TreeWalk DNS
...select an «Item number» to view a topic, «Title number» to return.
«Item 301» Explanation of Regsvr32 Usage and Error Messages
«Item 302» Set Automatic Administrator Logon For the Recovery Console
«Item 303» Applying Predefined Security Templates
«Item 304» Windows 2000 Event and Error Messages
«Item 305» Harden the TCP/IP Stack Against Denial of Service Attacks
«Item 306» Configure Internet Explorer To Use Both the FTP PORT Mode and PASV Mode
«Item 307» How to Manually Rebuild Performance Counter Library Values
«Item 308» Miscellaneous Registry Tweaks
«Item 309» How To Fully Disable Antivirus Software From Filtering Files
«Item 310» Troubleshoot Startup Problems In Windows 2000
«Item 311» The Use Of TCP Port 445 In Windows 2000
«Item 312» NetBIOS Over TCP/IP
«Item 313» Default Cluster Size For FAT and NTFS
«Item 314» NTFS Cluster Size Considerations
«Item 315» NTFS Alternate Data Streams
«Item 316» Invalid File Names
«Item 317» NTFS Master File Table Expansion
«Item 318» Evaluating Memory and Cache Usage
«Item 319» Computer Name
«Item 320» TCP/IP and NBT Configuration Parameters
«301» Explanation of Regsvr32 Usage and Error Messages
You can use the Regsvr32 tool ( Regsvr32.exe ) to register and unregister Object Linking and Embedding (OLE) controls such as Dynamic-Link Library (DLL) or ActiveX Controls (OCX) files that are self-registerable. This may be necessary to troubleshoot some issues with Windows, Microsoft Internet Explorer, or other programs. For example, the following article in the Microsoft Knowledge Base requires you to use Regsvr32.exe to unregister the Wuv3is.dll control before you reinstall it from the Windows Update site:
Q241122 WINUP- Invalid Page Fault in 'wuv3is.dll'
If the registration of a control is unsuccessful or you need developer information about troubleshooting unsuccessful OLE control registration attempts, please see the following article in the Microsoft Knowledge Base:
Q140346 Possible Reasons for OLE Control Registration Failure
Regsvr32.exe is installed in the %SystemRoot%\System32 folder.
Regsvr32.exe Usage
RegSvr32.exe has the following command-line options:
Regsvr32 [/u] [/n] [/i[:cmdline]] dllname
/u Unregister server
/i Call DllInstall passing it an optional [cmdline]; when used with /u calls dll uninstall
/n Do not call DllRegisterServer; this option must be used with /i
When you use Regsvr32.exe, it attempts to load the component and call its DLLSelfRegister function. If this attempt is successful, Regsvr32.exe displays a dialog indicating success. If the attempt is unsuccessful, Regsvr32.exe returns an error message, which may include a Win32 error code. For a list of Win32 error codes, refer to the following Microsoft Web site:
http://www.microsoft.com/technet/support/eventserrors.mspx
For example, to manually register a Sample.ocx ActiveX control, type the following command at an MS DOS prompt:
c:\regsvr32.exe sample.ocx
Regsvr32.exe Error Messages
The following list contains RegSvr32 error messages and possible causes.
Unrecognized flag: /invalid_flag
You typed an invalid combination of flags or switches (refer to the "Regsvr32.exe Usage" section above).
No DLL name specified
You did not include a .dll file name.
Dllname was loaded, but the DllRegisterServer or DllUnregisterServer entry point was not found.
Dllname is not a .dll or .ocx file. For example, typing regsvr32 wjview.exe generates this error message.
Dllname is not an executable file and no registration helper is registered for this file type.
Dllname is not an executable file (.exe, .dll, or .ocx). For example, typing regsvr32 autoexec.bat generates this error message.
Dllname was loaded, but the DllRegisterServer or DllUnregisterServer entry point was not found.
Dllname may not be exported, or a corrupted version of Dllname may be in memory. Consider using Pview to detect the file and remove it.
Dllname is not self-registerable or a corrupted version is in memory.
For example, typing regsvr32 icwdial.dll returns this error message because the Icwdial.dll file is not self-registerable. If you suspect a corrupted version of Dllname is in memory, try restarting your computer or re-extract the original version of the file.
