open the
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ Advanced subkey.
4. Add a subkey called EnableBalloonTips.
5. Set the DWORD value to 0.
After you complete these steps, youll have no more cartoon balloons.
Secondly you can, of course, edit the registry to accomplish the same goal. This is done by:
Starting the registry editor (use Regedit)
Move to the
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
From the Edit menu select New - DWORD value.
Enter the name "NoNetHood" (don't include the quote marks)
Press Enter
Double click the new value and set to 1.
Click OK.
Close the registry editor.
Log off and log on, and Network Neighborhood will be hidden!
2. Hiding other Domains from a browser.
Here is a handy solution for the user who needs to navigate through Network Neighborhood to
machines in the local domain, but should not access, machines in other domains. "Other Domain"
browsing is disabled only on the machine where this is implemented and it does not remove a
functionality from an administrator who may require the connectivity.
This is done by:
Run the registry editor by typing regedit.exe from a command line.
Navigate to HKEYCURRENTUSER-Software-Microsoft-Windows-CurrentVersion-Policies-Network
(You may need to create the key "Network" if it doesn't exist).
Right-click on the right hand pane in an empty location, then expand "New", and select "DWORD
value".
Type in "NoEntireNetwork" (don't use the quotes though), then press Enter.
Right-click on NoEntireNetwork, and enter "1". Then click on OK.
Close Regedit.
You may need to log off and back on for the changes to take effect.
You can also perform this procedure with a Group Policy Object (GPO) by selecting User
Configuration, Administrative Templates, Windows Components, Windows Explorer, then No Entire
Network in My Network Places.
I know that although Microsoft no longer supports NetBEUI, the company still ships NetBEUI with XP
for user installation. Simply follow these steps to install NetBEUI on the XP client machine.
1. From the folder Valueadd\MSFT\Net\NetBEUI on the XP distribution media, copy the file
nbf.sys to your WINNT\System32\Drivers folder.
2. Copy netnbf.inf to the WINNT\Inf folder. Usually, this folder is hidden, so youll need to make
it visible in Windows Explorer from Tools,Folder Options,View menu,Show hidden files and
folders on the folder menu.
3. Open Network Connections.
4. Right-click the Network Connection on which you want to install NetBEUI and select
Properties.
5. Select the General tab.
6. Click Install.
7. Click Protocol.
8. Click Add.
9. Select NetBEUI from the drop-down menu.
10. Click OK.
11. When the installation completes, reboot the computer.
1. Launch regedit.
2. Open
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket.
3. Change the NukeOnDelete value to 1 to enable immediate deletion or to 0 to disable immediate
deletion (i.e., to turn the Recycle Bin back on). If the NukeOnDelete value doesn't exist, create it as a
DWORD value.
1. Launch regedit.
2. Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon.
3. Set DefaultDomainName and AltDefaultDomainName to the requested domain.
On the XP computer:
1. Launch regedt32.
2. Open the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing
registry subkey.
3. Delete the key MSLicensing.
4. Reboot, then reconnect to the Terminal Services system. If this doesn't solve the problem, contact
the Microsoft Clearinghouse to reactivate your licensing server
TIP: DISABLING WINDOWS MESSENGER
Many readers who use Windows XP have told me that they don't want Windows Messenger to start
every time they log on to their systems. These readers usually follow up with another email message
telling me that although they've succeeded in turning off Windows Messenger, it now starts every time
they launch Microsoft Outlook. Here's how to disable Windows Messenger in the registry so that it
defaults to off and doesn't launch when Outlook launches.
1. Launch regedt32.
2. Open HKEY_CURRENT_USER\Software\Policies\Microsoft\
Messenger\Client.
3. Add a DWORD called PreventRun and set its value to 1.
4. Add a DWORD called PreventAutoRun and set its value to 1.
5. Open HKEY_CURRENT_USER\Software\Policies\Microsoft\
Office\10.0\Outlook\InstantMessaging.
6. Add a DWORD called ForceDisableIM and set its value to 1.
If necessary, you can reenable the automatic launching of Windows Messenger by resetting all the
values to 0.
1. Launch regedit.
2. Open
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced.
3. Create a REG_DWORD named EnableBalloonTips.
4. Set the value data to 0.
5. Close regedit.
6. Reboot the computer.
Setting the value to 1 will turn the balloon tips back on if you decide you can't live without them
To stop Win2K from copying files to a server in an encrypted format, perform the following steps on
the destination server:
1. Start a registry editor (e.g., regedit.exe).
2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
registry subkey.
3. Select the NtfsEncryptionService value, then select Edit, Delete from the menu bar.
4. Close the registry editor.
5. Reboot the server for the change to take effect.
After you make this change, you'll no longer be able to encrypt files on the server and Win2K will
decrypt any encrypted files that users copy to the server.
A. Windows caches .dll files to speed disk I/O. However, even after you close the calling program,
the .dll file remains cached. To stop Windows from caching .dll files after youve closed the calling
program, perform the following steps:
1. Start a registry editor (e.g., regedit.exe).
2. Navigate to the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer registry
subkey.
3. From the Edit menu, select New, DWORD Value.
4. Enter the name AlwaysUnloadDLL, then press Enter.
5. Double-click the new value, set it to 1, then click OK.
6. Close the registry editor, then reboot the machine for the change to take effect.
1. Launch regedt32.
2. Open HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer.
3. Add a subkey of type REG_DWORD and name it ForceCopyAclwithFile.
4. Set the data value to 1.
5. Log off, then log back on to make the change take effect.
ADJUST WINDOWS XPS SEARCH FUNCTION
A reader recently sent me an email message telling me that the Search function in Windows XP is
broken. The reader insisted that the Search function never seemed to see certain files on his computer. I
asked the reader what kinds of files he was searching for, and he told me that when he used the Search
for a word or phrase option, he never seemed to find the files he wanted. He had a large collection of
notes he had taken during meetings, and he wanted to be able to search through those files to find
comments to follow up on.
The readers problem was that he was using his own convention for labeling his notesspecifically, a
four-digit date (e.g., 0208) as the file extension. By default, XPs word or phrase search function
requires that the file extension be a registered file type. Rather than tell the reader that he had to change
his naming convention and go back through a years worth of files to rename them, I showed him the
following steps to quickly edit the registry to allow XPs search function to look for files with unknown
extensions.
1. Launch regedit.
2. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex.
3. Double-click FilterFilesWithUnknownExtensions, in the right-hand pane.
4. Change the data value to 1.
5. Exit the registry editor.
6. Reboot the computer.
1. Launch regedit.
2. Open
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory
Management\PrefetchParameters.
