Tweaks and Repairs

 Alpha ListAlpha  |  Numeric ListNumeric

 Page Four ...back it up before you break it! 

...select an «Item number» to view a topic, «Title number» to return.
«Item 91» Registry Entries For the W32Time Service
«Item 92» Configure the Windows 2000 Time Service To Log When Time Is Adjusted
«Item 93» Encrypting Files In Windows 2000
«Item 94» BIOS Data In the Registry
«Item 95» Kerberos And Windows 2000
«Item 96» Hibernation vs Standby Mode
«Item 97» Password Prompt When Returning From Hibernation
«Item 98» Scroll The Start Programs Menu
«Item 99» How To Schedule A Server Process In Windows 2000
«Item 100» Windows Internet Naming Service (WINS)
«Item 101» NetBT (NetBIOS over TCP) Configuration Parameters
«Item 102» Product Documentation
«Item 103» Default NTFS Permissions For Windows 2000
«Item 104» Default NTFS Permissions Are Not Applied To A Converted Boot Partition
«Item 105» How To Restore the Default NTFS Permissions For Windows 2000
«Item 106» How To Back Up Windows 2000 Server System Files
«Item 107» Limitations Of the FAT32 File System With Windows 2000
«Item 108» Capabilities And Features Of the NTFS 5.0 File System
«Item 109» How To Use Convert.exe To Convert A Partition To the NTFS
«Item 110» How To Establish A Striped Volume (RAID-0)
«Item 111» Windows 2000 Services Tweak Guide
«Item 112» Change In DHCP Client Behavior In Windows 2000
«Item 113» Error When Installing Service Pack Or Hotfix
«Item 114» FreeWare Utility «» PsSuspend
«Item 115» A Memory.dmp File Can Be Generated Using the Keyboard
«Item 116» Add A Registry Key To Remove LM Hashes
«Item 117» The Windows 2000 Runas Utility
«Item 118» Virus Protection And Security Patch Information
«Item 119» How To Use the Netsh.exe Tool
«Item 120» Use Netsh To Configure Your Laptop's NIC

«91» Registry Entries For the W32Time Service

The W32Time service is an integrated service in Windows 2000. This service ensures that computer date and time settings are correctly synchronized throughout an organization. The article at Q223184 lists the registry entries that control aspects of this service. After you change the configuration, you must stop and restart the W32Time service for the change to take effect.

«92» Configure the Windows 2000 Time Service To Log When Time Is Adjusted

To force the W32Time service to log an event when the time is adjusted:

1. Use Regedt32 to navigate to:

HKLM\System\CurrentControlSet\Services\W32Time\Parameters

2. Edit or add the Value Name: 'Log', Data Type: REG_DWORD, and set the Value, using the Hex radix, to: 0x00000064.
3. Edit or add the Value Name: 'WriteLog', Data Type: REG_SZ, and set the Value to: True.

When time is adjusted, the W32Time service will post Event ID 61 in the System Event Log. The text will be similar to: The Time service synched time from time source <SOURCE>. You may also receive Event ID 0, Time set (offset < .5) second.

If an error with synchronization occurs, event ID 11 is posted: The NTP server didn't respond.

«93» Encrypting Files In Windows 2000

Windows 2000 includes the Encrypting File Service (EFS) that you can use to encrypt files and folders directly on the storage media, either locally or over a network. EFS is directly integrated into the Windows 2000 shell, and is completely transparent to most programs.

To set up EFS encryption:

1. Right-click the folder you want, and then click Properties.
2. On the General tab, click Advanced.
3. Click to select the Encrypt contents to secure data check box, click OK, and then click OK.
4. Click either Apply changes to this folder only or Apply changes to this folder, subfolders and files as appropriate.

For additional information, view the following relevant articles in the Microsoft Knowledge Base:

Q223316 Best Practices for Encrypting File System

Q298009 Cypher.exe Security Tool for the Encrypting File System

«94» BIOS Data In the Registry

Ever wondered how SMS and other query tools can pull BIOS information from remote boxes? Many of these tools simply read the Registry. BIOS data appears in the following Registy key in Windows 2000:

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System

Value Name: 'SystemBiosDate', Data Type: REG_SZ
Value Name: 'SystemBiosVersion', Data Type: REG_SZ
Value Name: 'VideoBiosDate', Data Type: REG_SZ
Value Name: 'VideoBiosVersion', Data Type: REG_MULTI_SZ

Your milage may vary depending on your system but the system BIOS and video BIOS settings are generally found.