OleInitialize failed (or OleUninitialize failed).
Regsvr32 must initialize the COM library before it can call needed COM library functions and uninitialize the library when it shuts down. These error messages occur if an attempt to initialize or uninitialize the COM library is unsuccessful. For example, the Ole32.dll file may be corrupted or may be the wrong version.
LoadLibrary(" Dllname ") failed. GetlastError returns 0x00000485
From Winerror.h, 0x00000485 = 1157 (ERROR_DLL_NOT_FOUND), which means "One of the library files needed to run this application cannot be found." For example, typing regsvr32 missing.dll returns this error message if the Missing.dll file is not found.
LoadLibrary(" Dllname ") failed. GetLastError returns 0x00000002
From Winerror.h, 0x00000002 = 2 (ERROR_FILE_NOT_FOUND), which means "The system cannot find the file specified." In other words, a dependent DLL was not found. For example, typing regsvr32 icwdial.dll with Tapi32.dll (a dependency) missing, returns this error message.
LoadLibrary("dskmaint.dll") failed. GetLastError returns 0x000001f
From Winerror.h, 0x000001f = 31 (ERROR_GEN_FAILURE), which means "A device attached to the system is not functioning." This behavior can occur if you try to register a Win16 .dll file. For example, typing regsvr32 dskmaint.dll returns this error message.
DllRegisterServer (or DllUnregisterServer)in Dllname failed. Return code was: string
Search Winerror.h for string .
Regsvr32.exe and Dependencies
RegSvr32.exe depends on the Kernel32.dll, User32.dll, and Ole32.dll files (and the Msvcrt.dll and Advapi32.dll files in Windows NT). Regsvr32.exe loads the file you are trying to register or un-register, along with all of its dependencies. The process may be unsuccessful if a required file is missing or damaged.
You can use Depends.exe to determine dependencies for the file you are trying to register or un-register. Depends.exe is included with the Microsoft Windows 2000 Support Tools. To learn how to install the Windows 2000 Support Tools go to:
Item 177 Install the Windows 2000 Support Tools
«302» Set Automatic Administrator Logon For the Recovery Console
If your computer is physically secure, you may wish to enable logon to the Recovery Console without the need to enter a password:
1. Click on: Control Panel|Administrative Tools|Local Security Policy.
2. Under Security Settings, click on: Local Policies|Security Options.
3. Double-click the Recovery Console: Allow automatic administrative logon policy.
4. Set it to Enable.
5. Press OK and close the snap-in.
6. Repeat steps 1 - 2 to verify that the policy is Enabled.
«303» Applying Predefined Security Templates
Windows 2000 includes several pre-defined security templates that you can apply to increase the level of security for computers that are running either Windows 2000 Professional or Windows 2000 Server. These security templates are plain text files that you manually edit by using a text editor such as Notepad. However, it is recommended that you use the Security Templates Microsoft Management Console (MMC) to make changes to these templates. The following describes how to apply predefined security templates.
Security Templates
There are four categories of pre-built security templates:
» Basic
» Secure
» High Secure
» Miscellaneous
The basic, secure, and high security templates represent increasing levels of security. The miscellaneous templates include compatibility templates, optional components templates, and original setup security templates.
The basic templates include:
» Basicdc: Applies a basic level of security for domain controllers.
» Basicsv: Provides a basic level of security for file and print servers.
» Basicwk: Provides a basic level of security for workstations.
Higher-level security templates include:
» Securedc: Provides a higher level of security for domain controllers.
» Securews: Provides a higher level of security for workstations.
The following templates provide the highest level of security for Windows 2000-based computers but are not compatible with network connectivity with other Windows operating systems:
» Hisecdc
» Hisecws
Miscellaneous security templates include:
» ocfiless: Used for file servers.
» ocfilesw: Used for workstations.
» setup security: Applies the default Windows 2000 security configuration.
These security templates add security settings for optional components such as Terminal Services and certificate services.
How to Apply a Security Template
You can apply security template settings by using the Security Configuration and Analysis snap-in. When you use this snap-in, you can import security templates and apply them to a computer, site, domain, or to an organizational unit. You can apply the security settings to a local computer configuration or to a Group Policy Object. You can also use this tool to analyze the security settings for a local computer or for a Group Policy Object.
