Windows NT FAQ

This FAQ is copyright © 1998 John Savill (SavillTech Ltd) and should not be reproduced, distributed or altered without my permission, however feel free to save it locally and/or print it. http://www.savilltech.com

Download a single file version of the FAQ from http://www.savilltech.com/download/faqcomp.zip. This download version is free of charge and is updated simultaneously with this site.

You can join the NT FAQ mailing list by sending a mail to nt-faq@ed-com.com with subscribe in the body of the message. You will receive an updated version of the FAQ at least once a week.

Contents

Core

Registry

Service Packs and Hotfixes

NT 5.0

File Systems

Distributed File System

Network

RAS

TCP/IP

DHCP

DNS

WINS

Exchange/Windows Messaging

Internet Information Server

Internet Explorer 4.0

Installation

License

Windows 95 as a client

NetWare

Macintosh

RAID

Performance and System Information

MultiMedia

User Configuration

System Configuration

System Policy

Security

Backup's

Recovery

Problem Solving

Support

Training

Utilities

Compatibility

Hardware

Batch Files

Various

Core

Q. What are the differences between NT Workstation and NT Server?

A. See table Below

  Workstation Server
Connection to other clients 10 Unlimited
Connection to other networks Unlimited Unlimited
Multiprocessing 2 CPUs 4 CPUs
RAS 1 connection 255 connections
Directory Replication Import Import and Export
Macintosh Services No Yes
Logon Validation No Yes
Disk Fault Tolerance No Yes
Network Peer-to-peer Server

Q. What does NT stand for?

A. New Technology. Its also interesting to note the heritage
RSX -> VMS -> ELN -> NT all major designs of David Cutler
Also VMS +1 letter = WNT (Windows NT) :-) (aka HAL and IBM in 2001)

Q. What is the NT Boot Process?

A. Firstly the files required for NT to boot are

The common Boot sequence files are

The boot sequence is as follows

  1. Power on self test (POST) routines are run
  2. Master Boot Record is loaded into memory, and the program is run
  3. The Boot Sector from Active Partition is Loaded into Memory
  4. Ntldr is loaded and initialized from the boot sector
  5. Change the processor from real mode to 32-bit flat memory mode
  6. Ntldr starts the appropriate minifile system drivers. Minifile system drivers are built into Ntldr and can read FAT or NTFS
  7. Ntldr reads the Boot.ini file
  8. Ntldr loads the operating system selected, on of two things happen
    * If Windows NT is selected, Ntldr runs Ntdetect.com
    * For other operating system, Ntldr loads and runs Bootsect.dos and passes control to it. The Windows NT process ends here
  9. Ntdetect.com scans the computer hardware and sends the list to Ntldr for inclusion in HKEY_LOCAL_MACHINE\HARDWARE
  10. Ntldr then loads Ntoskrnl.exe, Hal.dll and the system hive
  11. Ntldr scans the System hive and loads the device drivers configured to start at boot time
  12. Ntldr passes control to Ntoskrnl.exe, at which point the boot process ends and the load phases begin

Q. When I boot up NT, it pauses for about 30 seconds on the blue screen.

A. Each dot represents one NT device driver, and sometimes if something is wrong with that driver the startup will be delayed. However there is a known problem with NT if your computer has one or more IDE disks and one or more SCSI disks which results in a pause of around 30 seconds. The problem is due to the detection code used by NT and is currently being investigated by Microsoft.

Q. What is Virtual Memory?

A. Virtual Memory makes up for the lack of RAM in computers by using space on the hard disk as memory, Virtual Memory. When the actual RAM fills up (actually its before the RAM fills) then virtual memory is created on the hard disk. When physical memory runs out, the Virtual Memory Manager chooses sections of memory that have not been recently used and are of low priority and writes them to the swap file. This process is hidden from applications, and applications views both virtual and actual memory as the same.

Each application that runs under Windows NT is given its own virtual address space of 4GB (2GB for the application, 2GB for the operating system).

The problem with Virtual Memory is that as it writes and reads to the hard disk, this is much slower than actual RAM. This is why if an NT system does not have enough memory it will run very slowly.

Q. What is the history of NT?

A. In the late 1980's the Windows environment was created to run on the Microsoft DOS operating system. Microsoft and IBM joined forces to create a DOS replacement that would run on the Intel platform that led to the creation of OS/2, and at the same time Microsoft was working on a more powerful operating system that would run on other processor platforms. The idea was that the new OS would be written in a high level language (such as C) so it would be more portable.

Microsoft hired Dave Cutler (who also designed Digital's VMS) to head the team for the New Technology Operating System (NT :-) ). Originally the new OS was to be called OS/2 NT.

In the early 1990's Microsoft released version 3.0 of its windows OS which gained a large user base, and it was at this point that Microsoft and IBM's split started as the two companies disagreed on the future of their OS's. IBM viewed Windows as a stepping stone to the superior OS/2, where as Microsoft wanted to expand Windows to compete with OS/2, so they split, IBM kept OS/2 and Microsoft change OS/2 NT to Windows NT.

The first version of Windows NT (3.1) was released in 1993 and had the same GUI as the normal Windows Operating System, however it was a pure 32 bit OS, but provided the ability to also run older DOS and Windows apps, as well as character mode OS/2 1.3 programs.

For a detailed history have a look at http://windowsnt.miningco.com

Q. How do I install the SYMBOL files?

A. Symbol files are produced by the linker when a program is built, and are used to resolve global variables and function names in an executable.

  1. Create a directory on your machine called SYMBOLS
    mkdir c:\winnt\symbols
  2. Copy over the symbols from the NT installation CD ROM
    xcopy <CD-ROM>:\Support\Debug\i386 c:\winnt\symbols /s
  3. If you have any service pack symbols you should extract these to the same directory, e.g. for Service Pack 2
    SYM_400I -d c:\winnt\symbols

For more information see Microsoft Knowledge Base article Q148659

Q. What is Windows NT?

A. Windows NT (both the Workstation and Server) is a 32-bit Operating System. It is a preemptive, multi-tasking Operating System, which means that the Operating System controls allocation of CPU time, not the applications, stopping one application from hanging the OS. NT supports multiple CPU's giving true Multi-tasking, using symmetrical multiprocessing, meaning the processors share all tasks, as opposed to asymmetrical multiprocessing, where the OS uses one CPU and the applications another. NT is also a Fault Tolerant Operating System, with each 32bit application operating in its own Virtual Memory address space (4 GigaBytes) which means one application cannot interfere with another's memory space.

Unlike earlier version of Windows (such as Windows for Workgroups and Windows 95), NT is a complete Operating System, and not an addition to DOS.

NT supports different CPU's: Intel x86, IBM PowerPC (Not to be supported for NT5.0) and DEC Alpha.

NT's other main plus is its Security with a special NT file system (NTFS) that allows permissions to be set on a file and directory basis.

Registry

Q. What is the Registry?

A. Originally there were .ini files in Windows, however the problem with .ini files are many, e.g. size limitations, no standard layout, slow access, no network support etc. Windows 3.1 (yes Windows not Windows NT) had a registry which was stored in reg.dat and could be viewed using regedit.exe and was used for DDE, OLE and File Manager integration. In Windows NT the Registry is at the heart of NT and is where nearly all information is stored, and is split into a number of subtrees, each starting with HKEY_ to indicate that it is a handle that can be used by a program.

HKEY_LOCAL_MACHINE This contains information about the hardware configuration and installed software.
HKEY_CLASSES_ROOT This is just a link to HKEY_LOCAL_MACHINE\SOFTWARE\Classes and contains links between applications and file types as well as information about OLE.
HKEY_CURRENT_CONFIG Again this is a link to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current and contains information about the current configuration.
HKEY_CURRENT_USER This is a link to HKEY_USERS\<SID of User> and contains information about the currently logged on users such as environment, network connections, printers etc.
HKEY_USERS Contains information about actively loaded user profiles, including .default which is the default user profile.

Each of the subtrees has a number of keys, which in turn have a number of subkeys. Each key/subkey can have a number of values which has 3 parts

To edit the registry there are two tools available, regedt32.exe and regedit.exe.Regedit.exe has better search facilities, but does not support all of the Windows NT registry value types. If you want to just have a look around the Registry:

  1. Start a registry editor (regedit.exe or regedt32.exe)
  2. In Regedt32.exe you can set the registry to read only mode which means you won't corrupt anything :-) (Options - Read Only Mode)
  3. Select the HKEY_USERS subkey
  4. Move to the .default - Control Panel - Desktop and you will see a number of values in the right hand pane.
  5. One of them is wallpaper and this is the background that is displayed before you logon.

Q. What files make up the registry, and where are they?

A. The files that make up the registry are stored in %systemroot%/system32/config directory and consist of

There are also other files with different extensions for some of them

Q. How do I restrict access to the registry editor?

A. Using the registry editor (regedt32.exe)

  1. Highlight HKEY_USERS and Load Hive from the Registry menu.
  2. Browse to their profile directory and select NTUser.dat.
  3. When prompted for Key Name, input their UserID.
  4. Navigate to \Software\Microsoft\Windows\CurrentVersion\Policies.
  5. If no System sub-key exists, Add Key. Then Add Value of DisableRegistryTools (under the System key) using type REG_DWORD and set it to 1.
  6. Unload Hive from the Registry menu.

Q. What is the maximum registry size?

A. The maximum size is 102MB, however it is slightly more complicated than this.

The registry entry that controls the maximum size of the registry is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\RegistrySizeLimit. By default this entry will not exist so it will need to be created:

  1. Start the registry editor (regedit.exe)
  2. Move to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control key
  3. From the Edit menu, select New - DWord value and enter the name as RegistrySizeLimit
  4. Double click the new entry and enter a value

The minimum size is 4MB, and if anything less than this is entered in the registry then it will be forced up to 4MB. The maximum is 80% of the paged pool (which has a maximum size of 128MB, hence 102MB which is 80% of 128MB). If no entry is entered then the maximum size is 25% of the paged pool. The paged pool is an area of physical memory used for system data that can be written to disk when not in use.

An important point to note is that the RegistrySizeLimit is a maximum, not an allocation, and so setting a high value will not reserve the space, and it does not guarantee the space will be available.

This can also be configured using the System Control Panel applet, click on the Performance tab and the maximum registry size can be set there. You would then need to reboot.

For more information see Knowledge Base Article Q124594

Q. Should I use REGEDIT.EXE or REGEDT32.EXE?

A. You can use either for NT. REGEDIT does have a few limitations, the largest is that it does not support the full regedit data types such as REG_MULTI_SZ, so if you edit this type of data with REGEDIT it will change its type.

REGEDIT.EXE is based on the Windows95 version and has features that REGEDT32.EXE lacks (such as search). In general REGEDIT.EXE is nicer to work with. REGEDIT.EXE also shows your current position in the registry at the bottom of the window.

Q, How do I restrict access to a remote registry?

A. Access to a remote registry is controlled by the ACL on the key winreg.

  1. Start the registry editor (regedt32.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers
  3. Check for a key called winreg. If it does not exist create it (Edit -Add Key)
  4. Select the winreg key (by clicking on it)
  5. From the Security menu select permissions
  6. Click the Add button and give the user you want read access
  7. Once added, click on the user and select "Special Access"
  8. Double click on the user and you can select which actions the user can perform
  9. Click OK when finished

It is possible to set up certain keys to be accessible even if the user does not have access by editing the value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths\Machine (use regedt32). You can add paths to this list.

See knowledge base article Q153183 at http://www.microsoft.com/kb/articles/q153/1/83.htm

Q. How can I tell what changes are made to the registry?

A. Using the regedit.exe program it is possible to export portions of the registry. This feature can be used as follows:

  1. Start the registry editor (regedit.exe)
  2. Select the key you want to monitor
  3. From the Registry menu select "Export registry file"
  4. Enter a file name (notice if you want to export the whole registry just select the "Export Range All") and click OK
  5. Perform the change (install some software or change a system parameter)
  6. Rerun steps 1 to 4 using a different file name
  7. Run the two files through a comparison utility (for example windiff.exe)
  8. If you are using windiff, select Compare Files from the File menu and you will then be prompted to select the 2 files to compare.
  9. Once compared a summary will be displayed stating if there are differences, to view the changes double click on the message
  10. Press F8 to view the next change (or select next change from the view menu)
  11. You have now found what changed!

Q. How can I delete a registry value/key from the command line?

A. Using the Windows NT Resource Kit Supplement 2 utility REG.EXE you can delete a registry value from the command line or batch file, e.g.

reg delete HKLM\Software\test

Would delete the HKEY_LOCAL_MACHINE\Software\test value. When you enter the command you will be prompted if you really want to delete, enter Y. To avoid the confirmation add /f to the command, e.g.

reg delete HKLM\Software\test /f

A full list of the codes to be used with REG DELETE are as follows:

HKCR HKEY_CLASSES_ROOT
HKCU HKEY_CURRENT_USER
HKLM HKEY_LOCAL_MACHINE
HKU HKEY_USERS
HKCC HKEY_CURRENT_CONFIG

To delete a entry on a remote machine add the name of the machine, \\<machine name>, e.g.

reg delete HKLM\Software\test \\johnpc

Q. How can I audit changes to the registry?

A. Using the regedt32.exe utility it is possible to set auditing on certain parts of the registry. I should note that any type of auditing is very sensitive lately and you may want to add some sort of warning letting people know that their changes are being audited.

  1. Start the registry editor (regedt32.exe)
  2. Select the key you wish to audit (e.g. HKEY_LOCAL_MACHINE\Software)
  3. From the Security menu select Auditing
  4. Check the "Audit Permission on Existing Subkeys" if you want subkeys to also be audited
  5. Click the Add button and select the users you want to be audited, click Add and then click OK
  6. Once there are names in the "Names" box you can select which events to be audited, whether success or failure.
  7. When you have filled in all the information click OK

You will need to make sure that Auditing for File and Object access is enabled (use User Manager - Polices - Audit).

To view the information use Event Viewer and look at the Security information.

Service Packs and Hotfixes

Q. What service packs and fixes are available?

A. See table below. All directories are off of ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40. Just click on the file name for a direct FTP link For people in Europe ftp.sunet.se/pub3/vendor/microsoft/bussys/winnt/winnt-public/fixes may provide faster access.

There are also Microsoft BBS numbers where Service Packs can be downloaded from, e.g. for the UK it is 44 1734 270065, however the fixes tend to be a few days later than on the FTP site.

File Name Directory Description (Microsoft Article No.)
Sp1_400i.exe /ussp1/i386 Service Pack 1
Sp2_400i.exe /ussp2/i386 Service Pack 2 (around 14Mb!)
Nt4sp3_i.exe /ussp3/i386 Service Pack 3 (around 18Mb!)

Service Pack 1 Hotfixes /hotfixes-postsp1/

KRNL40I.EXE /32proc-fix Q140065
AFD40I.EXE /afd-fix Q140059
CDFS40I.EXE /cdfs-fix Q142687
NDIS40I.EXE /mcanet-fix Q156324
NDIS40I.EXE /ndis-fix Q142903
NTBCKUPI.EXE /NTBackup-fix  Q142671
NTVDM40I.EXE /ntvdm-fix Q134126
PCM40_I.EXE /pcmcia-fix Q108261
SCSIFIXI.EXE /scsi-fix Q171295
SPX40I.EXE /spx-fix Q153665
SYN40I.EXE /syn-attack Q142641
NTFS40I.EXE /toshiba-fix Q150815
STONE97I.EXE /winstone97 Q141375

Service Pack 2 Hotfixes /hotfixes-postsp2/

ALPHA40.EXE /Alpha-fix Q156410
DNS40I.EXE /dns-fix Q142047, Q162927
IISFIX.EXE /iis-fix Q163485, Q164059
KRNL40I.EXE /krnl-fix GET THIS. IT WILL FIX THE NT CRASH WHEN USING A VIRUS KILLER! 
Q135707, **Q141239**
TCP40I.EXE /oob-fix Q143478
RAS40I.EXE /ras-fix Q161368
RPC40I.EXE /RPC-fix Q159176, Q162567
SECFIX_I.EXE /sec-fix Q143474
SERIALI.EXE /serial-fix Q163333
SETUPDDI.EXE /setupdd-fix Q143473
SFMSRVI.EXE /sfmsrv-fix Q161644
WTCP40I.EXE /TCPIP-fix Q163213

Service Pack 3 Hotfixes /hotfixes-postsp3/

2GCRASHI.EXE /2gcrash Q173277
ASPFIX.EXE /asp-fix Q165335
IDEFIX-I.EXE /ide-fix Q153296
DNSFIX_I.EXE /dns-fix Q142047
ADMNFIXI.EXE /getadmin-fix Q146965
ICMPFIXI.EXE /icmp-fix Q154174
IIS-FIXI.EXE /iis-fix Q143484
IIS4FIXI.EXE /iis4-fix Q169274
JAVAFIXI.EXE archive/java-fix Q168748
JOY-FIXI.EXE /joystick-fix Q177668
LANDFIXI.EXE /land-fix Q165005 & Q177539
DISBLLMI.EXE /lm-fix Q147706
LSA-FIXI.EXE /lsa-fix Q154087
NDISFIXI.EXE /ndis-fix Q156655
OOBFIX_I.EXE archive/oob-fix Q143478
PCMFIX-I.EXE /pcm-fix Q180532
PENTFIX.EXE /pent-fix Q163852
W32KFIXI.EXE /archive/dblclick-fix Q170510
DCOMFIXI.EXE /SAG-fix  
SCSIFIXI.EXE /scsi-fix Q171295
CHARGENI.EXE /simptcp-fix Q154460
SRVFIX-I.EXE /srv-fix Q180963
TAPI21FI.EXE /tapi21-fix Q179187
TEARFIXI.EXE /teardrop2-fix Q179129
WANFIX-I.EXE /wan-fix Q163251
WINSFIXI.EXE /winsupd-fix Q155701
ZIP-FIXI.EXE /zip-fix Q154094

The file names above are for the Intel platform (hence the ending I), but they may also be available for Alpha and PPC, just substitute the I for a A(Alpha) or P(PPC).

I should note a health warning, "If it ain't broke, don't fix it" and I would tend to agree with this, so unless you have a problem, or require a new feature of a Service Pack think if you really want it. Also if you are going to apply it to a live system, try and test it first, as sometimes a Service Pack will introduce new problems.

Q. What are the Q numbers and how do I look them up?

A. The Q numbers relate to Microsoft Knowledge Base articles and can be viewed at http://www.microsoft.com/kb

Q. How do I install the Service Packs?

A. If you receive the Service Pack by downloading from a Microsoft FTP site, then copy the file to a temporary directory and then just enter the file name (e.g. Sp2_400i.exe). The file will be expanded and among the files created a file called UPDATE.EXE will be created. Just run this file. If there is no UPDATE.EXE, just .sym files you have downloaded the symbols version which is used for debugging NT, download the normal version (see above).

If you receive Service Packs via CD, if you just insert the CD (for SP2 and later) and an Internet Explorer page will be shown and you can just click on install for the Service Pack.

Q. How do I install the Hot fix?

A. Again copy the file to a temporary directory and run the file name. A few files will be created, one called HOTFIX.EXE. Run "HOTFIX /install" which will install the Hot Fix.

The newer Hot fixes (Java fix for Service Pack 3 onwards) you just double click on the downloaded file.

Q. How do I remove a Hot fix?

A. Use the command Hotfix /remove. To force the remove using the registry editor (regedt32) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\HOTFIX and delete the entry for the HOTFIX. Then use explorer to goto %SystemRoot%\HOTFIX\HF00?? and copy the backed up files back to their original location.

Q. How do I install Service Pack 3?

A. Before you install Service Pack 3 you must remove Internet Explorer 4.0 preview if installed:

  1. From Control Panel (Start - Settings - Control Panel) double click Add/Remove Programs
  2. Select "Microsoft Internet Explorer 4.0" and click Add/Remove
  3. Select Remove All
  4. You will have to reboot

Also before installing SP3 make sure you have an up to date Repair Disk (RDISK /S). To install Service Pack 3 download Nt4sp3_i.exe and follow the instructions below

  1. Double click nt4sp3_i.exe
  2. It will verify the file and then uncompress to a temporary area (you can make it uncompress without installing by typing nt4sp3_i /x)
  3. Click Next to install and click Yes to accept the license agreement
  4. Click Next and then select "Yes create uninstall"
  5. Click Next then Finish
  6. You will then have to reboot

Q. Emergency Repair Disk issues after installation of Service Pack 3.

A. Due to changes in Service Pack 3 the Emergency Repair Disk process has changed. The file setupdd.sys that is on the 2nd NT installation disk has been superseded by the one supplied with service pack 3. To extract the file from the Service Pack 3 executable, follow the instructions below:

  1. Copy nt4sp3_i.exe to a temporary area
  2. Uncompress the service pack
    nt4sp3_i /x
  3. Insert the second NT installation disk (do not use the originals, create a new set using winnt32 /ox)
  4. Set the file setupdd.sys to write enabled
    attrib -r a:\setupdd.sys
  5. Copy the new setupdd.sys to the 2nd installation disk
    copy setupdd.sys a:

This is discussed in the Service Pack 3 readme file, and also in knowledge base article Q146887.

Q. How do I remove the Java Hotfix for Service Pack 3?

A. Manually unpack the hotfix
javafixi /x
Then type
hotfix -y
And it will remove the hotfix.

This method may become the new standard for hot fixes.

Q. How do I install multiple Hotfixes at the same time?

A. When you extract the files in a hotfix, generally the following will be extracted

The hotfix.exe is the same executable for all the hotfixes, and the hotfix.inf is basically the same, the only difference is the files that are to be copied, e.g. tcpip.sys, and a description of the hotfix. To install multiple hotfixes at the same time all that is needed is to decompress the hotfix files and update the hotfix.inf with the information on which files to copy.

  1. Create a directory on a disk called hotfix
    md hotfix
  2. From the command line decompress the hotfixes you wish to install, note each time you decompress a hotfix a new hotfix.inf will overwrite the existing one so you may wish to backup the .inf files
    - <hotfix name> /x, e.g. javafixi /x
    - you will be asked where to extract the hot fix files to, enter the hotfix directory and click OK, e.g. d:\hotfix
    - copy the hotfix.inf file to the name of the hotfix, e.g.
    copy hotfix.inf javafix.inf
  3. You will now have a number of files in the hotfix directory, with hotfix.exe, hotfix.inf and all the versions of the .inf files you copied. You now need to merge the contents of the .inf files into one main hotfix.inf file.
    If the hotfix you extracted had file tcpip.sys (ignore the .dbg files) you need to update the hotfix.inf file to include the copying of this file. Since TCPIP.SYS lives in the system32/drivers directory, you would add the line TCPIP.SYS to the [Drivers.files] section of the hotfix.inf file, e.g.
    [Drivers.files]
    TCPIP.SYS
    You also need to add TCPIP.SYS to the [SourceDisksFiles] section, e.g.
    [SourceDisksFiles]
    TCPIP.SYS = 1
  4. Finally you need to add a comment at the end of the hotfix.inf file with a description of the hotfix in the [strings] section with the Q number and a comment, e.g.
    [Strings]
    ..
    HOTFIX_NUMBER="Q143478"
    COMMENT="This fix corrects the port 139 OOB attack"

The reason we copied the .inf files is that you can just cut and paste the hotfix specific information to the common hotfix.inf. When you decompressed a hotfix you will see which files were created, you could then search the .inf file for the file name and it would be in two places, the directory it belongs in and the [SourceDisksFiles] section. You could then go to the bottom of the file and cut and paste the HOTFIX_NUMBER and COMMENT and add to the end of HOTFIX.INF.

This is very hard to explain and an example is probably the best way to demonstrate this. Suppose you want to install

The procedure would be as follows

  1. Decompress the hotfixes to the hotfix directory and after each extraction backup the hotfix.inf file in the order admnfixi.exe - javafixi.exe - oobfix_i.exe
  2. Admnfixi.exe consists of ntkrnlmp.exe and ntoskrnl.exe, search admnfixi.inf (the copy we made) for the files and they appear as follows
    [Uniprocessor.Kernel.files]
    NTOSKRNL.EXE

    [Multiprocessor.Kernel.files]
    NTOSKRNL.EXE, NTKRNLMP.EXE

    [SourceDisksFiles]
    NTKRNLMP.EXE = 1
    NTOSKRNL.EXE = 1

    [Strings]
    HOTFIX_NUMBER="Q146965"
    COMMENT="This fix corrects GETADMIN problem"
  3. javafixi.exe consists of win32k.sys so search javafixi.inf for win32k.sys
    [MustReplace.System32.files]
    WIN32K.SYS

    [SourceDisksFiles]
    WIN32K.SYS = 1

    [Strings]
    HOTFIX_NUMBER="Q123456"
    COMMENT="This fix corrects the problem with True Color adapter cards and Java"
  4. The current version of hotfix.inf already contains the information for the oobfix as it was the last installed, so the information for the above 2 must be added resulting in the changes being

    [MustReplace.System32.files]
    WIN32K.SYS

    [Drivers.files]
    TCPIP.SYS

    [Uniprocessor.Kernel.files]
    NTOSKRNL.EXE

    [Multiprocessor.Kernel.files]
    NTOSKRNL.EXE, NTKRNLMP.EXE

    [SourceDisksFiles]
    NTKRNLMP.EXE = 1
    NTOSKRNL.EXE = 1
    TCPIP.SYS = 1
    WIN32K.SYS = 1

    [Strings]
    HOTFIX_NUMBER="Q143478"
    COMMENT="This fix corrects the port 139 OOB attack"
    HOTFIX_NUMBER="Q146965"
    COMMENT="This fix corrects GETADMIN problem"
    HOTFIX_NUMBER="Q123456"
    COMMENT="This fix corrects the problem with True Color adapter cards and Java"

To install just type

hotfix

from the directory created (i.e. hotfix), you will see a dialog copying the files (the ones you have specified in the hotfix.inf file :-) ), and the system will reboot. To see what hotfixes are installed:

  1. Start the Registry Editor (Regedit.exe)
  2. Look at the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix values

For more information have a look at Q166839 at http://www.microsoft.com/kb/articles/q166/8/39.htm

Q. How do I install Hotfixes the same time as I install Service Pack 3 onwards?

A. Update.exe that ships with Service Pack 3 checks for the existance of a hotfix subdirectory, and if in that directory the files hotfix.exe and hotfix.inf are present you are asked when running update.exe if you also want to install the hotfixes.

  1. Create a direrectory to hold the extracted Service Pack
    md servpack
  2. Extract the Service Pack
    nt4sp3_i /x
    You will be asked for a directory, enter the created directory, e.g. e:\servpack and click OK
  3. Create a hotfix subdirectory
    md hotfix
  4. Extract the hotfixes to this directory using the instructions in the previous FAQ
  5. Run UPDATE.EXE in the servpack directory and click Yes when asked to install Hotfixes

For more information have a look at Q166839 at http://www.microsoft.com/kb/articles/q166/8/39.htm

Q. I have installed Service Pack 3, now I cannot run Java programs.

A. Download the updated Java Virtual Machine from Microsoft at http://www.microsoft.com/java/download/dl_vmsp2.htm . Download build 1518 which works with IE3.01, IE 3.02 and IE 4.0 platform preview 1, do NOT install on IE 4.0 PP2 or the release version.

There is also a hotfix for Service Pack 3 available from Microsoft ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/java-fix/JAVAFIXI.EXE

Q. I have installed Service Pack 3, however the Policy Editor has not been updated as specified in the documentation.

A. This is caused by a mistake in the Service Pack 3 update.inf file. The entry for poledit.exe (the executable for the policy editor) is specified in the [MustReplace.system32.files] section whereas the file should actually be in the [SystemRoot.files].

To install the new Policy Editor perform the following

  1. Expand the service pack
    nt4sp3_i /x
  2. You will be asked for a directory, enter a path and click OK. A message "Extraction complete" will be displayed when completed
  3. Move to the directory the service pack was extracted to and copy the file poledit.exe to the %systemroot% directory
    copy poledit.exe %systemroot%

Alternatively you can update the update.inf fiile and move the location of poledit.exe from [MustReplace.system32.files] to [SystemRoot.files].

Q. How can I tell if I have the 128 bit version of Service Pack 3 installed?

A. The easiest way to tell this is to examine the secure channel dynamic link library (SCHANNEL.DLL):

  1. Start Explorer (Win + E or Start - Programs - Explorer)
  2. Move to %systemRoot%/system32 (where %systemRoot is the windows NT directory, e.g. d:\winnt)
  3. Right click on Schannel.dll and select properties
  4. Click the Version tab. The description will be one of the following:
    PCT / SSL Security Provider (U.S. and Canada for the 128 bit version.) if you have the 128 bit version
    or
    PCT / SSL Security Provider (Export Version) if you have the non-128 bit version
  5. Click OK when finished
  6. Close Explorer

Q. How do I install a service pack during a unattended installation?

A. There are various options, however all of them require for the service pack to be extracted to a directory, using

NT4SP3_I /x

and you then enter the directory where you want to extract to.

You could extract to a directory under the $OEM$ installation directory which would then be copied locally during the installation and you could add the line

".\UPDATE.EXE -U -Z"

to CMDLINES.TXT. This will increase the time of the text portion of the installation as the contents have to be copied over the network.

An alternate method is to install from a network drive, this requires a bit more work:

  1. Create a directory on a network server and copy the extracted service pack to this directory. Setup a share on this directory called SP
  2. Create a batch file in the $OEM$ share of the installation area called SERVPACK.CMD with the following:
    net use z:\\<server>\SP /persistent:no /user:<domain name> \guest < password.txt
    z:\update.exe -u -z
  3. You need to create the password.txt file that contains the guest account password (usually blank) therefore perform the following:
    - type copy con password.txt
    - press ENTER once
    - press CTRL+Z to save the file
    If the password is not blank enter the password then press ENTER
  4. Copy the password.txt file to the $OEM$ directory
  5. Edit CMDLINES.TXT and add ".\SERVPACK.CMD" to the end

NT 5.0

Q. What is new in Windows NT 5.0?

A. NT 5.0 (aka Cairo) is the next major release of NT. It is expected to include the following new features:

For more information on what's new please goto http://www.microsoft.com/ntserver/info/nt5_features.htm

Q. Where can I get more information on Windows NT 5.0?

A. Below is a list of useful links at Microsoft

File Systems

Q. How can a FAT partition be converted to an NTFS partition?

A. From the command line enter the command convert d: /fs:ntfs . This command is one way only, and you cannot convert an NTFS partition to FAT. If the FAT partition is the system partition then the conversion will take place on the next reboot.

After the conversion File Permissions are set to Full Control for everyone, where as if you install directly to NTFS the permissions are set on a stricter basis.

Q. How can a NTFS partition be converted to a FAT partition?

A. A simple conversion is not possible, and the only course of action is to backup all the data on the drive, reformat the disk to FAT and then restore your data backup.

Q. How do I run HPFS under NT 4.0?

A. If you want NT support for HPFS, you can upgrade from 3.51 to 4.0 which will retain HPFS support. You can manually install the 3.51 driver under NT 4.0, however this is not supported by Microsoft.

  1. Copy the 3.51 pinball.sys to the NT 4.0 %SystemRoot%\system32\drivers directory.
  2. Start the registry editor (regedit.exe)
  3. Goto the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
  4. From the Edit menu, select "New Key"
  5. In the form entry box which appears, enter Pinball as the Key Name. Leave the class field blank, and click OK
  6. Highlight the new Pinball key in the editor's left panel and select New Dword from the Edit menu
  7. Enter a name of ErrorControl and click OK
  8. Double click ErrorControl and set to "0x1"
  9. Highlight Pinball again and select "New String" from the Edit menu with name "Group" click OK
  10. Double click Group and set to "Boot file system"
  11. Highlight Pinball again and select "New DWORD" from the Edit menu with name "Start" click OK
  12. Double click Start and set to "0x1"
  13. Highlight Pinball again and select "New DWORD" from the Edit menu with name "Type" click OK
  14. Double click Type and set to "0x2"
  15. Close the registry editor
  16. Reboot the machine

Q, How do I compress a directory?