«95» Kerberos And Windows 2000

Windows NT uses a proprietary authentication scheme, NT LAN Manager ( NTLM ) Challenge-Response. With the introduction of Windows 2000, Microsoft changed the default authenication to their version of Kerberos, a public domain authentication scheme developed at MIT (Massachusetts Institute of Technology) as part of Project Athena.

Windows 2000 uses Version 5 of Kerberos as defined by RFC 1510. To be standard, Kerberos implementations use the API library described in RFC 1964, the Kerberos Version 5 Generic Security Service Application Programming Interface ( GSS-API ) Mechanism. Microosft chose to not use the GSS-API directly, but instead, Windows 2000 uses a similar set of functions they developed.

Windows 2000 supports Kerberos and NTLM for authenication. Because the authentication mechanism is designed to be as transparent as possible, it isn't obvious whether Kerberos or NTLM is used.

In general, Windows 2000 uses Kerberos in the following circumstances:

» Authenticating users logging on to Windows 2000 domain controllers.
» Authenticating users logging on to Windows 2000 servers and workstations that are members of a Windows 2000 domain.
» Authenticating users logging on to standalone Windows 2000 servers and workstations.
» Authenticating users accessing a Windows 2000 server or workstation from a Win9x client or NT client configured with the Active Directory add-on.

NTLM authentication is used in the following instances:

» Authenticating users logging on to Windows 2000 servers and workstations that are members of an NT domain (or accessing an NT domain from a Windows 2000 domain via a trust relationship.
» Authenticating users accessing a Windows 2000 server or workstation from an NT server or workstation.
» Authenticating users accessing a Windows 2000 server from a standard Windows 9x, Win 3.1x client, or OS/2 client.

«96» Hibernation vs Standby Mode

Hibernation and Standby Mode are very similar and people tend to confuse the differences. Standby basically turns off power consuming components like the hard disks and monitor. It switches the computer to a low power state. Its much like a warm boot. Any contents of memory and unsaved desktop settings are lost. Hibernation saves state information by writing a hibernation file which contains the contents of memory and is thus the same size as total RAM. This is a snapshot of active memory. When you turn your PC back on, the state, including which applications are running (desktop) and the memory contents are restored to RAM and voila! - you are back to where you were when Hibernation mode started. CAUTION: The restoration of state can take place in 5 minutes, 5 hours, 5 days, ....

Hibernation is only available if your system is ACPI-compatible. If it is not, the Hibernation tab will be missing and you will have an APM tab instead. To enable Hibernation mode as one of your Shutdown options:

1. Click on Start|Settings|Control Panel
2. Double-click the Power Options icon
3. Click on the Hibernate tab and select the Enable hibernate support check box. If the tab is not there, W2K does not support the feature on your hardware, BIOS, or whatever. The same dialog box show free disk space and required space to store memory. If it is missing, check for a newer BIOS for the motherboard.
4. Click on Apply

«97» Password Prompt When Returning From Hibernation

Windows 2000 fails to prompt for a password when it returns from hibernation. From a security perspective, the Operating System should prompt for your password when coming off hibernation mode. To enable this important security feature:

1. Start the Power Options Control Panel applet

» Start
» Settings
» Control Panel
» Power Options

2. Select the Advanced tab.
3. Check the Prompt for password when computer goes off standby check box.
4. Click OK.

«98» Scroll The Start Programs Menu

Windows 2000 and Windows NT take different approaches in handling the Programs Menu when there are more items than will fit. If there are too many items to fit on the screen, Windows NT uses multiple columns. Windows 2000's default is to use a scroll approach. For the Windows NT user it can be a little confusing because it "hides" the extra items until you scroll down the column. What's nice about Windows 2000 is that it gives you easy control of whether the Program Menus will either scroll or use multiple columns.

To control the option, click on: Start / Settings|Taskbar and Start Menu...|Advanced Tab and within the Start Menu Settings box, check or uncheck the Scroll the Programs menu check box.

«99» How To Schedule A Server Process In Windows 2000

This step-by-step article describes how to schedule a program to automatically start at a pre-determined interval.

Schedule the Task:

1. Click Start, point to Settings, click Control Panel, and then click double-click Scheduled Tasks.
2. Double-click Add Scheduled Task, and then click Next.
3. A list of programs that are available on your computer are displayed. If the program you want to schedule is in this list, click it, and then click Next. If the program you want to run is not in this list, click Browse to locate the program, click the program, and then click Open.
4. When you receive a suggested name for the task, you can either accept the default name or type another name. Click the interval you want to use for this task (daily, weekly, monthly, one time only, and so on). Click Next.
5. If you chose to schedule the task daily, weekly, monthly, or one time only, you receive a time or date option. Choose the date or dates, time or times you want to schedule the task for, and then click Next.
6. Type the user name and password. Make sure that the user name is in the domain\user format domain\user where domain is your NetBIOS domain name and user is the user account you want to schedule the task under. Click Next.
7. Click Finish to schedule the task, and then verify that the task appears in the Scheduled Tasks window.