To apply security template settings:
1. At a Command prompt, type mmc.
2. Click Add/Remove Snap-in on the Console menu.
3. Click Add in the Add/Remove Snap-in dialog box.
4. In the Add Standalone Snap-in dialog box, click the Security Configuration and Analysis snap-in, click Add, click Close, and then click OK.
5. To create a new security database, right-click the Security Configuration and Analysis node in the left pane, and then click Open Database.
6. Type a name for the database in the Open database dialog box, and then click Open.
7. In the Import Template dialog box, click the security template that you want to apply, and then click Open.
8. Right-click the Security Configuration and Analysis node in the left pane, and then click Configure Computer Now.
NOTE: You can save security templates with a different name and then imported the templates into the database. You can make granular changes to the security template and apply those changes incrementally with the Security Configuration and Analysis snap-in.
For more information about predefined security templates, click Start, click Help, type predefined security templates in the Search box, and then press ENTER. After you do this, Help topics are displayed that describe predefined security templates.
«304» Windows 2000 Event and Error Messages
This Microsoft web page lets you search for most of the error and event messages generated by the Windows 2000 operating systems. Get detailed explanations and suggested user action for each message.
You can also download a listing of all of the events that that can occur in Windows 2000. This list contains the events, which log they appear in, their event IDs, their event sources, and whether the event is informational, a warning, or an error. The name of the file is Windows2000Events.exe, a 181 KB Download, when it can be found. (It is currently not available from Microsoft).
«305» Harden the TCP/IP Stack Against Denial of Service Attacks
Denial of Service (DoS) attacks are network attacks that are aimed at making a computer or a particular service on a computer unavailable to network users. Denial of service attacks can be difficult to defend against. To help prevent denial of service attacks, you can use one or both of the following methods:
» Keep your computer updated with the latest security fixes.
» Harden the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack on Windows 2000-based workstations and servers. The default TCP/IP stack configuration is tuned to handle normal intranet traffic. If you connect a computer directly to the Internet, it is recommended that you harden the TCP/IP stack against denial of service attacks.
TCP/IP Registry Values That Harden the TCP/IP Stack
The following list describes the TCP/IP-related registry values that you can configure to harden the TCP/IP stack on computers that are directly connected to the Internet. All of these values are located under the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
NOTE: All values are in hexadecimal unless otherwise noted.
Value name: SynAttackProtect
Key: Tcpip\Parameters
Value Type: REG_DWORD
Valid Range: 0,1,2
Default: 0
This registry value causes Transmission Control Protocol (TCP) to adjust retransmission of SYN-ACKS. When you configure this value, the connection responses time out more quickly in the event of a SYN attack (a type of denial of service attack).
The following list describes the parameters that you can use with this registry value:
» 0 (default value): Set SynAttackProtect to 0 for typical protection against SYN attacks.
» 1 : Set SynAttackProtect to 1 for better protection against SYN attacks. This parameter causes TCP to adjust the retransmission of SYN-ACKS. When you set SynAttackProtect to 1, connection responses time out more quickly if it appears that there is a SYN attack in progress. Windows uses the following values to determine if an attack is in progress:
TcpMaxPortsExhausted
TCPMaxHalfOpen
TCPMaxHalfOpenRetried
» 2 : Set SynAttackProtect to 2 for the best protection against SYN attacks. This value adds additional delays to connection indications, and TCP connection requests quickly timeout when a SYN attack is in progress. This parameter is the recommended setting.
NOTE: The following socket options no longer work on any socket when you set the SynAttackProtect value to 2.
- Scalable windows
- TCP parameters that are configured on each adapter (including Initial RTT and window size)
Value name: EnableDeadGWDetect
Key: Tcpip\Parameters
Value Type: REG_DWORD
Valid Range: 0, 1 (False, True)
Default: 1 (True)
The following list describes the parameters that you can use with this registry value:
» 1 : When you set EnableDeadGWDetect to 1, TCP is allowed to perform dead-gateway detection. When dead-gateway detection is enabled, TCP may ask the Internet Protocol (IP) to change to a backup gateway if a number of connections are experiencing difficulty. Backup gateways are defined in the Advanced section of the TCP/IP configuration dialog box in Network Control Panel.