A. Follow instructions below (this can only be done on an NTFS partition)

  1. Using Explorer or My Computer select a drive
  2. Right click on a directory and choose properties
  3. Select the "Compress" Check box and click "Apply"
  4. You will be asked if you want to compress subdirectories, click OK
  5. Click OK to exit

Q. How do I uncompress a directory?

A. Follow the same procedure above, but uncheck the compress box.

Q. Is there an NTFS defragmentation tool available?

A. There are two for NT that I know of, the first is Executive Software which has a product called Disk Keeper Lite which is free, and also Norton Utilities has a defragmentation tool with its NT tool set (which I have never used). The full version of DiskKeeper allows the defragmentation to be done in the background so you don't have to worry about it.

A new piece of software called PerfectDisk NT from http://www.raxco.com is also now on the market but I have not tried it.

Q. Can I undelete a file in NT?

A. It depends on the file system. NT has no undelete facility, however if the filesystem was FAT then boot into DOS and then use the dos undelete utility. With the NT Resource kit there is a utility called DiskProbe which allows a user to view the data on a disk, which could then be copied to another file. It is possible to search sectors for data using DiskProbe.

Norton also provide a utility which can undelete files from within NT called Norton Utilities at http://www.symantec.com/

Q. Does NT support FAT32?

A. No. There are rumors that NT 5.0 will support FAT32.

Q. Can you read an NTFS partition from DOS?

A. Not with standard DOS, however there is a product called NTFSDos which enables a user to read from a NTFS partition. The homepage for this utility is http://www.ntinternals.com.

Q. How do you delete a NTFS partition?

A. You can boot off of the three NT installation disks and follow the instructions below:

  1. Read the license agreement and press F8
  2. Select the NTFS partition you wish to delete
  3. Press L to confirm
  4. Press F3 twice to exit the NT setup

Usually a NTFS partition can be deleted using FDISK (delete non-DOS partition), however this will not work if the NTFS partition is in the extended partition.

You can delete an NTFS partition using Disk Administrator, by selecting the partition and pressing DEL (as long as it is not the system/boot partition).

There is also a utility called delpart.exe that will delete a NTFS partition from a DOS bootup.

Q. Is it possible to repartition a disk without losing data?

A. There is no standard way in NT, however there is a 3rd party product called Partition Magic which will repartition FAT, NTFS and FAT32, however there is a bug in the product which makes the boot partition unbootable if it is repartitioned. A fix is available for this from their web site

Q. What is the biggest disk NT can use?

A. The simple answer to this question is that NT can view a maximum partition size of 2 terabytes (or 2,199,023,255,552 bytes), however there are limitations that restrict you well below this number.

FAT has internal limits of 4 GB due to thefact it uses 16-bit fields to store file sizes, 2^16 is 65,536 with a cluster size of 64 KB gives us the 4 GB.

HPFS uses 32bit fields and can therefore handle greater size disks, but the largest single file size is 4GB. HPFS allocates disk space in 512 byte sectors which can cause problems in Asian markets where sector sizes are typically 1024 bytes which means HPFS cannot be used.

NTFS uses 64-bits for all sizes, leading to a max size of..... 16 exabytes!!! (18,446,744,073,709,551,616 bytes), however NT could not handle a volume this big.

For IDE drives, the maximum is 136.9 GB, however for a standard IDE drive this is constrained to 528MB. The new EIDE drives can access much larger sizes.

It is important to note that the System partition (holding ntldr, boot.ini, etc.) MUST be entirely within the first 7.8Gb  of any disk (if this is the same as the boot partition this limit applies) This is due to the BIOS int 13H interface used by ntldr to bootstrap up to the point where it can drive the native HDD IDE or SCSI. int 13H presents a 24 bit parameter for cylinder/head/sector for a drive. If say by defragmentation the system are moved beyond this point you will not be able to boot the system.

Q. Can I disable 8.3 name creation on a NTFS?

A. From the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem, change the value NtfsDisable8dot3NameCreation from 0 to 1

Q. How can I stop NT from generating LFN's (Long File Names) on a FAT partition?

A. Using the registry editor change the value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\Win31FileSystem from 0 to 1 and only 8.3 file names will be created.

The reason for not wanting the LFN's to be created is that some 3rd party disk utilities that directly manipulate FAT can destroy the LFN's. Utilities such as SCANDISK and DEFRAG that come with DOS 6.x and above do not harm LFN's.

Q. I can't create any files on the root of a FAT partition.

A. The root of a FAT drive has a coded limit of 512 entries, so if you have exceeded this you will not be able to create any more files. I don't have this many! Remember Long File Names take up more than one entry, see the next FAQ for more information, so if you have many LFN's on the root this will drastically reduce the number of files you can have.

Q. How do LFN's work?

A. Long File Names are stored using a series of linked directory entries. A LFN will use one directory entry for its alias (the alias is the 8.3 name automatically generated), and a hidden secondary directory entry for every 13 characters in its name, so if you had a 200 character long file name, this would use 17 entries!

The alias is generated using the first six characters of the LFN, then a ~ and a number for the first 4 versions of a files with the same first six characters, e.g. for the file
john savills file.txt
the names generated would be johnsa~1.txt, johnsa~2 etc.

After the first 4 version of a file, only the first two characters of the file name are used, and the last 6 are generated, e.g. jo0E38~1.txt

Q. How do I change access permissions on a directory?

A. You can only set access permissions on an NTFS volume. Follow the instructions below:

  1. Start Explorer (Start - Programs - Explorer).
  2. Right click on a directory and select properties
  3. Click on the Security tab
  4. Click the permissions button
  5. Enter the information required
  6. Click OK, and then click OK again to exit

Q. How can I change access permissions from the command line?

A. A utility called CACLS.EXE comes as standard with NT, and can be used from the command prompt. Read the help with the CACLS.EXE program (cacls /?). To give user john read access to a directory called files enter:
CACLS files /e /p john:r
/e is used to edit the ACL instead of replacing it, therefore other permissions on the directory will be kept. /p sets permission for user:<permission>

Q. I have a CHKDSK scheduled to start next reboot, but I want to stop it.

A. If the command chkdsk /f /r (find bad sectors, recover information from bad sectors and fix errors on the disk) is run, on the next reboot the check disk is scheduled, however you may want to cancel this check disk. To do this perform the following:

  1. Run the Registry Editor (Regedt32.exe). You must use Regedt32 and not Regedit.exe
  2. Goto HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
  3. Change the BootExecute value from:
    autocheck autochk * /r\DosDevice\<drive letter>:
    To:
    autocheck autochk *

Q. My NTFS drive is corrupt, how do I recover?

A. To restore an NTFS drive using the information below, it must have been created using Windows NT 4.0, if it was not created using NT 4.0 you should see Knowledge base article Q121517. To restore an NTFS partition you must locate the spare copy of the boot sector and copy it to the correct position on the drive. You need the NTdiskedit utility (you can also use Disk Probe that comes with the resource kit or Norton disk edit) which is available from Microsoft Support Services.

  1. Using NTdiskedit for Windows NT 4.0, on the File menu, click Open.
  2. Type the Volume Name as
    \\.\PhysicaldriveX
    where X = the ordinal of the disk that appears in Disk
    Administrator)
  3. Click OK.
  4. On the Read menu, click Sectors. Select 0 for Starting Sectors and select 1 for Run Length. Click OK.
  5. On the View menu, click Partition Table. You should see a table that has four sections, Entry 0 through Entry 3. This refers to the order of partitions. If the partition in question is Partition 2 on the Disk, you need the data in Entry 1. If the Partition in question is the Partition 1 on the disk, you need the data from Entry 0 and so on.
  6. Write down the values of Starting Sector and Sectors.
    NOTE: all of the values you see will be in hexadecimal format. Do not convert to decimal.
  7. Using a Calculator (you can use the one from the Accessories group if one is available) that can add hexadecimal numbers, add the values for Starting Sector and Sectors, and subtract 1 from the sum. For example:
    STARTING SECTOR = Ox3F
    SECTORS = 0x201c84 +
    ----------
    0x201CC3
    Less 1 0x1 -
    ----------
    Copy of NTFS bootsector = 0x201CC2
  8. On the Read menu, click Sectors. In Starting Sectors, type the value from the equation above. Type 1 in Run Length. Click OK.
    You now should be at your copy of the NTFS bootsector. Visually inspect the boot sector for completeness, NTFS header at first line, text in the lower region (for example, "A kernel file is missing from the disk"), and so forth.
  9. Click Relocate Sectors. This is the Sector you are going to write the bootsector. This will be the value of your Starting Sector with the Run Length of 1. Click OK.
  10. Quit Ntdiskedit. Use Disk Administrator to assign a drive letter if not already assigned. Restart the computer; the file system should be recognized as NTFS.

Q. How can I delete a file without it going to the recycle bin?

A. When you delete the file, hold down the shift key.

Q. How can I change the serial number of a disk?

A. The serial number is located in the boot sector for a volume. For FAT drives its 4 bytes starting at offset 0x27; for NTFS drives its 8 bytes starting at offset 0x48. You'll need a sector-level editor to modify the number (like the Resource Kit's Diskprobe).

Q. How can I backup the Master Boot Record?

A. The Master boot record on the hard disk used to start the computer (the system partition) is the most critical sector so make sure this is the sector you backup. The boot partition is also very important (where %systemroot% resides). You need the DiskProbe utility that comes with the Resource Kit.

  1. Start DiskProbe
  2. From Drives, click Physical Drive, and click on the drive that is the system partition (from the Open Physical Drive dialog)
  3. The disk clicked will be displayed in the Handle 0 section. Click "Set Active" and then click Close
  4. From the sectors menu click Read. Accept the default sectors of "Starting Sector" 0, and "Number of Sectors" 1.
  5. From the File menu click "Save As" and enter a file name.

Q. How do I restore the Master Boot Record?

A. Follow the instructions below, however be very careful!!!

  1. Start DiskProbe
  2. From "File" click "Open" and select the file that the information was saved as
  3. From drives click Physical Drive and click the disk you want to replace the boot partition on
  4. In the Handle 0 box, clear the Read Only box and click "Set Active", then click Close
  5. From the sectors menu click write and set the starting sector to 0, and click "Write it"
  6. Verify and close DiskProbe
  7. Keep your fingers crossed :-)

Q. What CD-ROM file systems can NT read?

A. NT's primary file system is CDFS a read only file system, however it can read any file system that is ISO9660 compliant.

Q. How do I disable 8.3 name creation on VFAT?

A. Start the registry editor (regedit.exe) and set the value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\Win95TruncatedExtensions to 0.

Q. How do I create a Volume Set?

A. A volume set allows you to take all the unused space on one or more drives (up to 32 drives per volume set) and combine it into a single, large, system recognizable drive. To create a volume set:

  1. Logon as an Administrator and start Disk Administrator (Start - Programs - Administrative Tools - Disk Administrator).
  2. Click on the first free area of disk space, then hold down the Ctrl key and select all the other areas of unpartitioned space.
  3. Once all the parts are selected, from the Partition menu select "Create Volume Set".
  4. A dialog box will be displayed and you can choose the size of the partition to be created. Click OK
  5. Once created the areas that are part of a Volume Set will be shown in yellow.
  6. Close Disk Administrator (or select Commit Changes New)
  7. A confirmation dialog box will be displayed, confirm and a reboot will be required.
  8. Once the reboot has completed you can now format the volume. You should really format the Volume NTFS, as DOS and Windows95 clients will not be able to read it anyway!

The main problem with volume sets is that if one drive in the volume set fails, the entire volume set becomes unavailable.

Q. How do I extend a Volume Set?

A. Extending a volume set is very simple, however a reboot will be required

  1. Start Disk Administrator (Start - Programs - Administrative Tools - Disk Administrator)
  2. Click on the existing Volume Set and hold down the Ctrl key
  3. Click on the area (or areas) of free space to be added (a black border will be shown around them)
  4. Choose "Extend Volume Set" from the Partition menu, or right click on one of the selected areas and this option will be shown.
  5. A dialog box will be shown asking how large the drive should be. Click OK
  6. From the Partition menu, select "Commit changes now"
  7. Answer the further dialogs and reboot the server.

The reboot will take longer than normal as the new area added has to be formatted to the same file system as the rest of the volume set.

Note: Only NTFS Volume Sets can be extended.

Q. How do I delete a Volume Set?

A. When you delete a volume set all the data stored will be lost. To delete a volume set:

  1. Start Disk Administrator
  2. Click on part of the volume set
  3. Select Delete from the Partition menu
  4. Click Yes on the dialog box

Q. What is the maximum number of characters a file can be?

A. This depends on if the file is being created on a FAT or NTFS partition. The maximum file length on a NTFS partition is 256 characters, and 11 characters on FAT (8 character name, . , 3 character extension). NTFS filenames keep their case, whereas FAT filenames have no concept of case (however the case is ignored when performing a search etc on NTFS). There is the new VFAT which also has 256 character filenames.

NTFS filenames can contain any characters, including spaces, uppercase/lowercase except for the following

" * : / \ ? < > |

which are reserved for NT, however the file name must start with a letter or number.

VFAT filenames can also contain any characters except for the following

/ \ : | = ? " ; [ ] , ^

and once again the file name must start with a letter or number.

NTFS and VFAT also creates a 8.3 format file name, see Q. How to LFN's work?

Q. How can I stop chkdsk at boot time from checking volume x?

A. When NT boots it performs a check on all volumes to see if the dirty bit is set, and if it is a full chkdsk /f is run. To stop NT performing this dirty bit check you can exclude certain drives. The reason you may want to do this is for some type of removable drive, e.g. Iomega drives:

  1. Run the Registry Editor (Regedt32.exe). You must use Regedt32.exe and not Regedit.exe
  2. Goto HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
  3. Change the BootExecute value from:
    autocheck autochk *
    to:
    autocheck autochk /k:x *

Where x is the drive letter, e.g. if you wanted to stop the check on drive f: you would type autocheck autochk /k:f *. To stop the check on multiple volumes just enter the drive names one after another, e.g. to stop the check on e: and g: autocheck autochk /k:eg *, you do not retype the /k each time.

If you are using NT 4.0 with Service Pack 2 or above, you can also use the CHKNTFS.EXE command which is also used to exclude drives from the check and updates the registry for you. The usage to disable a drive is

chkntfs /x <drive letter>:
e.g. chkntfs /x f: would exclude the check of drive f:

To set the system back to checking all drives just type

chkntfs /d

Q. How can I compress files/directories from the command line?

A. A utility is supplied with the resource kit called compact.exe which can be used to view and change the compression characteristics of a file/directory.

Q. What protections can be set on files/directories on a NTFS partition?

A. When you right click on a file in Explorer and select properties (or select Properties from the File menu) you are presented with a dialog box telling you information such as size, ownership etc. If the file/directory is on a NTFS partition there will be a security tab, and within that dialog, a permissions button. If you press that button you can grant access to users/groups on the resource at various levels.

There are six basic permissions

These can be assigned to a resource, however they are grouped for ease of use

The permissions above can all be set on a directory, however this list is limited for a file, and permissions that can be set are only No Access, Read, Change and Full Control.

Another permission exists called "Special Access" (on a directory there will be two, one file files, one for directories), and from this you can set which of the basic permissions should be assigned.

Q. How can I take ownership of files?

A. Sometimes you may want to take ownership of files/directories, usually as someone has removed all access on a resource and can't see it. You would log on as the Administrator and take ownership. You cannot give ownership to someone else, only take ownership.

  1. Log on as Administrator or a member of the Admins group
  2. Start Explorer
  3. Right click on the file/directory and select properties
  4. Select the Security tab and click Ownership
  5. Click "Take Ownership" and then click Yes to the prompt

This is a utility called owner.exe than can be used to give ownership of a file to someone else, you need the Restore privilege. This utility can be downloaded from http://www.savilltech.com/ntfaq/download/owner.zip.

Q. How can I view the permissions a user has on a file from the command line?

A. A utility is supplied with the resource kit called perms.exe which can be used to view permissions on files/directories. The usage is

perms <domain>\<user> <file>
e.g. perms savilltech\savillj d:\file\john\file.dat

You can add /s to also show details of sub files/directories. The permissions shown equate to

R Read
W Write
X Execute
D Delete
P Change Permission
O Take Ownership
A All
None No Access
* User is the owner
# A group the member is a member of owns the file
? Permissions cannot be determined

To output to a file just add > filename.txt at the end, e.g.

perms <user> <file> > file.txt

Q. How can I tell the total amount of space used by a folder (including sub folders)?

A. There are two ways of doing this (there are more!), one using explorer and one from the command line. Using Explorer

  1. Start Explorer (Win key + E or Start - Programs - Explorer)
  2. Right click on the required folder and select properties
  3. Under the General tab a size will be displayed and this is the total size of the folder and all sub-folders and their contents.

From the command line you can just use the dir command with /s qualifier which also lists all sub-directories, e.g.
dir/s d:\savilltechhomepage
would list all files/folders in the savilltechhomepage directory and at the end the total size.

Q. There are files beginning with $ at the root of my NTFS drive, can I delete them?

A. NO!!! These files hold the information of your NTFS volume. Below is a table of all the files used by the file system:

$MFT Master File Table
$MFTMIRR A copy of the first 16 records of the MFT
$LOGFILE Log of changes made to the volume
$VOLUME Information about the volume, serial number, creation time, dirty flag
$ATTRDEF Attribute definitions
$BITMAP Contains drive cluster map
$BOOT Boot record of the drive
$BADCLUS A list of bad clusters on the drive
$QUOTA Quota information (used on NTFS 5.0)
$UPCASE Maps lowercase characters to uppercase version

If you want to have a look at any of these files use the command

dir /ah $mft

Its basically impossible to delete these files anyway as you can't remove the hidden flag and if you can't remove the hidden flag you can't delete it!

Q. What file system do Iomega ZIP disks use?

A. By default, the formatted ZIP disks are FAT, however you can format these with NTFS is you want. NTFS has a higher overhead than FAT on small volumes (an initial 2MB) which is why you don't have NTFS on 1.44 floppy disks.

Q. What cluster size does a FAT/NTFS partition use?

A. The default cluster size for a FAT partition is as follows:

Partition size Sectors per cluster Cluster size
<32MB 1 512 bytes
<64MB 2 1K
<128MB 4 2K
<255MB 8 4K
<511MB 16 8K
<1023MB 32 16K
<2047MB 64 32K
<4095MB 128 64K

This is why FAT volumes larger than 511MB are not recommended due to the amount of potentially wasted space due to the 16KB and above cluster size.

The default for NTFS is as follows:

Partition size Sectors per cluster Cluster size
<512MB 1 512 bytes (or hardware sector size if greater than 512 bytes)
<1024MB 2 1K
<2048MB 4 2K
<4096MB 8 4K
<8192MB 16 8K
<16384MB 32 16K
<32768MB 64 32K
>32768 MB 128 64K

NTFS better balances the trade off between disk defragmentation due to smaller cluster size and wasted space due to a large cluster size.

When formatting a drive you can change the cluster size using the /a:<size> switch, e.g.

format d: /a:1024 /fs:ntfs

Distributed File System

Q. What is Distributed File System?

A. Distributed File System (or Dfs) is a new tool for NT server that was not completed in time for inclusion as part of NT 4.0, but is now available for download. It basically allows Administrators to simulate a single server share environment that actually exists over several servers, basically a link to a share on another server that looks like a subdirectory of the main server.

This allows a single view for all of the shares on your network, which could then simplify your backup procedures as you would just backup the root share, and Dfs would take care of actually gathering all the information from the other servers across the network.

You so not have to have a single tree (Dfs directory structures are called trees), but rather could have a separate tree for different purposes, i.e. one for each department, but that could have exactly the same structure (sales, info. etc).

For more information on DFS see http://www.microsoft.com/ntserver/dfs/dfsdocdl.asp

Q. Where can I get Dfs?

A. Dfs is available for download from Microsoft http://www.microsoft.com/ntserver/guide/dfsdl.asp . Follow the instructions at the site and fill in the form about your site. The file you want for the I386 platform is dfs-v41-i386.exe.

Once downloaded just double click on the file, and agree to the license. It will then install files to your drive which you need to install.

Q. How do I install Dfs?

A. Follow the instructions below, you must have first downloaded and expanded the file dfs-v40-i386.exe:

  1. Right click on Network Neighborhood and select properties (or double click Network in the Control Panel)
  2. Click the services tab and click Add
  3. Click the "Have disk" button and when asked where enter %systemroot%/system32/dfs. Do not actually type %systemroot%, but rather what it points to, i.e. d:\winnt, so the full path would be d:\winnt\system32\dfs
  4. Click Enter and press OK for Dfs installation
  5. A dialog box will be shown, and click "New Share", and type the name of the required root, e.g. c:\dfsroot and click "Yes" to create the directory
  6. Select the "Shared As" and fill in required information and click OK
  7. Close the dialogs and reboot the machine

Q. How do I create a new folder as part of the Dfs?

A. Once Dfs is installed a new application, the Dfs Administrator, is created in the Administrative Tools folder. This app should be used to manage Dfs. To add a new area as part of the Dfs tree follow the procedures below:

  1. Start the Dfs Administrator application (Start - Programs - Administrative Tools - Dfs Administrator)
  2. Select "Add to Dfs" from the Dfs menu
  3. Enter the name of folder you want an existing share to be known as
  4. Next select what it should point to, you can either type the path, or use Browse.
  5. Click Add
  6. Close the Dfs Administrator

Q. How do I uninstall Dfs?

A. Follow the procedure below:

  1. Start the network control panel applet or right click on Network Neighborhood and select propertied
  2. Click the Services Tab
  3. Select "Distributed File System" and click remove
  4. You will be prompted to continue, click Yes
  5. A reboot will then be required

Network

Q. How do I enable AutoLogon?

A. The easiest way is to install TWEAKUI, and goto the Network Tab and just fill in the boxes. It can be done manually through the registry by following the instructions below:

  1. Start regedit.exe (Start - Run - regedit)
  2. Open the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon
  3. Double click the DefaultDomainName and fill in your domain name
  4. Double click the DefaultUserName and fill in login name
  5. From Edit menu select New String Value, and enter DefaultPassword as name of value
  6. Double click the DefaultPassword and enter in the password
  7. From Edit menu select New String Value, and enter AutoAdminLogon as name of value
  8. Double click the AutoAdminLogon and set the value to the number 1
  9. Close regedit
  10. Logoff and you will be automatically logged in again

The instructions above should only be done by someone who is happy with using the registry editor.

It is also possible using a program called autolog.exe that comes with the resource kit. Just run the executable and you will be able to fill in the information.

To logon as a different user you need to hold down the shift key as you logoff.

Q. How do I disable AutoLogon?

A. Again use TWEAKUI, or in REGEDIT set AutoAdminLogon to 0, and clear the DefaultPassword

Q. How do I add a warning Logon message?

A. You need to use the registry editor

  1. Start the registry editor (regedit)
  2. Move to HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon
  3. Double Click the "LegalNoticeCaption", and enter the text to be in the title bar, click OK
  4. Double Click the "LegalNoticeText", and enter the warning text and click OK
  5. Close the registry and logoff, when you logon you will see the warning

This can also be done via the policy editor (poledit.exe)

  1. Start the policy editor (poledit.exe)
  2. Open the default Computer Policy
  3. Open the Windows NT System tree and then Logon
  4. Put a tick in the "Logon banner" and enter the caption and text
  5. Click OK and save the policy

Alternatively, a text message can be displayed by creating the key LogonPrompt in HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon

Q. How do I change Domain Names?

A. This is not so much a procedure but things to think about.

  1. NT stores both the textual name and the Security ID (SID) associated with the name, when you change the Domain name you only change the textual part and NOT the SID.
  2. All users should log off before starting the Domain Name change
  3. Break all trust relationships with other Domains
  4. If possible all BDC's should have the domain name changed and want to reboot. Say reboot later, and shutdown the machine and power it off.
  5. On the PDC run control panel, and change the Domain Name through Network Panel. The computer will prompt for a reboot and select "Reboot Now".
  6. Once the PDC is up let it stabilize for a few minutes then bring up each BDC with a minute gap, so it can validate with the PDC
  7. Re-create trust relationships with other Domains
  8. Move all clients to the new Domain, for Workstation see next FAQ.

Q. How do I move a Workstation to another Domain?

A. Logon to the Workstation locally as Administrator (i.e. name of machine) and goto Control Panel. Double click Network and click change. Enter the new Domain name and click OK. You will receive a message "Welcome to Domain x". Reboot the machine and you are part of the new domain.

If you wish to administer this box from the new domain you will need to add <Domain>\DomainAdmins to the local administrators group by connecting to the local user database via User Manager for Domains (i.e. \\computername)

Q. How do I assign User Rights for a standalone server (not the PDC/BDC) in a domain?

A. In NT Workstation, User Manager/Policies/User Rights... assigns the privileges (e.g. the Shutdown or Log On Locally privilege) for the local machine. However, in NT Server the User Rights you assign with User Manager for Domains affect the Domain Controller(s). To modify privileges for the local machine, first choose Select Domain... from the User menu, and type in the name of the computer at the Domain prompt (you cannot browse the domain).

Q. I can't FTP to my server, although the FTP service is running?

A. Have you unchecked the "Allow only anonymous connections" option, but still receive a "530 User xyz cannot log in. Login failed." message? To log on to the FTP server with your domain account, it is not sufficient to specify your name at the User prompt. The FTP service checks local accounts only, even if the computer is participating in a domain. Use domainname\username instead, e.g. if the domain name was savilltech and the user was john, enter savilltech\john as the username.

Q. How do I validate my NT Logon against a UNIX account?

A. There is software to do this available at

Q. Can I synchronize the time of a NT Workstation with a NT Server?

A. Yes, enter the command

NET TIME \\computername /SET /YES

Please note that users will require "Change System Time" user right, via User Manager\User rights. There is a utility on the resource kit called TimeServ which runs the time synchronization as a service and works even when there are no logged on users.

Also see Q. How do I configure a user so it can change the system time?

Q. How can I send a message to all users?

A. Ensure the "Messenger" service is started (Control Panel - Services - Messenger - Auto). To send a message type:
c:> net send <machine name> "<message>"
Or instead of a machine name type * to broadcast to all stations

There are also various GUI utilities, and one of the best is NT Hail at http://www.geocities.com/SiliconValley/Bay/1999/NT_Hail.html

Q. How do I change a Workstations Name?

A. Follow the steps below

  1. Logon to the NT server and in Server Manager add the new computer name (Computer - Add to Domain)
  2. On the Workstation from Control Panel double click Network (or right click on Network Neighborhood and select properties)
  3. Click Change and type the new computer name
  4. Press OK and accept reboot
  5. The machine should then reboot with the new name
  6. On the NT server you should now delete the OLD computer name (select and press DEL)

Q. How do I automatically logoff clients after n minutes of inactivity?

A. The registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters. Add a new variable (Edit - New - Dword value) and call it Disc. Set the value to the number of minutes inactivity wanted. Some network programs constantly communicate with the server (such as mail) so this will not always work. This will only terminate remote connections, to actually logoff from a session use the winexit.scr that comes with the resource kit.

Q. How do I create a queue to a Network Printer?

A. If you have a printer that has its own network card and IP address, you can create a queue to the device by following the instructions below

  1. Login as a member of the Administrators Group
  2. Start Control Panel (Start - Settings - Control Panel)
  3. Double Click Network, and select the Services tab
  4. Click Add, and select "Microsoft TCP/IP printing"
  5. Click OK and then Close
  6. Click "Yes" to the reboot
  7. After the machine has booted up Double Click "My Computer" (or what you have named it to, you have renamed it!)
  8. Double click Printers, and select Add Printer
  9. Select the Printer is a local printer, and then continue
  10. Click Add Port, and select "LPR port"
  11. Click New Port and fill in the IP address of the printer in the top box, and a name in the bottom box
  12. Click OK, and ignore the error about not being able to communicate
  13. Click Next and then select the printer driver
  14. Click Next and select if you want to share it, and then click Finish
  15. Print and be happy

Q. How many user accounts can I have in one Domain?

A. The real problem is that each user account and machine account takes up space in the SAM file, and the SAM file has to be memory resident. A user account takes up 1024 bytes of memory (a machine account half as much), so for each person (assuming they each had one machine) would be 1.5 KB. This would mean for a 10,000 user domain each PDC/BDC would need 15MB of memory just to store the SAM! Imagine a network with 100,000 people. This is one of the reasons you have multiple domains and then setup trust relationships.

Q. How to I change my server from Stand Alone to a PDC/BDC?

A. You cannot change the role of a NT server, you will need to reinstall NT.

Q. What is a PDC, BDC?

A. A PDC is a Primary Domain Controller, and a BDC is a Backup Domain Controller. You must install a PDC before any other domain servers. The Primary Domain Controller maintains the master copy of the directory database and validates users. A Backup Domain Controller contains a copy of the directory database and can validate users. If the PDC fails then a BDC can be promoted to a PDC. Possible data loss is user changes that have not yet been replicated from the PDC to the BDC. A PDC can be demoted to a BDC if one of the BDC's is promoted to the PDC.

Q. How many BDC's should I have?

A. Microsoft say one BDC for every two thousand users. This is fine considering a 486DX2 with 32MB of RAM can, on average, perform at least 10 logons per minute, however if everyone in your company arrives at 9:00 on the dot and log on (except for the helpful people who arrive half an hour late) there will be a surge of logon requests to deal with, resulting in large delays. To try and improve on this, it is possible to configure the Server service to throughput for Network Applications rather than File Applications. Remember the more powerful the processor, the more logons (for a Pentium 133, would be able to logon at least 30 people).

Q. How do I stop the default admin shares from being created?

A. This can be done through the registry.

  1. Start the registry editor
  2. Move to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
  3. If you are using Workstation create a value (Edit - Add Value) called AutoShareWks (AutoShareServer for server) of type DWORD and press OK. It will ask for a value, type the number 0.
  4. Close the registry editor
  5. Reboot

This can also be done using the policy editor. Start the policy editor (poledit.exe), load the default computer profile, and expand the Windows NT Network tree, then Sharing and set "Create hidden drive shares" to blank for server/workstation.

There are a few other options though. The first is to use NTFS and set protections on the files so people may be able to connect to the share, but they will not be able to see anything. The second is to delete the shares each time you logon, this can be done through explorer, but it would be better to have a command file run each time with the lines
net share c$ /delete
and for all the other shares, however these shares are there for a reason so your machine can be administered by the servers, so if you delete them system managers may have something to say about it!

Q. How do I disconnect all network drives?

A. Use net use * /del /yes

Q. How do I hide a machine from Network Browsers?

A. Using the registry editor set the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters and set value Hidden from 0 to 1. You should then reboot. You can also type net config server/hidden:yes. You can still connect to the computer, but it is not displayed on the browser.

Q. How do I remote Boot NT?

A. NT does not support remote boot. It is possible to reboot a machine from another computer using the Shutdown Manager that comes with the NT resource kit.

Q. How do I stop the last logon name being displayed?

A. Set the registry setting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUserName from 0 to 1

This can also be done using the policy editor, and is under the Windows NT System - Logon tree, and tick "do not display last logged on username".

Q. How can I get a list of users currently logged on?

A. Use the net sessions command, however this will only work if you are an Administrator. You can also use control panel and choose server.

Q. How do I configure NT to be a gateway to an ISP?

A. Firstly the hardware required would be a network and a modem. The network card would be so the other clients in the network can communicate with the "to be" gateway, and the modem to connect to the gateway. Dial-up networking is not covered here, and you should first be confident with dial-up networking before attempting this.