Pitfalls:

««By default, Task Scheduler logs on as the Local System account. In some cases, this account may not have the appropriate permissions to perform the scheduled task. Because of this, you must specify an account in the Scheduled Task Wizard. Verify that the account you specify in the wizard has sufficient rights to perform the task you are scheduling by logging on as that user and running the task manually.
««You can also schedule tasks by using the AT command. Both methods can be used to automatically schedule tasks. However, neither program is aware of the list of the other's list of scheduled programs. For example, if you schedule a batch file to run every day at midnight in the Scheduled Task Wizard and also with the AT command, the command runs twice.
««If you chose to schedule the task for any interval other than "one time only", the task continues to run indefinitely. You must manually delete the task to keep it from running again.
««the Schedule Task Wizard does not verify the password you type for the user account that the process will run as. Make sure that you type the correct password.

«100» Windows Internet Naming Service (WINS)

In order to understand the architecture of WINS, it is first necessary to understand the history behind it: that is, NetBIOS. NetBIOS started as a high-level programming language interface for PC-DOS applications to IBM PC-Network broadband LANs. Microsoft used this NetBIOS interface for designing its networking components. NetBIOS names identify resources and are 16 characters in length. The NetBIOS name space is flat, meaning that names may only be used once within a network. These names are registered dynamically when computers boot, services start, or users log on. NetBIOS names can be registered as unique or as group names. Unique names have one address associated with a name; group names have more than one address mapped to a name.

[ To continue this discussion, go to this page at http://www.microsoft.com/]

«101» NetBT (NetBIOS over TCP) Configuration Parameters

All of the NetBT parameters are Registry values located under one of two different subkeys of:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Netbt\Parameters and
Netbt\Adapters\<Adapter Name>, in which <Adapter Name> refers to the subkey for a network adapter that NetBT is bound to, such as Lance01.

Values under the latter key(s) are specific to each adapter. If the system is configured with DHCP, then a change in parameters will take effect if the command ipconfig /renew is issued in a command shell. Otherwise, a reboot of the system is required for a change in any of these parameters to take effect.

[ To see the parameter details, go to the Microsoft site: www.microsoft.com/ntserver/techresources/]

«102» Product Documentation

This page lets you access the complete online help for all versions of the Windows 2000 operating system as well as Internet Information Services (IIS). Get all the most current documentation at http://www.microsoft.com/windows2000/techinfo/proddoc/default.asp.

«103» Default NTFS Permissions For Windows 2000

Microsoft Knowledge Base Article ID: Q244600 lists the default permissions on a drive that has been formatted with the NTFS file system for the first time. Some of these folders are hidden by default.

«104» Default NTFS Permissions Are Not Applied To A Converted Boot Partition

When you install Windows 2000 to an NTFS partition, part of the set up process is to apply default security settings to the system files and folders located on the boot partition. If you initially installed Windows 2000 to a FAT or FAT32 partition, and then later used the Convert.exe utility to convert the partition to NTFS, default security settings are not applied. You may also want to re-apply default NTFS permissions to the system boot partition if you accidentally removed access to parts of the file system necessary for the operating system to function properly.

The following procedure only applies default NTFS security settings to the %Windir% and "Program Files" folders and not the "Documents and Settings" folder. However, it is possible to create a user defined .inf file that contains custom security settings for additional files and folders and apply them the same way.

To Apply Default NTFS Security to a Windows 2000 NTFS Boot Partition:

1. Log on to the workstation or server with Administrator rights.
2. At a Command prompt, type one of the following commands:

Windows 2000 Professional:

Secedit /configure /db C:\winnt\temp\temp.mdb /Cfg c:\winnt\inf\defltwk.inf /areas filestore

Windows 2000 Server:

Secedit /configure /db c:\winnt\temp\tmp.mdb /Cfg C:\winnt\inf\defltsv.inf /areas filestore

NOTE: After security permissions are applied, you may receive the following message that it is alright to ignore:

Task is completed. Some files in the configuration are not found on this system so security cannot be set/queried.
See the %windir%\security\logs\scesrv.log file for detailed information.

3. View the NTFS security settings on the Windows 2000 system files and folders and note that additional security has been applied.