» 0 : It is recommended that you set EnableDeadGWDetect to 0. If you do not set this value to 0, an attack could force the server to switch gateways and cause it to switch to an unintended gateway
Value name: EnablePMTUDiscovery
Key: Tcpip\Parameters
Value Type: REG_DWORD
Valid Range: 0, 1 (False, True)
Default: 1 (True)
The following list describes the parameters that you can use with this registry value:
» 1 : When you set EnablePMTUDiscovery to 1, TCP attempts to discover either the maximum transmission unit (MTU) or then largest packet size over the path to a remote host. TCP can eliminate fragmentation at routers along the path that connect networks with different MTUs by discovering the path MTU and limiting TCP segments to this size. Fragmentation adversely affects TCP throughput.
» 0 : It is recommended that you set EnablePMTUDiscovery to 0. When you do so, an MTU of 576 bytes is used for all connections that are not hosts on the local subnet. If you do not set this value to 0, an attacker could force the MTU value to a very small value and overwork the stack.
Value name: KeepAliveTime
Key: Tcpip\Parameters
Value Type: REG_DWORD-Time in milliseconds
Valid Range: 1-0xFFFFFFFF
Default: 7,200,000 (two hours)
This value controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote computer is still reachable, it acknowledges the keep-alive packet. Keep-alive packets are not sent by default. You can use a program to configure this value on a connection. The recommended value setting is 300,000 (5 minutes).
Value name: NoNameReleaseOnDemand
Key: Netbt\Parameters
Value Type: REG_DWORD
Valid Range: 0, 1 (False, True)
Default: 0 (False)
This value determines whether the computer releases its NetBIOS name when it receives a name-release request. This value was added to allow the Administrator to protect the computer against malicious name-release attacks. It is recommended that you set the NoNameReleaseOnDemand value to 1 (the default value).
NOTE: You must be using Windows 2000 Service Pack 2 (SP2) or later to use the NoNameReleaseOnDemand value.
Caution: When you change the TCP/IP registry values, you may affect programs and services that are running on the Windows 2000-based computer. It is recommended that you test these settings on non-production workstations and servers to confirm that they are compatible with your business environment.
«306» Configure Internet Explorer To Use Both the FTP PORT Mode and PASV Mode
FTP supports two modes. These modes are called Standard (or Active) and Passive (or "PASV"). The Standard mode FTP client sends PORT commands to the FTP server. The Passive mode client sends PASV commands to the FTP Server. These commands are sent over the FTP command channel.
Standard mode FTP clients first establish a connection to TCP port 21 on the FTP server. This connection establishes the FTP command channel. The client sends a PORT command over the FTP command channel when the FTP client needs to receive data, such as a folder list or file. The PORT command contains information about on which port the FTP client receives the data. In PORT Mode, the FTP server always sends data from TCP port 20. The FTP server must open a new connection to the client when it sends data.
Passive mode FTP clients also start by establishing a connection to PCT port 21 on the FTP server to create the control channel. When the client sends a PASV command over the command channel, the FTP server opens an ephemeral port (between 1024 and 5000) and informs the FTP client to request data transfer from that port. The FTP server responds to the request by using the ephemeral port as the source port for data transfer. When this occurs, the FTP server does not need to establish a new inbound connection to the FTP client.
You may need to change the mode that is used by the FTP client, depending on the firewall configuration on either the FTP client or the server. Microsoft Internet Explorer 5 and later support both Standard mode and Passive mode.
How to Change the Internet Explorer FTP Client Mode
To change the Internet Explorer FTP client mode:
1. Start Internet Explorer.
2. Click Internet Options on the Tools menu.
3. Click the Advanced tab.
4. Click Enable Folder View for FTP sites.
Internet Explorer is a Passive mode FTP client when you select the Enable Folder View for FTP sites option. Internet Explorer is a Standard mode FTP client when you clear this option.
Caution: Many firewalls do not accept new connections through an external interface. These connections are detected by the firewall as unsolicited connection attempts and therefore drops the connections. Standard mode FTP clients do not work in this environment because the FTP server must make a new connection request to the FTP client.