  1. Start the registry editor (regedit.exe) and add a value of type DWORD called DisableOtherSrcPackets in the HKey_Local_Machine\System\CurrentControlSet\Services\RasArp\Parameters area, and set to a value of 0. This is so packets that are sent through the NT gateway, the original IP address stored in each packet is retained, i.e. of machine a is sending a packet through b, then the packet retains the IP address of a, rather then be automatically changed to b.
  2. On the gateway machine ensure TCP/IP is installed with a static IP address, and a correct subnet address (usually 255.0.0.0 for a class a, 255.255.0.0 for class b, and 255.255.255.0 for class c). Make sure the default gateway address is blank.
  3. Install Dial Up networking and configure for NT to dial out only. You will have to reboot
  4. Add a phonebook entry for your ISP as you would as normal, however uncheck the "Use default gateway".
  5. Enable the PC to be able to forward IP packets, by starting control panel, double click Network and choose the protocols tab. Select TCP/IP and then routing. Check the Enable IP Forwarding. You will need to reboot
  6. If when you connect to your ISP you are given an IP address, you will need to connect to your ISP, and then find out which IP address you are given. To get the address type
    IPCONFIG
    Look for a Wan adapter and write down the IP address. If you know your IP address before you connect you can forget this step.
  7. Add a route for the IP address used when connecting to the ISP (the one identified in step 6)
    route add 0.0.0.0 mask 0.0.0.0 <ip address> metric 2
  8. Configure all clients gateway as the network card IP address of the NT gateway.

This would enable the machines to send out IP packets to the internet, however the packets would have no way of finding there way back, as the ISP would not know to route them through the gateway, so you ISP will have to either a) have host entries for each of the machines or b) point to the gateway as another DNS.

Q. How do I install the FTP server service?

A. In prior version of NT, the FTP server service was installed as part of TCP/IP, however as of NT 4.0, it became part of IIS/PWS, so it needs to be installed manually. Before you install the FTP server, TCP/IP must be installed.

  1. In Control Panel, double-click Network.
  2. Click Services, click Add, and then click Microsoft Peer Web Services if you are using NT Workstation or click Microsoft Internet Information Server 2.0 if you are using NT Server.
  3. Click OK, and then type the path for the Windows NT source files. For example, if you are using the Windows NT CD-ROM in drive E, type the following line: E:\i386
  4. Click OK to start the Microsoft Peer Web Services Setup or Internet Information Server.
  5. The FTP Service is selected by default, but you should clear the check boxes for options you do not want to install.

Q. How do I get a list of all connections to my PC?

A. Use the command netstat -a

Q. Is it possible to create non-NT PPTP connections to an NT Server?

A. Yes. A third party product called TunnelBuilder by Network TeleSystems lets you create encrypted tunnels over the Internet using PPTP. The TunnelBuilder client talks to a PPTP server, available with NT Server 4.0. TunnelBuilder can be used with any ISP -- the ISP isn't even aware that encrypted tunnels are being built across their network. TunnelBuilder is available for Windows 95, WFW 3.11, 3.1, and Mac OS computers. More information on the product can be found at http://www.NTS.com.

Q. How can I stop people logging on to the server?

A. If you want to disable an NT servers ability to handle authentication then it is possible to stop the "Net logon" service:

  1. Start Control Panel
  2. Double click on Services
  3. Click "Net Logon" and then click Pause
  4. Exit Control Panel

To disable all of NT's server services, click on Server and click stop, which will stop "Net Logon", "Computer Browser" and any other server services.

Q. How can I get the Ethernet address of my Network card?

A. Type ipconfig /all from a command box.

Q. How can I configure the preferred Master Browser?

A. On the NT server you want to be the preferred master browser change the registry setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browsers\Parameters\IsDomainMaster to True

Q. Is it possible to protect against Telnet attacks?

A. There was a recent well-known problem that a telnet client could connect to an NT machine on port 135, type 10 characters and it would hang NT. There is no simple way to protect NT from a certain port attack. It is possible to configure NT to only accept incoming packets from a set of configured ports, however you have to name the ports you want to accept input from:

  1. From Control Panel, Double click on Network
  2. Click the Protocols tab
  3. Select TCP/IP and click Properties
  4. Click Advanced (bottom right)
  5. Check the "Enable Security" and click configure
  6. For TCP select "Permit Only" and enable only the ports you want to work (e.g. Web Browser is 80, FTP 21)
  7. Exit
  8. Reboot NT

To protect against the port 135 attack, install the RPC hotfix for Service Pack 2.

Service Pack 3 and some its Hotfixes are also highly desirable, and address a number of Internet attack methods.

Q. What Telnet Servers/Daemons are available for Windows NT?

A. A Telnet Server on NT allows connection to an NT machine using a Telnet client from any hardware platform. Products are available from:

Q. How do I install MSN under NT?

A. The new MSN 2.0 only runs under Windows 95, however a version for NT 4.0 is being developed. In the mean time it is possible to use MSN to connect to the Internet, however you cannot read Mail

  1. Phone Microsoft and request for a manual Internet PPP access to be setup.
  2. Assuming RAS is already installed, select Add New phonebook entry
  3. Type in a name for the phone book entry, e.g. "MSN connection"
  4. Clear the "I know about phone book entries" and click Next
  5. Check "I am calling the Internet" and click Next
  6. Click Finish
  7. Select your new "MSN" and click Edit from More
  8. Click the Server tab, and select TCP/IP, Enable PPP LCP, and clear NetBEUI and IPX
  9. Click the TCP/IP settings box and check "Server assigned IP addresses" and "Use default gateway"
  10. Click OK and exit back to the main dial screen
  11. Select MSN and click Dial
  12. When prompted for username/password enter
    Username : MSN/<user name>
    Password : <MSN password>
    Domain : <blank>

Q. What FireWall products are available for NT?

A. Below are a selection of FireWall systems for NT:

Q. How do I delete a network port (e.g. LPT3:)?

A. Network ports are defined in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports. Select the port you wish to delete and from Edit Menu select Delete.

You can also delete from the command line
net use lpt3: /del

Q. How do I install the Remoteboot Service?

A. Before installing the Remoteboot service you must have both the NetBEUI and DLC protocols installed. The remoteboot service will only run on NT server.

  1. Start Control Panel (Start - Settings - Control Panel)
  2. Double click the Network icon
  3. Click on the services tab and click Add
  4. Select "Remoteboot Service"
  5. Check the path where Remoteboot will be installed (by default %systemroot%\RPL)
  6. Click OK and complete the installation
  7. After installation has completed start Remoteboot Manager
  8. Click "Fix Security" from the Configuration menu, which will create the RPLUSER local group and assign the permissions to the RPL directory.

Q. How many connections can NT have?

A. NT workstation can have up to 10 concurrent connections, with one exception, Peer Web Services which allows unlimited concurrent connections.

Q. How do I configure a Trust Relationship?

A. Domains by default are unable to communicate with other domains, which means somewhere in domain x cannot access any resource that is part of domain y. Before a trust relationship is configured

After a trust relationship is defined, say x trusts y the following happens

In the example above x is the trusting domain, and y is the trusted domain. Also the above is a one-way trust relationship, i.e. while domain y users can use domain x resources, users of domain x cannot use domain y resources. A two-way relationship would allow each domain to access resources of the other (if given permission).

The basics of a trust relationship is to first configure domain y to allow domain x to trust it, and then configure domain x to trust domain y:

  1. Log onto domain y as Administrator
  2. Start User Manager for Domains (Start - Programs - Administrative Tools)
  3. Select "Trust Relationships" from the Policies menu
  4. Click the Add button to the Trusting Domains box
  5. Enter the name of the domain you want to be able to trust you, i.e. domain x
  6. You can type a password in the Initial Password and Confirm Password, however this is only used when the trust relationship is started. You can leave it blank Click OK to complete the addition
  7. Close the Trust Relationship dialog box
  8. Log off of domain y and logon onto domain x as Administrator
  9. Start User Manger for Domains, and choose "Trust Relationships" from the Policies menu
  10. Click the Add button to the Trusted Domains box
  11. Enter the name of domain y and the password if one was configured in step 6
  12. Click OK and close the User Manager for Domains application.
  13. Domain x now trusts domain y

Q. How do I terminate a Trust Relationship?

A. Firstly you have to stop domain x trusting domain y, then remove domain x's ability to trust domain y:

  1. Logon as Administrator to domain x
  2. Start User Manager for Domains, and click Trust Relationships from the Policies menu
  3. Select domain y from the Trusted Domains and click Remove and confirm
  4. Logoff, and logon to domain y as Administrator
  5. Start User Manager for Domains, and click Trust Relationships from the Policies menu
  6. Select domain x from the Trusting Domains and click Remove and confirm
  7. Exit

Q. How can I secure a server that will be a Web Server on the Internet?

A. Below are points to be aware of

Q. How can I tell the role of my NT machine?

A. There are several ways to do this, however the easiest is to type the command
net accounts
And at the bottom of the output, the Computer Role will be shown as one of the following:
WORKSTATION - A normal NT Workstation machine
SERVER - A standalone NT Server machine
PRIMARY - A Primary Domain Controller (PDC)
BACKUP - A Backup Domain Controller (BDC)

Q. How can I stop a user logging on more than once?

A. There is no way in NT to stop a user logging on more than once, however it is possible to restrict a workstation so that only a certain user can login, and with this method each user would be tied to one workstation and thus could only logon once.

  1. Logon to the Workstation as the Domain Administrator
  2. Start User Manager (Start - Administrative Tools - User Manager)
  3. Double click the Users group and select the Domain\Everyone and click remove
  4. Next click add and select the specific domain user and click Add
  5. Close User Manager
  6. Logoff and only that specific user will be able to logon (be careful that Administrators still include Domain\Administrators or you will not be able to logon)

This solution is far from ideal, and it may be plausible to write a login script that checked if a user was currently logged on and if so, logoff straight away (using the logout command line tool).

Q. How can I get information about my domain account?

A. From the command prompt type

net user <username> /domain

And all your user information will be displayed including last logon time, password change etc.

Q. Users fail to logon at a server.

A. By default members of Domain Users will not be able to logon to a server, i.e. a PDC or a BDC, and if they try the error "The local policy of this system does not allow you to logon interactively". If you want users to be able to logon to a server (why I don't know) follow the procedure below:

  1. Logon to the server as an Administrator
  2. Start User Manager for Domains (Start - Programs - Administrative Tools - User Manager for Domains)
  3. Select "User Rights" from the "Policies" menu
  4. From the drop down "Rights" list select "Log on locally"
  5. Click Add, and select "Domain Users", click Add, then click OK
  6. Close User Manager
  7. Logout and a User will now be able to login

Q. A machine is shown as Inactive in Server manager when it is not.

A. Sometimes Server Manager fails to see a machine has become active, you can attempt to force it to see the machine by typing
net use \\<machine name>\IPC$
If this fails it may be the machine has been configured to be invisible to the network.

Q. How do I automatically FTP using NT?

A. I use a basic script to update my main site and the mirrors using two batch files. The first consists of a few lines:

d:
cd \savilltechhomepage
ftp -i -s:d:\savmanagement\goftp.bat

The -i suppresses the prompt when performing a multiple put, and the -s defines an input file for the FTP like:

open ftp.savilltech.com - the name of the FTP server
johnny - username
secret - password
cd /www - remotely move to a base directory
lcd download - locally change directory
cd download - remotely move to a sub directory of the current directory
binary - set mode to binary
put faqcomp.zip - send a file
cd .. - move down a directory remotely
lcd .. - move down a directory locally
cd ntfaq
lcd ntfaq
mput *.html - send multiple files (this is why we needed -i)
close - close the connection

Q. How can I change the time period used for displaying the password expiration message?

A. Follow Instructions below:

  1. Start the Registry editor (regedit.exe)
  2. Goto the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  3. From the Edit Menu, click New - DWord
  4. Type the name PasswordExpiryWarning and press enter
  5. Double click on the new value you have created and set to the number of days prior to the expiration you want the message to appear.

Q. How can I tell who has which files open on a machine?

A. To view which files are currently open, and which user has them open use the
net file
command which displays information in the form of
ID Path Username, e.g.
10845 c:\file\john.doc savillj

Also using net file, it is possible to delete a file lock using
net file 10845 /close
which would remove this lock.

To use Net File you must have the server service running on the machine (check Start - Settings - Control Panel - Services)

You can also use the Server Control Panel Applet on the domain controller (In Use).

There is a freeware utility called OFL (Open File List) from http://www.merxsoft.com/ which provides more information.

Q. How can I modify share permissions from the command line?

A. The Windows NT resource kit ships with a utility called RMTSHARE.EXE that is used to modify permissions on shares, the syntax to grant access to a share is as follows

rmtshare \\<server name>\<share> /grant <username>:<permission>, e.g.
rmtshare \\bugsbunny\movies /grant savillj:f

Valid permissions are f for full, r for read, c for change and n for none. To revoke access to a share type

rmtshare \\<server name>\<share> /grant <username>, e.g.
rmtshare \\bugsbunny\movies /grant savillj

This would remove savillj's access to the share. To view share permissions enter:

rmtshare \\<server name>\<share> /users, e.g.
rmtshare \\bugsbunny\movies /grant

RMTSHARE.EXE also allows the creation and deletion of shares. Type rmtshare /? for help.

Q. How can I change the protocol binding order?

A. Network bindings are links that enable communication between the network adapter(s), protocols and services. If you have multiple protocols installed on a machine you can configure NT to try a certain protocol first for communication:

  1. Log on to the machine as a member of the Administrators group
  2. Start the Network control panel applet (Start - settings - control panel - network, or right click Network Neighborhood and select properties)
  3. Click the bindings tab
  4. Select "all services" from the drop down list of bindings
  5. Select the service you wish to change the binding order for by clicking its plus sign (usually you should change the workstation service as this is used for connecting to resources etc.)
  6. A list of all the protocols installed will be shown, and can be ordered by selecting the protocol and clicking "move up" or "move down".
  7. Click OK when finished, and you will have to reboot for the changes to take effect.

Q. What criteria are used to decide which machine will be the Master Browser?

A. There are 5 roles a machine can have

When an election takes place, a number or criteria are used. Firstly the browser type

If two machines have the same role then the operating system is used

If there is still a tie, the Windows NT version is used

To set a machine as a certain type of browser perform the following

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters
  3. Double click on MaintainServerList
  4. Set to
    No - for the computer to be a non-browser
    Yes - the computer will be a master or backup browser
    Auto - will be a master, backup or potential depending on the number of browser currently in action
  5. Click OK
  6. Close the registry editor and reboot

Q. How can I get a list of MAC to IP addresses on the network?

A. An easy way to get a list of MAC to IP addresses on the local subnet is to ping every host on the subnet and then check you ARP cache, however pinging every individual node would take ages and the entries only stay in the ARP cache for 2 minutes. An alternative is to ping the broadcast mask of your subnet which will ping every host on the local subnet (you can't ping the entire network as you only communicate directly with nodes on the same subnet, all other requests are via the gateway so you would just get a ARP entry for the gateway).

What is the broadcast mask? The broadcast mask is easy to calculate if the subnet mask is in the format 255.255.255.0 or 255.255.0.0 etc. (multiples of 8 bits). For example if the IP address was 134.189.23.42 and the subnet mask was 255.255.0.0 the broadcast mask would be 134.189.255.255, where 255 is in the subnet mask the number from the IP address is copied over, where 0 it is replaced with 255, basically the network id part is kept. If the subnet mask is not the basic 255.255 format, you should use the following, all you need is the IP address and the subnet mask

  1. For each bit set to 1 in the subnet mask, copy the corresponding but from the IP address to the broadcast mask
  2. For each bit set to 0 in the subnet mask, copy a 1 into the corresponding bit of the broadcast mask

for example, IP address 158.234.24.98 and subnet mask 255.255.248.0

Network

Host
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0
1 0 0 1 1 1 1 0 1 1 1 0 1 0 1 0 0 0 0 1 1 0 0 0 0 1 1 0 0 0 1 0
1 0 0 1 1 1 1 0 1 1 1 0 1 0 1 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1

Byte 1

Byte 2

Byte 3

Byte 4

The first row is the subnet mask 255.255.248.0, the second row the IP address 158.234.24.98 and the third row is the broadcast mask, 158.234.31.255.

To get the MAC to IP addresses, you would therefore perform the following

ping <broadcast mask>
arp -a

Voila, a list of IP addresses and their MAC address (you can add > filename to get the list to a file, e.g. arp -a > iptomac.lst). You could repeat this exercise on the various subnets of your organization.

Q. How can I control the list of connections shown when mapping a network drive?

A. When you map a network drive (Explorer - Tools - Map network drive), if you click the down arrow on the path, a list of previous connections will be shown. These are stored on the registry and can be edited

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections
  3. You will notice in the left pane is a number of string values called a,b,c etc. For the connections you do not want shown, click on the entry and then either press the Del key and say yes to the confirmation or select delete from the edit menu.
  4. Once you have deleted entries you need to update which ones explorer will show by double clicking on order and remove the letters of the entries you deleted
  5. Click OK
  6. Close the registry editor

Q. How do I grant users access to a network printer?

A. The same way as files have security information, so do printers, and you need to set which users can perform actions on each network printer

  1. Logon as an Administrator
  2. Double click "My Computer" and then select printers
  3. Right click on the printer whose permissions you wish to change and select properties
  4. Click the security tag and select permissions
  5. You can now add users/groups and grant them the appropriate privilege
  6. Click OK when finished

Q. How can I join a domain from the command line?

A. The NT Resource Kit Supplement 2 ships a new utility called NETDOM.EXE which can be used to not only join domains, but create computer account and trust relationships.

To join a domain there are 2 paths, the first is to just add the computer to the domain and create the computer account simultaneously which is OK if you are logged on as a domain administrator, if you are not a domain administrator the account needs to be added in advance and then you join the domain.

If you are logged on as a domain administrator then enter the command below to create the account and join the domain

netdom /domain:savilltech /user:savillj /password:nottelling member <computer name> /joindomain
where <computer name> is the name of your machine, e.g. johnstation

If you are not an administrator the domain admin people will have to add you an account first using either server manager or using NETDOM.EXE

netdom /domain:savilltech /user:savillj /password:nettelling member <computer name> /add

Once the account has been add the normal user could join the domain using the first command shown.

Q. How can I create a share on another machine over the network?

A. The Windows NT Resource kit comes with a utility called RMTSHARE.EXE and this can be used to create shares on other machines providing you have sufficient privilege. The basic syntax is as follows

rmtshare \\<computer name>\"<share name to be created>"="<path>" /remark="<share description>"
e.g. rmtshare \\savillmain\miscfiles=d:\files\misc /remark="General files"

You only need to use double quotes around the share to be created and the path if there are spaces in the share/file name, e.g. if the share was to be called misc files instead of miscfiles it would have to be in quotes, e.g.

rmtshare \\savillmain\"misc files"="d:\my files\misc" /remark="With space share"

Q. I get errors accessing a Windows NT FTP Server from a non Internet Explorer browser.

A. If you run the Microsoft FTP Server Service then you may find problems accessing an area other than the root from a non Internet Explorer browser. This is because most other FTP Servers use the UNIX type naming conventions and that is what browsers such as Netscape expect, however the Microsoft FTP service outputs using dos naming conventions. This can be resolved by forcing the FTP server service to use Unix conventions rather than dos

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ftpsvc\Parameters
  3. If the value MsdosDirOutput exists double click on it and set it to 0, click OK
  4. If it does not exist from the Edit menu select New - DWord value and enter the name MsdosDirOutput and click OK, then perform step 3

You will need to stop and start the FTP server service for this change to take effect (Start - Settings - Control Panel - Services - FTP Service - stop - start)

Q. How can I view which machines are acting as browse masters?

A. There are 2 utilities shipped with the NT resource kit (one GUI, on command line) which can be used to view current browse master status.

BROWMON.EXE - Select from the Diagnostics Resource Kit menu. The master browser will then be displayed for each domain. Double clicking on a machine will then list the other machines that are browsers and a subsequent double click on these machines will tell their status, e.g. backup browser.

BROWSTAT.EXE - Start a command session. There are a number of commands that can be used, however to get a general view enter the command
browstat status <domain name>
Browsing is active on domain.
Master browser name is: PDC
Master browser is running build 1381
2 backup servers retrieved from master PDC
\\PDC
\\WORKSTATION

As can be seen the master browser name is shown, as are backup servers.

Q. How do I demote a PDC to a BDC?

A. Normally when you promote a BDC to the PDC, the existing PDC is automatically demoted to a BDC, but in the event that the PDC was taken off line and then a BDC promoted when the old PDC is restarted it will still think its the PDC and when it detects another PDC it will simply stop its own netlogon service.

To actually modify the machine to be a BDC the registry needs to be changed directly:

  1. Logon to the machine as an Administrator
  2. Start the registry editor (regedt32.exe)
  3. Move to HKEY_LOCAL_MACHINE\Security
  4. Select Permissions from the Security menu
  5. Select Administrators and change the access type to Full Control, check the "Replace Permission on Existing Subkeys" and click OK. Click Yes to the confirmations dialog box
  6. You can now navigate the Security menu, move down to Policy\PolSrvRo
  7. Double click on the default <no name> value and change the second digit (which should be 3 for a PDC) to a 2 (which means BDC). Click OK. E.g. 03000000 to 02000000.
  8. You should now reset the Security on the Security part of the registry using the same method as before but changing back to Special Access for Administrators.
  9. Restart the machine and it will come up as a BDC

Q. How can I configure a BDC to automatically promote itself to a PDC if the PDC fails?

A. There is no way to do this, the assumption is that the PDC would be configured to write out the dump information and then reboot itself thus coming back online. You configure this behavior using the System Control Panel Applet - Startup/Shutdown tab.

Q. How do I rename a PDC/BDC?

A. To rename a Primary Domain Controller perform the following:

  1. Log onto the PDC as an Administrator
  2. Start the Network Control Panel Applet (Start - Settings - Control Panel - Network)
  3. Click the Identification tab.
  4. Click the Change button and enter in the new computer name and click OK
  5. Restart the PDC for the name change to take effect.
  6. Once the machine has rebooted start Server Manager (Start - Programs - Administrative Tools - Server Manager), if the old name still appears as a Backup, or if there is no entry for the new name:
    - Create an entry for the new name. To do this, select Add to Domain in the Computer menu of Server Manager.
    - Add the new computer account as a "Windows NT Backup Domain Controller" (it will be added and displayed as a Primary).
    - Remove the old name by selecting the entry. To do this, select Remove from Domain on the Computer menu.

To Rename a Backup Domain Controller

  1. Log onto the PDC as an Administrator and in Server Manager (Start - Programs - Administrative Tools - Server Manager) add an account for the BDC's new name
  2. Log onto the BDC as an Administrator
  3. Start the Network Control Panel Applet (Start - Settings - Control Panel - Network)
  4. Click the Identification tab.
  5. Click the Change button and enter in the new computer name and click OK
  6. Restart the PDC for the name change to take effect. The NETLOGON service will not yet start on this server.
  7. On the PDC, open Server Manager. Select the new BDC name and from the Computer menu, choose Synchronise With Primary. This will start the NETLOGON service.
  8. In Server Manager, select the old BDC name from the list and from the Computer menu, choose Remove From Domain.

Note: If the BDC begins to receive 7023 or 3210 errors after synching the domain in server manager, on the PDC choose the BDC and then synch that specific BDC with the PDC. After an event indicating that the synch is complete, restart the BDC.

Q. How do I configure my print jobs to wait until out of hours?

A. If you have large print jobs that you would rather run out of hours it is possible to configure usage hours on a print queue:

  1. Select My Computer
  2. Select Printers
  3. Right click on your printer and select properties
  4. Click the Scheduling tab and at the top in the Available section enter a From and a To time, e.g. 18:00 - 08:30
  5. Click OK to save your changes

Jobs submitted to this print queue will now only be printed between the hours specified. If you wanted some jobs to be printed straight away you should define 2 queues, one for overnight, one for all hours.

Q. Where in the registry are the entries for the DNS servers located?

A. The entries for the DNS servers are stored in the registry in the location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters under the NameServer value. Each entry should be separated by a space. Using the Resource Kit utility REG.EXE the command to change would be as follows

reg update HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\NameServer="158.234.8.70 158.234.8.100" \\<machine name>

where 158.234.8.70 and 158.234.8.100 were the addresses of the DNS servers you wanted to configure. Note it sets the value, it does not append so ensure you enter in the existing DNS servers as well as the new ones.

This may be useful for granting users access to the internet by remotely updating their registry to know which DNS servers to use.

Q. Is there any way to improve the performance of my modem internet connection?

A. It is possible to force NT to discover the Maximum Transmission Unit (MTU) (packet size) over the path to a remote host. If the transmission packets are restricted to this size then packet fragmentation is eliminated at the routers resulting in improved performance.

The parameter EnablePMTUDiscovery set to 1 forces NT to use a MTU of 576 bytes for all connections that are not on the local subnet. To change this perform the following:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
  3. From the Edit menu select New-DWord value
  4. Enter a name of EnablePMTUDiscovery and press enter
  5. Double click on this new value and set to 1 then click OK
  6. Close the registry editor and reboot the machine.

The main issue is that MTU's are maximised for the Ethernet or LAN side of the network connection. Because of the packet sizes (1500), the host machine broadcasts packets and they are not delivered fast enough to provide an acknowledgement to the host. Therefore, the host resends the packet. Due to the speed of the connections the host may resend the packet three times before it gets an acknowledgement. This clogs the system and slows down performance.  By changing the MTU to (576) at the ISP and on your server the throughput should increase significantly.

RAS

Q. How do I connect two Workstations using RAS?

A. NT Workstation supports one inbound RAS connection so one NT station will be the RAS server, and one will be the client. The procedure below is what I did to connect two machines.

Server

If RAS is already installed

  1. Goto Control Panel, and double click Network
  2. Goto Services and click on "Remote Access Server", and click Properties
  3. Click on the Port and click Configure
  4. Select "Dial Out and Receive" or just Receive
  5. Click Continue
  6. Select if user can access Just Computer or Entire Network for NetBEUI
  7. Click Continue and fill in details for TCP/IP, For this setup we will assume the dial in client will have a TCP/IP address so check the box "Allow clients to use preconfigured address"
  8. Click OK and then close
  9. You will then be prompted to restart the computer

If RAS is not already installed, goto "My Computer" and double click "Dial-up Networking", it will then detect your modem and then take you to step 3 as above.

Client

This assumes RAS is not installed

  1. Goto "My Computer", and double click "Dial-up Network"
  2. You will be asked for the NT CD, and it will install Modem and RAS
  3. It will then detect any modems, once the modem has been found click continue
  4. It will then say the phone book is empty and you should add an entry. Give a name and select "Next" (do not select "I know about modem properties" unless you do")
  5. Select "I am calling the Internet" and click Next
  6. Enter the phone number and click Next, then click Finish
  7. Select the entry, and click More, select Edit Entry
  8. Goto server Tab, and check NetBEUI and TCP/IP. Click TCP/IP details and fill in then press OK. Finally click OK again.
  9. Select the PhoneBook entry and click Dial.
  10. The first time you connect you will have to supply a username, password and domain (select "save password" so this information does not have to be entered again).

Q. Is it possible to dial an ISP using the command line?

A. Yes, use RASPHONE -d <entry>. To disconnect you can type RASPHONE /disconnect.

Q. How can I stop the RAS connections closing when I logoff?

A. Perform the following:

  1. Start the registry editor (regedt32.exe, not regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  3. Create a new value called KeepRasConnections of type REG_SZ
  4. Set the new value to have a value of 1

Q. How can I create a RAS Connection Script?

A. It is possible to write a script that will run when you connect during a RAS connection to automate actions such as entering your username and password. To specify a script perform the following

  1. Double click on My Computer and start up the Dial-up Networking applet
  2. Select the phonebook entry and click More.
  3. From the More menu select "Edit entry and modem properties"
  4. Click the Script tab and select "Run this script"
  5. Click the "Edit script..." button and the SWITCH.INF file will be opened
  6. Go to the bottom of the file and create a new connection section and then select exit
  7. Answer Yes to save changes
  8. Click the "Refresh List" button and the new entry will now be displayed.
  9. Select the new entry you created and click OK.

An example addition to the SWITCH.INF would be

; the phonebook entry
[Savill1]
; send initial carriage return
COMMAND=<cr>
; wait for : (after username, may be different at your site) omit the U as it may be capitals. You could just have :
OK=<match>"sername:"
LOOP=<ignore>
; send username as entered in the connection dialog box, alternaticly you could just enter the username e.g. savillj<cr>
COMMAND=<username><cr>
; wait for : (after password this time, may be different at your site)
OK=<match>"assword:"
LOOP=<ignore>
; send the password entered in the connection dialog box, again you could just manually enter the password, e.g. password<cr>
COMMAND=<password><cr>
NoResponse
; send the "start ppp" command
COMMAND=ppp default<cr>
OK=<ignore>

In depth information on all of the commands can be found in the SWITCH.INF file.

Q. How can I debug the RAS Connection Script?

A. It is possible to create a log file of the connection by performing the following steps

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
  3. Double click on Logging
  4. Change the value data to 1 and click OK
  5. Close the registry editor
  6. Restart the computer

Each dial-up session will now be appended to the file %systemroot%/system32/RAS/device.log. To stop logging perform the steps above but set the value back to 0.

Q. How do I configure RAS to connect to a leased line?

A. The method will vary depending on your systems current setup, however assuming you have RAS already installed below are the actions needed to configure in your leased line. It is assumed the modems (at both ends) are configured correctly for leased line usage (&D0 for DTR override).

  1. Start the Modem control panel applet (start - settings - control panel - modems)
  2. Click Add
  3. Check the "Don't detect my modem, I will select it from a list" and click Next
  4. In the Manufacturers box select "Standard Modem Types" and in the Models area select "Dial-Up Networking Serial Cable between 2 PCs", click Next
  5. Select the port, e.g. COM1 and click Next
  6. You now have a modem setup ready for leased line use

You should now configure the RAS connection (server/client) in the normal way (use the RAS service properties).

  1. Right click on Network and select properties, click the services tab and select RAS, click Properties.
  2. Select the COM port and click Configure
  3. Select the connection type dial in/dial out/both and click OK. Click Continue
  4. You will be asked about NetBEUI client Access, select the desired and click OK
  5. If you selected server you will be prompted for TCP/IP access and also which IP addresses should be given, either by DHCP (if configured) or from a given pool of addresses. You can also check the box to allow a client to request a specific IP address
  6. Click Close in the Network dialog box, the bindings of the machine will be updated and you will be asked if you want to reboot. Click Yes

Once this has been done you may also want a phonebook entry for outgoing use as you would normally except under the Dialing section check the "Persistent connection" box.

Q. How can I disable RAS AutoDial?

A. The easiest way to do this is to disable the RAS AutoDial service:

  1. Start the services control panel applet (start - settings - control panel - services)
  2. Scroll down to "Remote Access AutoDial Manager" and select
  3. Click the Startup button and change the startup to Manual. Click OK
  4. If you want to stop if now just click the Stop button
  5. Click the Close button

To re-enable you would repeat the above but change the startup to automatic.

Q. RAS tries to dial out even on local resources.

A. Perform the following:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Addresses (a better way to view these is to type "rasautou -s" from the command prompt)
  3. In the subkeys look from the local address (and name). If you find it select the key and select Delete from the Edit menu.
  4. Close the registry editor

You may also wish to add addresses to the disabled list:

  1. Start the registry editor (regedt32.exe not regedit.exe)
  2. Move to HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control
  3. Double click on DisabledAddresses and add the address on a new line. Click OK when finished
  4. Close the registry editor

You will need to reboot the machine in both of the above cases.

Q. I have connected via RAS to a server however I can only see resources on the machine I connect to.

A. When you configure the RAS server you set for each protocol the scope of the connection, the server or the whole network. To change this perform the following:

  1. Start the Network Control Panel Applet (Right click on Network and select properties)
  2. Select the Service tab and select the Remote Access Service and click Properties
  3. Select the COM port and click the Network button
  4. Click the Configure button next to the protocol you wish to change access (e.g. TCP/IP)
  5. At the top check the "Entire network" button
  6. Click OK

Clients should now be able to view the entire network.