3. Double-click the EnablePrefetcher value name.
4. Write down and save the current value that EnablePrefetcher is
set to. (Don't neglect this important step. If you decide that you need to reenable the prefetcher, you'll
need to reenter the data value you wrote down.)
5. Set the value to 0 to disable the prefetcher.
6. Exit the registry editor.
7. Reboot the computer.
1. Launch regedit.
2. Open the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS
registry subkey.
3. Create a subkey of type REG_DWORD and name it EfsConfiguration.
4. Set the data value to 1.
5. Exit the registry editor.
6. Reboot Windows.
How Can I Reset the "Always ask before opening this type of file"
Functionality in Microsoft
When you open attachments, Outlook displays a dialog box that prompts you to either "Open it" or
"Save it to disk." The dialog box also includes an "Always ask before opening this type of file" check
box. If you clear this check box, Outlook will in the future always open that file type without
prompting you. To reset the default behavior so that Outlook will prompt you to open or save the file
type, perform the following steps:
1. Open the Control Panel Folder Options applet.
2. Select the File Types tab.
3. Scroll down to the extension type that you want to reset.
4. Select the extension type, then click Advanced.
5. Check the "Confirm open after download" check box, then click OK.
6. Click Close to close the Folder Options dialog box.
When you open an attachment from a mail message, Outlook copies the file to a system folder, then
opens the copy. By default, Outlook generates a random folder name and creates that folder in the
Temporary Internet Files folder. To create these temporary attachment copies elsewhere on the system,
enter a new path as the value for the OutlookSecureTempFolder entry in the
HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security subkey.
If you permit POP, IMAP, or HTTP accounts, you might want to disable password caching to disk. In
the HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security subkey, create a
REG_DWORD entry named EnableRememberPwd and set its value to 0. For more information about
this change, see the Microsoft article "OL2002: Disabling Password Caching for Internet Protocols"
(http://support.microsoft.com/?kbid=299377).
Outlook 2002 Service Pack 1 (SP1) and later let you disable HTML message content to thwart many
spammers and avoid dangers from as yet unknown Microsoft Internet Explorer (IE) vulnerabilities. To
the HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Options\Mail subkey, add a
REG_DWORD entry named ReadAsPlain and set its value to 1. After you restart Outlook, all messages
that aren't digitally signed or encrypted appear in plaintext format. For more information about this
change, see the Microsoft article "OL2002: Users Can Read Nonsecure E-mail as Plain Text"
(http://support.microsoft.com/?kbid=307594).
To ensure that Outlook overwrites deleted information from a Personal Folders (.pst) file or an offline
folders (.ost) file when you shut down Outlook, add a REG_DWORD entry named
PSTNullFreeOnClose with a value of 1 to the
HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\PST subkey. For more
information about this change, see the Microsoft article "OL2000: New Outlook 2000 Feature
Removes Deleted Data from .pst and .ost Files" (http://support.microsoft.com/?kbid=245776).
Can I prevent people from using .pst files?
Beginning with Microsoft Office XP Service Pack 2 (SP2), Outlook supports a DisablePst entry of type
REG_DWORD in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\10.0\Outlook
registry subkey. Set the value of DisablePst to 1 to prevent users from creating or opening Personal
Folders (.pst) files. For more information about this change, see the Microsoft article "OL2002: The
Options to Prevent an Exchange, POP3, IMAP, and Other Server Types Accounts Are Not Available"
(http://support.microsoft.com/?kbid=317819).
regsvr32 /u mydocs.dll
The steps above disable the My Documents functions, so if your system is missing some functionality,
you'll need to reregister mydocs.dll.
If you want to reregister the .dll file, perform the above steps again but use the command
regsvr32 mydocs.dll
Can I tell Outlook 2002 and Outlook 2000 which Deleted Items folder
to use when multiple users access the same mailbox?
If you're logged on to someone else's mailbox as a delegate with the right to delete items, Outlook
typically places any items you delete into your Deleted Items folder. However, you might want to let
the mailbox owner see which items you've deleted. Open the
HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Options\General
registry subkey and add a REG_DWORD entry named DelegateWastebasketStyle. Set the entry's value
to 4 to store deleted items in the owner's mailbox, or set the value to 8 to store the items in your
Deleted Items folder. Note that you need at least the Author role on the Deleted Items folder in the
other person's mailbox to add items there. For more information about this registry edit, see the
Microsoft article "OL: Items Deleted from a Shared Mailbox Go to the Wrong Folder"
( http://support.microsoft.com/?kbid=202517 ).
Q. Does Windows Server 2003 provide a way to let users change their
passwords remotely on the Web?
A. The version of Internet Information Services (IIS) 6.0 that ships with Windows 2003 includes some
Web-administration tools that are disabled by default. To enable the tools, perform the following steps:
1. Start the Microsoft Management Console (MMC) IIS Management snap-in by clicking Start,
Programs, Administrative Tools, Internet Information Server (IIS) Management.
2. Navigate to Web Sites, Default Web Site.
3. Right-click Default Web Site. Select New, then select Virtual Directory. You'll see the Virtual
Directory Creation Wizard Welcome screen.
4. Click Next.
5. Enter an alias of IISADMPWD and click Next.
6. For the actual publish folder value, enter C:\windows\system32\inetsrv\iisadmpwd (where
C:\windows is the directory in which Windows is installed). Click Next.
7. For virtual directory permissions, select the Read and Run scripts check box, if it isn't already
selected. Click Next.
8. Click Finish.
--------------------
Q. How can I create a Web page where users can change their
passwords?
A. You can write an Active Server Pages (ASP) script that creates a password-change Web page. ASP
gives you complete access to Microsoft Active Directory Service Interfaces (ADSI), which lets you
perform a variety of functions, such as changing passwords or creating accounts.
When you write such a script, you must consider factors such as the user account under which the
script will run and the permissions you want to use when the script runs. The basic ADSI command to
change a user's password is
The first line (shown as two lines because of space constraints) assigns a handle to user John Savill in
domain savilltech.com. The next line puts the text NewPassword into the userPassword attribute.
I've written a short ASP script that prompts the user to enter a username and password (remember to
change the domain from savilltech.com to your domain). The script, which is available at
http://www.winnetmag.com/articles/download/changepass_asp.zip, is listed below.