Firewall administrators may not want to use PASV FTP servers because the FTP server can open any ephemeral port number. Although Microsoft Internet Information Server (IIS) 4.0 and Microsoft Internet Information Server 5.0 use the default ephemeral port range of 1024 through 5000, many FTP servers are configured with an ephemeral port range of 1024 through 65535. Firewall configurations that allow full access to all ephemeral ports for unsolicited connections may be considered unsecured.
You can configure both IIS 4.0 and IIS 5.0 to allow the ephemeral port range of 1024 through 65535.
For additional information about problems that you may have when you try to connect to TCP ports above 5000, click the number below to view the article in the Microsoft Knowledge Base:
Q196271 Unable to Connect from TCP Ports Above 5000
«307» How to Manually Rebuild Performance Counter Library Values
When you use the System Monitor tool, some counters may be missing or do not contain counter data. The base set of performance counter libraries may become corrupted and may need to be rebuilt along with any extensible counters. This behavior can occur if certain extensible counters corrupt the registry, or if some Windows Management Instrumentation (WMI)-based programs modify the Registry.
Extensible counter information is stored in both of the following locations:
» The HKLM\Software\Microsoft\Windows NT\CurrentVersion\Perflib\009 Registry key.
» The %Systemroot%\System32\Perfc009.dat folder and the %Systemroot%\System32\Perfh009.dat folder.
To rebuild the base performance counter libraries manually:
1. Expand the Perfc009.dat file and the Perfh009.dat file that is located on the Windows 2000 CD-ROM, and then replace the files in the %Systemroot%\System32 folder.
2. Start the Registry Editor (Regedt32), and then access the following Registry key:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Perflib
3. In the Registry, change the LastCounter value to 1846 (decimal) and LastHelp value to 1847 (decimal).
4. Locate the following Registry key to search for services that have a Performance subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
5. Remove the FirstCounter, FirstHelp, LastCounter, and LastHelp values that are located in the Performance subkey (if they exist). The Exctrlst.exe tool may also be used to locate the performance counter dynamic-link library files (DLLs) that are installed; then, access the Registry to remove the DWORD values. You now have a workable performance Registry that only contains system base counters.
Then, you must re-add the extensible counters from the list of services. Before you begin this procedure, however, you must identify the .ini file that is used to load the counters:
1. Locate the %Systemroot%\System32 folder.
2. Run the findstr drivername *.ini command to list the .ini files and their associated "drivernames".
3. At a Command prompt, type: lodctr drivername , where the "drivername" matches its equivalent .ini file (for example, "....Ini:Drivername=") from the list in the previous command (for example, " lodctr asp ").
4. Repeat this procedure for each .ini file.
«308» Miscellaneous Registry Tweaks
Following are a few Registry tweaks that were obtained from various web sites.
Remove My Documents From the Start Menu
This tweak removes My Documents, which is shown under the Documents folder, on the Start Menu. Open RegEdit and navigate to:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Create or modify the existing Data Name: "NoSMMyDocs", Data Type: REG_DWORD, with one of these Data Values: 0 = show MyDocuments, 1 = remove MyDocuments
Exit RegEdit and restart your computer for the change to take effect.
Changing Default Colors For Command Prompt
The Registry Data Name "DefaultColor" controls the foreground and background colors used in Command prompt windows. It has a default Data Value of 0, for standard white text on a black background. You can replace this value with a two-digit hexadecimal number, in which the first digit selects a background color and the second a foreground color. A value of F0, for example, would give black text on a white background, and 1E would yield yellow text on a blue background.
Open RegEdit and navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
Create or modify the existing Data Name: "DefaultColor", Data Type: REG_DWORD, Data Value: (where 0 = default).
Exit RegEdit and restart your computer for the change to take effect.
Show Compressed Files In An Alternate Color
This tweak controls whether compressed files and folders are shown in Windows Explorer using a different color to make them easily distinguishable.
Open RegEdit and navigate to:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Create or modify the existing Data Name: "ShowCompColor", Data Type: REG_DWORD, and set the Data Value to equal 1 to enable the use of alternate colors, or 0 to use the default colors.
Restart Windows for the change to take effect.
Change the Display Color Of Compressed Files and Folders
When a file is compressed in Windows 2000, there is an option in Explorer to display it in a different color to easily distinguish them. This setting defines what color to use; the default is blue.
