You can add your favorite applications to the Send To menu Windows NT displays when you right-click on a file. Just create a shortcut to the application and drop it in the %systemroot%\profiles\username\sendto folder where "username" is the user name. For example, if you frequently use Microsoft Word, you can add it to your Send To menu. When you right-click on a file, you can then send the file to Word.
Note: The Send To folder is usually hidden, so make sure you set your folder options to show all files (Explorer | View | Folder Options | View | HiddenFiles | Show All Files in Windows NT 4.0).
William Hudson
If you find that you frequently open a Command Prompt window and change to a specific directory, you can add the Command Prompt to your shortcut menu. This option enables you to right-click on a folder within Windows NT Explorer and choose the Command Prompt-- which opens a Command Prompt window with that folder as your active directory.
Begin by creating a batch file. For example, you could create a batch file named StartPrompt.cmd. Add the following commands to your batch file:
@echo off cd /d %1 Title %~f1
Save this batch file to your Windows NT root directory (which is usually C:\WINNT). Next, open Windows NT Explorer. Choose View | Options to display the Options dialog box. Select the File Types tab. In the list of Registered File Types, select Folder then click Edit. Next, click New to display the New Action dialog box. In the Action text box, type Command Prompt. In the Application Used To Perform Action text box, type:
cmd.exe /a /k c:\winnt\StartPrompt "%l"
Click OK to close the New Action dialog box, then click Close twice.
Open Windows NT Explorer, then right-click on a folder. You should now see a new option called "Command Prompt" on the shortcut menu. If you choose this option, Windows NT opens a new Command Prompt window with the selected directory as your current directory.
Andrew Morris
If you've upgraded your Windows NT computer to Service Pack 4, you might notice that Windows NT uses a longer grace period before prompting you for a password whenever the screen saver is activated. You can change this grace period by adding a value to your computer's Registry. In Registry Editor, access HKEY_LOCAL_MACHINE\Software\ Microsoft\Windows NT\CurrentVersion\Winlogon. Add the value ScreenSaverGracePeriod with a data type of REG_SZ. In the Data Type text box, type the number of seconds to which you want to set the grace period. By default, Service Pack 4 sets the grace period to five seconds. You can set it to a number from 0 to 2,147,483 seconds.
ZD Tips
You can audit changes made to specific Registry keys by using Windows NT's audit capabilities. You can also audit failed attempts to modify the Registry. Begin by enabling the Windows NT audit policy within User Manager for Domains. At a minimum, you must configure your server to audit failures for File And Object Access.
Once you've enabled your server's audit policy, you can configure auditing on any Registry key by first selecting that key within Registry Editor, then choosing Security | Auditing. In the Registry Key Auditing dialog box, specify the user or group you want to audit (use the group Everyone if you want to audit all users) and the actions you want to audit. You can audit the success and failure of the following actions: querying a Registry value, setting a value, creating a subkey, enumerating a subkey, and deleting. You can view the results of the auditing by viewing the Security log within Windows NT Event Viewer.
ZD Tips
You can configure Windows NT to automatically complete long directory path names for you (a feature that's always been available in UNIX). Begin by editing your computer's Registry (run regedt32.exe). Access the Registry key
HKEY_CURRENT_USER\Software\Microsoft\Command Prompt
In the right-hand pane, double-click on the CompletionChar value. By changing CompletionChar from 0 to 9, you configure Windows NT to automatically complete paths for you in a Command Prompt window.
To try your change out, open a Command Prompt window. Type cd p, then press the [Tab] key. You should see that Windows NT automatically fills in the path for you with the first directory on your hard drive that begins with the letter p. (You should at least have a directory named "Program Files" on your hard drive.)
ZD Tips
If you're planning to create your own home office network, you may have been dreading the idea of spending $50 to $100 for a four port hub to connect your computers via 10baseT. Rather than foot this expense, you can use 10base2, a.k.a. Thinnet, instead of 10baseT and thereby avoid having to buy a hub. When you use 10base2, you connect your computers in a linear bus rather than a star bus configuration. Here's what you'll need:
* One 10base2 cable for every two computers
* One T connector per computer
* One 10base2 Ethernet card per computer
* Two terminators
All this will cost you less than 10baseT patch cables and a hub. We recommend purchasing 10baseT/10base2 combination Network Interface Cards for your computers. They usually don't cost more and you'll be able to use them to attach your computers to 10baseT cables later if you wish.
The Cobb Group's Exploring Windows NT journal
If you ever make changes to your Registry, it is a very good idea to back it up before you start. One of the easiest ways to save your Registry settings is to use the Export Registry File option from the Regedit program. To do this, launch Regedit by selecting Start | Run and typing in regedit. Select File | Export Registry File… from the menu bar to launch the Export Registry File dialog box. Select a filename and location to save your Registry File. If you damage your Registry, you can reload the old registry by selecting File | Import Registry File… and selecting the REG file you created.
Exploring Windows NT
When you password-protect a Web page using Internet Service Manager, you have the option of choosing either basic authentication or NT Challenge and Response. The difference between the two methods is in the way the username and passwords are transmitted over the Internet. NT Challenge and Response encrypts the password so malicious snoopers can not intercept and use the information. Basic authentication sends the password as plain text. While it would be great to use NT Challenge and Response for all secured Web pages, the only Web browsers that currently support this protocol are Internet Explorer 3 and higher. If you might have users with other Web browsers, your only choice is Basic authentication.
Active Server Developer's Journal
NT 4.0's Messenger Service makes it easy to broadcast urgent messages to other NT4.0 users on the network. To do so, open the Command Prompt window and use the NET SEND command with the following syntax:
NET SEND {computername| * |/DOMAIN[:domainname] /USERS} message
So, to broadcast an urgent message to everyone on the network, type
NET SEND * This is an urgent message! The Server is shutting down!
Then press the [ENTER] key, and everyone on the network running NT4.0 Workstation or Server will see your message. Remember, don't enclose the message in quotes. NT's default installation enables the Messenger Service. To prevent broadcasts from reaching your desktop, you must stop this service in the Control Panel's Service applet.