<%
strUserCN = request.form("cn")
strNewPassword = request.form("newpass") strPassVerify = request.form("passverify")
if strUserCN="" then
response.write "<html><head><title>Change Password</title></head><body>"
response.write "<center><h1>Web Password Reset</h1></center>"
response.write "<hr><br><br><form method=post action=changepass.asp><table>"
response.write "<tr><td>CN: </td><td><input type=text name=cn></td><tr>"
response.write "<tr><td>New Password: </td><td><input type=password
name=newpass></td></tr>"
response.write "<tr><td>Verify Password: </td><td><input type=password
name=passverify></td></tr>"
response.write "<tr><td colspan=2 align=center><input type=submit value='Reset
Password'></td></tr>"
response.write "</table></body></html>"
response.end
else
if strNewPassword = strPassVerify then
response.write
"<html><head><title>Results</title></head><center><h1>Update
Results</h1></center><hr><br><br>"
response.write strUserCN & ": password was successfully updated"
response.end
else
response.write "<html><head><title>Error!</title></head><body>"
response.write "<center><h1>An Error Has Occurred!</h1></center>"
response.write "<hr><br><br>"
response.write "The password and confirmation do not match. Please go back and try again."
response.end
end if
end if
%>
Windows Server 2003 provides its own Web pages for password changes, which I discuss in the FAQ
"Does Windows Server 2003 provide a way to let users change their passwords remotely on the Web?".
However, you might find the sample ASP script useful for creating password-change interfaces on your
own Web pages or sites.
The -d parameter specifies the root of the distinguished name (DN) from which to start the output to
the .csv file, and the -f parameter provides the output filename. Running this command displays the
following messages on screen:
Connecting to "(null)"
Logging in as current user using SSPI
Exporting directory to file domain.csv
Searching for entries...
Writing out entries
.........................................
.........................................
.........................................
Export Completed. Post-processing in progress...
201 entries exported
(The command wraps to two lines here because of space constraints.) Notice that the command is the
same as in the previous example, except that the output filename is different and the command includes
the -r parameter. The -r parameter creates a Lightweight Directory Access Protocol (LDAP) search
filter so that the output will include only objects of class organizationalUnit.
The .csv file that Csvde creates typically contains a large amount of data that's relevant to the
domain's objects (230 attributes in total). You can load the Csvde utility's output into a Microsoft Office
Excel spreadsheet to view it more easily.
Users in the MailBoxAccess group will now have access to all mailboxes. Remember that Exchange
administrators are explicitly denied access by default. However, we've explicitly granted access at the
actual mailbox database level, which overrides the inherited permission (i.e., the Send As and Receive
as permissions that are explicitly denied to administrators).
The Security tab will now be displayed on the Exchange organization's properties page. At the Security
tabbed page you can turn off the Send As and Receive As deny settings, which I discuss in the FAQ
"How can I configure Microsoft Exchange Server 2003 administrators so that they can access all users'
mailboxes?" to grant Exchange administrators full access to all mailboxes in the organization. The
Security tab method is a simpler way to grant administrators access to users'
mailboxes than the technique described in the FAQ; however, it lets you grant access only to all
mailboxes (or none).
echo %path%
from a command prompt; you'll see that the variable contains one or more paths, such as c:\program
files;c:\program files\support tools.
Using this PATH variable as an example, if the executable resides in either the Program Files or
Support Tools folder, you don't need to type the complete path.
Sometimes you might want to check the location of an executable file (e.g., a command). To do so,
start a command prompt (cmd.exe) and type
where dcdiag.exe
To display a detailed list of the triggers you've created, run the command
eventtriggers /query /v
You can configure the query to create the output in a specific format.
For example, to create a comma-separated value (CSV) format, add the argument
/fo csv
to the end of the previous command (/fo means format). Other format options include table and list.
If you need to troubleshoot a trigger action, you can view the log file at \%systemroot
%\system32\wbem\logs\cmdtriggerconsumer.log.
However, the log doesn't give much information. Typically, the best way to debug a trigger action is to
try to run the trigger action manually.
Remember that specifying credentials (i.e., the /ru and /rp arguments) to use might fix the problem
because by default the action will run under the local system context.
To remove all the triggers on your system, use this command:
With regard to your other requirement, you can't prevent your administrators from saving their
passwords in RDP connections they create, but you can reduce the risk that doing so causes. In the
Encryption and Security folder, double-click "Always prompt client for password upon connection"
and enable this policy. Now, if the administrator violates your policy and saves a password in the RDP
connection, Windows will still prompt for his or her password. Thus, an attacker who gains access to
the administrator's workstation while he or she is logged on as the administrator or who succeeds in
logging on as the administrator won't inevitably have access to your server through Terminal Services.
You can learn more about Terminal Services at http://list.windowsitpro.com/t?ctl=718D:3AFAE
To configure the DHCP server to instruct clients to release their lease when they shut down, perform
these steps:
1. Start the Microsoft Management Console (MMC) DHCP snap-in (Start, Programs, Administrative
Tools, DHCP).
2. Expand the DHCP server.
3. Open the scope whose options you wish to modify. Select Scope Options, and click the Advanced
tab.
4. Select Microsoft Options from the Vendor class drop-down menu and select Default User Class
from the User class drop-down menu. Under Available Options, select the "002 Microsoft Release
DHCP Lease on Shutdown Options" check box, as the figure at http://list.windowsitpro.com/t?
ctl=F366:3AFAE
shows. Set its value to one of these options:
1 = DHCP clients send a DHCPRelease message on proper shutdown, which means they'll give up their
lease.
0 = DHCP clients don't send a DHCPRelease message on proper shutdown, which means that when the
clients restart they'll attempt to renew their existing lease.
However, if you add "cmd /c start" to the command, as the following example shows, the command
will run the applet.
You could include such commands in batch files and place the files on your desktop menus for fast
access to the applications within the correct user context.
whoami
SAVILLTECH\john
psexec -s cmd.exe
PsExec v1.60 - Execute processes remotely Copyright (C) 2001-2005 Mark Russinovich Sysinternals -
www.sysinternals.com
C:\WINDOWS\system32>whoami
NT AUTHORITY\SYSTEM
C:\WINDOWS\system32>exit
cmd.exe exited on WKSSAVD800 with error code 0.
When you use the -s switch, Psexec temporarily installs on the computer a service named "psexec
running psexesvc.exe," which is removed after the application running as system is closed. Thus, to run
under the system context, you'll need permissions to install services.
Some users have told me that this feature has been re-enabled without their interaction. I don't know
why this occurs, but I usually direct them to the registry setting that controls this functionality.
1. Launch the registry editor.
2. Open the
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ex
plorer\Advanced registry subkey.