NOTE: You may also want to re-apply default NTFS permissions to the system boot partition if you accidentally removed access to parts of the file system necessary for the operating system to function properly, however the computer must still be bootable for the preceding procedure to work.

If the Computer Does Not Start and Generates a STOP 0xC000021A Error Message on a Blue Screen

If the Administrator has modified permissions, rebooted the computer, and now receives an error message on a blue screen, the most likely cause is that the SYSTEM account does not have adequate permissions to provide access to the system files and folders.

To restore access to the boot partition:

1. Install a new installation of Windows 2000 onto a separate partition or drive.
WARNING: If you install a new installation of Windows 2000 in the same folder as the existing installation, you will erase the existing installation, including all existing accounts, and so on.
2. Boot to the new installation of Windows 2000.
3. Use Windows Explorer to give the "System" account full control of the original volumes root folder and all system files and folders. You should now be able to boot to the original installation of Windows 2000.
4. Follow the preceding instructions to restore default NTFS security permissions on your system boot partition.

[ For additional information, go to support.microsoft.com ]

«105» How To Restore the Default NTFS Permissions For Windows 2000

Windows 2000 includes Security Configuration templates that contain the default settings for NTFS permissions, registry permissions, default user rights, and so on. These templates are located in the %SystemRoot%\Inf folder, and are named as follows:

» Defltwk.inf: Windows 2000 Professional
» Defltsv.inf: Windows 2000 Server/Advanced Server non-domain controller
» Defltdc.inf: Windows 2000 Server/Advanced Server domain controller

You can use these templates in conjunction with the Security Configuration and Analysis snap-in in Microsoft Management Console (MMC) to restore the default security settings in Windows 2000. To do so:

1. Click Start, click Run, type mmc.exe, and then click OK to start MMC.
2. On the Console menu, click Add/Remove Snap-in.
3. Click Add, and then double-click the Security Configuration and Analysis snap-in.
4. Click Close, and then click OK.
5. Right-click Security Configuration and Analysis, and then click Open Database.
6. Type a file name to hold the settings you specify.
7. After you create the database, you must import the appropriate security configuration template. Right-click Security Configuration and Analysis, and then click Import Template.

NOTE: If you are restoring the security settings on a Windows 2000-based domain controller, make sure to follow the steps outlined in the following article in the Microsoft Knowledge Base before you import the template:

Q250454 Error Returned Importing the BASICDC Security Template

8. Change to the %SystemRoot%\Inf folder and select the template that is appropriate to your installation.

NOTE: The %SystemRoot%\Inf folder is hidden by default. To view hidden folders:

a. Double-click My Computer on the desktop.
b. On the Tools menu, click Folder Options.
c. Click Show hidden files and folders, and then click OK.

9. After you import the template, follow the instructions in the right pane to configure your computer with the security settings that are contained in the template.

[ For additional information, go to microsoft.com/support/ ]

«106» How To Back Up Windows 2000 Server System Files

The KB article Q301254 (no longer supported) was a step-by-step guide intended for users who back up and restore data on Windows 2000-based servers. This includes backing up and restoring the system configuration and local registry. You can back up Windows 2000-based servers manually or by using the Backup Wizard that is included with the Backup tool. You can back up the entire contents of the server, selected portions of the server, or the System State data (the configuration information).
NOTE! Updated information regarding this item: from MSDN.

«107» Limitations Of the FAT32 File System With Windows 2000

Limitations of the FAT32 file system with Windows 2000, Windows XP, Windows .NET are discussed in Microsoft Knowledge Base article Q184006. These are:

Ø Clusters cannot be 64 kilobytes (KB) or larger. If clusters were 64 KB or larger, some programs (such as Setup programs) might calculate disk space incorrectly.

Ø A volume must contain at least 65,527 clusters to use the FAT32 file system. You cannot increase the cluster size on a volume using the FAT32 file system so that it ends up with less than 65,527 clusters.

Ø The maximum possible number of clusters on a volume using the FAT32 file system is 268,435,445. With a maximum of 32 KB per cluster with space for the file allocation table (FAT), this equates to a maximum disk size of approximately 8 terabytes (TB).

Ø The ScanDisk tool included with Microsoft Windows 95 and Microsoft Windows 98 is a 16-bit program. Such programs have a single memory block maximum allocation size of 16 MB less 64 KB. Therefore, The Windows 95/98 ScanDisk tool cannot process volumes using the FAT32 file system that have a FAT larger than 16 MB less 64 KB in size. A FAT entry on a volume using the FAT32 file system uses 4 bytes, so ScanDisk cannot process the FAT on a volume using the FAT32 file system that defines more than 4,177,920 clusters (including the two reserved clusters). Including the FATs themselves, this works out, at the maximum of 32 KB per cluster, to a volume size of 127.53 gigabytes (GB).

