In addition, access to FOR variable references has been enhanced.
If you write batch files, run HELP FOR from the command line to see
all the new features of this command.
CHANGE FILENAME ASSOCIATIONS FROM THE COMMAND LINE
Another command line tip is the use of the ASSOC command. To change
a filename association, run ASSOC as follows:
ASSOC [.ext[=[filetype]]]
.ext specifies the file extension the file should be associated with.
filetype specifies the filetype to associate with the extenstion.
ASSOC with no parameters displays a list of file associations.
ASSOC with just an extension displays the current association of the
extension. ASSOC with an extension and equals but no filetype deletes
the association.
See HELP ASSOC for more details.
CREATE USER TEMPLATES
This is pretty simplistic, but a lot of people don't realize how handy it
is. Adding lots of new users to your network can be tedious. Creating a
user template makes it easy to add multiple new users with the same group
and access privileges.
1. Open the User Manager for Domains.
2. Add a new user by selecting User/New User from the menu bar.
3. Label this user as a template for the user level, such as Template--Worker
or Template--Secretary.
4. Set the proper configuration option for Groups, Profile, and Dial-in.
5. The next time you need to add a user, simply select the template account
and select User/Copy from the menu bar. NT makes a duplicate of the template
user, so to complete the new user account setup, all you need to do is change
the name and password.
UNATTENDED, CUSTOMIZED INSTALLATIONS
You can deploy customized installations throughout your
organization using the tools in the Windows NT Workstation
version 4.0 or Windows NT Server version 4.0. These tools
include unattended setup (greatly expanded from the
UNATTEND.TXT functionality in earlier versions of
Windows NT), and the new sysdiff utility.
For example, you can install Windows NT Workstation and
Windows NT Server throughout your organization - complete
with the applications your end users need, organization-
specific help files, and per-computer settings such as
computername and user name. Unattended setup lets a
handful of technicians deploy the new operating systems,
without disrupting your end users' work day.
The sysdiff utility is used to prepare "snapshots" of the
operating system before and after applications are
installed. When the final snapshot (the "difference" file)
is applied during or after Windows NT Setup, all the
changes you made to the master system by installing
applications (registry settings, binary files - everything)
are copied to the new installation. Or you can use sysdiff
to create an INF from the difference file, and use the INF
to install the applications during or after Windows NT
Setup. This lets you include in your customized installation
applications that do not have a scripted setup.
You can also use sysdiff with unattended setup to create
"spare" hard disks with the operating system and the
applications pre-installed, ready to replace crashed disks
in mission-critical computers.
Unattended setup and sysdiff are described in Part 1,
"Windows NT Workstation Deployment," of the Windows NT
Workstation Resource Guide. A printed version of the
Resource Guide is included with the Windows NT Workstation
Resource Kit, and the Windows NT Server Resource Kit includes
an online version of the Windows NT Workstation Resource
Guide.
** NOTE ** See the NT*Pro web site (http://www.ntpro.org) to
download a self-extracting Word file entitled the "Automating
Microsoft Windows NT Setup Deployment Guide."
OEMs can use unattended setup and sysdiff to pre-install
Windows NT Workstation or Windows NT Server, complete with
applications. You can ship computers that will display the
GUI-mode Setup - with your own logo, banner, and background
the first time the computer is started. See the OEM
Preinstallation Kit for Microsoft Windows NT Operating
Systems for details.
GET RID OF THAT ANNOYING RECYCLE BIN
The Recycle Bin may be more of a pain that it is worth having around,
especially if you delete files often. Here is how you can disable it
so all files a truly deleted when you delete them.
1. Right-click on the Recycle Bin icon and then click on PROPERTIES.
2. You will then see tabs for each accessible drive, plus a global
tab. You will also see a check box to disable the Recycle Bin,
causing files being deleted to actually be deleted.
3. Choose the drive you want, or the global setting, and choose the
option to delete instead of sending files to the Recycle Bin.