The Cobb Group's Exploring Windows NT journal
Ten simple ways to protect your business against security and hacking threats.
1. Use Access-Available Locks
Just about all insider thefts that I have investigated resulted from malicious employees just walking around inside of a company and taking things from other people's desks and filing cabinets.
It sounds obvious, but people should lock their doors, desks, and cabinets.
2. Clean Desk Policy
Messy desks are the source of an incredible amount of theft and lost information.
If people would just be required to leave their desktops clean, thieves would lose their most valuable source of information. A clean desk policy is also just a good business practice, anyway.
3. Deactivate Old User Accounts
Whenever I am hired to break into a company, I always search for accounts that are unused.
On average, I find that 30 percent of a company's active accounts are for people who are no longer with the company. They provide a wide open door for former employees who may have a grudge, and an unwatched opening for any outsider to get in. Most major operating systems can automatically deactivate an account on a certain date.
4. Use Access Controls
Most businesses aren't aware of the security that is built into most operating systems. For example, you can configure your computers so that only people who create or need access to files can actually look at the files.
Many companies set up their computers in a way that allows any insider to look at just about any file. In almost all companies, it seems like they are unaware, or think it a nuisance, that computers can limit access to files.
5. Check Audit Logs
Audit logs usually record all incidents where a user tries to exceed their privileges. While many companies keep audit logs, they tend not to look at them.
In my personal experience, 95 percent of the time companies only think about the logs when they grow too big-- then all they do is delete them.
By checking the audit logs, you will see what is really going on as far as insiders trying to abuse their privileges, or for that matter, outsiders who broke into your company.
6. Load the Latest Patches
The way all hackers hack is by taking advantage of known vulnerabilities. Vendor patches fix problems that are built into applications software or the operating system, and prevent any hacker-- inside or outside-- from compromising your computer systems.
So, if you are using Windows systems of any type, make sure you have installed the latest Service Packs and Hot Fixes. For other types of operating systems, check with your vendors. (If your administrators don't know what a Service Pack or Patch is, you better invest your money in training or hiring more experienced administrators.)
7. Backup, Backup, Backup
Just in case anything goes wrong, you should always have a recent backup available. This means that first you have to make backups.
Full backups should be performed at least weekly, and partial backups of all critical systems should be performed daily.
8. Report Unusual Activities
There must be some reporting and logging of unusual activities.
A guard finds someone in an area that they shouldn't be in. Employees find someone going through their desk or someone else's.
These things happen.
You want people to let someone know when potential security breeches occur. Obviously, you are not going to fire someone for a one-time incident. However, if the same name keeps coming up again and again, that is a clue.
9. Awareness Training
This is the most important recommendation: You must have security awareness training for all of your employees.
Awareness training should let people know what to look for, and what to do when strange situations occur. Whatever you do, don't make it into an, "If you do this, you will be fired," type of presentation. This scares people away from security, and encourages them to avoid you.
Focus on practical situations and advice. For example, if someone asks you for your password, don't give it to them and let security know about it. The goal is to have your whole company looking for problems, as opposed to just the owner and the security staff. This way you can have thousands of people helping to protect your information, not just a dozen.
10. Don't Get Too Paranoid
This is just a start, but now you can see that there are many things you can do to protect your business from your real greatest threat. You shouldn't be overly paranoid that all of your employees are trying to ruin you.
I should add that there is no such thing as perfect security. What you are trying to do is make it harder for people to steal your information while making it easier to detect the bad guys. The big problem in businesses is that it is too easy to get to very sensitive information. By making it harder for people, they have to take riskier measures to steal things.
This will discourage many would be crooks, while making it easier to catch those who aren't discouraged. By the way, the good news is that if you follow these recommendations you'll be protected from the insiders, as well as those damn hackers.
zdTV
If you're using the Add Printer wizard to create a new printer and you're getting an error that the operation couldn't be completed and that the RPC Server is unavailable, what happened is that the Spooler Service failed or didn't start. Go to Control Panel, Services and click on Startup. You can also specify to start the service automatically when the computer is started. If this doesn't resolve the problem, got to Start, Run and type NET START SPOOLER.
ZD Journal
When you install NT, two users, Administrator and Guest, are created by default. Hackers know that most users will not change the default names, so they are more likely to try to break into your system via one of these user accounts. You can protect your system by changing the usernames.
To do this, launch User Manager, or User Manager for Domains, and highlight the Administrator user. Select User, Rename from the menu bar. Type the new name in the Rename dialog box and click OK. Repeat this process for the Guest account or simply disable this account.
Changing these usernames is a simple job that can dramatically improve the security of your system.
ZD journal's Exploring Windows NT journal
A handy way to change your desktop wallpaper is by finding an image on the Internet. Using IE 4.0, you simply have to right-click on any image and choose the Set as Wallpaper option from the pop-up menu. Once you have selected your image, you can right-click on the desktop and select Properties from that pop-up menu to further customize your wallpaper.
The ZD journals' Exploring Windows NT journal
With the Novell intraNetWare Client for Windows NT, the default login screen that you see when you press [Ctrl][Alt][Delete]is bitmap file called NWELCOME.BMP. You'll find the file in the WINNT directory on your computer.
You can change this to just about anything you want. To do so, go to the Network icon in Control Panel. Click the Services tab and select the properties for Novell intraNetWare Client for Windows NT. Click the Advanced Login tab and change the name of the file in the Bitmap Filename field.
Make sure you've copied the name of the new bitmap into your WINNT directory. Also make sure the bitmap you want to use is in .BMP format.
The Cobb Group's Exploring Windows NT journal
By default, Windows NT displays its logo (either Windows NT Server or Windows NT Workstation) behind the Logon dialog box. You can change this graphic by editing the Registry. You might want to change this graphic if you want to have Windows NT display your company's logo instead of the default logo.