Open RegEdit and navigate to:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
Create or modify the existing Data Name: "AltColor", Data Type: REG_BINARY, and set the Data Value to equal the hexadecimal RGB color value for the files and folders (00 00 ff 00 is the default).
Exit RegEdit and restart your computer for the change to take effect.
Specify the Maximum Number Of TCP/IP Connections
This parameter specifies the maximum number of connections that TCP may have open simultaneously.
Open RegEdit and navigate to:
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
Create or modify the existing Data Name: "TcpNumConnections", Data Type: REG_DWORD, and edit the value to be between: 0 and 0xfffffe
Exit RegEdit and restart your computer for the change to take effect.
«309» How To Fully Disable Antivirus Software From Filtering Files
If you disable antivirus software programs from scanning or filtering files on your computer, you must also disable the filter drivers. Many issues with file transfering and printing can be resolved by disabling the active filters for antivirus programs. However, simply stopping the services associated with the software is not enough. You must also manually stop the device drivers for those filters.
To do this for Windows 2000:
1. Right click My Computer and click Properties.
2. Click the Hardware tab and click the Device Manager button.
3. Click the View menu and click Show Hidden Devices.
4. Expand Non-Plug and Play Drivers to find the Antivirus drivers.
5. Right click on the correct driver and click Disable
Here are the names of some of the common antivirus program device names by product:
» Inoculan V.4.00 - INO_FLPY and INO_Fltr
» Norton V.5.0 - NAVAP, NAVENG, and NAVEX15 (for Microsoft Exchange Server)
» McAfee V.4.03a - NaiFiltr and NaiFsRec
«310» To Troubleshoot Startup Problems In Windows 2000
A successful Windows 2000 startup consists of the following four phases:
» Initial phase
» Boot loader phase
» Kernel phase
» Logon phase
If a problem occurs during one of these phases, Windows may not start correctly and you may experience one of the following issues:
» The computer stops responding (hangs).
» You receive an error message.
If a startup problem occurs after you click Microsoft Windows 2000 on either the boot loader menu or when you receive the "Please select the operating system to start" message, files that are required by the operating system may be missing or damaged. Windows 2000 provides a variety of options that you can use to troubleshoot this issue, including safe mode, Recovery Console, and an Emergency Repair Disk.
The MS Knowledge Base Article Q315396 describes general procedures that you can use to troubleshoot startup problems in Windows 2000.
«311» The Use Of TCP Port 445 In Windows 2000
A paper by Arne Vidstrom arne.vidstrom@ntsecurity.nu
"Among the new ports used by Windows 2000 is TCP port 445. In this paper we will look at what this port is used for, and how it relates to the security in Windows 2000."
The rest of the paper can be found here.
«312» NetBIOS Over TCP/IP
This MS Techinfo paper, last updated on 6/1/2001 and available for viewing here, is an excellent discussion of the Windows 2000 implementation of NetBIOS over TCP/IP. Some of the items covered are:
» To disable NetBIOS over TCP/IP support
» NetBIOS namespace
» NBTStat Tool
» NetBIOS Name Registration and Resolution
» NetBIOS Name Registration and Resolution for Multihomed Computers
» Windows 2000 NetBT Internet/DNS Enhancements
» NetBIOS Over TCP/IP Sessions<<br /> » NetBIOS Datagram Services
» Ports 137, 138, 139, and 445
and much more, including flowcharts. A highly recommended read.
«313» Default Cluster Size For FAT and NTFS
All file systems used by Windows organize your hard disk based upon cluster (also called allocation unit) size, which represents the smallest amount of disk space which can be allocated to hold a file. So when file sizes do not come out to an even multiple of the cluster size, extra space must be used to hold the file (up to the next multiple of the cluster size). On the typical partition, this means that (cluster size)/2 * (number of files) worth of space is lost this way.
If no cluster size is specified during format, NTFS picks defaults based upon the size of the partition. These defaults have been selected to reduce the amount of space lost and to reduce the amount of fragmentation on the partition.
For NTFS, Windows 2000 Setup formats the partition using the file system you choose.