NOTE - There is a sliding control which allows you to set the percentage
of your disk which is used for the Recycle Bin, if you choose to leave
the Recycle Bin enabled.
NOTE2 - You can also just hold down the shift key while deleting files
to bypass the Recycle Bin and permanently delete files.
DISABLING THE TIMER FOR NT BOOT LOADER
When your Windows NT system is set up in a dual-boot configuration, the
Windows NT boot loader is set to display a menu of operating system choices
(usually MS-DOS and Windows NT), wait 30 seconds for input, and then start
Windows NT if you fail to provide any input. If you want to boot to the
other operating system but get distracted before you get a chance to make
a selection, you have to reboot and try again. Of course, you can increase
the value in the Show List For text box in Control Panel's System dialog
box, but you'll still have the same problem if the timer counts down before
you make a choice.
Fortunately, you can disable the boot loader's timer so that the menu of
operating system choices remains on the screen until you make a choice. To
do so, you have to edit the BOOT.INI file and change the timeout value.
However, before you can do so, you have to turn off BOOT.INI's Read-Only
attribute.
Once you do, open the BOOT.INI file in Notepad and change the timeout value
from timeout=30 to timeout=-1
Then, save the file and reboot your system. It's important to note that you
can't make this change in the Control Panel's System dialog box because only
values from 0 to 999 are valid in the Show List For text box.
NOTE - Remember to turn BOOT.INI's Read-Only attribute back on!
This tutorial is intended to supply enough information to set up a
relatively simple WAN-connected internetwork, or Internet-connected LAN.
Explanations of IP addresses, classes, netmasks, subnetting, and routing
are provided, and several example networks are considered. Example
address and routing configurations are provided for the following
protocol stacks and platforms:
UNATTENDED INSTALLATION OF NT
You can turn off the End User License Agreement (EULA) to perform an
unattended installation of NT.
Microsoft wants everyone to see the EULA and agree to it, whether they
read it or not. If you turn the agreement off, you are essentially
violating Microsoft's intent unless you print out the EULA and
distribute it to the users. Be sure to do this!
To turn it off during unattended installations, you need to add the
following statement in the Unattended section (UNATTEND.TXT by default)
of your answer file: OEMSkipEULA=yes.
SIMPLE SECURITY TIPS FOR WINDOWS NT SERVER
Some people think that NetBIOS is inherently insecure and that any NT
machine with NetBIOS bound to TCP/IP (or aren't blocking ports 135-139)
is asking for trouble. If used carefully (and the messenger and alerter
services are disabled) you'll be OK.
1. The main gate to all of your NT services is the "right to log on
from the network". Highly recommend restricting this right severely.
By default, "everyone" is allowed this right. Depending on how many
admins there are, you should either create a new "administrators"
group, or simply remove administrators from the listing, and add
back in the individual users. Now you have a much shorter list of
users who are allowed to log in from the network, and "administrator"
isn't one of them. This is very important. "Administrator" can't be
locked out from bad login attempts, and is ripe for brute force
attacks. Also, if you can't log on from the network, you can't get
into the registry, the event logs, enumerate shares - you name it.
2. Make sure that you have enabled account lockouts after a reasonable
number of bad login attempts. This makes it a lot more tedious for
someone to brute force the users who are allowed to log in from the
network. Secondly, make sure that a reasonable password length is
required and no one is using lame passwords.
3. Turn off the messenger and alerter services. This keeps the name of
the console user from being broadcast in the NetBIOS name table. If
this is done, the only information they can get is the machine name
(which might have been had from a DNS lookup), and the domain or
workgroup.
4. Disable the guest account! This is very important.
5. Explicitly set the ACL for all shares. Do not ever leave it as "All access -
Everyone". If MS wanted to make this a lot better, they
would cause shares to be created with default permissions that
mirror the permissions on the directory which is being shared.