3. Double-click the Start_NotifyNewApps entry in the right panel.
4. Set the value to 0.
Several tools that attempt to crack passwords of various types are available, including LCP (at the first
URL below) and John the Ripper (at the second URL below). Both these tools can brute-force guess
passwords; however, they can take some time, depending on the complexity of the password. Another
tool, pwdump2 (at the third URL below), dumps password hashes from within Active Directory (AD)
or the Windows SAM database. You'll need pwdump2 or a similar tool to use LCP or John the Ripper.
http://list.windowsitpro.com/t?ctl=199DB:3AFAE
http://list.windowsitpro.com/t?ctl=199D9:3AFAE
http://list.windowsitpro.com/t?ctl=199C8:3AFAE
Another method of cracking passwords is to use rainbow tables, which are sets of possible password
hashes and their precomputed plain text equivalents. Having the hashes computed ahead of time saves
a lot of time when password cracking because then the cracking software just needs to find the hash of
the unknown password in the tables. Once the hash is found, the plain text version of the password is
also found.
The downsides to this approach are of course the lengthy computation time required to create the tables
and the storage requirements for the tables, which can be in the hundreds of gigabytes, depending on a
variety of parameters including possible password lengths, character sets, and hash algorithms.
Tools are available to produce rainbow tables. One toolkit, called RainbowCrack, includes tools to
generate and sort rainbow tables and a tool to discover an unknown password--assuming of course that
you have a copy of the password hash.
http://list.windowsitpro.com/t?ctl=199D6:3AFAE
If you don't want to generate your own tables, you can buy precomputed tables or use the recently
launched RainbowCrack-Online, a subscription service that can crack your passwords for a fee. The
fee, which can range from $29.95 per month to $2499 per year, depends on the number of passwords
you want to crack and the length of time you want to use the service. As you would guess, the service
uses massive rainbow tables to make password discovery relatively quick.
Using the service to test password strength is probably not practical in many cases. However, you could
use the service to discover unknown passwords for a variety of systems because the service supports
passwords hashed with LAN Manager, NT LAN Manager (NTLM), Message Digest 5 (MD5),
Message Digest 4 (MD4), Secure Hash Algorithm 1 (SHA1), Cisco PIX, and MySQL. Check it out at
the URL below.
http://list.windowsitpro.com/t?ctl=199D7:3AFAE
The -i switch instructs PsExec to run Regmon as interactive; the -s switch tells it to run under the local
system; and the -d switch tells it to launch the application and not wait for it to terminate.
After a user logs off and logs back on, the Regmon window will appear again and will have captured
all activity. (Make sure that you don't close the Regmon application before logging off!) You can use
PsExec to run any other applications that need to survive a logoff and logon.
The utility also interfaces with DFS, which lets you maintain the original UNC path of the data and
avoid complications with accessing data once it has been migrated. However, Windows Server 2003
Enterprise Edition lets you maintain the original UNC path, and if the old UNC path doesn't need to be
maintained, DFS isn't required.
The sender of the message now needs to enable the From option in the sending email (Options, From),
as the figure at http://list.windowsitpro.com/t?ctl=28AFE:3AFAE shows.
Then enter the person from whom the message should come from. The message will appear to the
recipient as if it was sent from that person directly. For the From field, make sure you select the name
from the address list rather than typing in the name. I've seen problems occur when I type in the name
of the sender. If you're using Microsoft Outlook in Cached Exchange Mode, you might also need to
force a download of the Offline Address Book (OAB) to see any changes you've made (Tools,
Send/Receive, Download Address Book).
A: There's no way to bypass the logon screen native to Windows--even if you use the recovery console,
you'll need the appropriate password.
However, I can recommend two things to try. First, disconnect the computer from the network and
attempt to log on with a domain account that has logged on in the past. Windows should use the cached
credentials because the machine isn't on the network. After you're logged on, you can further diagnose
the problem--you'll probably need to delete the computer's domain account and rejoin the computer to
the domain. If logging on with cached credentials doesn't work, you'll have to take the more drastic
measure of resetting the local administrator's password.
One way to reset the password is to boot up DOS with a floppy disk, load Sysinternals' free Ntfsdos
utility (available at http://list.windowsitpro.com/t?ctl=289D0:3AFAE ), then delete the SAM file,
which you'll typically find in C:\winnt\system32\config. After deleting the SAM file, reboot. Windows
will replace the SAM file with a default SAM file that contains only Administrator and Guest. The
Administrator password will be blank. Be aware that this method destroys any local users and guests as
well as user-right assignments, account policy, and audit policy.
If you don't want to destroy the SAM, you can try using the Ntpasswd utility to reset the password.
Ntpasswd, written by Peter Nordhal, is available at http://list.windowsitpro.com/t?ctl=289CE:3AFAE .
When you boot with a floppy disk that contains Ntpasswd, it loads a small version of Linux, then a
custom program displays Administrator and the local users in the SAM. After you select the desired
user, Ntpasswd lets you enter a new password. Exit Ntpasswd, reboot, and you can log on as the user
using the new password. These utilities usually work, but they use methods unsupported by Microsoft
and should be used only as a last resort.
Can I use Group Policy to prevent users from changing
Microsoft Office 2003 Service Pack 2's (SP2's) anti-
phishing setting?
No. The anti-phishing feature is turned on by default. If the user clicks Tools, Options, Junk E-mail and
clears the Don't turn on links in messages that might connect to unsafe or fraudulent sites. To help
protect your security, we recommend that you leave this check box selected check box, Outlook stores
that preference in the user's mail profile settings in the Windows registry. Group Policy Objects (GPOs)
can't manage mail profile settings without the assistance of a third-party tool.
Specifically, the registry setting that stores the user's preference is a REG_BINARY entry named
000b042a in
HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WindowsMessagingS
ubsystem\Profiles\profile name\0a0d020000000000c000000000000046. When the entry is absent or
has a value of 00 00, links are disabled in suspect messages. When the entry has a value of 01 00, links
in suspect messages are left active.
The problem is that the application the user is running has reset the registry value for
restrictanonymous to 1 from 0. To change the value back, perform the following steps:
A: If your computers and user accounts are part of an Active Directory (AD) domain, you can use one
Group Policy Object (GPO) to deploy a policy to all your users that prevents them from disabling the
screen saver. If you don't use AD, you'll need to configure the setting in the local GPO of each
computer.
regsvr32 /s %systemroot%\system32\shimgvw.dll
4. Click OK.
First, on the Windows 2003 R2 server, you need to add the Print Management Component:
1. Start the "Add or Remove Programs" Control Panel applet (Start, Settings, Control Panel, Add or
Remove Programs, "Add or Remove Windows Components," "Management and Monitoring Tools,"
then check the Print Management Component.
2. Click Next and when prompted, point to the Windows 2003 R2 disk 2 location.
3. Click Finish.
A new Print Management snap-in is now available in the Administrative Tools folder. To deploy a
printer, perform these steps:
1. Start the Microsoft Management Console (MMC) Print Management snap-in (Start, Programs,
Administrative Tools, Print Management).
2. Expand the Print Servers branch, then expand the print server hosting the printer and select
Printers.