The FAT file system uses the following cluster sizes. These sizes are the same under Microsoft Windows NT, MS-DOS, Windows 95 and any other operating system that supports FAT:
Drive Size FAT Type Sectors Cluster (logical volume): Per Cluster: Size: ----------------- -------- ------------ ------- 0 MB - 15 MB 12-bit 8 4K 16 MB - 127 MB 16-bit 4 2K 128 MB - 255 MB 16-bit 8 4K 256 MB - 511 MB 16-bit 16 8K 512 MB - 1023 MB 16-bit 32 16K 1024 MB - 2048 MB 16-bit 64 32K 2048 MB - 4096 MB 16-bit 128 64K *4096 MB - 8192 MB 16-bit 256 128K-NT V4.0 only *8192 MB - 16384 MB 16-bit 512 256K-NT V4.0 only
To support > 4GB FAT partitions using 128k or 256k clusters, the drives must use > 512 byte sectors.
NOTE: On very small FAT partitions, a 12-bit FAT is used instead of a 16-bit FAT. The FAT files system only supports 512 byte sectors, so both the sectors per cluster and the cluster size is fixed.
«314» NTFS Cluster Size Considerations
Disk space can be consumed only by files and directories that include internal NTFS metafiles like the Master File Table (MFT), directory indexes, and so forth. All file space allocation is consumed by using multiples of a cluster. A cluster is a collection of contiguous sectors. The cluster size is determined at the time the volume is formatted, and is further determined by the partition size.
When a file is first created, it consumes a minimum of a single cluster of disk space, depending on the initial file size. When data is later added to a file, NTFS increases the file's allocation in multiples of the cluster size.
To determine the current cluster size and volume statistics, run a read-only chkdsk command from a Command prompt. For example,
Chkdsk D:
and then view the resulting output. For example:
4096543 KB total disk space. (Total formatted disk capacity)
2906360 KB in 19901 files. (Space used by user file data)
6344 KB in 1301 indexes. (Space used by NTFS indexes)
0 KB in bad sectors. (Space lost to bad sectors)
49379 KB in use by the system. (Includes MFT & other NTFS metafiles)
22544 KB occupied by the log file. (NTFS Log file - (Can be adjusted using chkdsk /L:size)
1134460 KB available on disk. (Available FREE disk space)
4096 bytes in each allocation unit. (Cluster Size - 4K)
1024135 total allocation units on disk. (Total Clusters on disk)
283615 allocation units available on disk. (Available free clusters)
NOTE: Multiply each value that is reported in kilobytes (KB) by 1024 to determine accurate byte counts. For example: 2906360 x 1024 = 2,976,112,640 bytes.
By using this output, you can determine how your disk space is being used, along with the default cluster size. To see if this is the optimal cluster size, determine the amount of wasted space by following these steps:
1. Double-click My Computer on the desktop, and then double-click the drive letter (for example, D) of the volume in question. This opens the volume and displays folders and files contained in the root.
2. Click any file or folder, and then click the Select All option on the Edit menu.
3. With all files and folders selected, right-click any file or folder, and then click the Properties option.
This opens a Properties dialog box that contains a General tab. It also tabulates the total number of files and directories on the entire volume and provides two file size statistics: SIZE and SIZE ON DISK.
If you are not using NTFS compression for any files or folders contained on the volume, the difference between SIZE and SIZE ON DISK is wasted space because of a larger-than-necessary cluster size. You should attempt to use an optimal cluster size so that the SIZE ON DISK value is as close to the SIZE value as possible. An excessive discrepancy between the SIZE ON DISK and the SIZE value is an indication that the default cluster size is too large for the average file size that you are storing on the volume, and that it should be decreased. This can be done only by backing up the volume and then reformatting the volume by using the format command and the /a switch to specify the appropriate allocation size:
Format D: /a:2048
(This example uses a 2-KB cluster size).
NOTE: Alternately, you can enable NTFS compression to regain space lost because of an incorrect cluster size; however, this may result in a slight decrease in performance.
«315» NTFS Alternate Data Streams
NTFS allows files and directories to contain alternate data streams. This feature allow multiple data allocations to be associated with a single file or directory. You should be aware of the following limitations when you use alternate data streams on files and directories.
When a file or directory contains alternate data streams:
» Windows Explorer and the DIR command do not report the data in alternate data streams as part of the file size or volume statistics. Rather, they show only the total bytes for the primary data stream.
» The output from chkdsk accurately reports space used by a user's data files, including alternate data streams.
» Disk quotas accurately track and report all data stream allocations that are part of a user's data files.