TCP/IP

Q. What is TCP/IP

A. If you are viewing this page on the web then you are using TCP/IP now! TCP/IP is a suite of related protocols and utilities used for network communications. TCP/IP is actually two protocols, Internet Protocol (IP) and Transmission Control Protocol (TCP). There are many different implementations of TCP/IP however they all conform to a standard which means different implementations can communicate with each other.

Each machine that uses TCP/IP must have a unique TCP/IP address which is a 32 bit number, which is usually displayed in the dotted quad (or dotted decimal) format xxx.xxx.xxx.xxx, where xxx is a number from 0 to 255, for example the IP address 147.98.26.11 is shown in its 32 bit form, and how it breaks down into the dotted quad format

10010011

01100010

00011010

00001011

147

98

26

11

TCP/IP was originally used on ARPANET, a military network and grow to universities and is now used on virtually every computer system. Have a look at http://rs.internic.net/nic-support/15min/modules/arpanet/sld01.html for more information on Arpanet.

Q. How do I install TCP/IP

A. Below are the instructions on installing a non-DHCP clients:

  1. Start the Network Control Panel Applet (Start - Settings - Control Panel - Network)
  2. Click the Protocols tab and click Add
  3. Select TCP/IP Protocol and click OK
  4. You will be asked if there is a DHCP server on the Network, click NO for DHCP
  5. A number of files will be installed and the protocols will be re-binded, and you will be shown the TCP/IP configuration dialog
  6. Click the IP Address tab and enter the IP address and subnet mask. When you enter the IP address it will guess the subnet mask (however you may want to configure a subnet mask different from the Default).
  7. You can also configure DNS servers by clicking on the DNS tab and enter a Domain name (e.g. Savilltech.com) and a host name
  8. Click OK when finished and you have to reboot the machine

Q. Is there a way to trace TCP/IP traffic using NT?

A. As part of the Systems Management Server there is a Network Monitor module which enables the entire network to be monitored, also traffic over a modem. There is a limited version of this with NT 4.0 server, however only communications between the server and other computers can be monitored. The Network Monitor Service has to be installed (Control Panel - Network - Services - Add).

There are also 3rd party products available that are superior to Network Monitor, such as NetXRay from http://www.cti-llc.com/cinco.htm which retails for around $999.

Q. I do not have a network card, but would like to install TCP/IP.

A. Microsoft provide a Loopback adapter that can be used for the testing of TCP/IP. To install the Loopback adapter perform the following actions:

  1. Start the Control Panel (Start - Settings - Control Panel)
  2. Double click on the Network icon
  3. Click on the Adapters tab, and click Add
  4. Select MS Loopback Adapter and click OK
  5. You will then need to configure TCP/IP as normal

Q. I have installed TCP/IP, what steps should I use to verify the setup is correct?

A. Follow the steps below:

  1. From a command prompt type
    ipconfig /all
    This will show information such as IP address, subnet mask and the physical address. Check the IP address and subnet mask are what you expect.
  2. Next there is a special IP address that is used for loopback testing 127.0.0.1, so try and ping this
    ping 127.0.0.1
    You should get 4 lines of
    Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
    Pinging 127.0.0.1 does not send any traffic out on the network. If this does not work it means the TCP/IP stack is not loaded correctly so go back and check your configuration
  3. Next try and ping your own IP address, once again this will not send any traffic out on the Network, but it just confirms the software
    ping 200.200.200.53
    Once again you should get 4 reply messages. If this does not work, but the loopback did, you probably have typed the IP address wrong, go back and check your configuration.
  4. Try and ping the gateway.
    ping 200.200.200.1
    This is the first traffic going out over the network. The gateway should be on your subnet. If you fail to ping the gateway, check the gateway is up, and that your network is correctly connected.
  5. Ping something on the other side of the gateway, i.e. something not own your subnet
    ping 158.234.26.46
    If this does not work then the gateway may not be functioning correctly.
  6. If all of the above worked, than Name Resolution should be tested by pinging by name, this will test the HOSTS and/or DNS. If your machine name was john, and the domain savilltech.com, you would ping john.savilltech.com
    ping john.savilltech.com
    If this does not work, check in the Network Settings - Protocols - TCP/IP that the domain name is correct, also check the hosts file and the DNS.
  7. Next try and ping a name outside the network
    ping ftp.microsoft.com
    If this does not work then check with your ISP (Internet Service Provider)
  8. If all of the above works then get down to the serious stuff and start surfing! :-)

Q. How can I trace the route the TCP/IP packets take?

A. In general TCP/IP packets will not always take the same route to a destination, however the start of the journey is likely to be the same, i.e. to your gateway, to the firewall etc. The command to use is tracert and the syntax is as follows

c:\tracert <host name or IP address>,e.g.
c:\tracert news.savilltech.com
Tracing route to news.savilltech.com [200.200.8.55]
over a maximum of 30 hops:

1 <10 ms <10 ms <10 ms 200.200.24.1 200.200.200.24.1 is the gateway
2 <10 ms 10ms <10 ms 200.200.255.81
3 30 ms 10 ms 10 ms news.savilltech.com [200.200.8.55]

Trace complete

The first column is the hop count, the next 3 columns show the time taken for the cumulative round-trip times (in milliseconds), the 4th column is the hostname if the IP address was resolved, and the last column is the IP address of the host. It is really like a street map telling each turn to take. An important thing to note is to look for looping routes, so host a goes to b then c then back to a, as this indicates a problem usually.

Tracert will not always work with some FireWalls for hosts outside the FireWall.

Q. What is the subnet mask?

A. As has been shown the IP address consists of 4 octets and is usually displayed in the format 200.200.200.5, however this address on its own does not mean much and a subnet mask is required to show which part of the IP address is the Network ID, and which part the Host ID. Imagine the Network ID as the road name, and Host ID as the house number, so with "54 Grove Street", 54 would be the Host ID, and Grove Street the Network ID. The subnet mask shows which part of the IP address is the Network ID, and which part is the Host ID.

For example, with an address of 200.200.200.5, and a subnet mask of 255.255.255.0, the Network ID is 200.200.200, and the Host ID is 5. This is calculated using the following:

IP Address 11001000 11001000 11001000 00000101
Subnet Mask 11111111 11111111 11111111 00000000
Network ID 11001000 11001000 11001000 00000000
Host ID 00000000 00000000 00000000 00000101

 What happens is a bitwise AND operation between the IP address and the subnet mask, e.g.

1 AND 1 = 1
1 AND 0 = 0
0 AND 1 = 0
0 AND 0 = 0

There are default subnet masks depending on the class of the IP address as follows:

Class A : 001.xxx.xxx.xxx to 126.xxx.xxx.xxx.xxx uses subnet mask 255.0.0.0 as default
Class B : 128.xxx.xxx.xxx to 191.xxx.xxx.xxx.xxx uses subnet mask 255.255.0.0 as default
Class C : 192.xxx.xxx.xxx to 224.xxx.xxx.xxx.xxx uses subnet mask 255.255.255.0 as default

Where's 127.xxx.xxx.xxx ??? This is a reserved address that is used for testing purposes. If you ping 127.0.0.1 you will ping yourself :-)

The subnet mask is used when two hosts communicate. If the two hosts are on the same network then host a will talk directly to host b, however if host b is on a different network then host a will have to communicate via a gateway, and the way host a can tell if it is on the same network is using the subnet mask. For example

Host A 200.200.200.5
Host B 200.200.200.9
Host C 200.200.199.6
Subnet Mask 255.255.255.0

If Host A communicates with Host B, they are both have Network ID 200.200.200 so Host A communicates directly to Host B. If Host A communicates with Host C they are on different networks, 200.200.200 and 200.200.199 respectively so Host A would send via a gateway.

Q. What diagnostic utilities are there for TCP/IP?

A. We have already seen PING and TRACERT, and below is a full list

For more information on these commands just enter the command with a -?, e.g. netstat -?

Q. What is routing and how is it configured?

A. When host a wants to send to host b, if they are on the same local network then the IP protocol resolves the IP address to a physical address using ARP (Address Resolution Protocol), and the physical address (e.g. 00-05-f3-43-d3-3e) of the source and destination hosts are added to the IP datagram to form a frame, and using the frame, the two hosts can communicate directly with each other.

If the 2 hosts are not on the same local network, then they cannot communicate directly with each other, and instead have to go through a router. You have probably already come across a router when you install TCP/IP, as the default gateway is just a router that you have chosen to use as a means of communicating with hosts outside your local network if no specific route is known. A router can be a Windows NT computer with 2 or more network cards (one card for connection to each separate local network) or it can be a physical hardware device, such as Cisco routers.

Assuming our two hosts are not on the same local network, host A will check its routing table for a router that connects to the local network of host B. If it does not find a match then the data packets will be send to the "default gateway". In most cases, there will not be one router that connects straight to the intended recipient, rather the router will know of another route to pass on your packet, which will then goto another router etc.

For example:

Host A - 200.200.200.5
Host B - 200.200.199.6
Subnet Mask - 255.255.255.0
Router - 200.200.200.2 and 200.200.199.2
Host A's routing table - Network 200.200.199.0 use router 200.200.200.2

In this example, Host A would deduce that Host B is on a separate network, as its Network ID is 200.200.199. Host A would then check its routing table and see that it knows for network 200.200.199 (the zero means all) it should send to 200.200.200.2. The router would receive the packets and then forward them to network 200.200.199.

What actually happens is each router will have its own routing table that will point to other routes.

To actually configure a route, you use the route command, for example to configure a root for network 200.200.199 to use router 200.200.200.2 you would type

route -p add 200.200.199.0 mask 255.255.255.0 200.200.200.2

The -p makes the addition permanent, otherwise it will be lost with a reboot.

To view your existing information type route print.

Q. What is ARP?

A. ARP stands for Address Resolution Protocol and was touched on in the previous question as a means of resolving a IP address to an actual physical network card address.

All network cards have a unique 48 bit address, that is written as six hexadecimal pairs, e.g. 00-A0-24-7A-01-48, and this address is hard coded into the network card. You can view your network cards hardware address by typing

ipconfig /all
.
Ethernet adapter Elnk31:

Description . . . . . . . . : ELNK3 Ethernet Adapter.
Physical Address. . . . . . : 00-A0-24-7A-01-48
DHCP Enabled. . . . . . . . : No
IP Address. . . . . . . . . : 200.200.200.5
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : 200.200.200.1
Primary WINS Server . . . . : 200.200.50.23
Secondary WINS Server . . . : 200.200.40.190

As discussed in the Subnet question, if a packets destination is on the same local network as the senders, then the sender needs to resolve the destinations IP address into a physical hardware address, otherwise the sender needs to resolve the routers IP address into a physical hardware address. When a NT machines TCP/IP component starts, it broadcasts an ARP message with its IP to hardware address pair. The basic order of events for sending to a host on the local network is as follows:

  1. ARP checks the local ARP cache for an entry for destinations IP address. If a match is found, then the hardware address of the destination is added to the frame header and the frame sent.
  2. If a match is not found, then an ARP request broadcast is sent to the local network (remember it knows the destination is on the local network by working out the Network ID from the IP address and the subnet mask). The ARP request contains the senders IP address and hardware address, the IP address that is being queried and is sent to 255.255.255.255 (everyone, but it won't get routed).
  3. When the destination host receives the broadcast, it sends a ARP reply with its hardware address and IP address.
  4. When the source receives the ARP reply, it will update its ARP cache and then create a frame and send it.

If you are sending to a destination not on your local network, then the process is similar except the sender will resolve the routes IP address instead.

To inspect your machines ARP cache, type:
arp -a
and a list of IP address to hardware address pairs will be shown. Try pinging a host on your local network and then displaying the ARP cache again and you will see an entry for the host, also try pinging a host outside your local network and check the ARP cache and an entry for the router will have been added. You will notice that the word dynamic is listed with the records, and this is because they were added as needed and are volatile, hence will be lost on reboot. In fact the entries will be lost quicker than this! If an entry is not used again within 2 minutes then it will be deleted from the cache. If it is used within 2 minutes, it will not be deleted for a further 10 minutes, unless used again and then it would be ten minutes from when used :-).

You may wish to add static entries for some hosts (to save time with the ARP requests) and the format is
arp -s <IP address> <hardware address>, e.g.
arp -s 200.200.200.5 00-A0-24-7A-01-48

Q. My Network is not connected to the Internet, can I use any IP address?

A. The basic answer would be Yes, however it is advisable to use one of the following ranges which are reserved for use by private networks:

10.0.0.0 - 10.255.255.255 this is a single class A network
172.16.0.0 - 172.31.255.255 this is a group of 16 contiguous class B networks
192.168.0.0 - 192.168.255.255 this is a contiguous group of 256 class C networks

The addresses above are detailed in RFC 1918 (Request for comment) and can be viewed at http://ds.internic.net/ds/dspg01.html . The advantage of these addresses is that they are automatically filtered out by routers, thus protecting the internet. Obviously if you did one day want to part of your network on the internet you would need to apply for a range of IP addresses (from Internic or from your ISP).

Q. How can I increase the time entries are kept in the ARP cache?

A. The default 2 minutes can be changed by performing the following:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
  3. From the Edit menu select New - DWord value and enter a name of ArpCacheLife, click OK
  4. Double click the new value and set to the new value in seconds and click OK
  5. Close the registry editor
  6. Reboot

Q. What other registry entries are there for TCP/IP?

A. There is a whole knowledge base article on them that may be useful at http://premium.microsoft.com/support/kb/articles/q120/6/42.asp .

Q. How can I configure more than 6 IP addresses?

A. Using the TCP/IP configuration GUI you are limited to 6 IP addresses however more can be added by directly editing the registry:

  1. Log on as an Administrator
  2. Start the registry editor (regedt32.exe)
  3. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and scroll down to the service for your adapter card (Look at the adapters tab on the Network Control panel applet). For example the Etherlink 3 card is Elnk3, however you want the first occurrence so goto Elnk31.
  4. Move to the Parameters\TCPIP subkey
  5. Double click the IPAddress value. Enter in additional IP addresses separated by a new line
    IPAddress.gif (4020 bytes)
  6. When finished click OK
  7. Next edit the SubnetMask and again add an entry for each IP address added (in the same order). Click OK when finished.
  8. Close the registry editor
  9. Reboot the machine

DHCP

Q. What is DHCP?

A. DHCP stands for Dynamic Host Configuration Protocol and is used to automatically configure a host during boot up on a TCP/IP network and also to change settings while the host is attached.

This means that you can store all the available IP addresses in a central database along with information such as the subnet mask, gateways, DNS servers etc.

The basics behind DHCP is the clients are configured to use DHCP instead of being given a static IP address. When the client boots up it sends out a BOOTP request for an IP address. A DHCP server then offers an IP address that has not been assigned from its database, which is then leased to the client for a pre-defined time period.

Q. How do I install the DHCP Server Service?

A. The DHCP server service can only be install on a NT Server.

  1. Start the Network Control Applet by clicking on Network from Control Panel (Start - Settings - Control Panel) or right click on Network Neighborhood and select Properties
  2. Click on the Services tab and click Add
  3. Select "Microsoft DHCP Server" and click OK
  4. You will be prompted to insert the NT Server installation CD or say where the i386 directory is
  5. A warning that all local adapters must use a static IP address and click OK
  6. Click Close and select Yes to reboot

Q. How do I configure DHCP Server Service?

A. The DHCP Server Service is configured using "DHCP Manager" that is installed after the installation of the DHCP Server Service.

  1. Start DHCP Manager (Start - Programs - Administrative Tools - DHCP Manager)
  2. Double click "*Local Machine*"
  3. From the Scope menu select Create
  4. A dialog will be shown and following should be entered
    - Start Address, e.g. 200.200.200.10
    - End Address, e.g. 200.200.200.100
    this would mean the address 200.200.200.10 to 200.200.200.100 would be available
    - Subnet Mask, e.g. 255.255.255.0
    - Exclusion - start and end, e.g. 200.200.200.20 and 200.200.200.30, would mean available addresses would 200.200.200.10-200.200.200.20 and 200.200.200.30-200.200.200.100
    - Exclusion - just start is a single address, e.g. 200.200.200.56
    - Set lease duration, by default 3 days, however can be set to unlimited
    - Name - this is the name of the scope, e.g. "subnet 200.200.200"
    - Comment - anything you want
  5. Click OK
  6. A message that the Scope has been added, but is not active, would you like it to be active, click Yes.

Usually items such as DNS servers, WINS server etc will be configured on a global scale and this is also done using Server Manager

  1. Select the Scope, and select Global from the "DHCP Options" menu
  2. Select "06 DNS Servers" and click Add
  3. Click Value button
  4. Click Edit Array at the bottom
  5. Enter the IP address and click ADD, continue adding until all added
  6. Click OK to close the Edit Array dialog
  7. Select "15 Domain name" and click Add
  8. Select it and edit the string at the bottom, e.g. savilltech.com
  9. Click OK to exit

Q. How do I configure a client to use DHCP?

A. For NT workstation and Windows95 follow the instructions below:

  1. Start the Network Control Applet by clicking on Network from Control Panel (Start - Settings - Control Panel) or right click on Network Neighborhood and select Properties
  2. Click on the Protocol tab
  3. Select TCP/IP and click Properties
  4. Select "Obtain an IP address from a DHCP Service". DHCP settings will only override IP address and subnet mask locally configured. If you have configured DNS, WINS etc locally then the DHCP configuration will not overwrite it.

Q. How can I compress my DHCP database?

A. NT Server ships with a utility called JETPACK.EXE which can be used to compact DHCP and WINS databases. To compact your DHCP database perform the following:

  1. Start a command prompt (cmd.exe)
  2. Enter the following commands
    cd %SystemRoot%\SYSTEM32\DHCP
    e.g. cd d:\winnt\system32\dhcp
    net stop DHCPSERVER
    jetpack DHCP.MDB TMP.MDB
    net start DHCPSERVER

Note: While you stop the DHCP service, clients using DHCP to receive a TCP/IP address will not be able to start this protocol and may hang.

Jetpack actually compacts DHCP.MDB into TMP.MDB, then deletes DHCP.MDB and copies TMP.MDB to DHCP.MDB! Simple :-)

For more information, see Knowledge base article Q145881 at http://www.microsoft.com/kb/articles/q145/8/81.htm

Q. How can a DHCP client find its IP address?

A. Depending on the client:

Windows NT machine - type ipconfig from the command prompt
Windows 95 machine - run winipcfg.exe

Q. How can I move a DHCP database from one server to another?

A. Perform the steps below on the server that currently hosts the DHCP Server service. Be warned that while doing this no DHCP clients will be able to start TCP/IP so this should be done outside working hours.

  1. Log on as an Administrator and stop DHCP (Start - Settings - Control Panel - Services - Microsoft DHCP server - Stop).
  2. You also need to stop DHCP from starting again after a reboot so start the Services Control Panel applet and select Microsoft DHCP Server and click Startup. From the startup choose disabled and click OK.
  3. Copy the DHCP directory tree %systemroot%\system32\DHCP to a temporary storage area for use later.
  4. If you want to remove DHCP from the source machine totally delete the DHCP directory (%systemroot%\system32\dhcp) and then delete the DHCP Service (Start - Settings - Network - Services - Microsoft DHCP Server - Remove)

On the new DHCP server perform the following

  1. Log on as an Administrator
  2. If the server does not have the DHCP server service installed, install it (Start - Settings - Control Panel - Network - Services - Add - DHCP Server)
  3. Stop the DHCP service (Start - Settings - Control Panel - Services - Microsoft DHCP server - Stop).
  4. Delete the contents of %systemroot%\system32\dhcp
  5. Copy the backed up DHCP directory tree from the storage area to %systemroot%/system32/dhcp
  6. Start the registry editor (regedt32.exe)
  7. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Configuration and select it
  8. From the registry menu select restore
  9. Move to %systemroot%\system32\dhcp\backup\dhcpcgf and click open
  10. Click Yes to the warning
  11. Close the registry editor
  12. Reboot the machine

Q. How do I create a DHCP Relay Agent?

A. If you have routers separating some of your DHCP clients from the DHCP server you may have problems if they are not RFC compliant. This can be solved by placing a DHCP relay agent on the local network area which is not actually a DHCP server which communicates on behalf of the DHCP Server. The DHCP Relay Agent must be a Windows NT Server computer.

  1. On the NT Server log on as an Administrator
  2. Start the Network control panel applet (Start - Settings - Control Panel - Network)
  3. Click the Services tab and click Add
  4. Select "DHCP Relay Agent" and click OK
  5. Type the path of the files (e.g. d:\i386) and click OK
  6. You will be asked if you wish to add IP address to the DHCP servers list, click Yes
  7. Click the DHCP relay tab and click Add
  8. In the DHCP Server field enter the IP address of the DHCP Server and click Add
  9. Click OK
  10. Restart the computer

Q. How can I stop the DHCP Relay Agent?

A. All you have to do is stop the DHCP Relay Agent service:

  1. Log on as an Administrator
  2. Start the Services control panel applet (Start - Settings - Control Panel - Network)
  3. Select "DHCP Relay Agent"
  4. Click the startup button
  5. Click the disabled and click OK
  6. Close the control panel applet
  7. You can reboot or just stop the service

Q. How can I backup the DHCP database?

A. The DHCP database backs itself up automatically every 60 minutes to the %SystemRoot%\System32\Dhcp\Backup\Jet directory. This interval can be changed:

  1. Start the registry editor
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters\BackupInterval
  3. Double click on BackupInterval and set to the number of minutes you want the backup to be performed. Click OK
  4. Close the registry editor
  5. Stop and restart the DHCP server service (Start - Settings - Control Panel - Services - DHCP Server - Start and Stop)

You could backup the %SystemRoot%\System32\Dhcp\Backup\Jet directory if you wish.

Q. How can I restore the DHCP database?

A. Perform one of the following:

  1. When the DHCP Server service starts, if an error is detected in the database it will automatically restore the backup version
  2. Edit the registry and set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters\RestoreFlag to 1, restart the DHCP Server service, this will restore the backed up version and set RestoreFlag back to the default 0
  3. Stop the DHCP Server service, copy the files from %SystemRoot%\System32\Dhcp\Backup\Jet to %SystemRoot%\System32\Dhcp and then start the DHCP Server service.

Q. How do I reserve a specific address for a particular machine?

A. Before performing this you will need to know the hardware address of the machine and this can be found by entering the command

ipconfig /all

Look for the line

Physical Address. . . . . . : 00-60-97-A4-20-86

Now at the DHCP server perform the following

  1. Log on as an Administrator
  2. Start the DHCP Server management software (Start - Programs - Administrative Tools - DHCP Manager)
  3. Double click on the DHCP server, e.g. *Local Machine*
  4. Select the light bulb and from the Scope menu select "Add Reservations"
  5. In the Add Reserved Clients dialog box you should enter the IP address you wish to reserve and in the "Unique Identifier" box enter the hardware address of the client machine (got from the ipconfig /all). Do not enter the hyphens, e.g.
    006097A42086
    Also enter a name for the machine (and a comment if you wish) and click Add
  6. Click close when you have added all the reservations

DNS

Q. How do I install the DNS Service?

A. The DNS Service can only be installed on NT Server and is installed as follows:

  1. Start the Network Control Panel Applet (Start - Settings - Control Panel - Network)
  2. Click the Services tab and click Add
  3. Select "Microsoft DNS Server" and click OK
  4. The software will be installed and the machine will then reboot

Q. How do I configure a domain on the DNS Server?

A. A new application has been added to the Administrative Tools group, DNS Manager, to configure the domain follow the procedures below:

  1. Start the DNS Manager (Start - Programs - Administrative Tools - DNS Manager)
  2. From the DNS menu, select New Server and enter the IP address of the DNS Server, e.g. 200.200.200.3, and click OK
  3. The server will now be displayed with a CACHE sub part
  4. Next we want to add the domain, e.g. savilltech.com, from the DNS menu, select New Zone
  5. Select Primary and click Next
  6. Enter the name, e.g. savilltech.com, and then press tab, and it will fill in the Zone File Name and click Next
  7. Click Finish
  8. Next a zone for reverse lookups has to be created, so select New Zone from the DNS menu
  9. Select Primary and click Next, enter the name of the first 3 parts of the domain IP + in-addr.arpa, e.g. if the domain was 158.234.26, the entry would be 26.234.158.in-addr.arpa, in my example it would be 200.200.200.in-addr.arpa, click tab for the file name to be filled and click Next, then click Finish
  10. Add a record for the DNS server, by right clicking on the domain and select "New Record"
  11. Enter the name of the machine, e.g. BUGSBUNNY (I had a strange upbringing :-) ), and enter and IP address, e.g. 200.200.200.3 and click OK
  12. If you click F5 and examine the 200.200.200.in-addr.arpa a record has been added for BUGSBUNNY there as well

Q. How do I add a record to the DNS?

A. To add a record, for example TAZ with IP address 200.200.200.4 perform the following

  1. Start the DNS Manager (Start - Programs - Administrative Tools - DNS Manager)
  2. Right click on the domain, and select New Record
  3. Enter the name, e.g. TAZ and enter IP address
  4. Make sure the Create Associated PTR record is checked
  5. Click OK

Q. How do I configure a client to use the DNS?

A. For an NT machine (and Windows 95) perform the following:

  1. Start the Network Control Panel Applet (Start - Settings - Control Panel - Network)
  2. Select the Protocols tab
  3. Select TCP/IP and select Properties
  4. Click the DNS tab
  5. Make sure the machines name is entered in the first box, and the domain name, e.g. savilltech.com in the Domain box
  6. In the DNS Server part click Add, and in the dialog box enter the IP address of the DNS Server and click Add
  7. In the Domain Suffix Search Order part, click Add and enter the domain, e.g. savilltech.com and then click Add
  8. Finally click OK

To test, you can start a command prompt and enter

nslookup <host name>
e.g. nslookup taz

The IP address of Taz will be displayed. Also try the reverse translation by entering

nslookup <ipaddress>
e.g. nslookup 200.200.200.4

The name Taz will be displayed.

Q. How do I change the IP address of a DNS server?

A. The information below assumes you have already changed the IP address of the machine ( Start - Settings - Control Panel - Network - Protocols - TCP/IP - Properties) and have rebooted. The scenario below assumes the old IP address was 200.200.200.3 and the new is 200.200.200.8

  1. We need to configure a second IP address for the network card
    - Start the Network Control Panel Applet ( Start - Settings - Control Panel - Network)
    - Click on the Protocol tab
    - Select TCP/IP and click Properties
    - Click Advanced and click Add
    - Enter the old IP address, e.g. 200.200.200.3 and click Add
    - Click OK until you are back at the Control Panel
    - Reboot
  2. Start the DNS Manager (Start - Programs - Administrative Tools - DNS Manager)
    - Right click the "Server List" and select New Server
    - Enter the new IP address, e.g. 200.200.200.8 and click OK
    - Select the old IP address, e.g. 200.200.200.3 and right click
    - Select "Delete Server" from the context menu and click Yes to confirm
  3. While in the DNS Manager, update the record for this server
    - Select the IP address of the DNS server, e.g. 200.200.200.8, select the domain name, e.g. SAVILLTECH.COM
    - Double click the entry for the server and update the IP address, i.e. it would have had 200.200.200.3 to bugsbunny, change to 200.200.200.8
    - Click OK
  4. Now we will delete the secondary IP address we added
    - Start the Network Control Panel Applet ( Start - Settings - Control Panel - Network)
    - Click on the Protocol tab
    - Select TCP/IP and click Properties
    - Click Advanced and select the address, e.g. 200.200.200.3 and click Remove
    - Click OK until back at control panel
    - You will need to reboot at some point to remove the 200.200.200.3 from being active

Update all the clients to use the new DNS server IP address.

The above procedure is the most complete way, however it should still work if you only perform steps 2 and 3.

Q. How can I configure DNS to use a WINS server?

A. Is is possible to configure the DNS to use a WINS server to resolve the host name of a Fully Qualified Domain Name (FQDN).

  1. Start DNS manager (Start - Programs - Administrative Tools - DNS Manager)
  2. Right click on the zone you wish to communicate with the WINS server and select properties
  3. Click the "WINS Lookup" tab
  4. Select the "Use WINS Resolution" check box and then enter the WINS server IP address and click ADD
  5. Click OK when finished

WINS

Q. What is WINS?

A. WINS stands for Windows Internet Name Service. WINS is a NetBIOS Name Server that registers your NetBIOS names and resolves into IP addresses.

If you're using NetBIOS over TCP/IP you will need to have WINS running so that each can find out the correct IP address of the other to communicate.

Need to browse over an interdomain network? WINS!

Q. How does WINS work?

A. Once your machine is configured to point at a WINS server (and maybe a second backup WINS server);

  1. Upon startup, registers your NetBIOS name with WINS. This dynamic update means that you will ALWAYS get the name/IP mapping that is current.
    If there is already a machine out there with the same name, a request is sent to it by WINS. If it doesn't respond, you get the OK. If it is out there and alive, you get a negative name acknowledgment.
  2. Need to talk with machine XXX? Send a NetBIOS name query to the WINS server. (no broadcasts! no LMHOSTS!)
  3. If WINS finds a match, it will respond with the correct TCP/IP address of the target machine.

Q. How do I set up WINS?

A. WINS is a server service.
Go to Control Panel->Network->Services and install the Windows Internet Name Service.

If you have any non-WINS clients, add them in as static name->IP mappings.
Configure a WINS Proxy Agent if needed.
Configure WINS support on your DHCP server.

NT Workstation TCP/IP->Properties->WINS add the IP address of the WINS server (and your secondary if you have one).

Q. What is a WINS Proxy Agent?

A. If you have non-WINS machines on your subnet and want them to be visible participants, you will want a Proxy Agent to be active within this subnet.
A WINS Proxy Agent is a WINS client that allows non-WINS clients to participate, by listening for broadcast name registrations and requests and then forwards them to a WINS server. Use Registry Editor to open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters and set the EnableProxy parameter to 1.

Q. How do I configure WINS static entries for a non-WINS client?

A. Go into WINS Manager (under Admin Tools)
Mappings->Static Mappings->Add Mappings enter the NAME and IP ADDRESS of the machine in question. Under TYPE usually you'll just enter as Unique. Now click ADD.

Q. How do I configure WINS to work with DHCP?

A. If the computer is a DHCP client, then at the DHCP server, go into DHCP Administrator (Admin Tools) and add two new SCOPE options:

  1. 044 WINS/NBNS Servers - add the address of WINS server(s)
  2. 046 WINS/NBT Node - configure as 0x8 (H-Node)

Q. How can I compress my WINS database?

A. NT Server ships with a utility called JETPACK.EXE which can be used to compact DHCP and WINS databases. To compact your WINS database perform the following:

  1. Start a command prompt (cmd.exe)
  2. Enter the following commands
    cd %SystemRoot%\SYSTEM32\WINS
    e.g. cd d:\winnt\system32\wins
    net stop WINS
    jetpack WINS.MDB TMP.MDB
    net start WINS

Note: While you stop the WINS service, clients using WINS to resolve addresses will fail unless another mechanism of name resolution is in place.

Jetpack actually compacts WINS.MDB into TMP.MDB, then deletes WINS.MDB and copies TMP.MDB to WINS.MDB.