3. Right-click the printer you want to deploy with Group Policy and select "Deploy with Group
Policy."
4. Click Browse to select the Group Policy Object (GPO) name to use.
5. Click the "new" GPO icon (or select an existing GPO) and name it Deploy Printers. Click OK.
6. Check either or both "The users that this GPO applies to (per user)" or "The computers that this
GPO applies to (per machine)" and click Add.
7. Click OK to the deploy dialog box.
Make sure the GPO you created (if you created one) is linked to a domain or OU to ensure that users
and computers receive the pushed printer. When you open the GPO you'll notice a new Deployed
Printers branch, which lists deployed printers in the GPO.
Currently the selected printer won't deploy because the client doesn't understand the Group Policy
settings since they're new to R2 and not expected by older clients; you need to configure the
PushPrinterConnections.exe utility (found in the %systemroot%\PMCSnap
folder) to execute. To do so, perform these steps:
1. Open the Microsoft Management Console (MMC) Group Policy Object Editor and open the GPO
you used for the printer deployment.
2. If the printer is deployed to users, navigate to User Configuration, Windows Settings, Scripts
(Logon/Logoff); if it's deployed to computers, navigate to Computer Configuration, Windows Settings,
Scripts (Startup/Shutdown).
3. Right-click Startup or Logon, and click Properties.
4. In the Logon Properties or Startup Properties dialog box, click Show Files. The location of the
folder used at logon is shown in the Address field (e.g.,
\\savilltech.com\SysVol\savilltech.com\Policies\{EAB0039E-A677-4C89-
9CF2-053576CDA1FC}\Machine\Scripts\Startup).
5. Copy and paste the PushPrinterConnections.exe file from the c:\windows\PMCSnap folder to this
location and close the window.
6. In the Logon Properties or Startup Properties dialog box, click Add.
7. Enter "PushPrinterConnections.exe" in the Script Name box (to enable logging, enter "?log" in the
Script Parameters box). Log files are written to %windir%\Temp\PpcMachine.log (for per-computer
connections) and %temp%\PpcUser.log (for per-user connections) on the computer on which the policy
is applied).
8. Click OK
For per-user deployed printers, you now need to log off, then log on; for per-machine printers, you
need to restart the targeted computer.
shows, and clear the "Use User Account Control (UAC) to help protect your computer" check box.
Turning off UAC is not a good idea. A better option is to use the local security settings that are
available via the Microsoft Management Console (MMC) Administrative Tools snap-in. Under Local
Policies, Security Options are a number of User Account Control options, which include options to
automatically elevate privileges when required, as the figure at
shows. The setting doesn't disable UAC, but raises privileges when needed without prompting. You can
configure the setting for all users or just for administrators. Additional settings exist around
signed/unsigned executable behaviors and installation behaviors.
The Sleep button on the computer puts the computer into sleep or hybrid sleep mode, depending on the
configuration of the computer. To configure the sleep options, follow these steps:
1. Start the Power Options Control Panel applet (Start, Control Panel, Power Settings).
2. Select the "Change plan settings" option for the current power plan.
3. On the settings dialog box, click the "Change advanced power settings."
4. Scroll down to the Sleep option, expand "Allow hybrid sleep" (on a laptop additional options for
On battery or Plugged in" will be
displayed) and click On or Off to allow/disallow hybrid sleep, as the figure at
http://list.windowsitpro.com/t?ctl=49FB8:1B38AB1927B33C74DBE81A3AADC84490 shows.
5. Click OK and close open dialog boxes.
This setting updates the ACSettingIndex (1 for enabled, 0 for disabled) under the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSch
emes\[GUID of scheme] key.
To enable this functionality locally on a machine, start the Group Policy Editor (GPE--gpedit.msc) as
Administrator and navigate to the Local Computer Policy, Computer Configuration, Administrative
Templates, Network, Link-Layer Topology Discovery branch. Double-click "Turn on Mapper I/O
(LLTDIO) driver" and set it to Enabled, and select the check boxes for "Allow operation while in
domain" and "Prohibit operation while in public network," as the figure at
http://list.windowsitpro.com/t?ctl=49FB5:1B38AB1927B33C74DBE81A3AADC84490 shows. Click
Apply, then click OK and close the GPE.
The option "Turn on Responder (RSPNDR) driver" allows the machine to participate and return
information to LLTP requests from other machines and again can be enabled for domain environments.
You can find more information about the LLTD and other connectivity technologies at
http://list.windowsitpro.com/t?ctl=49FC0:1B38AB1927B33C74DBE81A3AADC84490 .
By default, XP machines don't have a Link Layer Topology Discovery
(LLTD) responder to allow the XP machine to be placed in the network map. For XP Service Pack 2
(SP2) machines, a LLTD responder is available from http://list.windowsitpro.com/t?
ctl=49FB2:1B38AB1927B33C74DBE81A3AADC84490 .
The responder will allow XP machines to show in the network diagram as known devices. The
savdalwks01 machine in the figure at http://list.windowsitpro.com/t?
ctl=49FB9:1B38AB1927B33C74DBE81A3AADC84490
is an XP machine with the LLTD responder installed.
Once you've made your desired customization changes, save the setup file to a Windows Installer Patch
(.msp) file. You then pass it to setup.exe by using this command:
Because of the reliance on setup.exe, you can't deploy Office 2007 via Group Policy unless you wrap it
in a .zap file; however deployment via Microsoft Systems Management Server (SMS) is supported and
documented at http://list.windowsitpro.com/t?
ctl=4F70B:1B38AB1927B33C7440E2A05A81E7A4EB .
To create the hibernate file and reenable hibernation, use the following command:
C:\>powercfg -h on
This command will re-enable hibernation. Likewise, you can use -h off switch to delete the hibernation
file and disable hibernation
C:\>powercfg /a
C:\>dir | clip
takeown /f intlcfg.exe
SUCCESS: The file (or folder): "D:\Temp\intlcfg.exe" now owned by user "SAVILLTECH\john".
To take ownership of a folder and all its content, you can add the /r switch for recursive execution:
takeown /f . /r
SUCCESS: The file (or folder): "D:\Temp" now owned by user "SAVILLTECH\john".
SUCCESS: The file (or folder): "D:\Temp\boot.wim" now owned by user "SAVILLTECH\john".
You can also use the /a switch to make the ownership go to the Administrators group instead of the
current user:
takeown /f intlcfg.exe /a
SUCCESS: The file (or folder): "D:\Temp\intlcfg.exe" now owned by the administrators group.
icacls /?
which also gives examples for the usage of the various options.
Windows XP and Windows 2000 had junction points, allowing access to folders and volumes on the
local computer, but junction points were hard to manage natively and have been replaced with the new
symbolic linking feature.