Seems a bit silly to have a share where the directory is admin only,
and the share is open to everyone. It would seem that they could fix
this easily. Anyway...
6. Avoid running services under the localsystem account. Make separate,
bare-minimum permission accounts for each (well, most) services. That
way if a service gets compromised (either broken into or the software
goes crazy) you: (a). limit the scope of damage and (b). have a log of exactly which service did what.
7. Set the permissions on your registry at a tighter level than default.
The resource kit has some good suggestions for this.
Formatting a NTFS disk to FAT
QUESTION:
I have a NTFS SCSI disk I am trying to put into another computer. It
is formated as NTFS and as you know DOS can not read it. I need to
reformat this disk as FAT. What are the proper procedures to follow?
ANSWER #1:
1. The best and most simple tool by far is to use DOS and the DELPART.EXE
tool that came with the NT 3.1 Resource Kit. You can find partitions of
all OS types, including NTFS, HPFS and Unix and delete or examine them.
If you then run the DOS2NTFS redirector utility, you can XCOPY from the
NTFS partition to another FAT partition. Obviously, you do this before
destroying the partition.
ANSWERS #2, #3, & #4
2. Using 6.22 or 95 setup disks, run the setup to that drive. Setup will
re-partition the disk.
3. Attach the drive to NT machine, run disk manager, and remove the
partition.
4. Use fdisk (6.x or 95), and delete the NON DOS partition.
Connecting two workstations without a hub
QUESTION:
How do I connect (network..) two computers without a hub?
ANSWER #1
10BASE-T uses a star topology. This means a hub or concentrator is in the
center of a star, and each workstation or server is connected to this
hub.
For test purposes, you can directly connect two workstations or a
workstation and a server without using a hub. This setup requires a
special cable incorporating the crossover function.
Function Pin# Pin# Function
-----------------------------------------------------------
TX+ 1 <-------->3 RX+
TX- 2 <-------->6 RX-
RX+ 3 <-------->1 TX+
RX- 6 <-------->2 TX-
ANSWER #2
If you're using standard Cat5 cable in the normal color order
(orange/white-orange, green/white-blue, blue/white-green,
brown/white-brown) then simply switch the oranges and the greens
on one end of the cable. (Like: gw/g, ow/bl, bw/or, brw/br)
The '=' at the end of message lines
QUESTION:
What's the deal with the '=' at the end of message lines?
ANSWER:
"=" characters are the result of mail programs/systems that cannot
handle "quoted printable" mail messages trying to display quoted-printable
text. It seems that in a quoted-printable (or 7-bit) encoded message the
"=" character signifies that what follows is the hex code for the character
that is to be encoded. For example "=20" represents the space character,
which is why this can often be seen on the end of every line of some
mails.
The alternative to quoted printable/7-bit encoding is 8-bit encoding. A
typical header of mail displaying the "=" is:
X-Mailer: Microsoft Internet Mail 4.70.1155
MIME-Version: 1.0
*Content-Transfer-Encoding: 7bit*
You may want to try to change your preferences so that you send messages
using 8-bit encoding instead of 7-bit quoted printable. There is a fix for
this. Go into your Internet mail properties under TOOLS/SERVICES/INTERNET
MAIL and change the Message Format/Character Set from ISO 8859-1 to US ASCII.
(This applies to MS Exchange/Outlook.)
NT 4.0 CONTROL PANEL TIPS
1. For fast access to Control Panel applets, put them in a separate
fly-out Start menu. Run RegEdit and choose Edit and then Find. Search the
Data field only for Control Panel. Once it appears in the right pane,
select its corresponding open folder icon in the left pane and choose
Edit and Copy Key Name. Now close RegEdit, right-click on the Start button,
and choose Explore. Then right-click on Explorer's right pane and choose
New and Folder. Press Ctrl-V to paste the Registry value you copied in the
previous step to the clipboard. All that's left is to modify the folder name
so it reads Control Panel.{21EC2020-3AEA-1069 -A2DD-08002B30309D}. Now
click on Start and examine your new Control Panel fly-out menu.