For more information, see Knowledge base article Q145881 at http://www.microsoft.com/kb/articles/q145/8/81.htm

Windows Messaging/Exchange

Q. The Outlook/Exchange client takes a long time to start.

A. Sometimes the protocol binding for Exchange can be wrong if more than one protocol is installed, for example if you have NetBEUI and TCP/IP installed, and you connect to the Exchange server via TCP/IP, you need to ensure TCP/IP is first in the binding order, otherwise Exchange will attempt to communicate via NetBEUI initially. To check/set perform the following:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Exchange Provider
  3. In the right hand pane, double click Rpc_Binding_Order
  4. A dialog box will be shown containing a text string of the installed protocols separated by commas. You can move items, for example, you may want to move ncacn_ip_tcp (TCP/IP) to the front if you connect over TCP/IP. Make sure you keep them separated by commas!
  5. Click OK
  6. Close the registry editor
  7. Stop and start Exchange/Outlook

Q. How can I stop Outlook dialing my Internet Account on Startup?

A. Perform the following:

  1. Start the Mail Control Panel Applet (Start - Settings - Control Panel - Mail)
  2. Click the Services tab
  3. Select "Internet E-mail" service and click properties
  4. Click the connection tab
  5. Check the "Work Offline and use Remote Mail"
  6. Close the dialog boxes
  7. Reboot the machine

Q. How do I install Exchange?

A. The following instructions are to install Exchange 5.0

  1. Insert the Exchange CD-ROM into the computer
  2. Run <CD-ROM>\setup\i386\setup.exe (Start - Run)
  3. You may want to change the destination folder by clicking the "Change Directory" button
  4. Click the Custom Button
  5. Select the components you wish to install, you will only be able to install the Active Server Page extensions if you have IIS 3.0 with ASP installed.
  6. Click OK to continue
  7. Select your licensing method and click OK, check the "I agree" box and click OK
  8. Assuming this is the first Exchange server, click the "Create new site" and you should enter the organization and site name, click OK
  9. You need to select the Exchange admin account, by default the account you are currently logged on as will be displayed, however it is a good idea to have a separate Exchange Admin account (make sure it has "Log on as a service" and "Restore files and directories" rights). Enter the password for the account selected and click OK
  10. Once the installation is completed you will be asked if you want to run the optimizer utility, click "run optimizer" or exit.

It is a good idea to have a large pagefile.sys when running Exchange, a good size would be the amount of memory plus 100.

Q. How do I enable the Exchange Active Server Pages?

A. This functionality is new in 5.0, and enables a user to view their exchange mailbox from an Internet browser, such as Internet Explorer or Netscape. Before the Exchange Active Server Pages extension can be installed, there are two pre-requisites

NT Server 4.0 ships with IIS 2.0, therefore assuming you have not upgraded your system since then you will need to perform the following

  1. The upgrade to IIS 3.0 is part of Service Pack 3 for NT 4.0, therefore you should install this service pack
  2. Once the machine has rebooted install the Active Server Pages extensions (these are included on the Service Pack 3 CD-ROM, \winnt400\Iis30\Asp\I386\Asp.exe)
  3. Run the Exchange setup program and select Add/Remove components
  4. Check the box "Active Server Components" and click continue
  5. The setup program will then continue as normal

Once this has finished, you will be able to connect to your Exchange mailbox by entering the URL

http://<Exchange server>/exchange

You then need to enter you Exchange alias and then click the "click here" text.

Q. How do I use the Exchange Optimizer utility?

A. After you install Exchange you are prompted to run the Exchange Optimizer utility, however it can also be run afterwards:

  1. From the Microsoft Exchange folder choose Microsoft Exchange Optimizer
  2. A dialog will be shown asking permission to stop the Exchange services, click Next
  3. Next the user and server configuration dialog will be shown and you should enter details of the number of users and how the server will be configured. Also a Limit memory option is available, by default Exchange will use as much memory as it needs, however if you have other apps running on the server you may wish to limit the memory Exchange can use, the minimum is 24MB, but you are recommended to use a limit of 32MB. Click Next to continue
  4. The application will then test your disks to decide where best to place the Exchange database files and then click Next
  5. A dialog will be shown with the new recommended file locations and click Next
  6. If files are being relocated then make sure the box on the new dialog is checked and click Next
  7. Finally click Finish

Q. How can I convert mail system X to Exchange?

A. Exchange is supplied with a migration wizard which can convert the following mail systems to Exchange

The wizard is in the Microsoft Exchange folder and below is an example of converting a MsMail Postoffice

  1. Start the Migration Wizard (Start - Programs - Microsoft Exchange - Microsoft Exchange Migration Wizard)
  2. Select MsMail for PC Networks and click Next
  3. Click Next to the dialog box that explains how MsMail and Exchange can coexist
  4. Enter the Path to the MsMail post office and the Administrator account name and password for the Postoffice, then click Next
  5. Select "One step Migration" and click Next
  6. Select the type of information you want to import and click Next
  7. Click "Select All" to migrate all users and click Next
  8. Enter the name of the Exchange server to store the new accounts and messages. Click Next
  9. You will now need to select the type of access for the shares MS Mail folders, the common one is "Author access: read, create, edit items" and click Next
  10. Select the recipient container and template (optional), click Next
  11. Finally choose the type of passwords to create for the new Windows NT accounts that will be created from the MS Mail mailboxes. In a multi domain environment you must select the domain for the new accounts. Click Next to begin the conversion.
  12. A process box will be displayed showing the progress, once completed a dialog will be displayed and click OK to complete.

Q. How can I create shortcut on the desktop with the "to" field completed?

A. As you may be aware, if you enter the command
exchng32 /n
This creates a blank new message, however it is not possible to specify a qualifier containing information to the content. A workaround to this is the following

  1. Start Exchange/Outlook and create a new message
  2. Fill in information for the to: field, cc: field etc.
  3. Instead of sending select Save As from the file menu
  4. Select the Save As type as "Message Format" and enter a file name and location (the default extension is .msg). Click Save
  5. Start Explorer (Win Key + E, or Start - Programs - Explorer)
  6. Move to the directory you saved the Message Format file to and right click on the file
  7. While holding down the right mouse button drag to the desktop and release the button, from the context menu displayed select "Create shortcut here"

If you now double click on the desktop message icon it will create a new message which you can edit and then send with information already filled in!

Q. NT Server hangs at shutdown if User Manager is running.

A. This is caused by an Exchange dll file which is used by User Manager, to fix this perform the following

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UMAddOns
  3. Click on Mailumx and click the DEL key
  4. Click yes to the confirmation

Q. How can I send a mail message from the command line?

A. You need to use the MAPISEND.EXE utility that is supplied with the Exchange Resource kit. The resource kit can be downloaded from http://www.microsoft.com/msdownload/exchange/rkintel/rkintel.htm and you need to download the AdminNT part.

Once downloaded double click on the zip file and it will expand to a specified location. Copy the MAPISEND.EXE from the restored path (i386\admin\mapisend) to an area of your choice. The usage is simple as long as the exchange client is installed on the computer already (outlook is also OK).

mapisend -u "<profile>" -p <anything> -r <recipient> -s "<subject>" -t <text file containing the message>
e.g. mapisend -u "john savill" -p anything -r john@savilltech.com -s "Test message" -t c:\message\mail4.txt

This is just an example usage, and you may not be sure what you profile name is so instead of using -u and -p, use just -i and this allows interactive login and will also allow you to create a profile which you can then use in future. The full list of switches are

-u Profile name (user mailbox) of sender
-p Login password
-i Interactive login (prompts for profile and password)
-r Recipient(s) (multiples must be separated by ';' and
must not be ambiguous in default address book.)
-c Specifies mail copy list (cc: list)
-s Subject line
-m Specifies contents of the mail message, this is ignored if -t is specified
-t Specifies text file for contents of the mail message
-f Path and file name(s) to attach to message
-v Generates an 8 line summary of the sent message

In all cases if the passing parameter is more than one word it should be enclosed in quotes.

Q. What files does Exchange use?

A. Below is a list of the more common files used by Exchange

File Directory Use
Priv.pat Pub.pat Mdbdata Patch files, safe to delete if no backup is taking place and no startup recovery is in operation
Dir.pat DsaData Patch files, as above
Dlv.log Snd.log Dlvxxxxx.log Sndxxxxx.log Mdbdata These are created when Sending and Delivering diagnostics logging for either the private and public information stores are set. These can be deleted at any time. Dlv.log and Snd.log are the most recent logs created.
PUB.EDB PRIV.EDB MDBdata Information store
DIR.EDB DSAdata Directory information
EDB.LOG   Transaction Log
EDB00nn.LOG   Previous Transaction Logs
EDB.CHK   Check Point file
RES1.LOG RES2.LOG   Emergency logs for when disk is full
TEMP.EDB   In progress transaction

Internet Information Server

Q. What is IIS?

A. Internet Information Server (IIS) is a World Wide Web server, a Gopher server and an FTP server all rolled into one. IIS means that you can publish WWW pages and extend into the realm of ASP (Active Server Pages) whereby JAVA or VBscript (server side scripts) can generate the pages on the fly. IIS has fun things like application development environment (FrontPage), integrated full-text searching (Index Server), multimedia streaming (NetShow), and site management extensions.

Q. How do I install Internet Information Server?

A. IIS 2.0 is supplied with Windows NT Server 4.0. It can be installed at the time you installed NT 4.0 by checking the "Install Microsoft Internet Information Server" box, alternatively it can be installed at a later time by performing the following

  1. Insert the NT 4.0 Server CD-ROM
  2. Run <CD-ROM>:\I386\Inetsrv\Inetstp.exe
  3. Close all currently programs and click OK to start the installation
  4. Select the services you want to install and click OK
  5. You will be asked for the publishing directories for FTP,WWW and Gopher. You can change or accept the defaults. Click OK to continue the installation
  6. If you selected to install ODBC drivers a dialog box showing SQL Server driver, click OK to continue
  7. A message will be displayed that the installation has finished. Click OK

Internet Information Server 3.0 is supplied on the Service Pack 2 CD-ROM and as part of Service Pack 3. It is supplied as an upgrade, so you must already have IIS 2.0 installed before applying the service pack.

Q. What is Internet Service Manager?

A. If you look under Programs->Microsoft Internet Server, you will find the Internet Service Manager. ISM is used to configure and monitor IIS. With ISM you can define user connections and user logon and authentication, the home directory location for each IIS service, logging and security.

Q. What is Index Server?

A. It gives the ability to perform full-text searches and retrieve information from a Web browser. It can search HTML, text, and all Microsoft Office documents.

When started, it builds an index of the virtual roots and subdirectories on your Web server. You can select which directories and file types can be skipped.

The index is updated automatically whenever a file is added, deleted, or changed on the server.

Q. What are Active Server Pages?

A. ASP is server-side scripting. You can use ASP to create and run dynamic, interactive, Web applications. When your scripts run on the server, the SERVER does all the work involved in generating the HTML pages.

Q. How can I configure the Connection Limit?

A. This is configured using the Internet Service Manager and can be between 1 and 32,767

  1. Start the Internet Service Manager ( Start - Programs - Microsoft Internet Server)
  2. Double click on the computer whose connection limit you wish to configure
  3. Select the Service tab
  4. Enter the number of connection you want in the Maximum Connections field
  5. Click OK
  6. Stop and start the service whose limit you changed
  7. Close the Internet Service Manager

Q. How do I change the default file name?

A. The default file name is the file searched for if only a directory name is specified and can be changed by performing the following:

  1. Start the Internet Service Manager ( Start - Programs - Microsoft Internet Server)
  2. Double click on the computer name of the web server you wish to modify the default file name
  3. Click the directories tab
  4. At the bottom of the screen is a "Enable default document" check box, select this
  5. In the field enter a file name, e.g. index.htm.
  6. Click OK
  7. Start and start the server you just updated
  8. Close the Internet Service Manager

Q. How can I enable browsers to view the contents of directories on the server?

A. By default if you select a directory on a server and no default file name exists then an error is returned. It is possible to change this behavior to instead of an error a directory listing is displayed

  1. Start the Internet Service Manager ( Start - Programs - Microsoft Internet Server)
  2. Double click on the computer name of the web server you wish to modify the default file name
  3. Click the directories tab
  4. Select the "Directory Browsing Allowed" box
  5. Click OK
  6. Close the Internet Service Manager

You can only set this for the whole site, not on a per directory basis. If you want to set this on a directory basis enable the directory browsing and make sure the default file name exists in directories you do not want people to be able to browse.

Q. How can I configure the FTP welcome message?

A. Using the IIS admin utility a welcome, end and connect refused message can be displayed

  1. Start the Internet Service Manager ( Start - Programs - Microsoft Internet Server)
  2. Select the FTP service on the machine you wish to configure
  3. From the properties menu select Service Properties
  4. Click the Messages tab
  5. Enter text in the "Welcome Message", "Exit Message" and "Maximum connections" fiels.
  6. Click the Apply button then click OK
  7. Stop and restart the FTP service
  8. Close the Internet Service Manager

Q. How do I configure a virtual server?

A. It is possible using Windows NT to bind multiple IP addresses to one network card and for each IP address it is possible to run a virtual domain server. The procedure below will add an IP address, add the new IP address as a domain and setup the new IIS virtual server.

To bind an additional IP address to your network card perform the following:

  1. Start the Network Control Panel Applet (Start - Settings - Control Panel - Network)
  2. Select the Protocols tab
  3. Select TCP/IP and click Properties
  4. On the "IP Address" tab click the Advanced button
  5. In the IP Address section click Add
  6. Enter the additional IP address and subnet mask you want the machine to respond to and click Add
  7. Click OK until you leave the network control panel applet
  8. Reboot the machine

You now need to configure the DNS server to respond to the new name.com with the new IP address

  1. Start the DNS Manager
  2. (Start - Programs - Administrative Tools - DNS Manager)
  3. From the DNS menu, select New Server and enter the IP address of the DNS Server, e.g. 200.200.200.3, and click OK
  4. The server will now be displayed with a CACHE sub part
  5. Next we want to add the domain, e.g. savilltech.com, from the DNS menu, select New Zone
  6. Select Primary and click Next
  7. Enter the name, e.g. savilltech.com, and then press tab, and it will fill in the Zone File Name and click Next
  8. Click Finish
  9. Next a zone for reverse lookups has to be created, so select New Zone from the DNS menu
  10. Select Primary and click Next, enter the name of the first 3 parts of the domain IP + in-addr.arpa, e.g. if the domain was 158.234.26, the entry would be 26.234.158.in-addr.arpa, in my example it would be 200.200.200.in-addr.arpa, click tab for the file name to be filled and click Next, then click Finish
  11. From the DNS menu select new Host, enter the machine name and IP address, also select the create associated PTR record. Click Add and then Done.
  12. Next create the www.<domain>.com record. From the DNS menu select new record
  13. Select record type of CNAME, enter a alias name of www, and the actual host name, e.g. server.shadow.com. Click OK
  14. Exit the DNS server

Next update the IIS server to support the new domain

  1. Start the Internet Service Manager (Start - Programs - Microsoft Internet Server)
  2. Double click on the Computer name of the web server which will display the properties
  3. Click the Directories tab
  4. Click the Add button
  5. Enter the directory name and select the Home directory check box. Next check the "Virtual Server" box and enter the IP address you added in the first step. Click OK
  6. Click OK to close

You will now be able to browse to this domain.

Q. How can I administer my IIS server using a web browser?

A. IIS comes with a built in HTML version of Internet Service Manager, with an address of <server name>/iisadmin/default.htm. It does have to be installed.

To check if its installed start the browser and move to the \iisadmin\default.htm and if you see the Internet Server Manager page but with no graphics, e.g.

IIS11.gif (17394 bytes)

To install perform the following:

  1. Log on to the IIS server as an Administrator
  2. Start the Internet Information Server Setup (Start - Programs - Microsoft Internet Server - Internet Information Server Setup)
  3. Click OK to the first dialog and then select Add/Remove
  4. Enter the location of the setup files and click OK (e.g. d:\i386\inetsrv if d: is your NT install CD-ROM)
  5. In the options shown select the "Internet Service Manager (HTML)" and click OK
  6. The installation will continue
  7. You should now reapply your service pack if you installed from the NT installation CD. If you have IE 4.0 installed you will get a warning, click Run Program, when prompted during the installation click "No to All" for replacing newer files. Finally once the machine has finished rebooting you should run the command
    regsvr32 rsabase.dll
    Click OK to the completion box

If your default file name is not default.htm you may have a few navigation problems, if you do just enter default.htm after any directory name.

Once you connect using a browser to the iisadmin area you may have to enter a username and password depending on the browser you use, and you can then perform actions to administer the site.

Q. How can I configure FTP to use Directory Annotation?

A. Follow the procedure below:

  1. Log on to the IIS server machine as an Administrator
  2. Start the registry editor (regedit.exe)
  3. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msftpsvc\Parameters
  4. From the Edit menu select New - DWord value
  5. Enter the name AnnotateDirectories and press Enter
  6. Double click on the new value and set the value to 1
  7. You should now stop and restart the WWW server service

You now need to create a file called ~ftpsvc~.ckm in each directory where you wish the annotation. The file is just a normal ASCII format file.

Q. Only the first line of the Directory Annotation is shown.

A. This is caused if you have no welcome message. Simply add a welcome message as described in Q. How can I configure the FTP welcome message?

Q. How can I configure the amount of IIS Cache?

A. By default InetInfo, the process responsible for WWW, FTP and Gopher uses a 3MB of cache for all of the services. This cache is used to store files in memory providing faster access than from disk. To change the amount of memory available for the cache perform the following:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\InetInfo\Parameters
  3. From the Edit menu select New - DWord value
  4. Enter a name of MemoryCacheSize and click Enter
  5. Double click the new value and set to the amount of memory you wish to use for the cache in bytes, e.g. 5000000 for 5MB and click OK
  6. Close the registry editor
  7. Stop and start all IIS services

If you wish to disable caching set the value to 0 however this could have a serious effect on performance.

Internet Explorer 4.0

Q. How can I remove the Active Desktop?

A. You can turn off the Active Desktop without removing it by performing the following:

  1. Right click on the desktop
  2. Select "Active Desktop"
  3. Unselect "View as Web Page" (by clicking it)

To actually remove Active Desktop completely while leaving the browser intact:

  1. Start the Add/Remove Programs control panel applet (start - settings - control panel - add/remove programs)
  2. Select "Microsoft Internet Explorer 4.0" and click the Add/Remove button
  3. Click the "Remove the Windows Desktop Update component, but keep the Internet Explorer 4.0 Web browser" option and click OK
  4. A dialog box explaining the change will be shown and you should click the "Restart Windows" button
  5. Once restarted the active desktop will have been removed

Q. How can I get past the "Active Desktop Recovery" page?

A. This can usually be fixed by deleting the desktop.htt file:

  1. Start explorer
  2. Move to %systemroot%\Profiles\<your username>\Application Data\Microsoft\Internet Explorer
  3. Select Desktop.htt and delete (it is a hidden file so you will need to change the view first View - Folder Options - View)
  4. Close Explorer
  5. Right click on the desktop and choose Refresh

Q. What keyboard commands can I use with Internet Explorer 4.0?

A. Below is a list of common keyboard commands:

Alt + Left Arrow (or backspace) Go Back
Alt + Right Arrow Go Forward
Tab Move to next Hyperlink
Shift - Tab Move to previous Hyperlink
Enter Move to page referenced by Hyperlink
Down Arrow Scroll down
Page Down Scroll down in greater jump
End Move to bottom of document
Up Arrow Scroll up
Page Up Scroll up in greater jump
Home Move to top of document
F5 Refresh
Ctrl - F5 Refresh not from cache
Esc Stop download
F11 Full screen/normal toggle

Q. How can I create a keyboard shortcut to a web site?

A. It is possible to create your own keyboard shortcuts with a Ctrl + Alt + <letter> combination as follows:

  1. Start Internet Explorer
  2. Select "Organize Favorites" from the Favorites menu
  3. Right click on the link and choose Properties
  4. In the Shortcut key dialog box type the combination, any combination of Ctrl, Shift, Alt and a key that is not used
  5. Click OK

You can also use the above to create a keyboard shortcut to a desktop item by right clicking on the shortcut and choosing properties.

Q. How can I customize folders with web view enabled?

A. If you have installed the Windows Desktop Update and have the view as web page enabled ( view - as web page) you can customize the folder (view - customize this folder) and then select the type (background picture or a whole HTML file) or you can change the default which is stored in a hidden HTML file (%systemroot%\web\folder.htt). You can then edit this file and change accordingly.

There is a line in folder.htt "HERE'S A GOOD PLACE TO ADD A FEW LINES OF YOUR OWN" which you can add your own links which will then appear on all folders.

There are 4 other templates you can edit:

As I said these are hidden so you will either need to remove the hidden attribute (attrib <file> -h) or just enter the name specifically in the edit utility you use to change these files. A word of warning, make a backup of these files before you break them :-).

Q. How can I change the icons in the Quick Launch toolbar?

A. The icons on the quick launch taskbar (Internet Explorer, Outlook Express, Show Desktop and Channels by default) are all stored in %systemroot%/profiles/<user>/Application Data/Microsoft/Internet Explorer/Quick Launch and to remove/add just add and remove the files from this directory using Explorer.

You can copy any shortcut to this directory and the update will be done straight away, no need to logoff/reboot. As you can see below I have added a shortcut for Word and Frontpage just by copying the shortcut to the Quick Launch directory, easy.

qcklanch.gif (2017 bytes)

An alternative method is to just drag a shortcut over the Quick Launch bar and it will add the shortcut for you.

All the files in this folder are shortcuts except for Show Desktop and View Channels. See the next FAQ for their contents.

Q. I have lost Show Desktop/View Channels from the Quick Launch bar, help!

A. As was discussed in the previous FAQ these icons are just files in the %systemroot%/profiles/<user>/Application Data/Microsoft/Internet Explorer/Quick Launch directory. To get the Show Desktop/View Channels icons back create the following files in the Quick Launch directory (or copy from another user)

For Show Desktop, create "Show Desktop.SCF" with the following content:
[Shell]
Command=2
IconFile=explorer.exe,3

[Taskbar]
Command=ToggleDesktop

For View Channels, create "View Channels.SCF" with the following content:
[Shell]
Command=3
IconFile=shdocvw.dll,-118

[IE]
Command=Channels

Q. How do I change the default Search Engine?

A. The URL for the Search Engine used with the Go - Search the Web is stored in the registry so this can easily be changed:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
  3. Double click on Search Page
  4. Change to the search page you want, e.g. http://www.altavista.digital.com and click OK
  5. Close the registry editor

Now when you select search you will be taken to this URL. If you want to change back to the default enter http://www.msn.com/access/allinone.htm

Q. How do I remove the Internet Explorer icon from the desktop?

A. This can be done from the advanced options of Internet Explorer:

  1. Start Internet Explorer
  2. From the View menu select Internet Options
  3. Click the Advanced tab
  4. Deselect "Show Internet Explorer on Desktop"
  5. Click OK
  6. Restart the machine

Q. How can I browse off-line?

A. As you may be aware when you connect to a site the information you view is cached locally to speed up future visits to the site (the cache size can be set View - Internet Options - General - Temporary Internet files - Settings). Its actually possible to view the web using only the cache when not connected, obviously you can only view sites that are stored in the cache. To work off line:

  1. Start Internet Explorer
  2. From the file menu select Work Offline

You can then enter URL's and link as normal but will receive an error if you attempt to link to a site that is not cached. To stop working Offline just deselect "Work Offline"

Q. How can I reclaim wasted space by Microsoft's Internet E-mail readers?

A. Microsoft's Internet E-mail clients (both Internet Mail under IE3 and Outlook Express under IE4) waste a large amount of disk space due to the method used to store mail. The reason behind this is to improve performance, however if you do want to reclaim some of the lost space perform the following:

  1. Select one of the folders, e.g. Inbox, Outbox, Sent Items
  2. Select Folder from the File menu and select "Compact all Folders"

Also set-up Outlook to automatically delete the "Deleted Items" folder contents

  1. Select Options from the Tools menu
  2. Select the General tab
  3. Check the "Empty messages from the 'Deleted Items' folder on exit" and click OK

Installation

Q. How do I install NT Workstation 4.0?

A. The installation of NT is quite simple, and below is just a simple example of an installation of a Workstation using TCP/IP and NetBEUI connected to a Domain.

  1. Insert the first NT installation disk an boot the computer
  2. You will have to put in Disk 2 and then press Enter.
  3. You will be given a choice of options. Choose "Setup Windows NT" by pressing Enter
  4. Press Enter to Detect Hardware and you will have to insert Disk 3.
  5. When the detection is finished, if you have extra drivers to install, insert the OEM disk and press S to specify addition devices.
  6. Once all drivers have been installed read the license agreement by scrolling down using the page down key and press F8 to agree at the end.
  7. You will be shown a list of all hard disks and partitions. You can create partitions from here. Select the partition you want to install on and press enter
  8. You will be asked which file system to use. You can format FAT or NTFS. If you choose NTFS it will format it FAT and schedule a conversion later on in the installation process.
  9. Select the directory name (you can except the default of winnt) and press enter
  10. Allow the setup program to check the harddisks for errors, press enter
  11. A number of core files will be copied to the disk and then you will have to reboot the machine
  12. Once the machine has rebooted you will now be in the graphical portion of the installation procedure
  13. Click Next for the installation procedure to check the pc
  14. Next select the type of installation, in this case I select Custom
  15. You will be asked for your name and organization (this can be changed later by editing the values RegisteredOrganization and RegisterOwner from the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion key). Click Next.
  16. You will be asked for the CD Key which is on the back of the NT installation CD-ROM case on the yellow sticker
  17. Enter a Computer Name and click Next
  18. Enter an Administrator password and click Next
  19. Choose if you want an Emergency Repair Disk and click Next
  20. Select the components you wish to install such as Messaging and click Next
  21. Click the Next button to start the Networking setup
  22. Select the connection type, in this case "Wired to the network" and click Next
  23. If wired to the network was chosen you will be asked for the adapter type. You can click Detect. If it fails to find the device click "Select from List" and choose. Click Next
  24. Select the protocols you wish to install, in this case TCP/IP and NetBEUI and click Next
  25. You will be shown the Network services and again click Next
  26. If you installed TCP/IP you will be asked if you want to use DHCP. DHCP is a process where TCP/IP addresses are given out as needed and can help with the administration of the network. In this example I will say No.
  27. Enter the IP address, subnet mask and gateway if applicable. Also clicking on the DNS tab will allow you to specify any DNS servers and enter you domain (e.g. savilltech.com). Click OK
  28. Click Next for services, and then click Next to start the Network
  29. Once the Network has been started you will be asked if you are to operate in a domain or workgroup. Click the Domain choice box and enter the domain name. If the Domain Administrator has already added your computer name to the Domain (Using Server Manager) then just click Next. If not click "Create account in Domain" and you will have to enter a Domain Administrator and password.
  30. Click Finish
  31. Select your time Zone and click close
  32. The last part will detect your graphics card. If correct click OK, however if it misdetects just click Cancel and it will leave the standard VGA driver.
  33. Click Restart Computer

You now have NT Workstation installed :-).

Q. How do I install NT Server?

A. The installation of NT Server is the same as NT Workstation with a few exceptions

Q. I want to install DOS and Windows NT, how should I do this, and how should the hard disk be partitioned.

A. The best method is two create at least two partitions. The first around 200Mb and format to FAT, on this partition DOS will be installed. The reason 200Mb is suggested that this is enough space to later install Windows for Workgroups or Windows95 if needed. After installing DOS, install NT and install onto the second partition (and format FAT or NTFS). Once the installation is finished, on bootup of the machine you will have a choice of booting into DOS or NT. The advantage of having NT installed on a FAT partition is that if there is a problem then you can boot up in DOS mode and access the NT partition and possibly restore files, although that core NT startup files are located on the C partition anyway (boot.ini, ntdetect.com and ntldr).

Q. Installation hangs when detecting the hardware.

A. The program being called is NTDETECT.COM. The best course of action is to use the DEBUG version of NTDETECT.COM.

In the support area of the NT installation cd (/support) there is a file NTDETECT.CHK. Follow the instructions to use it:

  1. Using the Diskcopy command create a copy of the first installation disk
    diskcopy a: a: (/v)
    This will create a copy of the first installation disk
  2. Copy the NTDETECT.COM from the support CD to the installation disk
    copy d:\support\ntdetect.chk a:ntdetect.com
  3. Then reboot the machine with the new version of the installation disk and each item will be shown as it is detected.

Q. Is it possible to install NT without using boot disks or temp files?

A. This is not possible on the Intel platform. On Intel you can either have it not using disks (winnt(32) /b) or not using temp files but not both. On the Alpha platform, it is possible to boot from the retail or MSDN CD of NT 4.0 and install so no boot disks or temp files are used.

The Compaq servers allow you to boot off of the CD, by making the CD a bootable device. Other hardware may also be able to do this, it will depend on the motherboard.

Q. Does NT have to be installed on the C drive?

A. No, NT can be installed on any drive, however it does place a few files on the active partition in order for NT to boot.

Q. There is a file \Support\Deptools\<system>\ROLLBACK.EXE. What is it?

A. It is used by developers to wipe the Registry completely. Do NOT use it!

Q. I have NT installed, how do I install DOS?

A. Follow the steps below

  1. Make an emergency repair disk (rdisk - Update Repair Info)
  2. Ensure you have NT installation disks (can make by winnt32 /ox)
  3. Reboot the machine and boot off of the MS-DOS disks
  4. Install DOS (same as doing a SYS a: c: from a dos bootable disk)
  5. Machine will reboot into DOS
  6. Reboot Machine and boot off of NT installation disks
  7. After 2 disk will give options, press R for repair
  8. Deselect all options except "Inspect Boot Sector" and continue
  9. Press Enter to detect hardware and insert disk 3
  10. The procedure will ask if you have an Emergency Repair Disk (ERD), say Yes and insert the ERD.
  11. The machine will then reboot into NT again
  12. Once in NT goto a DOS session
  13. Type - attrib c:\boot.ini -r -s
  14. edit boot.ini and insert at the bottom
    c:\="MS-DOS"
  15. Type - attrib c:\boot.ini +r +s
  16. Reboot the machine and you will have MS-DOS and NT options! Easy :-)

The procedure above will only work if the C drive is FAT.

Q. How do I convert NT Workstation to NT Server?

A. There are various discussions about the changing of 2 registry keys that turns a Workstation into Server, which in turn change a number of other keys, however this is against license agreements and should not be attempted.

Workstation can be upgraded to a Server, but it cannot become a PDC or BDC, to do this a fresh installation of NT server would be needed. To convert follow steps below

  1. Boot off of the NT Server installation disks (or make them with winnt(32) /ox)
  2. Press Enter to Setup NT
  3. Press Enter to Detect Hardware
  4. Press Enter to continue (or S if you have special drivers)
  5. Accept the license (Page Down then F8)
  6. NT install will detect the existence of workstation and ask if you want to upgrade. Press Enter
  7. It will prompt if you want to upgrade from Workstation to Server. Press Enter
  8. Continue as normal. All Workstation components (Network, print) will be converted to server
  9. When finished you will have NT Server and it will have kept all programs and groups.

Q. I have bought a new disk, how do I move NT to this new disk?

A. There are various methods, depending on your setup and needs. The best method is to:

  1. Backup your NT disk to a tape
  2. Create a new, up to date ERD (rdisk -s)
  3. Shutdown NT and insert the new Hard Disk
  4. Install a basic installation of NT to a directory with a different name than your final NT installation directory
  5. Once the installation is finished restore your backup tape
  6. There are sometimes problems with registry entries, so reboot and boot off of the NT installation disks
  7. After disk 2 choose repair, and select everything except "Check System Files". You will need to insert disk 3 and then the ERD
  8. Reboot and NT should work as required

If the tape drive is not an option and the partition is NTFS you can use the utility scopy that is supplied with the NT resource kit by fitting the new hard disk, creating an NTFS partition on it and then performing

scopy <source drive>: <target drive>: /o /a /s

To use the scopy command you must have Backup and Restore User Rights. Once the copy is complete shutdown NT, remove the old drive, and set the new drive to master (if IDE) or SCSI 0/6 (if SCSI) and boot of the NT installation disks, and again repair everything except "Check System Files". If you have time it can be worth creating a temporary NT installation on the drive before performing the copy, booting off of this minimal installation and perform the scopy from there as this means no files will be locked, and then you would only need to repair the boot sector.