A. Windows Server 2008 and Windows Vista provide the Mklink utility, which creates both file and
directory symbolic links. The command has three optional
parameters: /D creates a directory symbolic link instead of the default file symbolic link, /H creates a
hard link instead of a symbolic link, and /J creates a directory junction.
Suppose you have calc.exe in the windows\system32 folder, and you want to run it as addup.exe
instead. You can use the command
Notice that the directory entry shows a symbolic link with the real file name in square brackets.
Using /H instead and creating a hard link makes the entry appear as if it's actually the file instead of
looking like a shortcut, which is what you get by default. For example, in the output below, you see a
standard symbolic link and then a hard link, which appears exactly like a normal file:
dir
05/17/2007 11:10 AM <SYMLINK> addup.exe [calc.exe]
11/02/2006 10:00 AM 188,416 addup2.exe
11/02/2006 10:00 AM 188,416 calc.exe
For folders, you essentially have the same symbolic link and hard link options, and with folders a hard
link is known as a junction point, created with the /D and /J switches respectively. With either type of
link, you can navigate the folders, and any added/deleted content will update the target
folder:
NTLMv2 provides better protection than NTLM by making it more difficult to crack any challenge and
response data gleaned from authentication packets traveling over the network. To capture those
packets, an attacker has to trick the network switch into forwarding packets to his or her computer,
which requires either physical access to the network or remote control of a computer on the network.
Sniffing packets on a modern, fully switched network is more difficult than on older, hub- based
networks. For an attacker who successfully captures authentication traffic, cracking NTLMv2
challenge/response pairs is more difficult than cracking NTLM. However, weak passwords are easily
cracked no matter what protocol you use--even Kerberos.
To force systems to use NTLMv2 rather than NTLM and reject any computer that attempts lower-level
authentication, you can open Group Policy Management Console (GPMC), select a Group Policy
Object (GPO) that's applied to all the computers on your network, navigate to Computer
Configuration\Windows\Settings\Security Settings\Local Policies\Security Options, and set the
"Network security: LAN Manager authentication level" field to "Send NTLMv2 response only/refuse
LM & NTLM."
If this fix doesn't work, boot from the Vista media again and select the Command Prompt option. From
the Windows PE command prompt, you can use the Bootrec command-line tool, which offers options
to replace the Master Boot Record (MBR) with a Vista-compatible version, replace the boot sector, and
rebuild the Boot Configuration Data (BCD).
To replace the MBR (which doesn't erase the partition table, so you won't lose your partitions), run the
Bootrec /fixmbr command. To replace the boot sector use the Bootrec /fixboot command. Both
commands shouldn't harm a healthy installation, so they're safe to run. After you execute the
commands, reboot the installation.
Q. How can I change the friendly name of an entry on my
Windows Server
First, I listed the contents of the Boot Configuration Database by using the Bcdedit /enum command. I
received the following data:
Notice that the identifier for the Vista entry is "{current}." To solve the problem, I'll use this identifier
when I modify the description with the /set parameter, as you see below. The boot menu will then have
the name I specify, with no "(recovered)" text appended.
If you want to use a local account on the machine, just pass the machine name instead of the domain
name--for example, localmac\bob. If you can't remember the local computer name, just use a period (.)
instead--for example, .\bob.
Now, we've been to 'Trinity and Beyond.' Where do we go from there? Chixulub asteroid impact? Call
MS hardware support (They were good). Eventually discover that NO new hardware (i.e. thumb drives,
wired keyboards, anything) will install. OK. Uninstall SP1. Install Intelli point 6.2 again and Lo! and
behold! the hardware installs. Great.
Test the network response time without SP1. Now, there is nothing particularly old, creaky or obscure
in my setup. I've got a PowerEdge 800 running SBS 2003 for a server and a Cisco SB2024 Gigabit
switch. It took 5 MINUTES to copy a 61 MB file. Sigh. Install SP1 again. Hey, the hardware still
works AND I can install other new hardware. It's a miracle. Test the network response time, again.
Now it takes 40 seconds to copy that 61 MB file. XP only takes 8-10 seconds. It beats 5 minutes, but it
still ain't great. So I start googling for post-SP1 slow-file-copy bug problems. Eventually, I come across
a reference to Mark Minassi's blog that deals with the autotuning feature of the new TCP stack and that
even relatively new switches and routers may not like the autotuning 'feature'. (SP1 by default undoes
all the tweaking that poor bastards like me have been flailing away at to try and fix this EVIL.) So I
enter the following into an Administrative cmd window:
Now I tried that pre-SP1 and it didn't make a darn bit of difference. But Lo and behold! The 61 MB file
now comes down the pipe in 6 seconds. So I test pull the SP1 mega-executable from the server (434
MB) Takes 1 minute 34 seconds. Run the same test on XP. Takes 1 minute 53 seconds. It's a miracle.
We still aren't smiling. Its been a full year, a service pack, and a command line tweak to get
performance better than what XP had to offer. MS has burnt a lot of credibility with me with their utter
silence on this issue--and how, if they eat their own dogfood, that this issue ever got out the door
without being caught and killed. But there is light at the end of the Vista tunnel--and maybe all the hair
I have pulled out will grow back in brown and not gray :)
You can configure this delegation by using either a local computer policy or Group Policy. Follow
these configuration steps for Group Policy.
1. Open the Group Policy Object (GPO) youll enable the setting on.
2. Navigate to Computer Configuration/Administrative Templates/System/Credential Delegation.
3. Double-click Allow Delegating Default Credentials.
4. Select Enabled and click the Show button.
5. In the Add servers to the list text box, which the following screenshot shows, enter the server name
in the form TERMSRV/server name (forward slash, not a backslash). You need an entry for each
possible way you might type the server name; for example, you need an entry for both the fully
qualified domain name (FQDN) and the NetBIOS name if you use both names. If you wanted to enable
all Terminal Services servers in the domain, you can use *.domainfor example, *.savilltech.net.
However, I dont recommend doing so because of the point raised earlier regarding possible
illegitimate servers harvesting credentials. Likewise, to allow connection to any Terminal Services
server, simply enter TERMSRV/*. Click Add to add an entry and when done, click OK.
6. Click OK to return to the main policy.
7. Refresh the policy, and the change will take effect immediately.
A. You can set a custom background for the logon screen in the release candidate and release to
manufacturing versions of Windows 7, as shown here.
Click to expand.
Now when you log off or switch users the new background picture will be displayed. No reboot is
necessary.
You can also place custom files in the backgrounds folder with the name background<resolution> to
have different pictures for different resolutions. For example, a 1024768 resolution picture should be
save as background1024x768.jpg.