2. This is handy if you need to repeatedly access the same Control Panel
item. Each resides in the \WinNT\system32 folder, uses the .CPL extension,
and is associated with CONTROL.EXE by default. To create a Shortcut to
System Properties, for example, launch the Shortcut Wizard by right-clicking
on the desktop, then type SYSDM.CPL in the command line; Windows NT does
the rest. Similarly, to create a Shortcut to the Control Panel's Network
applet, type NCPA.CPL in the wizard's Shortcut command line.
NT 4.0 DISASTER RECOVERY TIPS
1. If you accidentally delete NT's boot files from the hard disk's \root
folder, no operating system will boot. An NT boot disk can come to the
rescue. To create one, insert a floppy disk, open Explorer, right-click
on the A: drive icon, and choose Format. Then copy these files from the
\root folder to the floppy disk: NTLDR, NTDETECT.COM, BOOT.INI, and
BOOTSECT.DOS. If disaster strikes, simply boot from the floppy disk
and copy those four files back to their original location.
2. If you get the boot-up message "BOOT: Couldn't find NTLDR. Insert
another disk," the NTLDR file is either missing or corrupt. To fix it,
copy the NTLDR file from the distribution media to the \root folder
and reboot.
3. If you get the message "NTOSKRNL.EXE is missing, or corrupt," the
culprit is usually the BOOT.INI file: Either it's missing, or its
internal pointer to the NT system files is incorrect. If you've opened
BOOT.INI in a text editor and verified that all is well, try copying
NTOSKRNL.EXE from the distribution media to the \Winnt\system32 folder.
MOVE ALL NT FILES TO NEW HARD DISK
You can move all the Windows NT files to the new hard disk
using a 3rd party disk copy utility like Ghost from Ghost Software.
You will need to install the second, larger drive, then you can
use the Ghost utility to copy the Windows NT system files from
the original hard drive to the new hard drive. The unique thing
about the Ghost software is that it allows copying to the same or
bigger hard drive.
A 30 day copy of the Ghost software is available from the
following web site:http://www.ghostsoft.com
The Ghost Utility Description
(quoted from the Ghost Software Web site)
"Ghost is designed to duplicate or clone disks for
IBM compatible PCs. It works by copying all partitions
from the source to the target disk. The source and
target disk may be on the same computer, or the target
disk may be on a different computer providing the two
computers are connected via a network. Ghost is
particularly useful for cloning Win 95 systems. There
is no need to FDISK or FORMAT the target disk -
this is done automatically."
"The source and target disks may also be different sizes -
Ghost will adjust the position and size of the target
partitions automatically."
"Ghost can also be used to save the entire contents of a
disk to a single disk image file. This file can be used
for BACKUP, or for cloning copies of the original disk."
"GHOST (General Hardware Orientated Software Transfer)"
Binary Research Limited, 42 Wanganui Ave , Ponsonby,
Auckland, New Zealand
Phone (64)(4) 560 2492 or (64)(21) 663 861
Fax (64)(9) 378 7332
http://www.ghost.co.nz
Email : sales@ghost.co.nz
DETECT PC SYSTEMS COMPONENTS
Hidden away on your Windows NT 4.0 CD-ROM is a cool setup diagnostic
utility called NTHQ. You can find this utility in the \SUPPORT\HQTOOL
directory. You can use the NTHQ utility to detect PC system components
prior to installing NT Server 4.0 or NT Workstation 4.0.
Normally this utility is used by Microsoft product support personnel
to identify the installed PC hardware, and for determining the resource
settings when diagnosing a system.
Note: This tool is NOT designed to run under Windows NT or Windows 95.
Your system should meet these minimum hardware requirements to use NTHQ:
* 80486 processor
* 12 MB of RAM
* VGA adapter.