Other methods include ghost copy from http://www.ghostsoft.com and DriveCopy from http://www.powerquest.com which copy and entire disk which should eliminate the need for performing a repair. I have used the ghostsoft utility and it works well.

Make sure if you are moving NT to a different type of disk, i.e. one that needs a different driver, you install the new driver before you perform the copy so that when NT boots off of the new disk it has the needed drivers.

Q. Can I upgrade from Windows95 to NT 4.0?

A. There is no upgrade path from Windows95 to NT4.0. The best option would be to have a dual boot if you have 150Mb of uncompressed space free. Just install NT4.0 into a DIFFERENT directory (if you install NT4.0 into the same directory as Windows95 it will corrupt the 95 registry) and when booting the machine you will have a choice of NT4.0 or Windows95.

Q. How do I remove NT from a FAT partition?

A. Boot MS-DOS with the deltree utility.

  1. DELTREE WINNT
  2. CD PROGRA~1
  3. DELTREE WINDOW~1
  4. DEL NTLDR.
  5. DEL BOOT.INI
  6. DEL PAGEFILE.SYS
  7. DEL BOOTSEC.DOS
  8. Boot up using a Win95 or DOS startup disk, and type SYS a: c:
  9. Reboot

Q. How do I remove NT from a NTFS partition?

A. The best way is to delete the partition. Start the computer from the NT installation disks. When the option to create/choose partitions select the NTFS partition NT is installed on and press D to delete the partition, and then L to confirm.

Q. How do I install the Iomega Parallel Disk Drive?

A. Follow the steps below

  1. Before you do this, make sure your Parallel Zip drive is plugged in, and make sure you DO NOT have a ZIP disk in the drive.
  2. Go to Iomega's web site and download the software: http://www.iomega.com/support/software/ftp.html
  3. Download the Windows NT Tools for Windows NT 3.51 and 4.0 version 1.5 iomgnt15.exe (3.3MB).
  4. Execute this program. It will decompress the files, and then start the SCSI control Panel Applet. Click the drivers tab and click Add. On the right hand side it will have various Iomega drivers and select the relevant one and click Add
  5. After restarting, your system should see the ZIP drive. You do not have to install the ZIP tools, you can use the drive without them. To install the tools anyway, run the setup program again.

Notes:
When you start up your pc, make sure there is no ZIP disk in the drive- otherwise NT will run checkdisk on the drive, which can take an eternity.

If you do not have the ZIP drive attached when you boot up, you will get an error at bootup that a service did not start up.

Q. How do I install at tape drive on NT Server?

A. Follow instructions below

  1. Bring up the Control Panel, and Double click Tape Devices
  2. Click on the Drivers Tab, and then click Add
  3. Select your tape drive (or if not the exact one, something close) and click OK
  4. NT will install the drivers
  5. Reboot your machine and you will then be able to use NTBACKUP

NT 4.0 will also detect and install certain tape drivers (such as 4mm DAT) which means there is no need for a reboot after the installation.

Q. How do I install the NEC 4x4 CD changer?

A. NEC does not currently have drivers for NT 4.0, so the CDROM must rely on Microsoft's generic drivers. I've been able to get all four slots to read data correctly without any special tweaking; however, there are some annoyances that still remain.

  1. The changer cycles through all the slots that have disks in them if you open the Explorer. The only solution that I have found for this problem is to disable the Explorer's interface to the CDROM drives. This can be accomplished via TWEAKUI. You can still access the CDROM drive's contents by using the Run command on the start menu - just enter "Drive_Letter:\\" as the program to run.
  2. Lots of error messages appear in the Event Viewer whenever you reboot. Seems to be a symptom of not having a CDROM specific driver. I haven't seen any problems specifically related to this, so I just ignore it.
  3. The CD player won't recognize a new disk when I insert it. Again, all I have is a workaround. When a disk finishes playing, close the CD Player, then change disks. Wait a few seconds for the CD to be recognized by the changer, then re-open the CD player.
  4. I can't make NT treat all four slots as 1 CDROM drive. Another symptom of the lack of an NT driver. Nothing can be done about this until NEC gives us a real driver.

Q. What are symbol files, and do I need them?

A. Symbol files are created when images are compiled and are used for debugging an image. They allow someone with the correct tools to view code as the software is running. You do not need symbol files unless you are a developer.

Q. How do I install NT and Linux?

A. Linux has a boot manager called LILO (which is a separate utility), and it will boot Linux on its native EXT2 partition, and any other DOS/WIN bootimages residing on a FAT16 partition. It doesn't really care whether it is dos/win95/NT, it will boot it. So as long as NT is installed on a FAT16 partition, there is no problem with LILO. Apparently the latest Linux kernel has FAT32 support, so that may also be an option as well. Actually Linux supports FAT16 and can mount the FAT16 partition under its filesystem and have all the DOS/WIN files visible if you want it to. An alternative to LILO is Grub which can be downloaded from http://www.uruk.org/~erich/grub .

There is something else called LOADIN, allowing linux to be installed as a MSDOS subdirectory in a DOS/WIN system. This allows Linux to be run as an application after you started DOS. This does not work with NT. This is as Linux needs to run in supervisor mode and not user mode. NT will not yield at all on this. Windows 95 is the same but you can set loadlin to run in Dos mode where it just sees Dos 7 and works fine.

Linux and NT will work even if Windows NT is on NTFS. You need to set in linux fdisk for the Linux drive to be flagged bootable, not NT. Then install lilo and select to boot the linux partition and NT (which will say OS/2 in lilo). This way you can use both NT and Linux and still have a NTFS partition. Lilo must reside on the Linux root sector and not the MBR.

You can learn more about it from the Linux documentation project and the FAQ inside. It is mirrored everywhere. This is one of the mirrors ftp://ftp.ox.ac.uk/pub/linux/LDP_WWW/linux.html

Q. How do I install NT over the network?

A. If you do not currently have any operating system installed on your machine, then you need to create a bootable floppy disk that contains a driver for your network card and network protocol. A tool is provided called "Network Client Administrator" which automatically creates a bootable disk used to install Windows95 or Network Client. It is possible to use this tool to also create a disk that can be used to install NT with a bit of tweaking :-)

  1. Format a system floppy drive using DOS
    format a: /s
  2. Create a share on the NT box containing the entire i386 structure from the NT installation CD ROM and give the share everyone Read access.
  3. Log on as the Administrator (or a member of the Administrators group)
  4. Start the "Network Client Administrator" (Start - Programs - Administrative Tools - Network Client Administrators)
  5. Click the "Make Network Installation Startup Disk" option and click continue
  6. Select "Share files" and accept the default of <CD ROM>\clients
  7. Click the OK button, and program will perform some background actions
  8. Next select the floppy drive, and click "Network Client V3.0" as the client and choose your network card from the drop down list. Click OK
  9. Enter the name of the computer it will be known as. The username and domain will automatically be completed using the current user
  10. You need to choose the protocol. In this example choose TCP/IP and uncheck "DHCP". Enter an IP address, subnet mask and gateway.
  11. Insert the disk created in step 1 and click OK
  12. Files will be copied to the floppy disk. Once completed exit Network Client Administrator
  13. The disk needs to be edited to stop the automatic installation of the "Network Client". Start explorer and open the A: drive. Right click on autoexec.bat and select edit.
  14. Remove the last 2 lines of the file (echo running setup and the setup)
  15. You can also change the net use command to point to the correct share where the NT installation files are located
  16. Click Save from the File menu and close Notepad
  17. Insert the disk into the machine where you want to install NT and power on
  18. Once the startup has completed change directory to Z: (or whatever your net use pointed to)
  19. Start a floppyless install
    winnt /b

Q. Is it possible to use Disk Duplication to Distribute Windows NT?

A. It is OK to use disk duplication to install NT, but not a complete NT installation. You should follow the steps below:

  1. Use the winnt /b installation option on a machine
  2. Stop the setup at the second reboot, when it has finished the text portion of the installation, and will be starting the GUI section
  3. Remove and duplicate the hard disk of the machine
  4. Install the duplicate hard drive in the new machine
  5. Start the new machine and the GUI sections will start.

Q. How do I perform an unattended installation?

A. It is possible to specify a text file that can be passed to the Windows NT installation program that contains answers to the questions the installation procedure asks. This file is usually called unattend.txt and is passed to the Windows NT installation program using the /u:unattend.txt qualifier. The answer file has to adhere to a strict format which can be very complex, however there is a utility on the NT Server CD called SETUPMGR.EXE (in the Support/Deptools/I386) that allows the information to be filled into dialog boxes and it will then create the unattend.txt (or any other name) for you. Below is an example of how to use the SETUPMGR.EXE file:

  1. Load the NT Server Installation CD-ROM
  2. Run <CD-ROM>:/Support/Deptools/I386/setupmgr.exe
  3. Click the "New" button, and the click OK to the advice dialog box
  4. Click the "General Setup" button
  5. Click the "User Information" tab, and type your name (i.e. John Savill, not your domain logon name!), your company, a computer name and the product ID (on the back of the NT installation CD-ROM)
  6. Click the "Computer Role" tab, and from the drop down list select the type (in this case Workstation in Domain) and then type the Domain name
  7. Click "Install Directory" and choose the NT install directory
  8. Click "Time Zone" tab and from the drop down list select your time zone
  9. If you choose a PDC then you can click the "Licence Mode" tab and choose the licensing to be used
  10. Click OK
  11. Click the "Networking Setup" button
  12. Enter in the information for adapters and protocols then click OK
  13. If you want to use NTFS click the "Advanced" button and click "File System" tab and select convert to NTFS
  14. Click OK
  15. Click Save and enter a file name
  16. Click Exit

Microsoft have a document on automated installations at http://www.microsoft.com/NTWorkstation called "Deployment Guide to Windows NT Setup"

Q. Is it possible to specify unique items during an unattended install?

A. The unattended installation file contains details for settings that will apply to all machines, however there are some settings that you may want to be different from machine to machine, such as user name, computer name, TCP/IP address etc. This can be accomplished by producing a text file in a certain format, with different sections for each computer. The UDF file is used by specifying the /UDF:ID[,<database file name>]. An example UDF file would be

[UniqueIds]
u1 = UserData,TCPIPParams
u2 = UserData,TCPIPParams
[u1:UserData]
FullName = "John Savill"
ComputerName = SavillComp
ProductID = xxx-xxxxxx
[u1:TCPIPParams]
IPAddress = 200.200.153.45
[u2:UserData]
FullName = "Kevin Savill"
ComputerName = KevinComp
ProductID = xxx-xxxxxx
[u2:TCPIPParams]
IPAddress = 200.200.153.46

The ID specified would be (in the case above) u1 or u2. If the above file was saved as udf.txt to perform an unattended installation for machine one you would use
winnt /b /s:z: /u:unattend.txt /UDF:u1,udf.txt
which would set the installation as user John Savill, computer name SavillComp and IP address 200.200.153.45. If a parameter is specified in both the unattend answer file and the UDF the value in the UDF will be used. (The /b means its a floppyless installation and the /s specifies the source for the installation files and UDF etc. You would needed to have created the connection to z: already (net use z: //savillcomp/dist))

The structure of the UDF uses a subset of the sections available in the unattended answer file.

Q. How do I automatically install applications as part of the unattended installation?

A. A utility is supplied on the NT distribution CD called SYSDIFF.EXE which is used to create a file containing files and registry changes needed for an application or set of applications to be installed. To use SYSDIFF just copy it from the CD to your hard disk

  1. Insert the NT CD-ROM
  2. Move to the <CD-ROM>:\Support\Deptools\i386 directory
  3. Create a directory on you local hard disk (e.g. SYSDIFF)
  4. Copy over SYSDIFF.EXE and SYSDIFF.INF to the directory

The basics behind SYSDIFF is it creates a snapshot of the system before the application is installed, the application is installed and SYSDIFF is run again which compares the current system to the snapshot taken, and any changes to the registry and files are saved. An example usage need to include the following

  1. Create an initial snapshot of the system
    SYSDIFF /snap <snapshot file name, e.g. snapfile , no extension>
  2. Install the application to the machine (e.g. install Office 97 :-) cool app )
  3. Create a difference file based on the current system configuration and the snapshot file
    SYSDIFF /diff /c:<title> <snapshot file> <difference file, e.g. difffile, no extension>
    e.g. SYSDIFF /diff /c:officediff snap difffile
  4. Have a look at the differences
    SYSDIFF /dump <difference file> <dump file>
    e.g. SYSDIFF /dump difffile dumpfile
    Type out the dumpfile
  5. Create a subdirectory for each application installed into a directory called $OEM$\ (e.g. i386\$oem$\msoffice) and copy over (keeping the directory structure)
  6. Edit your unattended installation file (unattend.txt) and change the [Unattended] section to include
    OEMPreinstall = Yes
  7. Copy SYSDIFF.EXE and SYSDIFF.INF to the $OEM$ directory
  8. Copy difffile to the distribution directory
  9. If the file does not exist, create the file $OEM$\Cmdlines.txt and insert the following line
    sysdiff /apply /m difffile
    where /m makes the changes to the default user profile

Note: Using the /apply method the %systemroot% has to be the same on all machines, i.e. if the diff file was created on a machine with a %systemroot% of d:\winnt\ all machines must be installed to d:\winnt\ ([Unattended] TargetPath)

Q. Install detects the wrong video card and locks the installation.

A. When NT detects a video card it insists that you click the "Test" button. If the NT installation procedure incorrectly detects the hardware then it can cause the NT installation to hang and the only way to continue is to press the Reset button (e.g. the Number 9FX Reality card). To solve this problem when it detects the card just click the CANCEL button and it will leave the default VGA driver.

After the installation has finished manually install the new driver supplied with the graphics card, or download it from the makers web site.

Q. How do I upgrade from NT 3.51 to NT 4.0?

A. The scenario below is for upgrade an NT Workstation 3.51 machine to a NT Workstation 4.0 machine. It is the same to upgrade a NT Server 3.51 to a NT Server 4.0, except that if you upgrade a server you will also be given the option to install IIS (Internet Information Server).

  1. Although it is possible to upgrade using the floppyless install, in this example we will boot off of the 3 NT installation disks (which can be made using winnt32 /ox). Insert the first NT installation disk and boot up the machine
  2. You will have to put in Disk 2 and then press Enter.
  3. You will be given a choice of options. Choose "Setup Windows NT" by pressing Enter
  4. Press Enter to Detect Hardware and you will have to insert Disk 3.
  5. When the detection is finished, if you have extra drivers to install, insert the OEM disk and press S to specify addition devices.
  6. Once all drivers have been installed read the license agreement by scrolling down using the page down key and press F8 to agree at the end.
  7. A check of the disks will run and it will detect your previous installation of NT. Press Enter to upgrade this installation.
  8. Allow the program to perform a quick check of the disk by pressing Enter.
  9. The Fonts on the system will be upgraded and files copied over.
  10. Remove any disks and press Enter to reboot
  11. Once the system has rebooted press the Next key to allow the Setup program to verify the computer information
  12. Enter the CD-Key that is on the back of the NT installation CD-ROM case and click Next
  13. Select if you want a repair disk and click Next
  14. Select components and click Next
  15. Click Next to upgrade Network Services
  16. Any non-standard Network components will be displayed and you will be advised to remove and add them after the installation.
  17. Click Finish and the main files will be copied
  18. Click the "Restart Computer" button

The only problem with the upgrade is it does not remove old applications that were part of 3.51, such as cardfile.exe.

Q. When I use an unattended installation, how do I avoid the click "Yes" at the license agreement?

A. In the [unattended] section of your unattended answer file insert the line

OemSkipEula = yes

Q. I have NT installed, how do I install Windows95?

A. If you already have DOS installed, then boot to DOS and install Windows95. The instructions below are if you only have Windows NT installed.

  1. Make an emergency repair disk (rdisk - Update Repair Info)
  2. Ensure you have NT installation disks (can make by winnt32 /ox)
  3. Reboot the machine and boot off of the Windows95 installation disks or boot off of a bootable floppy disk with the drivers for your CD-ROM drive and run setup.exe off of the CD-ROM
  4. Install Windows 95 as normal
  5. Once the Windows 95 installation has finished, reboot the machine and boot off of the NT installation disks
  6. After 2 disk will give options, press R for repair
  7. Deselect all options except "Inspect Boot Sector" and continue
  8. Press Enter to detect hardware and insert disk 3
  9. The procedure will ask if you have an Emergency Repair Disk (ERD), say Yes and insert the ERD.
  10. The machine will then reboot into NT again
  11. Once in NT goto a DOS session
  12. Type - attrib c:\boot.ini -r -s
  13. edit boot.ini and insert at the bottom
    c:\=Microsoft Windows
  14. Type - attrib c:\boot.ini +r +s
  15. Reboot the machine and you will have Windows95 and NT options.

For this procedure to work the system partition (c:) must be FAT.

Q. How do I remove Windows95/Dos from my NT system?

A. The procedure below should be used on systems with Windows95 and/or DOS installed, however be aware it is sometimes good idea to have a small DOS installation for use with hardware setup etc. Before you start this make sure you have an up-to date ERD (rdisk -s) and the 3 NT installation disk (winnt32 /ox) just in case :-)

  1. Modify the attributes on boot.ini to allow the file to be edited
    attrib c:\boot.ini -r -s
  2. Using Notepad (or another test editor open c:\boot.ini and remove the lines for DOS and/or Windows95 from the [operating systems] section, e.g. the lines to remove may be
    c:\="MS DOS 6.22"
    c:\bootsect.622="MS DOS 6.22"
    c:\="Windows 95"

    Lines to avoid removing are structured like
    multi(0)disk(0)rdisk(0)partition(2)\WINNT="Windows NT Workstation Version 4.00"
  3. Save the file, and put back the file attributes
    attrib c:\boot.ini +r +s
  4. If you are removing DOS then delete the DOS tree structure
    deltree c:\dos
  5. If you are removing Windows95 then delete the Windows 95 tree structure ** Make sure it is not the same directory as NT is installed in, this is very unlikely however **
    deltree d:\window95
  6. You will also need to remove applications that were only installed for use with Windows 95/DOS, e.g. programs under Program Files, however NT will also install applications in this directory so be careful.
  7. DOS and Windows95 place a number of files on the boot partition that can be deleted, e.g.
    - autoexec.bat
    - config.sys
    - IO.SYS
    - MSDOS.SYS
    - bootlog.txt
    - command.com
    It will probably be safer to copy them somewhere before deleting them and just check NT boots OK. You may need to set them to be deletable using
    attrib <file> -r -h -s
    You can basically delete all files at the base of the boot partition except
    - boot.ini
    - ntldr
    - ntdetect.com
    - ntbootdd.sys (for SCSI systems)
    Which are needed for NT startup
  8. Reboot the machine and Windows95/DOS are now removed

Q. I can't create a NTFS partition over 4GB during installation.

A. During the text based portion of the NT installation, it is possible to create and format partitions. The maximum size for an NTFS partition is very large (16 exabytes), however the maximum size for a FAT partition under NT is 4GB (2GB under DOS). If you format a partition as NTFS during NT installation, it originally formats it as FAT and then converts it in the final stages of the NT installation, and this you are limited to a maximum partition size of 4GB during the NT installation.

To get round this problem there are several paths of action open to you

  1. Before starting the installation insert the disk into an existing NT installation and partition/format the disk using Disk Administrator and then insert the disk into the machine to be installed
  2. Partition the disk into smaller partitions, if you had a 5GB disk you could have a 1GB system partition, and a 4GB boot partition. The system partition is the partition NT's core startup files are located, boot.ini, ntldr and ntdetect.com (ntbootdd.sys if SCSI), and will normally be the active partition. The boot partition is the partition that NT stores the rest of its files, i.e. the %systemroot% directory
  3. Create a 4GB partition at installation time, and then extend the NTFS partition after installation has completed
    - Start Disk Administrator (Start - Programs - Administrative Tools - Disk Administrator)
    - Select the NTFS partition and holding down the Ctrl key select the unpartitioned space of the rest of the disk
    - From the Partition menu, select Extend Volume Set
    Note - You cannot extend a NTFS partition if it is the boot or system partition (as the boot/system partition cannot be part of a volume set)

For more information see knowledge base articles:

Q. I cannot upgrade my 4.0 NT installation with the NT 4.0 upgrade CD.

A. Microsoft have confirmed this to be a problem with the software, and more information can be found in knowledge base article q154538 at http://www.microsoft.com/kb/articles/q154/5/38.htm .

A workaround is available, as the setup procedure checks the registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion for the version number, and only upgrades if the version is 3.1 ,3.5 or 3.51. You can therefore edit this entry and change the current version number

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  3. Double click on CurrentVersion that is in the right hand pane
  4. Change 4.0 to 3.5 and click OK
  5. Close the registry editor

You should now be able to upgrade.

Q. How do I create the NT installation disks?

A. Follow the procedure below:

  1. Insert your NT Workstation/Server CD
  2. From the Start Menu, select Run (or press Win key + R)
  3. If you are not running NT on the machine you are making the disks from enter
    <CD-ROM drive>:\i386\winnt /ox
    If you are running NT:
    <CD-ROM drive>:\i386\winnt32 /ox
  4. You will have to put in 3 blank, formatted disks

Q. How can I use a Network card that is not one of those shown with Network Client Administrator?

A. The Network Client Administrator tool located in the Administrative Tools section is a very useful tool, but lacks the seemingly obvious function of "Have disk" to use a NDIS 2.0 compatible driver supplied with the network card. You can get round this though with a minimum of hassle.

  1. Run Network Client Administrator as normal, selecting a network card similar to your card
  2. Once finished locate the driver disk that was supplied with the Network card (you did keep it :-) ).
  3. On the disk there will be a NDIS folder and a DOS section
  4. Copy the .dos file from this disk to the net sub-directory on the disk created by Network Client Administrator
  5. Also in the directory should be a sample protocol.ini file, open this and look for the line with a driver with a $ on the end, e.g.
    DriverName = "EL59X$"
    write this name down
  6. Insert the disk created by Network Client Administrator and move to the \net sub-directory
  7. Open the file system.ini and edit the network drivers section and change the netcard parameter to the name of the .dos file you copied to the disk
    [network drivers]
    netcard=EL59X.dos
  8. After saving system.ini, open protocol.ini (in the same directory) and locate the DriverName parameter and change to the name you found in the protocol.ini file supplied on the Network Card driver disk (the one you wrote down in step 5), e.g.
    [ms$elnk3]
    DRIVERNAME=EL59X$
    If the card is a PCI card make sure the I/O, slot etc. are commented out, or set these to the correct values. Again save the file.

The Network Client Administrator disk is now configured to use your network card. A known problem is with Irmatrac/Microdyne token ring adapters, and will not work unless the net sub-directory on the disk is renamed to dev.

This solution is fine for one off disk creations, however you may want to have the network card displayed as an option by the Network Card Administrator program, to do this perform the following

  1. You have to have the clients directory shared on your hard disk, e.g. d:\clients
  2. Copy the .dos file from the network driver disk (windows for workgroups area) to <client share name>\msclient\netsetup directory
  3. Edit the file <client share name>\msclient\netsetup\wcnet.inf and enter the following details, this information will be on the Network card installation disk as a oemsetup.inf or similar file
    [netcard]
    tcm$el59x="3Com Fast EtherLink/EtherLink III BusMaster Adapter (3C59x)",0,ndis,ethernet,0x07,tcm$el59x,tcm$el59x_nif
    Also in the oemsetup.inf will be 2 sections that correspond to the last 2 parameters, e.g. tcm$el59x and tcm$el59x_inf. Append these to the end of wcnet.inf, then save the file

Network Client Administrator will now list the new card as an option as a Network card.

Q. How can I make domain users members of local Administrators groups during an unattended installation?

A. The easiest way to do this is to use the net localgroup command, however before you can use the command you have to have connected to the PDC and start the netlogon service. The following commands can be used in the unattended installation using the CMDLINES.TXT file:

net use \\<machine name of the PDC> /user:<domain name>\<username> <password>
net start netlogon
net localgroup Administrators "<domain name>\<user>" /add

Q. I have problems running a program as part of the unattended installation?

A. You can use the /e switch during the unattended installation to specify a program to run, e.g.

winnt.exe /u:unattend.txt /s:w: /e:"w:\servpack\update -u -z"

The above would be used to install a service pack after the NT installation (-u for unattended, -z for no reboot), however you may get an error and in setuplog.txt the following error:

"Warning:
Setup was unable to invoke external program
<drive>:\<directory>\<program> because of the following error:
CreateProcess returned error 3."

This is because after the installation network drives are no longer mapped and w: no longer exists. Any source files need to be locally stored to be able to be run and then with the /e use a local drive letter.

License

Q. How is NT Licensed?

A. The basic idea behind Windows NT licensing is that you purchase NT Server and license which allows you to install the software on one machine, however you cannot use the software unless you have a client license. A client license is just a piece of paper, no codes, no passwords, just a piece of paper saying you can use one more client. A client license is around US$40, which means you have to buy the NT server software (around US$650) and then US$40 times the number of clients to the machine, plus the cost of the client software and licenses!

There are two methods of licensing, per seat and per server. Per seat licensing is where each network user has a license, and allows the user to access as many/all of the servers in the enterprise. This is the most popular and cost effective method if you have two or more NT servers.

The second method, per server, also known as concurrent licensing is where licenses are purchased and "installed" on the server. For example, if you purchased 50 client licenses and installed them on the server, up-to 50 connections at a time would be allowed. If you then purchased another server, you would need to buy another 50 client licenses for connections to that server.

From the above you can see that if you have more than 2 NT Servers you will want per seat, with the exception of a machine such as an Internet service server, which would have different people connecting to the site all the time, so you would need x client licenses, where x is the maximum number of people you expect to connect at any one time.

It is possible to perform a once only conversation of per server licenses to per seat licenses.

Q. How can I view what licenses I have installed/used?

A. NT Server has a utility called License Manager that enables you to inspect the licenses and their use:

  1. Logon to the NT Server
  2. Start License Manager (Start - Programs - Administrative Tools - License Manager)
  3. Click on the Products View tab, and it displays the licenses installed and used

Q. How do I install extra licenses?

A. This method is only for Per Server

  1. Logon to the NT Server
  2. Start License Manager (Start - Programs - Administrative Tools - License Manager)
  3. Click on the Products View tab
  4. Click on "Windows NT Server"
  5. Either Right Click on Windows NT Server and select Properties, or select Properties from the License menu
  6. Click the "Server Browser" tab and select the NT server and click Edit
  7. Select Windows NT Server and click Edit
  8. Click "Add Licenses", make sure the product selected is "Windows NT Server" and enter the number of licenses and click OK
  9. Click in the "I agree" box and click OK
  10. Keep clicking OK until you are back to the main screen

For Per Seat

  1. Start License Manager
  2. Select "New License" from the License menu
  3. Select "Windows NT" as the product
  4. Using the up and down arrows increase the number of licenses
  5. Enter a comment
  6. Click OK
  7. Click in the "I agree" box and click OK

Q. How do I convert from Per Server to Per Seat?

A. This is legally a one way conversion process:

  1. Logon to the NT Server
  2. Start License Manager (Start - Programs - Administrative Tools - License Manager)
  3. Click on the Products View tab
  4. Click on "Windows NT Server"
  5. Either Right Click on Windows NT Server and select Properties, or select Properties from the License menu
  6. Click the "Server Browser" tab and select the NT server and click Edit
  7. Select Windows NT Server and click Edit
  8. Click Per Seat
  9. And say Yes to the question
  10. Click in the "I agree" box and click OK
  11. You are now using Per Seat

Q. How can I reset the License Information?

A. More information can be found in Knowledge Base article Q153140:

  1. Start the services control panel applet (Start - Settings - Control Panel - Services)
  2. Select the "License Logging Service" and click stop
  3. Start Explorer (Run - Explorer)
  4. Move to the %systemroot%/system32 directory (e.g. d:\winnt\system32)
  5. Delete Cpl.cfg which holds the purchase history
  6. Move to the Lls sub-directory of system32, and delete the file llsuser.lis and llsmap.lis if they exist
  7. Back in Services Control Panel applet, select "License Logging Service" and click Start

Q. How can I run the License Manager software on a NT Workstation?

A. The NT Workstation server tools do not include this software, however since Server and Workstation share much of the same code then you can just copy the following files from the %systemroot%/system32 directory on the server to the %systemroot%/system32 directory on the workstation

Windows 95 as a client

Q. How do I communicate with a Windows 95 client?

A. Enable the winpopup utility on all Windows 95 machines. The best way is to place winpopup in the Startup group under Program Files.

Q. How can I administer my domain from a Windows95 client?

A. Install the server tools that are part of the Windows NT installation CD. Right click on the file <CD ROM>:\clients\srvtools\win95\srvtools.inf

Q. How do I force a 95 machine to logon to a domain?

A. Using the Policy editor, create a new profile, or edit your existing profile

  1. Double click the Default Computer
  2. If you are editing the profile using the NT profile editor move to the Windows 95 Network, if you are using the 95 policy editor move to the Network directory
  3. Move to the Logon tree and select "Require validation by Network for Windows access"
  4. You can also add a legal warning notice if you wish
  5. Save the policy in the Netlogon share (%systemroot%\system32\repl\import\scripts) as CONFIG.POL

Q. How do I enable Windows 95 machines to use Group policies?

A. Copy the file group.dll from the windows95 installation CD to the system folder of each Windows 95 machine. This could be automated by adding the copy to a logon script.

Q. How do I enable Load Balancing on a Windows 95 machine?

A. Follow procedures below:

  1. Start the policy editor
  2. From Network (or Windows 95 Network if from an NT machine) select Logon, validation
  3. Select Remote Update and Load Balance

This will enable a Windows 95 machine to look for the script from the logon server.

NETWARE

Q. What about Netware?

A. Netware connectivity is available!
NT-based systems can integrate with existing Netware servers. The IPX/SPX network protocol is supported on NT by using the NWLink IPX/SPX Compatible Transport. So, on top of this protocol, you need some tools to provide the integration.

Q. What are Client Services for Netware?

A. CSNW provides an NT workstation with basic file and printer connectivity to Netware. It supports both Bindery and NDS.

Q. What are Gateway Services for Netware?

A. GSNW is available only for NT servers. It includes the CSNW service to provide basic file and printer connectivity. In addition, GSNW allows an NT Server to act as a non-dedicated gateway. This means that your NT Server can connect to a Netware box and share the Netware drives as NT shares for all of your Microsoft network clients to access seamlessly (including those coming in via RAS).

While it works well, it's likely that it would be a bottleneck if you were going to link large networks using this single gateway!

The Netware server will need a special GROUP created called NTGATEWAY and a user account on Netware must be assigned to this group and to the gateway service on the NT Server.

Q. How do I install Gateway Services for Netware?

A. Perform the following:

  1. Start the Network Control Panel Applet (Start - Settings - Control Panel - Network, or right click on Network Neighborhood and select properties)
  2. Click the services tab and click Add
  3. Select Gateway (and Client) Services for NetWare and click OK
  4. Enter the path of your NT CD-ROM and click OK. When the file copying has finished click Close.
  5. Create the NTGATEWAY group and a user that is a member of that group on the NetWare server using SYSCON on 3.12 servers, or NWADMIN/NETADMIN on 4.0 or later
  6. Restart the computer
  7. Enter the user account you created that is a member of the NTGATEWAY group when the machine restarts.

Q. How do I attach to a NetWare 3.12 Server?

A. Perform the following:

  1. Start the Gateway Services for NetWare control panel applet (Start - Settings - Control Panel - GSNW)
  2. Select Preferred Server
  3. From the drop sown list select the server, or if it is not shown enter the name of the server
  4. Click OK

Q. How do I attach to a NetWare 4.1 Server?

A. NetWare 4.1 connections is more complex than 3.12 connection as NetWare 4.1 has the complexity of NetWare Directory Services:

  1. Start the Gateway Services for NetWare control panel applet (Start - Settings - Control Panel - GSNW)
  2. Select the Default Tree and Context
  3. In the Tree Name enter the name of the NetWare 4.1 server and enter the context of the user account in the context input box
  4. Click OK

Q. What are File and Print Services for Netware?

A. CSNW and GSNW provide the ability to connect to Netware for file, printing and applications from your Microsoft network based clients.