Ø You cannot decrease the cluster size on a volume using the FAT32 file system so that the FAT ends up larger than 16 MB less 64 KB in size.

Ø You cannot format a volume larger than 32 GB in size using the FAT32 file system in Windows 2000. The Windows 2000 FastFAT driver can mount and support volumes larger than 32 GB that use the FAT32 file system (subject to the other limits), but you cannot create one using the Format tool. This behavior is by design. If you need to create a volume larger than 32 GB, use the NTFS file system instead.

NOTE: When attempting to format a FAT32 partition larger then 32 Gigabytes (GB), the format fails near the end of the process with the following error:

Logical Disk Manager: Volume size too big.

«108» Capabilities And Features Of the NTFS 5.0 File System

Windows 2000 contains new features that are available only with the NTFS file system. The MS Article Chapter 17 - File Systems outlines the features and advantages of converting to the NTFS file system with Windows 2000. These features require on-disk data structures that make these volumes unavailable to Windows NT 4.0-based computers. In anticipation of dual- boot scenarios, upgrade Windows NT 4.0 to SP4 before starting the Windows 2000 installation. The version of NTFS included with Windows 2000 cannot be interpreted correctly by Windows NT 4.0. However, there is an updated Ntfs.sys driver in Windows NT 4.0 Service Pack 4 that enables Windows NT 4.0 to read from and write to NTFS volumes in Windows 2000.

New features of the NTFS 5.0/5.1 file system include:

» Disk quotas: Administrators can limit the amount of disk space users can consume on a per-volume basis. The three quota levels are: Off, Tracking, and Enforced.

» Encryption: The NTFS file system can automatically encrypt and decrypt file data as it is read and written to the disk.

» Reparse points: Programs can trap open operations against objects in the file system and run their own code before returning file data. This feature can be used to extend file system features such as mount points, which you can use to redirect data read and written from a folder to another volume or physical disk.

» Sparse files: This feature allows programs to create very large files, but to consume disk space only as needed.

» USN Journal: This feature provides a persistent log of all changes made to files on the volume. This feature is one of the reasons that Windows 2000 domain controller must use an NTFS partition as the system volume.

«109» How To Use Convert.exe To Convert A Partition To the NTFS

The Convert.exe utility is supplied with Windows to convert a FAT partition into an NTFS partition. Use of Convert.exe is straight forward, but there are considerations that should be taken into account before using the utility.

The following limitations should be recognized before converting a FAT partition to NTFS:

« The conversion is a one-way process. After a partition has been converted to NTFS, it is not possible to convert the partition back to a FAT partition. To restore the partition as a FAT partition, the partition would have to be reformatted as FAT (which would erase all data from the partition) and then data can be restored from backup.

« The system partition of a RISC-based computer cannot be changed to NTFS. The ARC specification requires that the system partition be FAT. It is possible to create a small (1 MB) FAT partition for the system partition and install Windows on an NTFS partition (the boot partition).

« Convert.exe requires a certain amount of free space be present on the drive in order to convert the file system. For additional information about the amount of free space required for a conversion, click the article number below to view the article in the Microsoft Knowledge Base:

Q156560 Free Space Required to Convert FAT to NTFS

« If the computer is used to boot to other operating systems, NTFS partitions will not be accesible to the other operating systems. Windows NT is the only operating system that can read and write to NTFS partitions.

NOTE: Although the chance of corruption or data loss during the conversion from FAT to NTFS is minimal, it is best to perform a full backup of the data on the drive that it is to be converted prior to executing the convert command. It is also recommended to verify the integrity of the backup before proceeding, as well as to run RDISK and update the Emergency Repair Disk (ERD).

To convert a FAT partition to NTFS, perform the following steps.

1. Click Start, click Programs, and then click Command Prompt.
2. At the command prompt, type CONVERT [driveletter]: /FS:NTFS.
3. Convert.exe will attempt to convert the partition to NTFS.

CONVERT may present the following error:

Convert cannot gain exclusive access to the [driveletter]:, so it cannot convert it now. Would you like to schedule it to be converted the next time the system restarts (Y/N)?

This error will occur if any of the following three conditions exist:

« If you run the CONVERT command while the current directory is on the drive that is to be converted (for example, you type CONVERT F: /FS:NTFS at the F:\> prompt). To solve this, either answer "Yes" to the prompt and restart the system, or change to a directory on another drive and retype the command.