To change the graphic, begin by starting Registry Editor. Access the key \HKEY_USERS\.DEFAULT\Control Panel\Desktop. In the right- hand pane, double-click on the Wallpaper value. By default, Microsoft displays the data in the Wallpaper value as (Default) which tells your computer to display the Windows NT logo. To change this value, type in the path and name of the bitmap file you want to display instead. For example, to display a file named "logo.bmp" that you've stored in the c:\winnt folder, you would type c:\winnt\logo.bmp. (Note: Whatever graphic you want to use will need to be in the bitmap format.)
ZD Tips
When you install a printer, Windows NT creates a folder to temporarily store print jobs before sending them to the print device. By default, Windows NT creates this folder in the path %SystemRoot%\System32\Spool\Printers. If you share your printers with a lot of others, your printer spooler folder can grow to be quite large, taking up much needed disk space and negatively affecting disk I/O in your boot partition. Fortunately, you can move the location of your printer spooler folder out of your boot partition and preferrably to a second physical disk. To do so, open Printers in the Control panel and choose Server Properties from the File menu. In the Print Server Properties dialog box, select the Advanced tab and enter a new path for your printer spooler folder in the Spool Folder field. Then click OK to save your changes and restart your system. Windows NT will then create a new printer Spool folder in the new location that you specified.
The Cobb Group's Exploring Windows NT journal
If you need to change a server's date and/or time, you can use the Windows NT command net time to change the server's clock. However, you must run this command on the computer for which you want to set the date and time. If you manage remote servers (particularly servers across a wide area network), this might not always be possible. What you can do is to create a batch file with the following commands:
@echo off net time \\computer /set /y
(Use the /y parameter to answer yes to the prompt to make sure you want to change the computer's time.) Put this batch file on the remote server in the C:\WINNT folder. Start the Schedule service on both your computer and the remote server (you can start a service on a remote computer through Server Manager), then schedule the batch file to run by using the following AT command:
at \\remote_server 12:30 /interactive c:\winnt\batch_file
Replace remote_server with the name of the server; replace 12:30 with the time you want to run the batch file; and replace batch_file with the name you assigned to your batch file.
ZD Tips
Every time you install, uninstall or reinstall software on an NT computer, changes are made to the registry keys. After time, this leaves the Registry in a less than perfect state and you may run into problems. To clean up the Registry, use RegClean.exe (version 4.1a), available for download at:
http://support.microsoft.com/support/downloads/dp3049.asp
When you run RegClean.exe, the utility automatically scans the Registry and you will see a progress window. Wait until scanning is finished, which can take up to 30 minutes. If no errors were found, you are prompted to exit the utility. If errors are found, you can still choose to exit RegClean without fixing errors, or you can choose Fix Errors to clean up the Registry. RegClean creates a file called UNDO xxx.REG (XXX contains the computer name, date and time). Run this file if you want to undo the changes RegClean made.
Exploring Windows NT
A few of the publicly available attacks on NT security rely on the fact that the NT pagefile is left intact on shutdown, and can subsequently be scanned for useful information. To clear the pagefile at shutdown, add the REG_DWORD value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown
value and set it to 1.
This value causes NT to clear the pagefile when it shuts down.
Remember to backup your Registry before making any manual changes. After you are satisfied that your Registry changes have done what you wanted them to, update your Emergency Repair disk.
The ZD journals' Exploring Windows NT journal
You can configure a Windows NT-based computer with the information it needs to automatically log on as a specific user rather than prompting for a username and password. Although this can be a security risk on a work computer, you might use an automatic logon on your home computer. You configure an automatic log on by editing your computer's Registry. Begin by making sure that the DefaultUserName value contains your username (or the user you want to use for the automatic logon). This value is stored below the HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon key. Next, add the following values (replace "password" with your username's password):
AutoAdminLogon REG_SZ: 1 DefaultPassword REG_SZ: password
If you're using Novell's Client32, you'll also need to add the following values to the HKEY_LOCAL_MACHINE\SOFTWARE\NOVELL\NWGINA\ Login key:
DefaultNetWareUserName REG_SZ: username DefaultNetWarePassword REG_SZ: password NetWareAutoAdminLogon REG_SZ: 1
Chris Hammond
By default, Windows NT doesn't enable the [NumLock] key when a user first logs on to a Windows NT-based computer--and even if the user turns on [NumLock], Windows NT turns it off again whenever the user logs off if he is not a member of Administrators. You can make the [NumLock] key stay on for non-administrative users by editing the Registry.
Note: You must either log on as the user or have the user log on and edit their Registry remotely. To turn on the [NumLock] key, set the following Registry value to 2:
HKEY_CURRENT_USER\Control Panel\Keyboard\InitialKeyboardIndicators
By default, Windows NT sets the InitialKeyboardIndicators value to 0 (which turns the [NumLock] key off).
You can turn on the [NumLock] key in the default profile so that all new users who log in to a computer have NumLock enabled by setting the following Registry value to 2:
HKEY_USERS\.DEFAULT\Control Panel\Keyboard\InitialKeyboardIndicators
ZD Tips
If you need to connect to an ftp server that uses a non-standard ftp port, you can't simply connect to the server by using the ftp client utility. Instead, you must connect by performing the following steps:
1. At a command prompt, type ftp and then press [Enter].
2. At the ftp prompt, type open ftp_site port_number.
Replace ftp_site with the name of the ftp server to which you want to connect (such as ftp.company.com). Replace port_number with the port number assigned to the ftp server.
ZD Tips
You can create a Folder on your Start menu that contains all of the Control Panel options by doing the following. Right click the Start button on the taskbar, and then choose Open from the menu. In the Start Menu dialog box that appears, click on the File menu, then choose New|Folder. Name the folder as follows:
Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
Make sure that you type the number exactly and include the brackets. Now, when you click on the Start button you should have a menu option called Control Panel. Click on the Folder Icon and a new fold out menu will appear with all of the Control Panel icons on it.