* One formatted 3.5" 1.44MB floppy to create a NTHQ utility disk
To create a NTHQ bootable disk:
1. Insert your original NT 4.0 CD-ROM into your CD-ROM drive.
2. Change your directory to "\SUPPORT\HQTOOL"
3. Insert a formatted 3.5" 1.44-MB disk into Drive A:
4. Change to that Drive A:
5. MAKEDISK A:
To test out your "new" NTHQ bootable disk:
1. Place the NTHQ disk in Drive A:
2. Reboot the computer system.
The NTHQ utility will create a 4-MB RAM drive, detect the RAM drive
letter, copy the ZIPFILE.EXE file to the RAM rive, self-extract the
ZIPFILE.EXE file, start the NTHQ.EXE utility, log hardware and resource
settings into a log file named NTHQ.TXT
The NTHQ utility will then display the detected hardware devices in
the following four categories: System, Motherboard, Video, and Others.
(The Others category is used for device types the tool cannot positively
identify.)
See the README.TXT file on your NTHQ bootable floppy for further info.
ENABLE AUTOMATIC LOGON IN WINDOWS NT
Windows NT allows you to automate the logon process by storing your
password and other pertinent information in the Registry database.
Use the Registry Editor (REGEDT32.EXE) to add your logon information, as
follows:
1. Start REGEDT32.EXE and locate the following Registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
\Windows NT\CurrentVersion\Winlogon
2. Establish your domain name, account name, and password, using the
values you would normally type when logging on. You should assign
the following values:
DefaultDomainName
DefaultUserName
DefaultPassword
NOTE: The DefaultPassword value may not exist. If it doesn't, from
the Edit menu, choose Add Value. In the Value Name field, type:
"DefaultPassword" (without the quotation marks). Select REG_SZ for
the Data Type. In the String field, type your password. Save your
changes.
Also, if no DefaultPassword string is specified, Windows NT
automatically changes the value of the AutoAdminLogon key from 1 (true)
to 0 (false), thus disabling the AutoAdminLogon feature.
3. From the Edit menu, choose Add Value. Enter AutoAdminLogon in the
Value Name field. Select REG_SZ for the Data Type. Enter 1 in the
String field. Save your changes.
4. Exit REGEDT32.
5. Exit Windows NT and turn off your computer.
6. Restart your computer and Windows NT. You should be able to logon
automatically.
NOTE: This feature allows other users to start your computer and use
the account you establish to automatically logon. Also, timing
conflicts can occur. For example: If you have several network
transports loaded, enabling automatic logon may make Windows NT
attempt to connect to network resources before the network transports
are completely loaded.
Laura Berg has authored a paper entitled "A Systematic Approach to Performance
Management." Performance management is the process of determining how well an
existing or future computer system meets a set of alternative performance objectives.
Arbitrarily selecting performance metrics, evaluation techniques and workloads often
leads to inaccurate conclusions. How should one carry out a performance management
study? The answer to this question is to follow a systematic approach.
ROUTING BETWEEN MULTI-PROTOCOL NETWORKS
Q: I need to route between networks; one runs TCP/IP and the other
runs IPX/SPX. I can't figure out how to do it in NT. Do I need to
use a Registry value?
A: To negotiate (route) between the networks, you'll need Microsoft's
Multiple Protocol Router. It comes on the CD with Service Packs 2 and
3. You can also get this software from Microsoft's ftp site at
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT351/ussp4/mpr
This software will route TCP/IP and IPX/SPX protocols, but not NetBEUI.
RETORING REGISTRY SETTINGS AFTER NEW PERIPHERAL INSTALLATION
Q: I purchased a new motherboard. My old one used an NCR controller.
For the new system, I purchased an Adaptec 2940 and a new hard drive.
I installed NT, and it worked perfectly. To get back all my settings,
I restored my previous working version of NT and its Registry with
NTBackup. I got a message that the new files would not take effect
until I rebooted. The system has not worked properly since. What did
I do wrong?