» NTBackup records the number of bytes backed up in the backup log report. However it does not show which files contain alternate data streams, nor does it show accurate file sizes for files that include data in alternate streams.
«316» Invalid File Names
Directories or files that contain invalid or reserved file names may also be excluded from file and directory statistics. Directories or files that contain leading or trailing spaces are perfectly legal from an NTFS file system perspective, but are not legal from a Win32 subsystem point of view, and therefore, neither Windows Explorer nor a command prompt can reliably handle them.
For additional information, click this Item number to view the subject on this site: Item 146 How To Remove Files With Reserved Names.
Often times it is not possible to rename or delete these files or folders. When you attempt to rename or delete them, you may receive one of the following error messages:
Error renaming file or folder
Cannot rename file: Cannot read from the source file or disk.
~ or ~
Error deleting file or folder
Cannot delete file: Cannot read from the source file or disk.
«317» NTFS Master File Table Expansion
When an NTFS volume is first created and formatted, NTFS metafiles are created. One of these metafiles is called the Master File Table (MFT). It is very small when first created (approximately 16 KB), but it grows as files and directories are created on the volume. When a file is first created, it is entered into the MFT as a File Record Segment (FRS), which is always 1024 bytes (1 KB) in size. As files are added to the volume, the MFT grows as required. However, when files are deleted, the associated FRSs are marked as free to be reused, but the total FRSs and associated MFT allocation remains. This explains why, after deleting a large number of files, you don't regain the space used by the MFT.
To see exactly how large the MFT is, you can use the built-in defrag utility to analyze the volume. The resulting defrag report provides detailed information about the size and number of fragments in the MFT. For example:
Master File Table (MFT) fragmentation
Total MFT size = 26,203KB MFT record count = 21,444
Percent MFT in use = 81%
Total MFT fragments = 4
However, for a more complete picture of how much space (overhead) is being used by the entire NTFS file system, perform a chkdsk , and then look at the resulting output for the following line:
In use by system.
Currently, only third-party defrag utilities consolidate unused MFT FRS records and reclaim unused MFT allocated space.
«318» Evaluating Memory and Cache Usage
Microsoft TechNet has published the following Resource Kit chapter: Chapter 28 - Evaluating Memory and Cache Usage. Topics include:
» Quick Guide to Monitoring Memory
» Overview of Memory Monitoring
» Determining the Amount of Installed Memory
» Understanding Memory and the File System Cache
» Establishing a Baseline for Memory
» Investigating Memory Problems
» Resolving Memory and Cache Bottlenecks
» Additional Resources
"Use the Performance console and other Microsoft Windows 2000 tools to assess available memory and to observe the effects of a memory shortage, a common cause of poor computer performance. Examine the effectiveness of the file system cache - an area of physical memory where recently used data read from or written to the disk is mapped for quick access. In addition, use Windows 2000 tools to investigate memory problems caused by applications that have not been optimized."
Click on the link above to view the remainder of the chapter.
«319» Computer Name
You can find/change your Computer Name in the Registry at:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Under Name in the right-pane see: "NV Hostname" and also "Hostname"
«320» TCP/IP and NBT Configuration Parameters
The TCP/IP protocol suite implementation for Windows NT 3.5x and 4.0 reads all of its configuration data from the System Registry. This information is written to the Registry by the Network tool in Control Panel as part of the Setup process. Some of this information is also supplied by the Dynamic Host Configuration Protocol (DHCP) client service if it is enabled.
The Microsoft KB Article Q120642 defines all of the Registry parameters used to configure the protocol driver, Tcpip.sys, which implements the standard TCP/IP network protocols.
The implementation of the protocol suite should perform properly and efficiently in most environments using only the configuration information gathered by the Network tool in Control Panel and DHCP. Optimal default values for all other configurable aspects of the protocols have been encoded into the drivers.
There may be some unusual circumstances in customer installations where changes to certain default values are appropriate. To handle these cases, optional Registry parameters can be created to modify the default behavior of some parts of the protocol drivers. CAUTION: The Windows NT TCP/IP implementation is largely self tuning. Adjusting Registry parameters without careful study may adversely affect system performance.
| Copyright © 2000-2008 treewalkdns.com All rights are reserved |