ZD Tips
You can create your own Usenet newsgroups even if you don't have a news feed using Microsoft Exchange Server 5.5. Make sure the NNTP protocol is enabled by checking the properties of the NNTP node of the Protocol sub-node under Configuration. Make sure the Enable Protocol and Enable Client Access boxes are checked. You will probably also want to allow anonymous access to the newsgroups. Next, select Tools | Newsgroup Hierarchies from the menu bar to launch the dialog box shown in Figure B. Click Add and select a Public Folder to turn into a newsgroup (or news group hierarchy). All you have to do now is set up a newsreader, such as Outlook Express, to point to your server and you can use your new newsgroup.
The ZD journals' Exploring Windows NT journal
An easy way to reduce the administrative overhead of creating large numbers of user accounts, is to make template accounts for each type of user or area in your organization. Set the template accounts up with all of the necessary file permissions, account restrictions and user rights, then when you want to create a new account, highlight the template user and press [F8], or select Copy from the User menu. If you start the names of all your template accounts with an unusual character such as a dollar sign ($) then they will always appear at the top of the list when you start User Manager.
ZD Tips
If you want to delete a folder, including all files and folders within the folder, you can use the rd Command Prompt utility. (This command is very similar to the DOS deltree command.)
To delete a folder and all of its contents, type the following:
rd x:\folder /S
Replace x:\folder with the drive letter and name of the folder you want to delete. If you don't want rd to verify that you really do want to delete the folder and everything below it, you can type the following command:
rd x:\folder /S /Q
Adding the /Q parameter runs rd in "quiet" mode--which means you won't be prompted to confirm the deletion of the folder and its contents. (So be careful!!)
ZD Tips
Often it's a registry problem. Check the registry settings for the number lock. The settings should appear as follows:
HKEY_CURRENT_USER\Control Panel\Keyboard\InitialKeyboardIndicators = 2 HKEY_USERS\Control Panel\Keyboard\InitialKeyboardIndicators = 2
If the settings are different, make them appear as above, then reboot. The number lock should be on now, and NT should be more cooperative.
PC Computing
The Dial-Up Networking (DUN) program allows you to save a user name and password for each of your dial-up connection. While this is convenient, it is very insecure, especially when most dial-up networking is done using laptops, which are easily stolen.
To prevent users from saving passwords, launch RegEdit and add the REG_DWORD value DisableSavePassword to the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
key and set it to 1. Once this is done, DUN will no longer display the Save Password checkbox and it will forget all the passwords it had been told to remember.
Remember to backup your Registry before making any manual changes. After you are satisfied that your Registry changes have done what you wanted them to, update your Emergency Repair disk.
The ZD journals' Exploring Windows NT journal
If you've noticed that your server or workstation has suffered an overall performance hit, you might want to investigate the possibility of excessive paging. Using Performance monitor, examine the values of the Paging File's %Usage object and the Physical Disk's (which contains the pagefile.sys) Avg. Disk Sec/Transfer object. The product of these values is equal to the percentage of disk access time devoted to providing virtual memory for applications. If the product is greater than .10 for extended period of time, excessive paging is occurring. Unfortunately, increasing the size of your paging file won't alleviate this problem. To reduce the amount of disk access time devoted to paging, we recommend that you make more memory available to applications by adding physical RAM to your system and removing any unnecessary device drivers or system services.
The Cobb Group's Exploring Windows NT journal
If you've ever used a UNIX shell, such as the C Shell (CSH) or the Bourne Again Shell (BASH), you'll fondly remember the wonders of tab filename completion. By typing the first few characters of a filename and pressing [Tab], the entire name would appear on the command line. Well, you can have that same feature at your Command Prompt by adding a REG_DWORD value named
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
and setting its value to the hex value of the character you wish to use for command completion. The tab character is 0x09.
Exploring Windows NT
There is a useful feature of the X Windows interface that gives you the ability to have your mouse pointer jump to the default button of any dialog box or alert that appears. As each dialog appears, you don't have to drag your mouse to the OK button or the Next button, as it will jump there all by itself. By changing an entry in the Registry, your NT 4.0 interface can act the same way.
To enable this feature, set the value of HKEY_CURRENT_USER\Control Panel\Mouse\SnapToDefaultButton to 1. Although it may take a while to get used to this feature, it can be extremely helpful on a high-resolution monitor, or when using a control device that makes it hard to move the pointer quickly.
ZD journals' Exploring Windows NT journal
By default, users of NT Workstation 4.0 can log into the domain with their local profiles if the mandatory user profile is not available. If you do not want them to be able to do this, change the user's profile folder from profile_folder_name (where profile_folder_name equals the name of the user's profile folder which equals the user's NT user name) to profile_folder_name.man (by adding .man to the folder name). Then make the same change in the profile path in User Manager for Domains. The user will now not be able to log into the domain unless mandatory profiles are available.
ZD journal
If your hard drive is formatted using NTFS, you can take advantage of the compression that comes with NT 4.0, and you don't even need Administrator rights. Launch Windows NT Explorer, right-click on any file, and choose Properties from the shortcut menu. Under the General tab of the Properties dialog box, select the Compressed check box and click OK. You can also compress whole folders or even drives. Just follow the same procedure. However, when you click OK and you see the dialog box; make sure you check the Also Compress Subfolders box.
Exploring Windows NT
If your network uses Exchange Server to send E-mail, you can use the Find People feature of Outlook Express to search the LDAP directory of the Exchange Server. First, you need to add your local mail server to your list of Internet accounts. You do this by selecting Tools | Accounts... from the Outlook Express menu bar. Next, click Add and select Directory Service.... In the dialog that appears, type in the name of your local mail server. Complete the wizard and you are ready to begin searching. Select Edit | Find People... from the menu bar and choose the Directory Service you just installed. You can now look for local e-mail addresses by searching on their name.