« If an application has a file open on the drive that is to be converted. To solve this, either answer "Yes" to the prompt and the drive will be converted the next time the computer is restarted, or close any applications that may be using files on the drive to be converted. Remember that this also applies to users accessing files on the drive over the network. This also includes a page file that resides on the drive.

« If you attempt to convert the partition from which the operating system is running. It is not possible to convert the boot partition while the operating system is running. To convert the boot partition, it will always be necessary to issue the CONVERT command, answer Yes to the prompt, and then restart the computer. The partition will be converted the next time the computer is restarted. As an alternative, it is possible to boot the computer to an installation of Windows on a different partition and convert the partition from that installation of Windows.

Article ID: Q214579

«110» How To Establish A Striped Volume (RAID-0)

[The information in this item applies to Windows 2000 Advanced Server and Windows 2000 Server]

A striped volume (RAID 0) combines areas of free space from multiple hard disks (anywhere between 2 and 32) into one logical volume. Data that is written to a striped volume is interleaved to all disks at the same time rather than sequentially. Consequently, disk performance is the fastest on a RAID 0 volume as compared to any other type of disk configuration. Administrators favor using striped volumes when input/output speed is important. Any file system can be used on a striped volume including FAT, FAT32, or NTFS.

[ For additional information, go to Wikipedia ]

«111» Windows 2000 Services Tweak Guide

by Thomas McGuire. "Much like previous versions of Windows NT, Windows 2000 also uses system Services. These allow support for other Programs/Hardware, etc. to run correctly. Or you can configure them to improve system security. By default Windows 2000 automatically runs many of these services & consumes more memory than it actually may need to for your particular needs, E.g. If you don't intend to use Task Scheduler or Fax Service, then why waste memory on running them automatically? In this guide I'll cover what each service does & whether or not you really need it. Currently this guide is (still) the most comprehensive of it's sort (In terms of content & amount of Services covered).

Now, onto the guide itself..."

«112» Change In DHCP Client Behavior In Windows 2000

A Windows 2000-based DHCP client may lose connectivity to local network resources if it is unable to reach a DHCP server at startup. Windows 2000 behaves differently than does previous versions of Windows when it is unable to find a DHCP server. The Windows 2000-based DHCP client may use Automatic Private IP Addressing (APIPA) for addressing if it is unable to reach a DHCP server and is also unable to reach its default gateway. After the APIPA address is enabled, the client loses connectivity to other local network resources. Previous versions of Windows continue to use the currently leased DHCP address until the lease expires.

To determine whether a Windows 2000-based DHCP client has used APIPA for TCP/IP addressing, type ipconfig at a command prompt, and then press ENTER. If APIPA was used, the IP address is from the APIPA Class B range of 169.254.0.0 to 169.254.255.255.

The client computer continues to search for a DHCP server and leases its previous address or a new address when a DHCP server becomes available.

To work around this behavior, you can disable APIPA either on the entire computer or on a per-interface basis. If you choose to disable APIPA, you need to modify the registry. For additional information about how to do this, click the article number below to view the article in the MS Knowledge Base:

Q244268 Routing Does Not Work When Multiple Adapters Use Automatic Private IP Addressing Simultaneously

Per Microsoft: This behavior is by design.

A capture of network traffic shows that the Windows 2000-based client sends DHCP discover packets, and then attempts to ARP for the address of the default gateway. If the default gateway is unreachable, the client grants itself an address by using APIPA while periodically sending DHCP discover packets. When connectivity to the DHCP server is restored, the client attempts to obtain its previous address.

«113» Error When Installing Service Pack Or Hotfix

When installing a service pack or hotfix on Windows 2000 you may receive the following error message:

Service Pack Setup Error
Failed to install catalog files
OK

This can occur when the following has been changed:

Option 10, "Only trust items found in the trust DB" of the software publishing state key values has been changed to "TRUE"(default is False).
~ or ~
The "Microsoft Root Authority" certificate or the "NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc." certificate under Trusted Root Certification Authorities has been removed.
~ or ~
The %SYSTEMROOT%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5INF.CAT file is corrupt.

To resolve the issue if Option 10 has been changed type the following at a Command prompt:

setreg 10 FALSE

To resolve the issue if certificates have been removed do the following:

» On a machine that has the Microsoft Root Authority certificate installed do the following:

1. Open Internet Explorer.
2. Click tools, internet options.
3. Click the content tab.
4. Click the Certificates button.
5. Click the Trusted Root Certification Authorities tab.
6. Scroll down until you locate Microsoft Root Authority certificate.
7. Click export.
8. Follow the prompts to export the certificate to DER encoded Binary x.509(.CER)file

» On the computer that cannot install the service pack or hotfix import the certificate you saved into the Trusted Root Certification Authorities.