More accurately, however, GMC is simply an Explorer window containing a single all-in-one-place
listing of all control panel pages. Even that, however, can be quite useful, as you can see from this
screen shot.
In this picture, you can see a couple of things about the GMC. First of all, is just a folder (albeit a
special one, as we'll see), viewed with Explorer. Here, I've arranged the window so that the portion you
can see -- there are zillions of Control Panel settings, so there's no way I could show you the whole
thing -- displays the items in the Network and Sharing Center. Now, one of the places that I use the
most in the Network and Sharing Center is the "View network connections" page. It's the place where
you get a list of all of your NICs, where you can bring up their network properties, re-order network
bindings (a once-again valuable tool in a world where we'll soon all be doing both IPv4 and IPv6), and
the like. Normally it takes a few clicks to get to the "View network connections" page, but from the
GMC, it's just one click so hey, that ain't bad. What the GMC does not do, however, is show any
"hidden" or "secret" features, as some Web pages have claimed. (Of course, the fastest way to get there
is to just click Start and then type "ncpa.cpl" in the "Search programs and files" field, then press Enter.)
First, create a new folder. You can do it anywhere on your computer -- any drive, second-level folders,
you name it.
Now open up the folder, and voila, you've got a GMC. But that's not all that you can do with it; I was
sort of surprised to find that
Deleting it can be a problem. In some experiments, I've been unable to delete the folder, and get an
error that the folder's in use elsewhere, no matter how careful I am to shut down other Explorer and
Control Panel windows. In those cases, just rebooting let me delete the GMC folder.
You can do it on either an NTFS or FAT32 drive.
You can put it on a removable drive and carry it around. Whether on a CF card, a USB stick, or an
SDHC card, a GMC folder works like a charm when plugged into a compatible computer.
It responds to different views. It comes up in Details view by default, but others work as well. Try out
List view, it's more concise.
Finally, which operating systems support a GMC? I've made it work on
Windows 7 x64
Windows 7 x86
Vista x86
Windows Server 2008 R2 Standard Edition
Windows Server 2008 x86
It has not, however, worked on 64-bit Vista; trying to open an Explorer that contains one of the GMC
folders causes Explorer to crash. If that happens to you, just open up an elevated command prompt and
type
rd /s /q
And then press "Tab" until the folder name like "Hi.{ED7BA470-8E54-465E-825C-99712043E01C}"
or whatever you named it to appears, then press the Enter key. Also, you might do your experiments
not with a folder at the root level, but instead a second-level folder -- create Hi.{ED7BA470-8E54-
465E-825C-99712043E01C} inside a folder named "c:\test" rather in c:\ so if you do end up with a
system that doesn't like GMCs, you can still open up Explorer on C: without crashing Explorer.
I hope I've offered a bit of insight and a few ideas on using what might better be called the "flat-mode
Control Panel View." I'd love to hear of your experiences with it!
Q. Is there a way to maintain all the applications from my
Windows XP installation when I upgrade to Windows 7
without third-party tools?
A. There's no upgrade path from Windows XP to Windows 7, which means all the applications you've
installed in Windows XP will be lost. While it would be possible to upgrade from Windows XP to
Windows Vista, then to Windows 7, this isn't optimal and would result in a lot of junk moving to
Windows 7.
Another option is to back up the Windows XP installation to a virtual machine (VM), which can then
be loaded into Windows Virtual PC and run on a new Windows 7 installation. The easiest way to do
this is to use disk2vhd to capture the Windows XP system disk to a virtual hard disk while using the
"Fix up HAL for Virtual PC" option, as shown below.
You can take the VHD file and use it as the virtual disk for a new VM on a fresh installation of
Windows 7. Boot the new VM and install Windows XP SP3 and the Windows Virtual PC integration
tools. Next, install the XP SP3 RemoteApp add-in.
The user can now access the Windows XP applications through the Windows XP VM. You can go one
step further and enable Auto Publish for the VM and boot the XP virtual. The applications will now
show in the Windows 7 Start Menu and will launch seamlessly.
Click to expand.
If you're not already running an anti-virus program in the VM, install one, such as the free Microsoft
Security Essentials.
I tried the above procedure and it worked fine, but obviously, all my applications and data are still
within the Windows XP VM. Ideally, you want your applications and data within your primary OS.
Over time, you should install Windows 7 compatible applications in the primary OS, instead of running
them from the VM.
This will delete all files in my backup directory older than 5 days. To test it first, use this:
Browse By Category
Active Directory & Group PolicyExchange & OutlookNetworking & HardwareOffice &
SharePointScripting SecuritySQL ServerStorage/Backup/RecoverySystems
ManagementVirtualizationWindows OSadvertisement
Get Newsletters
Get the Latest News
Product Updates
Helpful Tricks
Productivity Tips
Subscribe Now!
Close
Thank you for recommending Windows IT Pro - the leading independent community for IT
professionals.
Your recommendation has been successfully processed.
Close
Your Name * Your Email *
Sender name is a required field.
Sender email is a required field.
Email address should be in the proper format (Ex: test@test.com).
A: Yes, this behavior can be changed using a registry hack. In a Windows domain environment, you
can also use a Group Policy Object (GPO) setting.
The GPO setting is called Interactive Logon: Display User Information when the session is locked and
is located in the following GPO container: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options. When you enable this setting, you can set one of these three
options:
A side effect of hiding the account information from the Computer Locked dialog box is that when you
try to log in to a locked machine, Windows won't show the name of the user who's currently logged on
in the logon dialog box. To unlock your logon session, you must type your password and retype your
account name.
To use location-aware printing, open the Devices and Printers Control Panel applet, select a printer,
then click Manage default printers. Now you can set the option to Change my default printer when I
change networks. Select the networks known to the machine and the printer that should be used as the
default for the location.
The trouble is, it's really hard to do that. Basically there are two types of in-the-box or free approaches
to transfer all of the contents of one drive to another: block-by-block copies (ImageX, Windows
Backup/wbadmin) or file-by-file (Explorer, copy, xcopy, robocopy). Unfortunately, nearly all of them
have the same problem: what to do when you try to read a bad sector? Some of them hit a bad sector,
think about it for a bit and just give up, recovering no data at all (the image part of Windows Backup,
wbadmin.exe), others hit a bad sector, think about it for five minutes, and then stop and ask you what to
do, meaning that you've got to babysit the whole process, which isn't any fun when trying to recover
files (Explorer). Still others just try and try and try and try, which, again, probably puts the last nails in
the sick drive's coffin (robocopy, the file-by-file part of Windows Backup).