The ZD journal's Exploring Windows NT journal
There is a security hole in all versions of the Microsoft Internet Information Server. It allows a web browser to view the source code of your cgi and asp scripts. This can be very dangerous, because passwords and other sensitive data are often stored inside of these scripts, where browsers are not supposed to be able to go. You can fix the problem by making sure that all of your script files do not allow "read" access. For most scripts, simply enabling "execute" permissions will work. There is also a hot-fix available for IIS 3.0 and 4.0. You can find the hot-fix and other information about this serious security issue at
http://www.microsoft.com/security/bulletins/ms98-003-f.htm
The ZD journal's Exploring Windows NT journal
If you spend any time administering Windows NT, you're far too familiar with the Blue Screen of Death (BSOD) which displays the cause of the crash and gives some information about the state of the system when it crashed. The BSOD will sit on the screen until someone reboots the system, which could be very bad for a system that should be running 24 hours a day, like an Exchange server. You can force NT to automatically reboot after a crash by setting the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CrashControl\AutoReboot to 1. Once you've changed this value, NT will reboot after writing the crash log file.
Exploring Windows NT
Did you know that you can take free on-line seminars at Microsoft's Technet site?
http://www.microsoft.com/technet/resource/seminar/default.htm
You can view them 24 hours a day, 7 days a week, whenever your schedule allows. The seminars are presented by experts in the respective areas and topics range from Business Initiatives & Strategies to Microsoft BackOffice. Just choose a subject from the drop down list for each topic, and you'll be taken to the seminar outline. Click on View this Seminar, and the seminar starts. To view the seminar you do have to have Microsoft's Media Player. The first page of each seminar has a link to the page from which you can download Microsoft's Media Player.
Exploring Windows NT
If you use IIS, it is a good idea to periodically update the browscap.ini file. This file contains the information used by the server to determine the type and version of browser used to download your web site. Since any browser not defined in the browscap.ini file will be "unknown", including major and even minor revisions, it is a good idea to have the latest and greatest version on your system. You can find the latest version of the browscap.ini, as well as more information at
http://www.cyscape.com/asp/browscap/.
The ZD journals' Exploring Windows NT journal
If you're experiencing a problem with Windows NT, chances are good that someone else has had the same problem. Fortunately, many folks are willing to share their solutions with you, and Microsoft provides a place where you can meet them--the Microsoft News Server. Just point your USENET news reader (Such as Microsoft Internet News or Outlook) to msnews.microsoft.com and you'll find more than 527 newsgroups. Search for news groups containing the string "windowsnt" to find the groups that discuss Windows NT related topics. There are far too many NT related newsgroups available to list here, but we've included a short list below. Remember to read the newsgroups FAQ (Frequently Asked Questions) file before posting a message. It's very possible that FAQ has the answer to your question or problem.
Applications-OLE and NetDDE microsoft.public.windowsnt.apps File systems microsoft.public.windowsnt.fsft Printing microsoft.public.windowsnt.print Setup microsoft.public.windowsnt.setup
The Cobb Group's Exploring Windows NT journal
Have you ever wondered which security ID Windows NT has assigned to a specific user? You can find out by selecting the following Registry key within Registry Editor:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\SID
Once you've accessed this key, observe the data in the ProfileImagePath value (in the right-hand pane). You'll see the name of the profile folder for the user associated with this SID. For example, if you have a user who's logged on to your server as Fred, you should see a ProfileImagePath of %SystemRoot%\Profiles\Fred associated with this user's SID.
ZD Tips
You installed a new IDE CD-ROM drive, but Windows NT doesn't see it. Where do you go to set it up?
It defies logic, but the fix is easy. Open the Control Panel, and double-click on the SCSI Adapters icon. Click on the Drivers tab, and choose ATAPI CD-ROM from the top of the list. Use NT's Disk Administrator to change drive letters for disk partitions and CD-ROM drives in your system. You'll find this essential tool in the Administrative Tools (Common) group on the Programs menu. Select a disk and a partition, right-click, and choose Assign Drive Letter from the shortcut menu.
One major caveat: Though this utility will let you change the letter of your boot drive from C:, don't do it!
PC Computing
Are you having trouble installing or booting NT? If so, an incompatible device could be causing a problem. Before installing NT or troublshooting boot problems, you'll want to make sure that each of your computer's devices appear in the Windows NT Hardware compatibility list. The Windows NT Server and Workstation CD-Package includes a hardcopy of the list, but because the list changes so frequently, you'll want to check the latest version on-line at:
http://www.microsoft.com/hwtest/hcl/
But what if you're not exactly sure of the make and model of the devices in your machine? Fortunately Microsoft provides the Hardware Detection Tool application on every Windows NT 4.0 Workstation and Server CD-ROM. You'll find this application in the CD-ROM's \support\hqtool directory. Execute the Makedisk.bat file in this directory to create a bootable floppy that contains the Hardware Detection Tool. Just boot from this floppy and follow the application's instructions.
The Cobb Group's Exploring Windows NT journal
When dragging a file from one directory to another, NT moves the file. If you would like to make a copy while leaving the original file in the original directory, press and hold the [Ctrl] key before you let go of your mouse button. You will notice a small + below the file to be copied.
When you drag a file from one drive to another, NT will make a copy of the file on the new drive. To move the file, press and hold the [Shift] key before you drop the file on the new drive. You will notice the + disappears when you hold the [Shift] key.
The ZD journal's Exploring Windows NT journal
One efficient way of organizing your hard drive space is to convert all of your partitions to NTFS with the exception of a small (500MB) system partition. Leaving your system partition in FAT format will allow you to boot into another operating system, most usually DOS, and edit the system files NT relies on to boot. If you convert the system partition to NTFS, you won't be able to edit these files if you can't successfully boot NT. By keeping the system partition small and only installing system-related software on it, you can implement the tighter NTFS security on the majority of your data, yet still be able to recover from some common problems.
The Cobb Group's Exploring Windows NT journal
Have you ever wanted or needed to log off the network at the command prompt but didn't know if this was possible? If yes, here's how to do it. You can use a utility called Logoff.exe, which is available in the Windows NT 4.0 Server Resource Kit (it's not available in any other Resource Kit, though).