A: This is an excellent question about a process that's easy to
misunderstand. I am surmising that you backed up your Registry before
you installed the new controller. You then added the controller and
restored the Registry. Then, you replaced the system component that
contained the original driver. For this approach to work, you need
to restore all the Registry except the system portion. NTBackup is
deficient in this regard. Some new backup programs let you restore
the Registry by components. Try the following approach:
1. Install the NCR controller on the new system and then install NT.
2. Restore from tape, and reboot.
3. Add the Adaptec 2940 controller in Setup.
4. Shut down the system, and move the cables from the NCR to the Adaptec 2940 controller.
5. Be certain that termination is set properly, and restart the system.
The new system should function properly.
DISABLE DUAL-BOOT LOADER TIMER
If your NT machine is set up to dual boot, you are used
to the sometimes mad scramble to make the right choice
in the short pre-allotted time.
Now we all know that you can go into the Control Panel's
System dialog box and select a time value from 0 to 999.
That buys you some time, but if you want to disable the
timer completely here's a quick trick for you.
Use notepad to open BOOT.INI and change the timeout =
value to timeout = -1. That's right, minus one (-1). Then
save the change and re-boot.
Remamber to turn off the read-only attribute for BOOT.INI
before editing and then change back on to read-only after
editing.
Now the multi-boot screen will stay visible until you
decide to make a choice.
SHORTCUTS FOR WINDOWS NT SERVICES
If you do a lot of starting, pausing, and stopping the
various NT Services, you'll want to check out this Tech
Tip.
First we'll go through the "old" way, then we'll explore
two alternate methods that will save you time and aggravation.
You know the old routine. First open up the Control Panel, then
open up the Service Manager. Find the service and manually
start, pause, or stop it. At best this is time consuming
and repetitive.
One alternate methos is to use the command line to control the
status of services. There are 4 useful NET commands that you
can use from the command line:
NET START
NET PAUSE
NET CONTINUE (this resumes the service after it has been paused)
NET STOP
If the service consists of two words you must use quotes. Here's
how you would start the Net Logon service from the command line:
NET START "NET LOGON"
The second alternate method takes this one step further by
assigning the NET command to an icon--creating a shortcut!
These icons can be housed anywhere, but we like to create a
special program group called "Administrator's Toolbox."
You get the idea...
Select that program group then click (in succession) File, New,
Program Item, and OK. Now, from the Program Properties dialog you
give your shortcut a name, place the command line NET command in
the Command Line box, and click on the Run Minimized box. Now just
select an appropriate icon and click OK.
Repeat this process for each of the 4 NET commands for each
service you'd like to add to your "Administrator's Toolbox."
INSTALL ALMOST ANY EXECUTABLE AS A SERVICE
Need to run a program no matter who is signed on, or
even if nobody is signed on? Look into your Windows NT 3.5
Resource Kit. There are a pair of tools in it that could make
your job much easier!
INSTRV.EXE and SRVANY.EXE will allow you to install almost
any executable (including batch files, such as .CMD and .BAT
files) as a service. Use INSTSRV.EXE to install SRVANY.EXE.
This will allow ANY Windows NT application as a service.
Aditionally, most 16 bit Windows and DOS applications should
install fine as services, although some will not keep running after
the current user logs off.
STATIC IP ADDRESS PROBLEMS
If a static IP address is defined for a network device, for example, a
printer, and you install a DHCP server, duplicate IP address conflicts may
occur between the network device and a DHCP client computer (running
Windows for Workgroups or Windows NT). The conflict also occurs if you
manually define static IP addresses to network devices and computers during
a network link failure to a DHCP server and then the link is reestablished.
To resolve this conflict: Convert the network device with the static IP address
to a DHCP client - OR - On the DHCP server, exclude the static IP address
from the DHCP scope.
To exclude the static IP address from the DHCP scope:
1. Turn off the DHCP client computer in conflict with the network device
that has the static IP address.