To resolve the corrupted file problem:

1. Using the EXPAND tool expand: NT5INF.CA_ to NT5INF.CAT.
2. Boot into Safe Mode and replace: %SYSTEMROOT%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5INF.CAT and %SYSTEMROOT%\system32\dllcache\nt5inf.cat with the expanded file.

NOTE: This same issue can appear if the nt5inf.cat file is corrupt.
The resolution for the issue is to rename the file in the catalog folder as well as the dll cache and then extract it from the SP CD to both locations again. [Article ID: Q281458]

«114» FreeWare Utility «» PsSuspend

Copyright © 2001 Mark Russinovich

Introduction

PsSuspend lets you suspend processes on the local or a remote system, which is desirable in cases where a process is consuming a resource (e.g., network, CPU or disk) that you want to allow different processes to use. Rather than kill the process that's consuming the resource, suspending permits you to let it continue operation at some later point in time.

Installation

Copy PsSuspend onto your executable path and type "pssuspend" with command-line options defined below. PsSuspend works on NT 4.0, and Win2K.

Usage

Running PsSuspend with a process ID directs it to suspend or resume the process of that ID on the local computer. If you specify a process name PsSuspend will suspend or resume all processes that have that name. Specify the -r switch to resume suspended processes.

usage: pssuspend [-?] [-r] [\\computer [-u username] [-p password]] <process name | process id>

-? Displays the supported options.

-r Resumes the specified processes specified if they are suspended.

\\computer Specifies the computer on which the process you want to suspend or resume is executing. The remote computer must be accessible via the NT network neighborhood.

-u username If you want to suspend a process on a remote system and the account you are executing in does not have administrative privileges on the remote system then you must login as an administrator using this command-line option. If you do not include the password with the -p option then PsSuspend will prompt you for the password without echoing your input to the display.

-p password This option lets you specify the login password on the command line so that you can use PsSuspend from batch files. If you specify an account name and omit the -p option PsSuspend prompts you interactively for a password.

process id Specifies the process ID of the process you want to suspend or resume.

process name Specifies the process name of the process or processes you want to suspend or resume.

[ You can download PsSuspend (36KB) http://www.sysinternals.com/ ]

«115» A Memory.dmp File Can Be Generated Using the Keyboard

Microsoft Windows 2000 includes a feature that enables you to have the system stop responding and generate a Memory.dmp file (if configured to do so). The "Stop" screen that generates contains the following parameters:

*** STOP: 0x000000E2 (0x00000000,0x00000000,0x00000000,0x00000000)
The end-user manually generated the crashdump.

This feature is disabled by default. To enable this feature, you must edit the registry as indicated below and restart the computer. After restarting the computer, you can cause a system to stop responding by holding down the right CTRL key and pressing the SCROLL LOCK key twice. Pressing left CTRL key does not generate the system to stop responding.

(Please note that the steps below will not work on Legacy Free computers, i.e., those that use a USB keyboard. For those, you must attach a debugger.)

1. Start the Registry Editor (Regedt32.exe).
2. Locate the following key in the Registry:

HKLM\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters

3. On the Edit menu, click Add Value, and then add the following registry value:

Value Name: CrashOnCtrlScroll
Data Type: REG_DWORD
Value: 1

4. Quit the Registry Editor.

How to Select Memory Dump Options

There are three types of memory dumps that can be generated. Choose the appropriate one before manually triggering the dump.

1. Right click My Computer, and then click Properties.
2. Click the Advanced tab, and then click the Startup and Recovery button.
3. Click Write Debugging Information, and then click to select either: Complete Memory Dump, Kernel Memory Dump, or Small Memory Dump.

For additional information about memory dump options for Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:

Q254649 Windows 2000 Memory Dump Options Overview

[Article ID: Q244139]

«116» Add A Registry Key To Remove LM Hashes

...from Active Directory And Security Account Manager. Windows 2000 Service Pack 2 (SP2) offers compatibility with authentication to previous version of windows, such as Microsoft Windows NT. The supported authentication methods are LanMan (LM), Windows NT LanMan (NTLM), and NTLM version 2. The authentication for LM uses a hash of the user's password for authentication. This hash is typically stored on a Windows computer. If the security database falls into malicious hands, the passwords could be compromised. The LM hash is the easiest one to attack.

Microsoft provides a configuration option to disable the storage of the LM hashes. This facility to remove LM hashes has been tested and is supported with Windows 2000 SP2.