ZD Journal
You can download the Windows NT Resource Kit Support Tools from Microsoft's Web site at:
http://www.microsoft.com/ntserver/nts/downloads/recommended/ntkit/default.asp
Among the many handy utilities included in the support tools, you'll find the Logoff utility. This utility lets you run the command "logoff" from within a batch or script file to log off from Windows NT. In other words, you don't have to be physically present at the computer to press [Ctrl][Alt][Delete] to log off! If you use this command in conjunction with the automatic logon Registry settings, you can create script files to log on to Windows NT, run specific commands, and then log off.
ZD Tips
Is your NT Workstation getting jealous because it doesn't have the new look-and-feel of Windows98? Don't worry about it, you can get the same Windows98 experience by downloading Internet Explorer (IE) 4.0. You will need to have NT Service Pack 3.0 installed on your NT Workstation before you can install IE 4.0, but it is well worth the effort. You can find IE 4.0 for Windows NT at www.microsoft.com/ie/download. When you install, it is a good idea to download all the files first, instead of just installing the program directly. If you download all the files, you can go back and install the other goodies that come with IE 4.0, like NetMeeting and Microsoft Chat.
The ZD journal's Exploring Windows NT journal
Do you have Microsoft's Remote Access Service running on your NT Server? Do you want it to start when your server starts? Here's how:
Select Settings from the Start menu and click Control Panel. Next, double click Services. When the list of services appear, click Remote Access Server, and then click Startup. Click Automatic and then click OK. Finally, click Close.
When you start your server in the future, RAS will start with it.
ZD journal's Exploring Windows NT journal
You're probably already aware that you can use the Task Manager utility in Windows NT to view your server's CPU utilization. However, you might not have noticed that when Task Manager is running, you see a bar chart icon in your system tray (next to the clock in your taskbar) that enables you to get a bird's eye view of how busy your server is. Also, if you point to the bar chart, Windows NT pops up a window that displays your CPU utilization. Leaving Task Manager running but minimized-and you'll be able to quickly view how busy your server is.
ZD Tips
One of the most useful features of NT is the ability to change video resolution and color depth on the fly. Unfortunately, some users will try to push their systems beyond the configuration's capabilities.
You can prevent users from changing the video settings by changing the permissions on the settings key for the video card. The exact location of this key will vary, depending on the specific type of video card, but our key was located at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Services\mga_mil\Device0. You should be able to find your card type in place of mga_mil, and you may have more than one device listed. Change the permissions for each device you wish to restrict.
Exploring Windows NT
Have you ever wanted to prevent users from changing their drive mappings? If so, you can prevent Windows NT users from mapping new drives or disconnecting their existing drives by modifying the Registry. Begin by accessing the Registry key HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer. Next, add the value NoNetConnectDisconnect with a data type of REG_DWORD and a value of 1. This value removes the Map Network Drive and Disconnect Network Drive from the menu in Windows NT Explorer and from the shortcut menu displayed when users right-click on the Network Neighborhood icon.
(Note: Your users must be using Windows NT with Service Pack 2 or later to support this setting.)
ZD Tips
You can quickly and easily place ratings on any web pages you feel may have content not suitable for children. These ratings, when combined with a properly configured web browser, can prevent unsuitable viewers from looking at your web site.
To rate a web page, right click on the page in Internet Service Manager and from the pop-up menu, click Properties. In the dialog box displayed, select HTTP Headers and click on Edit Ratings... to launch the Content Rating dialog. Select the Ratings tab and click on the Enable Ratings for this resource checkbox.
You then need to rate your page in each of the four Recreational Software Advisory Council (RASC) categories: violence, nudity, sex, and language. Highlight the category and use the slider to rate your page. Finish by entering your name and the date.
ZD journals' Exploring Windows NT journal
Creating a shared I386 directory allows you conduct server-based NT installations and saves you the trouble of hunting for the NT Installation media every time you need to install a new service. However, before you attempt to copy the NT CD-ROM's I386 directory to a server, you should remember that Windows NT Explorer doesn't display files that have .sys, .dll and .vxd extensions. Explorer doesn't copy files that it doesn't display. So, before you use Explorer to copy the I386 directory, choose Options... from Explorer's View menu. Click the View tab in the Options dialog box and select the Show All Files option. Explorer will then copy all hidden files when you copy the I386 files to your server. Alternatively, you can use the XCOPY command line utility with its /S switch (which copies all subfolders) to copy the I386 directory. XCOPY copies hidden file types by default.
Microsoft
If you would like to reboot your Windows NT server, but don't want to have to be there to do it, you can use the shutdown Windows NT Resource Kit utility, along with the at command, to schedule a reboot of your server.
(You can download the Windows NT 4.0 Resource Kit Support Tools, which include the shutdown utility, by going to
http://www.microsoft.com/ntserver/nts/downloads/recommended/ntkit/default.asp.
The at command is included with Windows NT Server 4.0.)
The shutdown utility requires that you use several parameters. These include /L (to specify that you want to shut down the local computer), /R (to specify that you want to reboot after the shutdown of your server), and /Y (to specify that you want to answer "yes" to all questions). For example, to shutdown and reboot your local server, you should type:
shutdown /L /R /Y
When you're ready to schedule the shutdown command to run, begin by starting the Schedule service in the Services icon within Control Panel. After starting the Schedule service, schedule shutdown to run by typing the following command: at time /next:date command. For example, to schedule the shutdown to run every Saturday at 3:00 P.M., type the command:
at 15:00 /every:Saturday c:\ntreskit\shutdown /L /R /Y
ZD Tips
Strong passwords and stronger firewalls are often not enough to keep your server safe from unwanted hackers. If a smart, but malicious, user has physical access to your NT Server, they can usually find a way around passwords, if you are not very careful. The first thing you can do is configure the BIOS so your machine will not boot from the floppy drive. Next, password protect your BIOS so the hacker can't simply re-configure it. Finally, lock your system's case in order to prevent the hacker from getting at the BIOS jumpers on your motherboard and resetting the password. If you can, place your server in a locked room with limited access.