2. On the DHCP server, exclude the static IP address from the scope of the
DHCP IP address range.
3. Restart the DHCP client computer.
NOTE: If the conflict persists for a Windows for Workgroups 3.11 client
computer, delete the DHCP.BIN file in the Windows directory before you
start Windows for Workgroups.
COMMAND LINE TIPS
(remove the /domain switch to generate a report for local machine.)
NET USERS /DOMAIN >USERS.TXT
This command will return the user accounts from the PDC of the
current domain, and write them to a file called USER.TXT
NET ACCOUNTS /DOMAIN >ACCOUNTS.TXT
This command will return the account policy information from the PDC
of the current domain, and write it to a file called ACCOUNTS.TXT
ADDUSERS \\COMPUTERNAME /D USERINFO.TXT
This Windows NT 3.5 Resource Kit command will return a comma
delimited file (for spreadsheets) containing user and group
information, and write it to a file called USERINFO.TXT.
PERMS COMPUTERNAME\USERNAME C:\*.* /S >PERMS.TXT
This Windows NT 3.5 Resource Kit command will return the username
permissions on all files in all subdirectories on the c:\ drive of
the computername, and write it to a file called PERMS.TXT
INCREASE NUMBER OF MRU NETWORK CONNECTIONS SHOWN
Windows NT maintains a list of the ten most recently used (MRU)
network drives. To view this list in File Manager, choose Connect
Network Drive from the Disk menu. The drop-down Path menu lists
the MRU connections. To save more MRU connections, modify the
Registry as follows:
1. Run Registry Editor (REGEDT32.EXE).
2. From the HKEY_CURRENT_USER subtree, go to the following key:
\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent
Connections
3. Select Order.
4. From the Edit menu, choose String.
5. Change the entry to:
ABCDEFGHIJKLMNOPQRSTUVW
NOTE: This example assumes that you have only one fixed hard disk
partition (drive C). If you have more than one drive, such as
another hard disk partition or a CD-ROM drive, remove the corresponding
number of letters from the end of the alphabet. For example, if
you also have drive D and a CD-ROM labeled E, change the entry
to ABCDEFGHIJKLMNOPQRSTU.
- Choose OK and quit the Registry Editor.
USE TCP, IP, ICMP & UDP COUNTERS IN PERFMON
To get the TCP, IP, ICMP, and UDP counters to appear in the Performance
Monitor utility (PERFMON.EXE), you must install and start the
\WINNT\SYSTEM32\SNMP.EXE service. This service is not installed
by default when you install TCPIP. To install the service, choose
the Network icon in Control Panel, choose the Add Software button,
select SNMP Service, and then choose the Continue button. When
you exit the Network settings dialog box, it asks you to shut
down the system. This is not necessary, simply use the NET START
SNMP command at the command line.
FORCE SCREEN SAVER TO START DURING LOGON
You can force the Windows NT screen saver to start during logon
if no user logs on immediately. To do this, you need to modify
the Registry by following these steps:
1. Start Registry Editor (REGEDT32.EXE) and select the HKEY_USERS
subtree.
2. Go to the following subkey: \DEFAULT\Control Panel\Desktop
3. From the parameter list, select ScreenSaveActive.
4. From the Edit menu, choose String.
5. In the String field, change the value from 0 to 1 and choose
OK.
6. From the parameter list, select SCRNSAVE.EXE.
7. From the Edit menu, choose String.
8. Enter the filename of the screen saver you want to use. For
example: SSMYST.SCR or SSBEZIER.SCR.
9. Similarly, edit the String field for the ScreenSaveTimeOut
parameter, and enter the time (in seconds) you want the screen
saver to wait before activating.
After you complete these changes and shut down Windows NT, the
screen saver should activate if a user fails to log on within
the time specified by ScreenSaveTimeOut.