Scouring the documentation about wbadmin.exe, the Ghost-like drive copy system in Windows, I could
not find a "skip bad sectors" option... darn. But what about robocopy? Here was my original robocopy
attempt to get whatever was recoverable from the sick drive (e:) to the new one (f:).
That says to move all files and folders from drive E: to drive F: -- that's the "e: f: *" part -- and to
recreate E:'s folder structure onto F: (/s), to move the files, meaning to delete any files from E: once
they're safely on F: (/mov), and to create multiple threads to do it, getting it done more quickly and
making the best use of my drive channels (/mt:10, which creates ten simultaneous threads). That
worked extremely well, except for one problem: robocopy just wouldn't give up on the impossible-to-
read files, waiting 30 seconds every time a particular "read" operation failed, and then trying it again,
and again, and.... "Well, how many times is the silly thing going to retry?," I thought, and then
remembered.
Really -- I'm not kidding. Robocopy is the terrier of terriers here, and its creator baked in "do those
retries a million times" as a default. So, I thought, there must be a way to stop retries, and of course
there was: "/r:0," which means "do no retries." Heck, there's even an option "/REG," which says,
"remember that particular desired number of retries in the Registry, and use it henceforth as the new
default from now on." I friggin' love robocopy. The final command, then, was
I was then able to go off to bed, arise the next morning and find that The Job Had Been Done, in about
two and a half hours. Yes, I'd lost eight files, but I've got them on that distant backup. Oh, and in the
process, I got an excuse to upgrade that "data drive" to a Seagate Momentus XT, a 750 GB 7200 RPM
2.5" drive with a bit of NVRAM built in to offer a bit better speed... very nice. I love a happy ending,
don't you?
But first let's back off a bit. So the hard drive in your computer has failed--what should you do first?
The First Rule of Data Recovery is to immediately stop trying to use the computer as any additional
disk activity may make it harder to recover data from the drive. The approach you choose to follow
next for attempting to recover the data from your failed hard drive (assuming you can afford to lose
your data if your efforts fail) depends on the type of failure being experienced. For example, let's say
your PC won't boot, so you take the drive out and add it as a second drive in a different PC but the
other PC won't even see the drive in the BIOS. Let's say also that you noticed that when you tried
booting the original PC from the failed drive you could hear the drive platters spinning and the heads
seeking (clicking). That means the data might still be there on the drive and the drive's controller may
simply have gone kaput (perhaps it got fried by a power surge). If you have another identical drive to
one that failed (or if you can get a used one on eBay) you could try swapping the controller boards on
the two drives if you're geeky enough to do this (it sometimes just involves removing four screws
though they may be torx bits but other times it may involve some finicky soldering or fiddling around
with cabling). There are some hazards however with following this approach as the following articles
indicate:
http://www.wservernews.com/go/1331289314157
http://www.wservernews.com/go/1331289338223
If your drive is still being detected in the BIOS of your PC but Windows is unable to read it, you could
try booting from a Debian/Ubuntu CD and running gddrescue (gddrescue can sometimes read data
from drives that Windows won't let you read from because it works at the block level and tries to force
a read on failing disk sectors). You can then dump the image to a new drive (make sure it's larger than
the original), mount the image, and extract the files you want to recover from it. And if you are unable
to mount image, you can try using PhotoRec to extract your data:
http://www.wservernews.com/go/1331289349239
Another approach is to get hold of a good data recovery utility and use it. Some of these are free while
some others are expensive. Some of the ones that have been recommended to me by other IT pros
include the following:
SpinRite from GRC:
http://www.wservernews.com/go/1331289363314
MiniTtool Power Data Recovery:
http://www.wservernews.com/go/1331289374387
PC Inspector from CONVAR:
http://www.wservernews.com/go/1331289384841
R-Studio from R-Tools Technology:
http://www.wservernews.com/go/1331289395863
Printing Pitfalls
The Print server role isn't one of the sexier roles of Windows Servers, which probably explains why the
Windows Printing Team Blog hasn't been updated for over two years:
http://www.wservernews.com/go/1336642423961
But since the much-vaunted paperless office still hasn't arrived for most of us, print servers are still
essential in most business environments. Security improvements like UAC in Windows Vista and later,
coupled with the phase-out of 32-bit servers with Windows Server 2008, have led to some frustrations
in the formerly benign and placid area of getting stuff printed. Let's look at a few issues and how to
resolve them.
Installing drivers from print servers
Allowing standard users (i.e. users who aren't local admins on their computers) to install print drivers
from print servers can be done by enabling and configuring this Group Policy setting:
Computer Configuration\Policies\Administrative Templates\Control Panel\Printers\Point and Print
Restrictions
Specify the names of trusted print servers on your network and configure the two security prompt
settings to Do not Show Warning Or Elevation Prompt. And if you still have Windows XP clients in
your environment, you should configure the similarly named policy setting found under User
Configuration.
For more information see "Control Printer Driver Installation Security" in the TechNet Library at:
http://www.wservernews.com/go/1336642444305
Migrating to Windows Server 2008 R2 print servers when you still have Windows XP clients
What if your current environment is Windows XP/Windows Server 2003 and you plan on using the
Print Migration Wizard (Printbrm.exe) to migrate your print servers to Windows Server 2008 R2 while
keeping at least some of your clients running Windows XP for a bit longer? (Hmm, you like playing
with fire, don't you--I'll bet you're still driving an 82 Datsun too.) Do you need to make any changes to
your Windows XP clients or can they just keep their current print drivers since you're not changing the
printers, just the print servers?
Yep. You'll need to delete all printer connections and driver references on your Windows XP clients and
create new printer connections for them. To do this you'll probably need to do some custom scripting
that leverages the Prnmngr.vbs and Prndrvr.vbs scripts. See here for a list of in-box commands and
scripts in Windows 7:
http://www.wservernews.com/go/1336642608821
Also see the Print Services Migration Guide in the TechNet Library:
http://www.wservernews.com/go/1336642587759
This could be useful if you're planning a print server migration for your environment.
Print/Fax Forum on TechNet
Finally, if you have printing problems in your Windows Server environment, a good place to seek help
is the Print/Fax TechNet Forum, which is maintained by MVPs and by Product Group experts at
Microsoft:
http://www.wservernews.com/go/1336642600415
By John Savill
A: Windows 8.1 allows a machine to boot directly to the desktop instead of the Start Screen after
logon. To make the change, perform the following:
1. Right-click the Task Bar and select Properties.
2. Select the Navigation tab.
3. Under the Start Screen area, select Go to the desktop instead of Start when I sign in.
4. Click OK.
Figure 1
The secret? Highlight the rows, press ALT + ; (that is, hold the ALT key while pressing the semicolon).
This selects only the visible rows and allows you to paste them wherever you want.