ZD journals' Exploring Windows NT journal
In a previous tip, we showed you how to turn off the AutoRun feature permanently on your server by editing the Registry. You can selectively prevent Windows NT from running the AutoRun on a CD-ROM by holding down your computer's [Shift] key whenever you insert a new CD into your drive.
ByteWa
In addition to the crash log file, you can also enable two other methods of crash notification and logging. You can enable an administrative alert by changing the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CrashControl\SendAlert to 1.
The next time the system crashes, an administrative alert will be sent that may provide the first sign of the crash.
You can also make NT log the crash in the event log by changing the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CrashControl\LogEvent to 1 instead of its default 0. Now, the exact time of the crash will be permanently recorded.
Exploring Windows NT
If you want to set the administrator's password during an unattended installation of NT Workstation or Server 4.0 with UNATTEND.EXE, do the following:
In the 386 directory, create a folder called $oem$. In this folder create a text file that contains the following lines:
[commands] ".\net user administrator <Password>"
Save this file as CMDLINES.TXT. Next, copy NET.EXE into the $oem$ folder. Finally, in UNATTEND.TXT, verify that the value for OEMPREINSTALL equals YES. Now, if you run UNATTEND.TXT, the administrator's password will be set to the value you assigned to Password in the CMDLINES.TXT file.
Exploring Windows NT
If you're connected to a Windows 95, 98, or NT 4.0 network that has a computer with a reliable clock, resetting your computer's clock to match the networked computer's clock is easy. At the command prompt, type:
NET TIME \\computername /SET /YES
(for example, NET TIME \\Myserver /SET /YES ). Even better, put that line in your client PC's network log-on sequence, and the client will be updated with the server's system time whenever it's restarted.
PC Computing
In Windows NT 4.0, the user interface has been enhanced with the taskbar. If you have a small screen, you can configure the taskbar to disappear when you're not on it and reappear when you slide your mouse to the bottom of the screen. Depending on the speed of your computer, it may take too long for the taskbar to appear. You can speed up this appearance, as well as the appearance of other taskbar menus by adding a REG_SZ value named HKEY_CURRENT_USER\ControlPanel\Desktop\MenuShowDelay. This value expresses the number of milliseconds the operating system will pause before displaying the taskbar. In other words, if you want the taskbar to wait 1 second before appearing, you would set the value to 1000. Remember to backup your Registry before making any manual changes. After you are satisfied that your Registry changes have done what you wanted them to, update your Emergency Repair disk.
Exploring Windows NT
Many sites use Windows NT's workgroup SQL Mail post office to deliver messages about SQL Server alerts and success or failure of key events such as backup or replication. SQL Mail messages can consist of short text strings, the output from a query, or an attached file, and you can send messages from within a trigger or a stored procedure by using the SQL Mail extended stored procedure xp_sendmail. (Another popular extended stored procedure is xp_cmdshell.)
SQL Server Magazine
By default, Windows NT Explorer always starts with the drive containing the Windows NT root folder (\winnt) expanded. But what if you want to start Explorer with a different drive expanded? You can do this by choosing Start | Run, and then typing
explorer /e, d:
Replace d: with the letter of the drive you want to expand when you start Explorer. (You could also modify the Explorer shortcut on your Start menu to run this command.)
ZD Tips
You can start Windows NT Explorer without it automatically expanding your boot partition. The boot partition is the partition that contains all of the Windows NT system files (these are the files stored in the folder named \winnt).
To start Windows NT Explorer with all drives collapsed, press the Windows key on your keyboard along with the letter E. Windows NT (and Windows 9x as well) will then launch Explorer with all drives collapsed.
Lyn O'Brien
If you've ever clicked the Shutdown button by mistake (and then had to suffer through waiting for your computer to reboot), here's a cool tip. Once you've started the Shutdown process, but before you see the small window which shows the status of the Shutdown, press [Ctrl][Alt][Delete]. You'll then see the Windows NT Security dialog box. Click Logoff, and Windows NT will simply log you off rather than shutting down your server.
Sreehari Devarakonda
In Windows 98 and Windows 2000, you can click on the desktop icon on your taskbar to switch to your desktop no matter which program window you're currently working in. You can accomplish the same thing in Windows NT 4.0 by right-clicking on the taskbar and choosing Minimize All Windows. Windows NT will then switch you to your desktop.
Antony Babu
If you've ever worked with more than one machine, you know how confusing it can get when the system clocks don't match. A simple way to synchronize the system clocks across your domain is by using the net time command.
In a Command window, type the following line at the command prompt:
net time \\machine_name /set
This will synchronize the clocks for the two machines using the system time of the computer named machine_name.
You can automate the command by adding a /y to the end of the command. For example, if you wanted to synchronize the machine you were on with a machine named jupiter, you would type
net time \\jupiter /set /y
at the command line.
The Cobb Group's Exploring Windows NT journal
If your network consists of a number of Windows95 users, you may run into a common problem. A user will complain that they can no longer access a resource on an NT Server. Most commonly, the user changing their Windows network logon name causes this problem. To see what user name is being used to access the resource, you will need to enable security auditing for failed logons. To do this, launch User Manager or User Manager for Domains and select Policies | Audit from the menu bar to launch the Audit Policy dialog box. Configure the dialog as we have in Figure C and click OK. The next time the user fails to access a resource, launch Event Viewer and select Log | Security from the menu bar. A list of failed log on attempts will be displayed. Double click on one to see the username that failed, it will probably not be the same as their NT username.