To add this key:

1. Start the Registry Editor (Regedt32.exe).
2. Locate and click the following key in the Registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

3. On the Edit menu, click Add Key, and then add the following Registry key:

Key name: NoLMHash

4. Quit the Registry Editor.
5. Restart the computer to make the setting active.

When this Registry key is set, the LM hash for a user account is not removed until the next time the user changes their password. Therefore, in addition to setting this key, you must also ensure that all users change their passwords. [Article ID: Q299656]

«117» The Windows 2000 Runas Utility

The Runas utility is primarily designed to allow Administrators to logon as an ordinary user, but to invoke a seconary logon, without logging off, in order to run Administrative tools with Administrator rights and permissions.

Each Administrator can have an ordinary account and an account that is a member of an Administrators group, or they can all share an Administrators account. In addition to securing your system against an unintended action, secondary logons prevent a 'Trojan Horse' attack if you were using IE while accessing a non-trusted site.

Ordinary users can also use the Runas functionality, to start programs under different user contexts. Here are some examples:

Opening a CMD prompt in the local Administrator context --

Start|Run|Runas /user:<ComputerName>\administrator CMD will open a CMD Windows titled <ComputerName>\administrator and prompt for the Administrator's password. Any command-based programs will run in the <ComputerName>\administrator context.

NOTE: If you run any program that stores files in the per-user folders, use the /profile switch or they will be stored in the default user profile.

Running a Control Panel Tool in the local Administrator context --

Start|Settings|Control Panel and select the tool with a single left click. Hold down the SHIFT key and right-click the icon. Press Runas. Enter the credentials when prompted.

Starting a shortcut in the local Administrator context --

Hightlight the shortcut, hold down the SHIFT key and right-click the icon. Press Runas.

NOTE: You can use this technique on any registered file type, such as running Computer Management with a shortcut to %SystemRootA%\System32\compmgmt.msc.
NOTE: You can configure a shortcut to always use a secondary logon by opening the Properties page and clicking Run as different user.

Running the Windows Explorer Shell in local Administrator Context --

Start Task Manager and press the Processes tab. Select Explorer.exe and press End Process and YES. Your desktop will disappear. Select the Programs tab and press New Task. Type:

Runas /user:<ComputerName>\administrator explorer.exe

and press OK. Enter the password. The desktop will return. When you are finished using this context, log off and a new Explorer shell in the original context will start.

NOTE: The Runas Service must be started for Runas to function.

«118» Virus Protection And Security Patch Information

Knowledge Base Article ID Q308691 describes how to obtain the latest security information for Windows 2000 and Windows NT 4.0. You can use the links in this article to download security hotfixes, patches, and updates that may protect your computer from a malicious user. Other information about how to secure your computer and implement basic security practices is also available in this article.

Microsoft does not provide software that can detect or remove computer viruses. If you suspect or confirm that your computer is infected with a virus, obtain current antivirus software. For a list of antivirus software manufacturers, view the following article in the Microsoft Knowledge Base:

Q49500 List of Antivirus Software Vendors

«119» How To Use the Netsh.exe Tool

Netsh.exe is a tool an Administrator can use to configure and monitor Windows 2000-based computers at a Command prompt. With the Netsh.exe tool, you can direct the context commands you enter to the appropriate helper, and the helper then carries out the command. A helper is a Dynamic Link Library (.dll) file that extends the functionality of the Netsh.exe tool by providing configuration, monitoring, and support for one or more services, utilities, or protocols. The helper may also be used to extend other helpers.

[ For additional information, go http://support.microsoft.com/kb/q242468/ ]

«120» Use Netsh To Configure Your Laptop's NIC For Different Networks

If you need to plug your laptop into different networks, you can save and restore the appropriate network configuration using the Netsh.exe utility which ships with W2K and XP. When you have your laptop correctly configured for your office network, you can save the network configuration for later restoration.

netsh -c interface dump > c:\configs\officeinterface.txt

Now lets say you take it home and reconfigure it correctly for you home network. To save you home network configuration for later use:

netsh -c interface dump > c:\configs\homeinterface.txt

Now you take the laptop back to the office and you need to reconfigure for the office environment: nic address, wins, gateway address... Use the following command to restore your office network interface:

netsh -f c:\configs\officeinterface.txt

At end of day, you take it home. To setup for home, run:

netsh -f c:\configs\homeinterface.txt

As you can imagine, this is very valuable if you have to get your laptop to function in multiple network locations.



treewalkdns.com

Valid XHTML 1.1 | ICRA Approved| | Valid CSS

~ Includes previous work and rights from Ted Quantrill's Tip Quarry ~
TOP
Copyright © 2000-2008 treewalkdns.com All rights are reserved