FPNW does the reverse - it allows Netware clients to see the NT Server as if IT was a Netware box! FPNW allows you to appear as a Netware 3.12-compatible server.

Q. What is Directory Service Manager?

A. DSMN copies Netware user/group accounts to NT Server and will then propagate any changes BACK to the Netware box. This sharing of user/group information happens without you adding any software to the Netware side at all.

So, what does DSMN give you?

  1. Single network login and password synchronization
  2. Copy Netware accounts to a Domain (and any changes get propagated back)
  3. Ability to merge multiple Netware accounts into a single NT account

What is Migration Tool for Netware?

A. This is a tool to allow you to migrate user and group accounts as well as login scripts, files and directories from Netware servers to a PDC or BDC.

This tool is located under the Administrative Tools program group and is called "Migration tool for NetWare". When run you have to select the NetWare server to convert and the NT service to convert the information into. Also you have to select a prefix for the NetWare users and groups, nw_, is the norm. Once the migration starts it may take a long time depending on the number of records.

Q. What are the NT equivalents of NetWare Rights?

A. The table below outlines the NetWare rights and the NT equivalents:

NetWare Windows NT
Supervisor (S) Full Control (All)
Read (R) Read (RX)
Write (W) Change (RWXD)
Erase (E) Change (RWXD)
Modify (M) Change (RWXD)
Create (C) Add (WX)
File Scan (F) List (RX)
Access Control (A) Change Permissions (P)

Macintosh

Q. How do I add the services for Macintosh?

A. Follow the instructions below:

  1. Start up Control Panel (Start - Settings - Control Panel)
  2. Double click on Network, and select the Services Tab
  3. Click Add and select "Services for Macintosh"
  4. Put in the NT CD and click continue
  5. Click close to finish
  6. Once copying is complete the AppleTalk Protocol Properties sheet will be displayed, and you should choose which Network card it is to be bound to. If there are Macintosh currently connected then and AppleTalk zone will be displayed, if not you will need to perform the following
    - Select the Routing Tab, and check "enable routing" if you have multiple network adapters
    - For each network card you should choose the AppleTalk Phase 2 network number and default zone (which can be added by clicking the Add button at the bottom)
  7. After the configuration is completed you will be prompted to reboot your machine
  8. Once the machine has restarted you will have Macintosh file and print services.

Q. How can I read a Macintosh disk from Windows NT?

A. Mac Opener 2 by DataViz (http://www.dataviz.com/) allows Macintosh disks to be accessed by NT.

Q. Does NT RAS support AppleTalk?

A. No, however NBT (NetBIOS over TCP/IP) protocol is available for Macintosh from http://www.thursby.com (allowing Macintosh access to NT shares over RAS or LAN connections)

Q. Can NT act as an AppleTalk client?

A. No, however the AppleTalk protocol is available for NT from http://www.miramarsys.com

Q. How can I make a Macintosh PPP connection to Windows NT RAS?

A. There are full instructions at http://valleynet.on.ca/~aa158/mac-ras.html

Q. I am unable to write to the Microsoft UAM folder from the Macintosh?

A. The UAM (User Authentification Module) volume that shows up by default with SFM is set to read-only for the macs (except for Administrators). To change this start File Manager (winfile.exe) or Server Manager (under NT 4.0), from the MacFile menu choose View/Modify volumes. Select the volume, and clear the "This volume is read-only". You may also change permissions by clicking properties, then permissions. Permissions for Mac Users are set separately from standard NT file permissions.

RAID

Q. Does NT Workstation support RAID?

A. Workstation does not support fault tolerant RAID, e.g. RAID 1 or RAID 5, however it does support RAID 0 (stripe set without parity). Obviously hardware RAID will work as it is transparent to the Operating System.

There is much talk about changing the ProductType registry key to enable fault tolerance on NT Workstation and while it can be done this is against Microsoft licensing and would also be unsupported by Microsoft. Do NOT mail me asking for the method as I will not distribute it and will just delete the mail message without replying.

Q. What RAID levels does NT Server Support?

A. NT Server supports RAID 1 (disk mirroring) and RAID 5 (strip sets with parity check). NT also support RAID 0, which is Striping without Parity, however this offers no data redundancy.

Q. How do I create a Stripe Set with Parity?

A. Follow instructions below

  1. From Start Menu - Programs - Administrative Tools and click Disk Administrator
  2. Select at least 3 areas of free space on different physical disks
  3. From the Fault Tolerance menu, select Create Stripe Set With Parity
  4. Fill in the size wanted, and click OK

Note - A stripe set will only use the lowest common disk space on each physical drive, i.e. with 3 disks of 100MB, 50MB and 40MB free, each part of the stripe set would only be 40MB with a maximum of 120MB partition in total.

Q. How do I recreate a broken Stripe Set?

A. When a member of a Stripe Set with Parity fails, you do not get a warning, and everything continues to work. Indications include when you start Disk Administrator and on the Event Log. Follow instructions below

  1. Replace the faulty disk and start NT
  2. From Start Menu - Programs - Administrative Tools and click Disk Administrator
  3. Select the Stripe Set to be repaired and an area of unpartioned space on the new physical disk
  4. From the Fault Tolerance menu select Regenerate

Q. How do I remove a Stripe Set?

A. Follow instructions below

  1. From Start Menu - Programs - Administrative Tools and click Disk Administrator
  2. Select the stripe set you wish to delete.
  3. From the Partition drop-down menu select Delete
  4. Confirm to Delete the Partition

Note - You will lose ALL data on the stripe set

Q. Can NT be on a Stripe Set?

A. If NT is providing software RAID 0 or RAID 5 (stripe set or stripe set with parity) then neither the NT boot or system partition may be on a RAID 0 or RAID 5 volume. This is because using this type of volume requires the fault tolerant driver and that is loaded during NT's bootup. If you require NT to be on a stripped set then you will need to purchase hardware RAID.

Q. How do I create a Mirror Set (RAID 1)?

A. To create a mirror you should first create what the prime will be, and then you can create a mirror of it:

  1. Start Disk Administrator (Start - Programs - Administrative Tools - Disk Administrator)
  2. Click on the existing partitions that is the prime, and hold down the Ctrl key
  3. Click on an unpartitioned area of disk space
  4. From the Fault Tolerance menu select "Establish Mirror"
  5. From the Partition menu select "Commit changes now", and the duplication will begin.

Q. How do I break a Mirror Set?

A. If part a Fault Tolerant is lost (by hardware failure etc.) then a message will be displayed "A disk that is part of a fault-tolerant volume can no longer be accessed". The drive will still be usable, but the Mirroring will have been suspended. To break the mirror set:

  1. Start Disk Administrator (Start - Programs - Administrative Tools - Disk Administrator)
  2. A message will be displayed that a disk is missing
  3. Click on the Mirror, and select "Break Mirror" from the Fault Tolerance menu.
  4. Confirm the action

Q. How do I repair a broken Mirror Set?

A. Make sure you have an area of unpartitioned space that is at least the size of the Primary partition:

  1. Start Disk Administrator (Start - Programs - Administrative Tools - Disk Administrator)
  2. Click on the working part of the mirror, hold down the Ctrl key and select the area of unpartitioned space
  3. Select Establish Mirror from the Fault Tolerance menu.

Q. Can I install NT on a stripe set?

A. No. See Q. Can NT be on a Stripe Set? for more information.

Performance and System Information

Q. How do I view all the applications/processes on the system?

A. You can use Task Manager that is standard part of NT (Right click on the Task Bar, and select Task Manager). There is also the PVIEW program that comes with Visual C++. For command line viewing there is TLIST that comes with the resource kit or ps that is freeware.

Q. How do I move my pagefile?

A. Follow procedures below:

  1. Start Control Panel, and double click System icon
  2. Click Performance and Virtual Memory Change
  3. Select the current Pagefile disk and change the initial size to 0 and click set
  4. Select a different disk, and change initial size and max size and click set
  5. Click OK and then close
  6. Reboot machine

Q. How big and where should my Pagefile be?

A. Below are things to consider.

Q. Users complain server response is slow, but when I use the server everything is fine.

A. It could be the server Screen Saver! The Open GL screen savers (especially the pipes) can use every CPU cycle off the Server. In general you should always use the blank screen saver on a server.

Q. Where can I get information about my machine?

A. There are several utilities available, however winmsd is good, and can produce a full printed report about your computer including IRP,DMA settings for devices. A command line version of winmsd is called winmsdp which is good to run regularly.

Q. Is there a RAM disk in NT4.0?

A. No. However there is a piece of software which creates a RAM disk. In general the NT cache does a very good job. Microsoft also produced a RAM disk which still works on NT 4.0 called NTRamdsk.

A commercial package SuperDisk-NT is now available from EEC Systems (http://www.eecsys.com/)

Q. How can I tell when NT was last started?

A. From the command prompt, enter the command net statistics workstation and at the top it says "statistics since ...". You will need to be quick with the Ctrl-S (to pause the output, Ctrl-Q starts it again). This will give the time since the workstation service was started, so if someone has performed a

net stop workstation
net start workstation

the time up will be incorrect.

The time NT has been up is also displayed from the PVIEW utility, and also there is a set of applications that display this information called 3UPTIMES.ZIP (there is a command line and a windows version included). These apps are from http://barnyard.syr.edu/~vefatica/. Be aware this gives incorrect information if the system has been up more than 50 days.

ElWiz from http://rcswww.urz.tu-dresden.de/~fh/nt/eventlog/#Elwiz will always give the right uptime (among lots of other usefull information) and it is free, too.

Q. How can I monitor disk performance?

A. NT's built in Performance monitor can be used to monitor disk activity, however this is not active by default, and needs to be activated by typing
diskperf -y
from the command prompt. You will then need to reboot, and then disk activity can be viewed using Performance Monitor.

Q. How can I tell if I need a faster CPU?

A. You use Performance Monitor (Start - Programs - Administrative Tools - Performance Monitor) to see how much time the computer is waiting to use the CPU:

  1. Start Performance Monitor
  2. Click the "+" button (if you cannot see a title bar press Ctlr-T)
  3. From the dropdown Object box select System
  4. Select "Processor Queue Length" from the counters
  5. Monitor the system for a typical day of work, and if the counter exceeds 2 then you should consider a faster processor

Q. I need to run a number of 16 bit apps, what is the best way to do this?

A. The best way is to create a shortcut to the 16 bit application, then right click on the shortcut and select properties. Click on the shortcut tab and check the box "Run in separate memory space". This will make the app run in its own VDM (Virtual Dos Machine) with its own memory space. This improves performance and system stability as one 16 bit app can no longer effect another's.

An application can also be forced to run in its own memory space using:
start /separate <application name>

Q. I have lost my NT Installation CD-ROM case that had the Key number, how can I find it out?

A. The easiest way is to run WINMSD (Start - Run - Winmsd) and look at the Version tab. On the line above the register info you will see a number in the form of 50036-xxx-yyyyyyy-71345. The xxx-yyyyyyy is the number on the back of the CD case. This is also the same as the registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId.

Q. How can I run an Application at a higher priority?

A. It is possible to start an application at a priority other than normal, however if you run applications at high priority THEY may slow performance. Priorities range from 0 to 31, 0 - 15 are used by Dynamic applications, such as user applications and most of the operating system parts, 16-31 are used by real time applications like the kernel which cannot be written to the page file. Normal priority is level 8 (NT 3.51 normal was 7). The full list is

To start an application at a priority other than the default use the start command, e.g.

start /<priority> <application>, e.g. start /high winword

Be warned that if you run applications at high priority may slow performance as other application get less I/O time. To use the /realtime option you have to be logged on as a user with Administrator privileges.

To modify the privilege of a currently running application use Task Manager

  1. Start Task Manager (Right Click on the Start Bar and select Task Manager)
  2. Click on the Processes tab
  3. Right Click on the required process and select "Set Priority"
  4. You can then select a different priority
  5. Close Task Manager

It is also possible to increase the priority of whichever application is currently in the foreground, as opposed to the background processes.

  1. Start the System Control Panel Applet (Start - Settings - Control Panel - System)
  2. Click the Performance tab
  3. In the Application Performance tab move the arrow
    - None - The foreground application runs the same as background applications
    - Middle - The foreground application has its priority increased by one, background applications stay the same.
    - Maximum - The foreground application has its priority increased by two, background applications stay the same, e.g. an application will have its priority increased from 8 to 10.

Q. How can I monitor processes that start after I start the Performance monitor?

A. If you are running performance monitor in log mode, after the log is closed and you wish to view certain processes in the drop down list you only see processes that were running at the time you started the log. This is not true :-)

  1. Start Performance Monitor (Start - Programs - Administrative Tools - Performance Monitor)
  2. Select Log View (View - Log or Ctrl-L)
  3. Add to the log the objects you wish to monitor (Edit - Add to Log), including "Process", when finished click Done
  4. From the Options menu select Log and enter a file name, a period of time and click "Start Log"
  5. When you have logged enough, switch to Performance Monitor and from Options menu select Log, select "Stop Log"
  6. Move to Chart view (View - Chart, or Ctrl+C)
  7. Load in the log you created by selecting Options - Data From , and selecting the file and click OK
  8. From the Edit menu, select Add and add the counters you wish to see, you will notice that under processes, the instances are only those running when you started, don't worry.
  9. There will probably be an area you wish to investigate, such as a spike in CPU use, disk I/O. Alter the time window to start from the peak
    - From the Edit menu, select Time Window
    - Move the left hand bar till the left line is in the correct place on the chart, i.e. the spike
    - Click OK
  10. Now from the Edit menu, and select Add, under processes there will now be processes that were running at THIS point allowing you to diagnose the problem process, you can also now put the time window back to normal and this process will still show

What this means is the instances shown are only those running at the start of the time window, so to add other processes running at other times, you may need to continue moving the start of the time window.

Q. How can I view information in the Event Log from the command line?

A. A utility called DUMPEL.EXE is supplied with the Windows NT Resource Kit which outputs a comma or tab separated file. It allows the events from all 3 logs to be dumped on the local or remote computer. For full information see the NT Resource Kit Tools help however below is the basic syntax.

dumpel -f <filename for output> [-s \\<servername>]  [-l <which log, e.g. system, application,security>] -c
e.g., dumpel -f applog.txt -l application -c

This would dump out the application log as a comma separated file (alternatively use -t instead of -c for a tab separated file).

Another useful switch is -e <event> which allows you to only output a given event, e.g.

dumpel -f winlogon.txt -l application -c -m "winlogon"

Would display all information re winlogon (you don't need the quotes if the event is one word).

Multimedia

Q. How do I disable CD AutoPlay?

A. You can use the TweakUI utility and goto the paranoia tab, or edit the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom and change Autorun 0x1 to 0x0 to disable autorun. If you use TWEAKUI it will only affect the current user, where as the registry entry will set it for all users. To achieve the same as TWEAKUI change HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and set the value NoDriveTypeAutoRun from 0x95 to 0xff.

Q. How do I install a Joystick in NT?

A. On the NT CD goto directory drvlib\multimed\joystick\x86 and right click oemsetup.inf and select install.

Q. How do I change my Soundcards Settings (IRQ)?

A. From Control Panel, double click MultiMedia. Select the "devices" tab and expand the Audio Devices. Click on the soundcard and click properties. Click settings, and scroll to the setting you wish to change and click "change setting". Change the setting and click OK, then reboot.

Q. Does NT 4.0 support Direct X?

A. Direct X is built into NT 4.0, although limited. There is no way to upgrade the Direct X part of NT, however Service Pack 3 has complete Direct X 3.0 support. NT 4.0 pre Service Pack 3 supports the DirectDraw, DirectSound and DirectPlay components of DirectX.

Q. Does NT have a speaker driver?

A. There is no NT speaker driver like there was in DOS, however this used to hammer performance and it is better to buy a cheap soundcard.

The very nature of this driver prohibits its use. A preemptive multitasking operating system will not allow enough CPU cycles to generate the sound. The sound is generated by pulse with modulation which requires 100% of CPU time while the sound is being played. Sound cards offload this to their DAC chips

Q. How do I install my SoundBlaster Sound Card?

A. If you have one of the newer Plug and Play Sound Blaster cards then the install is simple.

  1. Insert the NT installation CD
  2. Goto the drvlib\pnpisa\x86 directory
  3. Right click on the pnpisa.inf file and select install
  4. Reboot the Machine
  5. Once restarted NT will detect any ISA PnP devices including your Sound Card, the drivers are on the CD in directory drvlib\audio\sbpnp\i386

If you have one of the older non-PNP sound cards download the file awent40.exe and follow the instructions that come with the file once expanded.

Q. How do I install a WaveBlaster card?

A. Follow the instructions below:

  1. From Control Panel, double click MultiMedia
  2. Click the Devices tab and click Add
  3. Select "MPU-401 Compatible Driver"
  4. Insert the NT CD-ROM and click OK, you will be prompted for the port setting (usually 300h or 330h)
  5. Reboot the machine
  6. After reboot from Control Panel, double click MultiMedia and goto the Midi tab
  7. Click on "Single Instrument" and select "Generic MPU-401" driver.

User Configuration

Q. How do I enable NumLock automatically?

A. The registry entry HKEY_CURRENT_USER\Control Panel\Keyboard. Change InitialKeyboardIndicators from 0 to 2 using the regedt32.exe registry editor. To set the numlock for before anyone logs on, change the .default user value from 0 to 2, e.g. HKEY_USERS\.DEFAULT\Control Panel\Keyboard\InitialKeyboardIndicators to 2.

An easier way is to turn NumLock on and the logoff using Ctrl-Alt-Del Logoff which will preserve the state of Numlock (logoff from Start menu does not do this).

Q. How do I disable Task Manager?

A. This can be done using the registry as follows

  1. Start the Registry Editor
  2. HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\Policies
  3. If the \System key does not exist create it
  4. Add a new value of type DWORD called DisableTaskManager and set to 1
  5. Exit registry editor

This can also be done using the policy editor

  1. Start the Policy editor
  2. Select the User, or edit the default User
  3. Goto Shell/Restrictions and select "remove Taskbar from user"

To remove Task Manager for all users just rename taskmgr.exe to something else, or if it is on a NTFS partition you can set the permissions so normal users cannot access it.

Q. How do I create a captive account?

A. It is not possible to create a captive account, however you can force a user to run a program, and if they close that program they can be logged out:

  1. Create a command file similar to the following
    <The program you wish to run>
    Logout
  2. Create a mandatory profile for this user.
  3. Remove all groups from this profile except the autostart group.
  4. In this group, put the file created in step one.

The file Logout.exe just logs out the user. It is also possible to restrict a Users applications using the Policy Editor. From the Policy Editor you can select which applications a User can run (make sure you give them Explorer!).

Microsoft have also created the zero administration kit which allows a user to be confined to a single application or a set of applications.

Q. Where should Login Scripts go?

A. Login scripts should be in the WINNT\SYSTEM32\REPL\IMPORT\SCRIPTS directory

Q. What should be in the Login Script?

A. This will vary from site to site, however generally a login script will synchronize the time of the workstations with the server (providing the servers time is accurate!), and perhaps connect a home area (this is set using User Manager). Net use x: /home will ask the domain server for your home area location and connect to it. A login script may be
@echo off
net time \\johnserver /set /yes
net use p: /home

Q. Are there any utilities that help with login scripts?

A. With the NT resource kit you get KIX that enables you to write more advanced login scripts. There is also a freeware utility call KixTart.

Microsoft has released the Windows Scripting Host which is bound to be the next standard in all cases where scripting is necessary, including login scripts.WSH will be included in NT5 and can be downloaded at http://www.microsoft.com/management/wsh.htm.

Q. Is there a way of performing operations depending on a users group membership?

A. On the resource kit for NT you'll find a program called IFMEMBER, this is what you'll have to base your login script upon. Important safety tip, IFMEMBER works by checking for membership in a group and returning an ERRORLEVEL hence you'll have a bunch of IF THENS..

Q. How do I limit the disk space for a User?

A. NT server has no way to do this, however there is 3rd party software such as

Q. What variables are available for use with a User?

A. Below is a list of variables you can use in login scripts and other batch files. These may only be used on NT client/servers.

%COMPUTERNAME% Name of computer
%HOMEDRIVE% Users local drive letter
%HOMEPATH% The full path of the users home area
%HOMESHARE% The share that contains the users home area
%LOGONSERVER% This is the name of the machine that validates the user logon
%OS% The operating the User is connected to
%PROCESSOR% e.g. 486 (useful to put in a login script and ridicule if a 386 or below)
%USERDOMAIN% Domain containing the Users Account
%USERNAME% The name of the user

Q. Can I add user accounts from a database?

A. There is a utility with the resource kit, ADDUSERS.EXE, that as an input excepts a database file (e.g. and Excel spreadsheet) and will add users and groups.

Q. Is there a utility that shows who is currently logged on?

A. The resource kit has a utility called WHOAMI.EXE. It displays the domain/workgroup and username.

Q. How can I change environment variables from the command line?

A. The resource kit has a utility called SETX.EXE. It enables the user to change environment settings, e.g.
setx johnvariable 1
setx johnvariable -k HKEY_LOCAL_MACHINE\...\DefaultDomainName

Q. How can I hide drive x from users?

A. This can be done using the TWEAKUI utility from the "My Computer" tab, and just deselect the tick next to drives you want to hide. All this does is change the registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
\Explorer\NODRIVES which is a 32-bit word. The lower 26 bits of the 32-bit word correspond to drive letters A through Z. Drives are visible when set to 0 and hidden when set to 1.

Drive A is represented by the rightmost position of the bitmask when viewed in binary mode.

e.g. A bitmask of 00000000000000000000010101(0x7h)

The bitmask above hides local drives A, C, and E

Drives hidden using the NODRIVES setting are not available through Windows Explorer, under the My Computer icon, or in the File Open\Save dialog boxes of 32bit Windows applications. File Manager and the Windows NT command prompt are not affected by this registry setting.

Q. How do I make the shell start before the logon script finishes?

A. Change the registry value HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon\RunLogonScriptSync to 0, which means the shell starts before the logon script has finished. A value of 1 means the shell will not start until the logon script finished.

Q. How do I disable Window animation?

A. Using TWEAKUI on the General tab, you can unselect "Window Animation" which will stop the animation when a window is minimized/restored. This can also be accomplished using the registry:

  1. Start the registry editor (regedit.exe)
  2. Goto the key HKEY_CURRENT_USER\Control Panel\Desktop\WindowsMetrics
  3. Double click MinAnimate
  4. Set to 1 for normal animation, set to 0 for none
  5. Close the registry editor
  6. Logout and login again (if you use TWEAKUI there is no need to logout)

Q. How do I reduce/increase the delay for cascading menus?

A. You can use TWEAKUI - Mouse tab and decrease/increase the menu time, however this can also be accomplished using the registry editor and changing the value HKEY_CURRENT_USER\Control Panel\Desktop\MenuShowDelay.

Q. How do I change the My Computer icon?

A. This can be changed using Themes for NT or the Plus Tab of Display settings, however it can also be changed using the registry editor

  1. Start the registry editor (regedit.exe)
  2. Move to the HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon
  3. Double click on (Default)
  4. Set to the icon required, e.g. "d:\Prog Files\Plus\Themes\John.ico,0". The 0 shows it is icon 1 in the file
  5. Exit the registry editor

Q. How do I hide the "Network Neighborhood" icon?

A. You can use TWEAKUI and on the "Desktop" tab unselect "Network Neighborhood". This can also be done using the registry:

  1. Start the registry editor (regedit)
  2. Move to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  3. Double click NoNetHood and change the first 00 to 01
    0000 00 00 00 00 to
    0000 01 00 00 00
  4. Close the registry editor
  5. Log off and log on and Network Neighborhood will be hidden

Q. Why can't I move any icons?

A. It is possible to configure NT to autoarrange the icons, which means you cannot manually move them. To turn off this feature, right click on the desktop (anywhere where there is not a window), Arrange Icons, and unselect auto-arrange.

Q. How can I find out which groups a user is in?

A. NT provides a means of getting information about your domain account using the
net user <username> /domain
which includes information about group membership, however there is a utility that ships with the NT resource kit called SHOWGRPS.EXE that only shows the groups and the usage is:
showgrps <domain>\<user>
e.g. showgrps savilltech\john

Q. I can no longer see items in the common groups from the Start Menu.

A. There is a registry flag that sets whether or not the common groups are displayed on the Start Menu. To disable this setting, set HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups to 0 using the registry editor (regedit.exe). By default this value will not exist.

Q. How can I disable the Right mouse button?

A. For those systems running with Service Pack 2 or above, it is possible to disable the context menu as follows:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  3. From the Edit menu, select New - DWord Value
  4. Enter the name NoViewContextMenu and press enter
  5. Double click the new value and set the value to 1 and click OK
  6. Close the registry editor
  7. Logout and Login again

To remove this, just delete the value NoViewContextMenu and logout and login again (or set it to 0)

Q. How do I configure a user so they can change the system time?

A. The ability to change the time on an NT system is a Right that has to be granted through the User Rights Policy in User Manager.

  1. Start User Manager (Start - Programs - Administrative Tools - User Manager)
  2. From the Policies menu select User Rights
  3. From the drop down menu select "Change the System Time)
  4. Click the Add button and add any users you wish to perform this
  5. Click OK to exit the dialog
  6. Close User Manager
  7. The user will need to log off and log on again

Also see Q. Can I synchronize the time of a NT Workstation with a NT Server?

Q. How do I add a user?

A. To add a new user to a domain you need to logon to the Server as an Administrator and run the User Manager for Domains Utility. Before adding a new user however, you should consider the different naming conventions that can be used, and there are really 4 main standards

It is important to stick to a standard, however unless this is a new installation, there will already be a standard to follow at your company. To add a user:

  1. Start User Manager for Domains (Start - Programs - Administrative Tools - User Manager for Domains)
  2. Select New User from the User Menu
  3. In the username field enter the name the user will use to logon, e.g. savillj. Case is very importance, savillj is not the same as SavillJ so make sure you enter the name as intended. The username can be up to 20 characters in length and you can use a combination of letters/numbers/punctuation's except for the following characters
    " [] ? / \ ; : | = ,
    You can use spaces in the user name, however this is not a good idea as you would need to put the name in quotes whenever you enter a command relating to the account.
  4. Although the Full Name field is not mandatory it is a good idea to fill it in with the persons real name. There are several NT utilities that dump out the user information and this name is displayed, and with this in mind you may like to put the last persons name first, e.g. Savill, John for future readability
  5. The Description field is as the name implies, just a description of the person, i.e. "Sales Manager", however you put what you like for Description :-)
  6. You need to enter a password for the new user which they will use the first time they logon, and this is entered twice, once in the "password" field, and again in the "confirm password" field
  7. You will see 4 check boxes
    - User Must Change Password at Next Logon - It is a good idea to select this, and the first time the user logs on they will need to change the password
    - User Cannot Change Password - Not a good idea, you would only really use this for a shared account
    - Password Never Expires - Again not a good idea, this would be a security risk as permanent passwords are frowned on
    - Account Disabled - A means for suspending an account
  8. Click on the Groups button at the bottom of the dialog box
    - Select a group on the right hand side and click Add to make the new user a member of that group
    - Click OK when finished
  9. Next click on the profile button
    - In the profiles you can enter the path for the users profile, e.g. \\savpdc\profiles.
    - In the logon script section you can enter the name of a batch file to be run when the user logs on. You only need to enter the name of the batch file, and not the full UNC location as it will assume the logon script is in the netlogon share
    - You can also setup the users home directory, which can either be a local area, or more commonly a share on a network drive.
    - Click OK when finished
  10. It is also possible to set logon hours for each user by clicking the Logon button
  11. By clicking the "Logon To" button you can restrict which workstations the user can logon to.
  12. The Account button allows you to setup an account expiry time, and the account type
  13. Finally the DialIn button allows you to give accounts the ability to dial in, and whether or not to allow callback.

Q. How do I configure roaming profiles?

A. When you sit at a computer and change its attributes, such as the wallpaper, when someone else logs on they still have the environment that they last had when they logged on, and this is achieved using a profile for the user which is stored locally in the %systemroot%/profiles/<username>, e.g. d:\winnt\profiles\savillj.

If the user then sat at a different computer they would not have their setup, to achieve a profile that follows the user to different NT machines (a roaming profile) you need to store the users profile on a network share, that can be downloaded each time the user logs on. When the user logs off the network profile is updated, and a copy of the profile is saved locally. To configure roaming profiles perform the following

  1. Start User Manager for Domains (Start - Programs - Administrative Tools - User Manager for Domains)
  2. Double click on the user
  3. Click the Profiles button
  4. In the User Profile Path enter the network share location where the profile should go, \\<servername>\<share name>\<user name> , e.g. \\bugsbunny\profiles\savillj (you could use %username% instead of the actual name).
  5. Click OK to finish

To make the profile mandatory, i.e. the user cannot change it, rename the file ntuser.dat to ntuser.man which is located at the base of the profile location.

As mentioned earlier, profiles are cached locally to machines, however this can be disabled by performing the following

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  3. Create a value called DeleteRoamingCache of type DWORD (Edit - New - Dword)
  4. Set the value to 1

Q. How can I configure each user to have a different screen resolution?

A. You cannot, the screen resolution is stored in the registry, in a non-user specific area and is therefore not configurable for individual users. The resolution would have to manually changed when the user logs on.

Q. How can I create a list of all User Accounts?

A. There a number of ways to produce a list of all user accounts in a domain (or accounts just on a machine):

  1. The best way is to use a utility shipped with the Resource Kit called ADDUSERS.EXE which is used to add users that have been detailed in a text file. This image can also be used to export the current users and groups into a comma separated file. What is a comma separated file? This is just a file that has comma's between fields and when read into a spreadsheet/database, the commas are detected, and the commas are replaced with a new field. The format is :
    addusers /d <file name>
    e.g. addusers /d johnslis.csf
    Note: Be very careful not to enter /e instead of /d, /e deletes all users and groups!
    This file can then be read into a spreadsheet/database (such as Excel) and you will need to specify that comma is the delimiter.
  2. A utility called USRSTAT.EXE is shipped with the NT Server Resource Kit, and this utility supplies information on all members of a given domain, including time/date of last login
    usrstat <domain>
    e.g. usrstat savilltech
  3. The Resource Kit utility SHOWMBRS.EXE will show all the users in a given group, so you could dump out the Domain Users group of a domain,
    showmbrs "<domain>\domain users"
    e.g. showmbrs "savilltech\domain users"
    You could add "> <file name>" to output to a file, e.g. showmbrs "savilltech\domain users" > allusers.list
  4. Finally if you don't have the resource kit (go and get it), you can use the NET command to show all users in a domain
    net user /domain
    Which will list all users in the current domain, again you can user > <file name> to output to a file. You could then get more information on each user this lists by entering
    net user <username> /domain
    e.g. net user savillj /domain
    You could easily write a perl script to automate this task.

It may be that none of these suit your exact needs, or you need to access the user list from within a program, you can use the NetUserEnum(), NetGroupEnum() and NetLocalGroupEnum() functions to get the required information. For each of these, the first argument is the computer name to perform the operation on, a null pointer will make it use the current system, or use NetGetDCName() to get the computer name of the Domain Controller. That's enough code for me, I'm starting to sweat :-)

Q. How do I change the colour used to display compressed files/directories?

A. The colour used is stored in the registry in hexadecimal format, therefore before you try and change the colour you need to work out what the value is in hex. Usually you know a colour as an RGB value like 255,0,0 for red and to convert this to Hex use the calculator supplied with Windows NT (calc.exe)

  1. Start the Calculator (Start - Run - Calc.exe)
  2. From the View menu select scientific
  3. Select Dec and enter in the first part of the RGB value
  4. Click Hex and it will be displayed in Hex, e.g. 255 would show ff
  5. Repeat for the G and B parts of the colour

You will now have a hex value for the colour, e.g. 255,128,0 would be ff, 80, 0

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
  3. Double Click on the AltColor value in the right hand pane
  4. You will see the actual value as something like
    0000 00 00 FF 00 ..y.
    Ignore the set of four zeros, and only modify the 3 sets of numbers after that, i.e. the 00, 00 and FF, ignore the last 2. To edit click once to the right of the value you wish to change the press the backspace key and it will delete both parts of the number, then type in your new value.
  5. Click OK and then close the registry editor
  6. You will need to logoff and on again for the change to take effect.