LICENSING MODE IDENTIFICATION
Use Control Panel License Manager, both locally and remotely,
to quickly identify whether you are using Windows NT version 3.51
in Per Seat or Per Server Licensing mode.
HERE'S HOW
To determine a remote (or local) computer's licensing mode, start
the License Manager and do the following:
1. Select the Server Browser tab.
2. Select domain and server.
- If the icon displayed is a computer with a file and no CRT,
then the computer is running in the Per Server mode. If the icon
displayed is a computer with a file and a CRT, then computer is
running in the Per Seat mode. Double-clicking on these icons allows
you to change the licensing mode and edit the product properties.
Alternate method:
1. Select the Products View tab.
2. Select the Product from the list.
3. Select the Server Browser tab.
4. Select the computer from the list. It displays the licensing
mode the computer is running in specific to this product.
REPORTS ON GROUPS,USERS, & PERMISSIONS
There are no graphical or command line utilities that produce
comprehensive reports on groups, users and permissions included
with the Windows NT Operating System or the Windows NT Resource
Kit. The NET commands and the Windows NT 3.5 Resource Kit ADDUSERS.EXE
and PERMS.EXE utilities can be sed to create limited administrative
reports by piping the output to a text file.
HERE'S HOW (NOTE: removal of the /domain switch will generate
a report for the local machine.)
Limited report generation is possible through the following commands:
| 1. NET USERS /DOMAIN >USERS.TXT | This command will return the user accounts from the PDC of the current domain, and write them to a file called USER.TXT
|
| 2. NET ACCOUNTS /DOMAIN >ACCOUNTS.TXT | This command will return the account policy information from the PDC of the current domain, and write it to a file called ACCOUNTS.TXT
|
| 3. NET CONFIG SERVER >SERVER.TXT | This command will return the server name, version of NT, active network adapter information/MAC address, Server hidden status, Maximum Logged On Users, Maximum open files per session, Idle session time, and assign it to a file called SERVER.TXT
|
| 4. NET CONFIG WORKSTATION >WKST.TXT | This command will return the workstation name, user name, version of NT, network adapter, network adapter information/MAC address, Logon domain, COM Open Timeout, COM Send Count, COM Send Timout, and write it to a file called WKST.TXT.
|
| 5. NET GROUP /DOMAIN >DGRP.TXT | This command will return the global groups on the PDC of the current domain, and write them to a file called GRP.TXT.
|
| 6. NET LOCALGROUP >LGRP.TXT | This command will return the local groups on the local machine, and write them to a file call LGRP.TXT.
|
| 7. NET VIEW /DOMAIN:DOMAINNAME >VIEW.TXT | This command will return the resources in the specified domain, and write them to a file called VIEW.TXT.
|
| 8. ADDUSERS \\COMPUTERNAME /D USERINFO.TXT | This Windows NT 3.5 Resource Kit command will return a comma delimited file (for spreadsheets) containing user and group information, and write it to a file called USERINFO.TXT.
|
| 9. PERMS COMPUTERNAME\USERNAME C:\*.* /S >PERMS.TXT
| This Windows NT 3.5 Resource Kit command will return the username permissions on all files in all subdirectories on the c:\ drive of the computername, and write it to a file called PERMS.TXT
|
PPP LOG FILE CREATION
Create a point-to-point protocol (PPP) log file to help diagnose
connectivity problems between a PPP server and a PPP client when
one of the computers is a Windows NT 3.5 Remote Access Service
client. You can enable this option is by changing a value in the
Registry.
HERE'S HOW
To enable PPP logging:
1. Run Registry Editor (REGEDT32.EXE).
2. From the HKEY_LOCAL_MACHINE subtree, go to the following key:
SYSTEM\CurrentControlSet\Services\RasMan\PPP
3. Select the Logging value.
4. From the Edit menu choose DWORD.
5. Press 1 and choose OK.
PPP log
Copyright © 1993-1997 Association of Windows NT Systems Professionals. All rights reserved.