The ZD journal's Exploring Windows NT journal
Troubleshooting problems with PC hardware can be made easier by using two utilities provided on the Windows NT CD. The SUPPORT folder in the root of the CD contains folders for the two programs - NTHQ and SCSIHQ. The NT Hardware Qualifier (NTHQ) can be used to create a detailed summary of the hardware in your PC, the SCSI Hardware Qualifier (SCSIHQ) can be used to provide detailed information on SCSI adapters and devices in your system. For each program, insert a blank floppy disk and run the MAKEDISK.BAT utility, which can be found in the folder. Once the Makedisk program has completed, reboot the PC with the disk inserted and the program will run automatically.
ZD Tips
If you've installed NT on a laptop, this customization may come in very handy! Most laptops allow the operating system to turn off the hardware after shutdown, instead of displaying the message telling you it's now safe to turn off your system. You can take advantage of this capability by enabling the Power Down After Shutdown feature.
To enable this feature, simply add a REG_SZ value named
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\PowerdownAfterShutDown
and set it to 1.
Next, tell NT to shut down and see if the machine turns itself off after shutting down. If it doesn't, change the value back to 0 to restore normal operation.
Exploring Windows NT
Everyone has a different way of doing things. That's why Microsoft's Shell Developers team created the Tweak UI Power Toy--a cool tool that lets you customize various features of Windows NT's interface and the behavior of some applications. Tweak UI lets you control cascading menu speed, specify which drive letters will appear in Explorer, add and remove items from the New menu, and even automate the network logon process. Tweak UI is one of seven Power Toys available for Windows 95 and Windows NT. You can download the Tweak UI Power Toy for free from:
http://www.microsoft.com/windows95/info/powertoys.htm
The Cobb Group's Exploring Windows NT journal
Are you thinking about upgrading your server from Windows NT 3.51 to Windows NT 4.0 and have DHCP services installed? If yes, did you know that the DHCP database must be converted during the upgrade because the database engine has been changed in NT 4.0? This process happens automatically during the upgrade, but it's a good idea to perform the following steps before the upgrade. Stop DHCP Services through Control Panel, Services, and make sure that you have an equal amount of free disk space as what the DHCP database and its log files require now. The files are located in the \SYSTEM32\DHCP\351DB directory. Then go ahead and start the upgrade. The database conversion process starts automatically after you confirm that you want the database converted. Note that the database can't be converted back to its old format, but a backup of the files are made and placed into the directory where the original files were located (see above).
ZD Journal
If you need to install Windows NT on several computers, you can configure unattended installations. What's required is that you share the Windows NT CD-ROM on your network (typically on a server) and create an answer file. The answer file contains all of your answers to the questions you typically answer during the installation. In order to help you create this answer file, Microsoft included a wonderful utility called the Windows NT Setup Manager on the Windows NT CD-ROM. You can use this utility to create the necessary files for performing unattended installations.
Begin by copying the Setupmgr.exe file from the \Support\Deptools\hardware_platform folder to your hard drive (replace hardware_platform with either I386 or Alpha). You might want to copy this file to your \winnt folder. Next, double-click on the file to run it. You'll now see a dialog box with three buttons--General, Networking, and Advanced Setup. When you click on the General Setup button, you can define settings such as the licensing information (User Name and Organization), computer name, product id, computer role (workstation in a workgroup, workstation in a domain, server in a workgroup, server in domain, PDC, or BDC), the install directory (c:\winnt by default), time zone, and licensing. You use the Networking Setup button to define the networking card, protocols, network services, modem, and IIS settings you want to use. Finally, you use the Advanced Setup button to specify the drivers you want to install for the computer's mass storage device, display, keyboard, and mouse. In addition, you can specify a different logo and caption to be displayed during the installation. Once you've configured all of the settings you want to use for your installation, save them by clicking on the Save button. You can use any name for your answer file, but Setup Manager automatically assigns an extension of .txt to the file.
When you're ready to install Windows NT on a computer, you start the installation and tell Windows NT to use the answer file you created in Setup Manager. For example, if you named your Setup Manager answer file "answer.txt" and stored it in the share \\server\install, start the installation by accessing the Windows NT Setup files and typing the following command:
Winnt /u: \\server\install\answer.txt
Windows NT will automatically be installed on the computer without prompting you for any information.
ZD Tips
If you ever need to see when users have last logged into the network, you can use a utility called USRSTAT.EXE, which is available in the Windows NT 4.0 Resource Kit. When you execute this utility, you will see the user name, full name and the date and time of the last logon of every user on every domain controller. This can be useful, for example, if you want to identify accounts that have not been used in a long time and might need to be deleted.
ZD Journal
If you are using Microsoft Exchange Server 5.5, you will notice that you can not create Public Folders within the Exchange Administrator program. To add new Public Folders, you need to use Outlook. Fortunately, you can use the Microsoft Outlook Web Access to do just that. You will need to install the Outlook Web Access components from the Exchange setup program, and it requires that you install a hot fix available from Microsoft, but it is well worth the effort. Once installed, you can access the Web versions of Outlook by pointing your web browser to the /Exchange directory of your web server.
The ZD journals' Exploring Windows NT journal
You can use the command line to add or delete computer accounts. In the following examples, computername is the name of the computer account that you want to add or delete.
To add a computer account, type
NET COMPUTER \\computername /ADD
To delete a computer account, type
NET COMPUTER \\computername /DEL
ZD Journal
If you installed Microsoft Internet Information Server (IIS) 4.0, and you do not have Exchange Server, chances are you also installed the SMTP server. Using this server, you can send mail from your NT Server to any E-mail address, as long as you are on the Internet and have a valid DNS.
To configure your SMTP server to send mail from your local machine, you will have to change the Relay Restrictions. Launch the Internet Service Manager and expand the Internet Information Server node. Double-click on the Default SMTP Site node to display the Default SMTP Site dialog box. Next, select the Directory Security tab and click on Edit in the Relay Restrictions section to launch the dialog box. Select the Allowed To Relay radio button and click OK. Apply the configuration changes and your SMTP server is ready to send E-mail.
You will need to configure your mail reader to use the localhost IP address of 127.0.0.1 as the outgoing mail server.
ZD journals' Exploring Windows NT journal