If you would prefer to avoid the registry, you can make the same change using the TweakUI utility

  1. Start the TweakUI Control Panel applet (Start - Settings - Control Panel - TweakUI)
  2. Click on the explorer tab
  3. At the bottom is shows the "color of compressed files" (why can't Americans spell Colour :-) ), click "Change Color"
  4. You can now just select the colour you want, and click OK
  5. Click OK
  6. You will need to logoff and on again for the change to take effect

Q. How can I add a user from the command line?

A. The simple answer is to use the net user <username> <password> /add (/domain) , however it is possable to automate not only the addition of the user, but also his/her addition to groups and the creation of a template user account directory structure. Many organisations have a basic structure with word, excel directories and some template files. This can be automated with a basic script. For example

addnew.bat

net user %1 password /add /homedir:\\<server>\users\%1 /scriptpath:login.bat /domain
net localgroup "<local group>" %1 /add
repeat for local groups
net group "<groups>" %1 /add /domain
repeat for global groups
xcopy \\<server>\users\template \\<server>\users\%1\ /e
cacls \\<server>\users\%1 /e /r Everyone
remove the everyone permission to the directory
cacls \\<server>\users\%1 /g %1:F /e
cacls \\<server>\users\%1 /g Administrators:F /e

Q. How can I configure the wallpaper to be displayed somewhere other than the center of the screen?

A. It is possible to configure NT to display a wallpaper anywhere on the screen, however you have to manually update the registry

  1. Start the registry editor (regedt32.exe)
  2. Move to HKEY_CURRENT_USER\Control Panel\Desktop
  3. From the Edit menu, select Add Value
  4. Enter a name of WallpaperOriginX with a type of REG_SZ and click OK, you will then be prompted for a value, this is the number of pixels the left hand side of the image will be from the left side of the screen
  5. Next select Add Value again from the Edit menu and this time the name WallpaperOriginY, click OK and enter the number of pixels the top of the image should be from the top of the screen
  6. Logoff and on to see the change take effect

Q. How can I move users from one machine to another?

A. If you just want to replace the PDC of a domain with a new machine, the easiest way is to install the new machine as a BDC and then promote to the PDC which removes the need of adding/removing users.

If you actually want to merge two domains or just move some accounts the procedure below should help. You will need the resource kit utility addusers.exe

  1. Log on as an Administrator on the machine that has the accounts you wish to move
  2. Run the command
    addusers /d <file name>
    This will create a comma seperated file with details of all accounts and groups.
  3. You don't want the information about global or local groups (such as Administrators etc) so edit the file and remove the [Global] and [Local] sections and their content.
  4. Copy the file to the machine you want to create the accounts on or a network drive
  5. Log on as an Administrator on the machine that the accounts should be added, if a domain, log on to the PDC
  6. Run the command
    adduers /c <file name>
    This will read in the file and create the accounts

Q. How can I stop the "Click her to begin" message?

A. There are 2 ways to accomplish this. If you have the TweakUI utility perform the following

  1. Start the TweakUI Control Panel Applet (Start - Settings - Control Panel - TweakUI)
  2. Click the Explorer Tab
  3. Deselect "Animated click her to begin"
  4. Click OK

If you don't have TweakUI you will need to edit the registry directly

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  3. Double click on NoStartBanner and change to 01 00 00 00
  4. Click OK
  5. Close the registry editor

Q. How can I configure a user to logoff at a certain time?

A. Basic user manager functionality allows the setting of working hours for a user, and using user account policies you can force NT to logout users who are logged on past their hours.

  1. Start User Manager for domains (start - programs - administrative tools - user manager for domains)
  2. Double click on the user, e.g. savillj
  3. Click the hours button
  4. By default the user will have logon time at all hours. Each square represents one hour, click on the hour you want the user to be logged of at, e.g. 8 p.m. and then drag to when you want the user to be able to logon again. Click the disallow button. You will notice you can drag between days so you can easily disallow 6 p.m. till midnight for all days, then disallow midnight to 8 a.m. for all days if you wished
  5. Click OK when finished, then click OK again to close the user dialog
  6. Next open the accounts policy (Select Account from the Policies menu)
  7. At the bottom of the dialog is a check box "Forcibly disconnect remote users from server when logon hours expire", check this and click OK

Q. How can I grant User Rights from the command line?

A. Usually user rights, such as Logon Locally, are grant by starting User Manager and selecting User Rights from the Policies menu. If you want to grant rights from the command line, for use with account generation scripts etc., the Windows NT Resource Kit Supplement Two includes a new utility called NTRIGHTS.EXE which grants user rights from the command line.

The program uses a series of codewords for each user right:

Code Word User Right
SeNetworkLogonRight Access this computer from the network.
SeTcbPrivilege Act as part of the operating system.
SeMachineAccountPrivilege Add workstations to domain.
SeBackupPrivilege Back up files and directories.
SeChangeNotifyPrivilege Bypass traverse checking.
SeSystemtimePrivilege Change the system time.
SeCreatePagefilePrivilege Create a pagefile.
SeCreateTokenPrivilege Create a token object.
SeCreatePermanentPrivilege Create permanent shared objects.
SeDebugPrivilege Debug programs.
SeRemoteShutdownPrivilege Force shutdown from a remote system.
SeAuditPrivilege Generate security audits.
SeIncreaseQuotaPrivilege Increase quotas.
SeIncreaseBasePriorityPrivilege Increase scheduling priority.
SeLoadDriverPrivilege Load and unload device drivers.
SeLockMemoryPrivilege Lock pages in memory.
SeBatchLogonRight Logon as a batch job.
SeServiceLogonRight Log on as a service.
SeInteractiveLogonRight Log on locally.
SeSecurityPrivilege Manage auditing and security log.
SeSystemEnvironmentPrivilege Modify firmware environment values.
SeProfileSingleProcessPrivilege Profile single process.
SeSystemProfilePrivilege Profile system performance.
SeUnsolicitedInputPrivilege Read unsolicited input from a terminal device.
SeAssignPrimaryTokenPrivilege Replace a process level token.
SeRestorePrivilege Restore files and directories.
SeShutdownPrivilege Shut down the system.
SeTakeOwnershipPrivilege Take ownership of files or other objects.

To grant a user right perform the following

ntrights +r SeInteractiveLogonRight -u SavillTech\savillj

This would grant savillj of the SavillTech domain the right to log on locally. To grant the right on a remote machine use the -m switch

ntrights +r SeInteractiveLogonRight -u SavillTech\savillj -m \\<machine name>

Q. How can I get more room on the Task Bar?

A. If you move the cursor over the top of the task bar it will turn into a double headed arrow. When the cursor is the double arrow hold down the left hand button and drag upwards and the task bar's area will be increased one row at a time. Likewise you can shrink it by dragging downwards.

Q. How can I configure the system so all users share a common favourites folder?

A. It is possible to explicitly define the UNC for the favourites folder for each user by editing the registry. The steps would be as follows

  1. Choose a server that will host the favourites (favorites for all you Americans :-) ) folder, and create a favourties folder on it
  2. Set the required permissions on the folder so that the users can read it (and add to it if you want that, probably not) and make sure it is shared
  3. Fill the folder with the required links etc.
  4. On the PDC edit each user entry and using the registry editor (regedit.exe), change the Favorites value in the "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" key to the path of the common favourties folder, e.g. \\pdcmain\favourites,then click OK

Q. How can I change the local Administrator passwords on machines without going to them?

A. As you may be aware it is possible to change your password from the command line using the net user command, and if you combine this with the at command you can run the command on different machines, e.g.

at \\<machine name> <time> cmd /c net user Administrator anythingyouwant
e.g. at \\savilljohn 18:00 cmd /c net user Administrator password

The /c after cmd causes the command window to close after the command has been executed. An alternative to the at command would be the soon command

soon \\<machine name> cmd /c net user Administrator password

Q. How do I change my password?

A. Perform the following:

  1. Press Ctrl-Alt-Delete
  2. Click the "Change Password" button
  3. Enter you old password and new password twice and click OK

To change your password from the command line use the net user command, e.g.

net user <username> <password> (/domain)

To change from a program use the NetUserChangePassword()  call.

Q. How can I configure default settings for new users?

A. When a new user logs in for the first time a copy of the default user profile (ntuser.dat) is copied into the users profile. To set default settings for a user you can edit the default ntuser.dat file. Anything you define under HKEY_CURRENT_USER can be changed by editing ntuser.dat.

To change default settings for a new user on a workstation perform the following:

  1. Start the registry editor (regedt32.exe)
  2. Select the "HKEY_USERS on Local Machine" window
  3. Select "Load Hive" from the Registry menu
  4. Move to %systemroot%\Profiles\Default User (e.g. d:\winnt\Profiles\Default User)
  5. Select Ntuser.dat and click Open
  6. When it asks for a key name enter anything, e.g. defuser
  7. Now select the username (e.g. defuser) in the "HKEY_USERS on Local Machine" window and make the changes (for example you could change the wallpaper by changing defuser\Control Panel\Desktop\Wallpaper )
    Note - If you add new keys make sure everyone has at least read access otherwise it will not be copied
  8. When you have made the changes select "Unload Hive" from the Registry menu
  9. Close the registry editor

Anyone logging onto the machine will now pick up these default settings.

To configure a default NTUSER.DAT for a domain perform the above and logon as a user to take these settings. You now need to export these out to the PDC.

  1. Logon as an Administrator
  2. Start the System Control Panel Applet (Start - Settings - Control Panel - System)
  3. Click the User Profiles tab
  4. You will see a list of all the profiles stored on the machine. Select the one which has the settings you wish to use as the default for the domain
  5. Click the "Copy to" button
  6. In the "Copy profile to" enter the location of the Netlogon share of the PDC (usually %systemroot%\system32\Repl\Export\Scripts, you want the Export area not Import as anything in Export is copied to the import by the replication process), e.g. h:\winnt\system32\repl\export\scripts (if h was mapped to the c$ drive of the PDC).
    In the "Permitted to use" click Change. Select Everyone and click Add, then click OK.
  7. Click OK to start the copy.
  8. You should then check that the file ntuser.dat has been created where you selected.

If you have trouble exporting a profile see Q. I get an error when I try to export a profile other than Administrator. (I did :-) )

Q. How can I tell which User has which SID?

A. Perform the following:

  1. Start the registry editor
  2. Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  3. Select each SID under this in turn and look at the ProfileImagePath and at the end of this string is the name of the user
  4. Close the registry editor

If you knew the SID and just wanted to know the user name you could use the REG.EXE command (with Resource Kit Supplement 2), e.g.

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\<SID>\ProfileImagePath"
e.g. reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1843332746-572796286-2118856591-1000\ProfileImagePath"

And again this will show the ProfileImagePath giving you the user.

Q. How can I configure NT Server 4.0 to not allow users to login if their mandatory is not available?

A. This was the standard behavior under NT 3.51, but for this to work under NT 4.0 as well as the user profile being ntuser.man instead of ntuser.dat the users profile folder also has to be .man so rename the users profile folder to <name>.man.

  1. Start User Manager for Domains on the PDC
  2. Select the User and click the Profile button
  3. Check the users "User Profile Path"
  4. Start Explorer and move to the users path and select his folder, press F2 (to rename) and just add .man to the end of the folder name, e.g. savillj.man and hit enter
  5. Back in User Manager add the .man to the profile path, e.g.
    \\<server>\<share>\savillj.man
  6. Close User Manager for domains

System Configuration

Q. How do I decrease the boot delay?

A. Logon as Administrator. In Control Panel double-click System. Click the Startup/Shutdown tab, and in the "Show list for" box set the number of seconds to the delay required. It is also possible to directly edit the boot.ini file (first set the file attrib -r -s, and then make sure you set it back attrib +r +s)

Q. Where do I load ANSI.SYS

A. There is a file in your system32 directory, CONFIG.NT, that tells NT how to run DOS 5 sessions. Add the line
device=c:\winnt\system32\ansi.sys
or
device=%systemroot%\system32\ansi.sys.

You will then have to start a command line using the COMMAND.COM that came with DOS 5.0 (dig out those old disks!).

Q. How can I configure the local machine to perform a task at a set time?

A. Use the at command, e.g. for a job to run every weekday (like a backup)
c:\ at 20:00 /every:M,T,W,Th,F "<command string e.g. backup>"

Q. How do I change the Organization name on NT?

A. Your company changed names again? To change the company name in NT is easy,

  1. Start the Registry editor (Start - Run - REGEDIT)
  2. Goto the HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion and select the CurrentVersion
  3. On the right hand part of the screen is a number of values
  4. Double click on RegisteredOrganization and change the value data
  5. Click OK
  6. Exit the Registry Editor

Q. How do I change the default location NT expects to find NT software for installation(i.e. CD)

A. Start the Registry editor, and change KHEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SourcePath to the desired path (double click on the value to change it then press OK)

Q. How can I remove the Shut Down button from the login screen?

A. To remove the Shut Down button, start the registry editor, and change KHEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and change ShutdownWithoutLogon from 1 to 0.

This can also be accomplished using the policy editor (poledit.exe). Expand the Windows NT System - Logon tree and blank out "Enable shutdown from Authentication dialog box".

Q. How can I disable the Printer PopUp message?

A. Start the Registry editor, and change KHEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers and set the entry NetPopup to 0. You should then reboot Windows (however stopping and restarting the print spooler will suffice). If the printer is on an NT server, than this setting needs to be set on the Server which controls the print queue.

Q. How can I Parse/Not Parse autoexec.bat?

A. The value HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec should be set to 1 for autoexec.bat to be parsed, or 0 for autoexec.bat not to be parsed.

Q. How do I add the Control Panel to the Start Menu?

A. Create a New folder under the start menu you wish to have it on. (administrator or All users) Name the New folder

Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}

Complete with the period, brackets and dashes.

Reboot the machine and there it is.

Q. How can I remove a program from the "Open With" when right clicking?

A. Each entry in the "Open With" has an entry in the registry HKEY_CLASSES_ROOT called <extension>_auto_file, e.g. doc_auto_file for work. To remove the entry just delete the base <extension>_auto_file tree in the registry. If you were unsure you could use the following:

  1. Start the registry editor (regedit.exe)
  2. Search for the name of the exe you want to remove from the "Open Width" menu
  3. If a match is found, and its root is HKEY_CLASSES_ROOT/xxx_auto_file then delete the tree HKEY_CLASSES_ROOT/xxx_auto_file
  4. Close the registry editor

Q. How do I add a path statement in NT?

A. Start Control Panel, double click the System icon, and goto the Environment Tab. Choose if it should be a user or system path defined, and click on the path variable, and then add the statement to the end of the current string (including a ;), then click set.

Q. Can I change the default Windows Background?

A. Using the Registry Editor (regedt32), edit the key HKEY_USERS\.DEFAULT\Control Panel\Desktop and double click the Wallpaper Key, and enter the value including directory (e.g. c:\winnt\savlogo.bmp).You can also change the background colour HKEY_USERS\DEFAULT\Control Panel\Colors, double click Background, and change value (e.g. 0 0 0 for black).

Q. How do I change the Start menu items under the line?

A. Items above the line are part of the logged in users profile (winnt/profiles/<user name>/Start Menu/Programs). Items under the line are part of the all user group (winnt/profiles/All Users/Start Menu/Programs). To change these click on Start - Settings - Taskbar & Start Menu - Start Menu - Advanced and then move directory to the All Users and then make changes. You can only set the All Users Folder if you are logged on as a member with Administrative Privs.

Q. How can I restore the old Program Manager?

A. NT 4.0 by default uses the "Explorer" shell (explorer.exe), however the old Program Manager (progman.exe) is still delivered with NT 4.0, and be configured to be the default shell using the registry:

  1. Start the registry editor (Start - Run - Regedit.exe)
  2. Goto the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  3. Double click on the value "Shell"
  4. Change from explorer.exe to progman.exe and click OK
  5. Exit the registry editor
  6. Log off, and then logon
  7. Back to the old! :-)

Q. Is there a way to start NT in "Dos" mode?

A. The command shell is command.com, and NT can be started in this mode with command.com as the default shell. Just perform the steps in previous FAQ, but instead of changing the shell value to progman.exe, change it to command.com.

Q. How can I disable "Lock Workstation" when I press Ctrl-Alt-Del?

A. This cannot be done with a setting in the registry, however it is possible if you don't mind hacking one of the system dll files. The file that the ctrl-alt-del dialog is stored in is msgina.dll. Using any 32bit resource editor (such as one with a Win32 C++ compiler, Visual C++, Borland C++) you can edit this dll and remove the "Lock Workstation" button. Below are instructions for performing this with Visual C++ however for another resource editor find dialog #1650 and edit the attributes of the "Lock Workstation" to "inactive" or "invisible".

  1. Rename %systemroot%\system32\msgina.dll to msgina_orig.dll (this is so you have a backup)
  2. Copy the file back to be called msgina.dll
    e.g. copy d:\winnt\system32\msgina_orig.dll d:\winnt\system32\msgina.dll
  3. Start Visual C++, and select open
  4. Change the type to Executable Files (.dll, .exe, .ocx)
  5. Move to the %systemroot%\system32 directory and select msgina.dll and click OK
  6. Once open, click on the dialog tree, and double click 1650
  7. Double click on the "Lock Workstation" button and deselect "visible"
  8. Close the dialog box and the from the file menu select Save
  9. Exit Visual C++ and reboot the machine
  10. Once the machine has booted up again the "Lock Workstation" button will no longer be displayed

There is now a utility written by Alaxander Frink which automates the above process available at http://wwwthep.physik.uni-mainz.de/~frink/nt.html .

Q. How can I make NT powerdown on shutdown?

A. Follow the procedures below:

  1. Start the registry editor (REGEDIT.EXE)
  2. Goto the Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
  3. If the value PowerdownAfterShutdown exists change it to1. Go to step 5
  4. If the value does not exist add it as type REG_SZ and set to 1
  5. Exit the registry editor

Q. How do I enable Ctrl-Esc to start Task Manager?

A. This was removed in release 4.0 of NT, however it can be restored by editing the registry:

  1. Start the registry editor (regedit.exe)
  2. Go to the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
  3. Click Edit - New - String Value and enter the name as TaskMan
  4. Double click the entry and set the value to TASKMAN.EXE and press enter
  5. Close the registry
  6. Reboot the machine

Q. How can I allow non-Administrators to issue AT commands?

A. By default only Administrators can issue AT commands (which use the schedule service). It is possible to allow Server Operators to also submit AT commands:

  1. Start the registry editor (regedit.exe)
  2. Move to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. From the Edit menu, select New Dword
  4. The name is "SubmitControl" and press enter
  5. Double click on the name and set the value to 1
  6. Exit the registry editor
  7. Reboot the machine

You may want to recreate your emergency repair disk after making this change.

Q. How do I control Access to Floppy Drives/CD-ROM drives?

A. By default Windows NT allows any program to access the floppy and CD-ROM drives. In a secure environment you may only want the interactive user to be able to access the drives and this is accomplished using the registry:

  1. Start the registry editor (regedit.exe)
  2. Move to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
  3. From the Edit menu, select New Reg_SZ type
  4. To allocate floppy drives create a name "AllocateFloppies", to allocate CD-ROM drives "AllocateCDRoms"
  5. Press enter, and then set the value to 1
  6. Logout and login again

Q. I have DOS, Windows95 and NT installed, and want them all to show on the boot menu.

A. You need a handy utility called bootpart, which creates multiple operating .sys files enabling DOS and Windows 95 to be shown on the boot menu:

  1. Create an Emergency Repair Disk! (RDISK /s)
  2. Reboot the machine and boot into windows95
  3. When "Starting Windows95" is displayed press F8
  4. Select option 8 to boot to previous version of DOS
  5. Once in DOS goto where you unzipped bootpart.zip and type
    BOOTPART DOS622 c:\BOOTSECT.622 "MS-DOS 6.22"
    BOOTPART WIN95 c:\BOOTSECT.W95 "Windows 95"
    BOOTPART REWRITEROOT:C:
  6. Edit the boot.ini file to remove the old MS-DOS/Windows95 option
    attrib c:\boot.ini -r -s
    edit c:\boot.ini     and remove c:\="MS-DOS"
    attrib c:\boot.ini +r +s
  7. Reboot

Q. How do I change the Print Spool location?

A. Using the registry editor change the value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\DefaultSpoolDirectory by double clicking on it and set it to the required area. This will change the print spool area for all printers, to change the print spool for only one printer move down to a printer key and create a value of type REG_SZ called SpoolDirectory and set this as where the spool files should be.

Q. How do I remove an App from Control Panel?

A. Each item in the Control Panel corresponds to a .cpl file. When Control Panel starts it search's %systemroot%/system32 for all .cpl files. To remove an item from Control Panel rename the .cpl file (e.g. to .nocpl).

An alternative to this if you only want certain users not to be able run a particular applet is to have the boot partition on NTFS, and remove the READ permission for these users/groups.

Have a look at Q. What are the .cpl files in the system32 directory? for more information on the .CPL files.

Q. How do I assign a drive letter to a removable drive?

A. It is not possible to assign a drive letter to a removable device using Disk Administrator, however you can assign drive letters to the other partitions leaving the letter unused that you want the removable drive to use. NT assigns drive letters to physical devices first (first partition) then to removable drives and then to other partitions (e.g. secondary partitions). For example if you had one harddisk with two partitions and a removable drive the letter assignments would be

To ensure that a removable drive receives a certain drive letter follow the instructions below:

  1. Shutdown NT and disconnect the removable drive
  2. Start NT and assign drive letters to the partitions, leaving the letter you want the removable drive to use free
  3. Shutdown NT, attach the removable drive and start NT

Q. How do I configure a default Screen Saver if no one logs on?

A. This is accomplished using the registry editor:

  1. Start the registry editor (regedit.exe)
  2. Move to the HKEY_USERS\DEFAULT\Control Panel\Desktop
  3. Double Click ScreenSaveActive and set to 1
  4. Double Click SCRNSAVE.EXE and set to "black16.scr"
  5. Double Click ScreenSaveTimeOut and set to the number of seconds (e.g. 600 for 10 minutes)
  6. Exit the registry editor

Q. How do I change the Internet Explorer icon?

A. For Internet Explorer version prior to 4.0 follow the procedure below:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_CLASSES_ROOT\CLSID\{FBF23B42-E3F0-101B-8488-00AA003E56F8}\DefaultIcon
  3. Double click Default on the right hand side and change to the icon you require (use browse)
  4. Select OK
  5. Close the registry editor

There is a program called MicroAngelo available from http://www.impactsoft.com which automates this procedure.

The solution above does not work for Internet Explorer 4.0 and above, the method is as follows:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}
  3. From the Edit menu, select New - Key and enter the name of DefaultIcon and press Enter
  4. Double click Default on the right hand side and change to the icon you require (use browse)
  5. Select OK
  6. Close the registry editor

There are some really nice IE icons at http://www.blably.com/iconstructions/ .

Q. How do I configure the default screen saver to be the Open GL Text Saver?

A. Follow the procedure below:

  1. Start the registry editor (regedit.exe)
  2. Change the value HKEY_USERS\.DEFAULT\Control Panel\Desktop\SCRNSAVE.EXE to "E:\WINNT\System32\sstext3d.scr"
  3. Create a key called HKEY_USERS\.DEFAULT\Control Panel\Screen Saver.3DText (Edit - New - Key)
  4. Under this new key, create two new values of string type (Edit - New - String Value) called "Font" and "Text"
  5. Set Font (double click on it) to Arial
  6. Set Text to the string you want to be displayed (you are limited to 16 characters)
  7. Close the registry editor

A word of caution, the Open GL screen savers use a lot of system resources, so I would not advise to use this, however I was asked :-)

Q. How do I enable Print Auditing?

A. If you need to check what is being printed, then you can enable Print Auditing:

  1. Double Click on My Computer, then double click Printers
  2. Right click on the desired printer and select Properties
  3. Click on the Security Tab
  4. Select Auditing and click the Add button, you will be prompted with an Add Users and Groups dialog box
  5. Select the Users/Groups who you want to Audit for the Printer and click Add
  6. Once finished click the OK button and in the Printer Auditing main dialog select the events to Audit, i.e. Print, Delete.

Print events will now be sent to the Security log which can be read from the Event Viewer (Start - Programs - Administrative Tools).

Q. How can I create a new hardware profile?

A. If you are about to change hardware, you may want to create a copy of your current hardware config before starting which will enable you to revert to your old configuration:

  1. From Control Panel start the System Control Panel Applet (Start - Settings - Control Panel), or right click on "My Computer" and select properties
  2. Click on the "Hardware Profiles" tab
  3. Select the current Hardware Profile "Original Configuration (Current)"
  4. Click Copy and then type in the new name in the dialog box that is shown.
  5. Click OK and the startup options will be set.

Q. How do I add an item to the Right Click menu?

A. Follow the procedures below:

  1. Start the Registry Editor (REGEDIT.EXE)
  2. Expand the HKEY_CLASSES_ROOT by clicking the plus sign
  3. Scroll down and expand the Unknown subkey
  4. Click on the Shell key and right click on it.
  5. Select New from the pop-up menu and choose Key.
  6. Enter the name you want to be displayed, e.g. the name of the application. Click Enter
  7. Right click on the new subkey and click New. Again select Key and enter the name "Command" and click Enter
  8. Click on the newly created Command and double click on "(Default)"
  9. Enter the path and name of the executable with %1, i.e.
    d:\program files\savedit\savedit.exe %1
  10. Close the registry editor

When you right click on a file the new entry will be displayed.

Q. I have entries on the Remove software list that don't work, how can I remove them?

A. Each entry on this list (Start - Settings - Control Panel - Add/Remove Programs) is an entry in the regisry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. Just remove the key for any entries you don't want.

Q. How can I disable Dr. Watson?

A. Dr. Watson can be disabled using the registry editor:

  1. Start the registry editor (regedit.exe)
  2. Goto HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
  3. Click on AeDebug and click Del

To re-enable Dr. Watson type drwtsn -i

Q. How do I create a network share?

A. It is possible to create a share from the command prompt by typing:

net share <share name>=<drive>:<dir> /remark="<description>"
e.g. net share john=c:\data\johndrv /remark="Johns drive"

A share can also be created using explorer:

  1. Start Explorer (Start - Programs - Windows NT Explorer)
  2. Right Click on a directory and select "sharing"
  3. Click the Sharing tab, and select "Shared as"
  4. Enter a description and click OK
  5. The directory will now have a hand on the directory

It is possible to add a $ to the end of the share so it will appear hidden, and not visible from a network browse.

Q. How do I connect to a network share?

A. You can connect to a network share using the command prompt:

net use <drive letter>: <UNC>
e.g. net use f: \\johnpc\john

A share can also be connected to using explorer:

  1. Start Explorer (Start - Programs - Windows NT Explorer)
  2. From Tools menu, select Map Network Drive
  3. Select a drive letter, and either enter the share path or browse the network and select
  4. Click OK

The advantage of using the "net use" command is you can connect to hidden shares, i.e. john$ (although you can also connect by manually typing the address in explorer), and also this can be used from within command files.

Q. How do I configure the boot menu to show forever?

A. The timeout is changed by editing the boot.ini file which is on the boot partition and changing the timeout parameter:

  1. Start a command session (Start - Run - Command)
  2. Set the attributes on c:\boot.ini to non-read and non-system
    attrib c:\boot.ini -r -s
  3. Edit the file and change the timeout to -1
    [boot loaded]
    timeout = -1
  4. Save your changes and set the file back to read only and system
    attrib c:\boot.ini +r +s

Q. How can I configure the machine to reboot at a certain time?

A. There is a command line utility shipped with the resource kit called SHUTDOWN.EXE that can be used to reboot the local machine

shutdown /l /r /y /c

Where /l tells it to shutdown the local machine, /r to reboot, /c to close all programs and /y to avoid having to say yes to questions. You can then combine this with the AT command (don't forget you need the Schedule service to be running (Start - Settings - Control Panel - Services) to use the AT command) to make this happen at a certain time:

AT <time> shutdown /l /r /y /c, e.g.
AT 20:00 shutdown /l /r /y /c

Additions to the at command could be /every:M,T,W,Th,F so it happens every day, e.g. AT 20:00 /every:M,T,W,Th,F shutdown /l /r /y /c

You will then be given 20 seconds before the machine is shutdown, to abort the shutdown type

shutdown /l /a /y

Q. How can I configure Explorer to start with drive x: ?

A. The procedure below is used to change the shortcut for Explorer in the start menu, however you could just as easily create a new shortcut on the desktop and then edit the properties of it and change the target.

  1. Start Explorer ( Start - Programs - Windows NT Explorer, or Win key + E)
  2. Move to %SystemRoot%/profiles/<your username>/Start Menu/Programs, e.g. d:/winnt/profiles/savillj/Start Menu/Programs
  3. Right click on Windows NT Explorer and select Properties, or select Properties from the File menu
  4. The target will be %SystemRoot%\explorer.exe, change this to %SystemRoot%\explorer.exe /e, <drive letter>:\ ,e.g %SystemRoot%\explorer.exe /e, e:\ would make explorer start at the E: drive (make sure you type to commas), you can also use /root, which forces the right hand pane to only show E: (not nice!), e.g. %SystemRoot%\explorer.exe /e, /root, e:\ .
    Also note that instead of just a drive letter, you can also specify a directory, e.g. %SystemRoot%\explorer.exe /e, e:\winnt\system32
  5. Click OK and exit Explorer

Q. How can I decrease the time my machine takes to shutdown/reboot?

A. It is possible to manually shutdown each service (well some of them) and then shutdown the machine. To identify which services are running enter the command

net start

(you can add > [filename] to the end to make it output to a file, i.e. net start > services.lst). You can then try to shutdown each of them by entering the command

net stop "<service name>" ,e.g. net stop "spooler". Some services will ask you to enter a y to confirm, and for these just add /y to the end. You will be able to build up a list of all the services that can be manually stopped, and you should put these in a .bat file, e.g.

net stop "Computer Browser""
net stop "Messenger"
.
.
net stop "Workstation"

To the end of the file add the command

shutdown /r /y /l /t:0

to reboot the machine (leave of the /r to just shutdown the machine). You may also want to add @echo off to the start of the file. You could add a check to accept an input parameter to reboot or shutdown, e.g. save this file as shutfast.bat, and call using shutfast reboot, or shutfast shutdown

@echo off
net stop "Computer Browser""
net stop "Messenger"
net stop "Net Logon"
net stop "NT LM Security Support Provider"
net stop "Plug and Play"
net stop "Protected Storage"
net stop "Remote Access Autodial Manager"
net stop "Server"
net stop "Spooler"
net stop "TCP/IP NetBIOS Helper" /y
net stop "Workstation"

if %1==reboot goto reboot
shutdown /l /y /t:0
exit
:reboot
shutdown /l /y /r /t:0
exit

You could add a shortcut on the desktop for this batch file with the relevant parameter.

You can also decrease the time NT waits for a service to stop before terminating it by performing the following:

  1. Start the registry editor (use regedt32.exe not regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
  3. Double click on WaitToKillServiceTimeout and change to the number of milliseconds, e.g. 10000 for 10 seconds, the default is 20000

Q. How can I change the startup order of the services?

A. Each service belongs to a Service Group, and it is possible to modify the order that the groups start:

  1. Start the Regitry Editor (regedt32.exe, not regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder
  3. Double click on List in the right hand pane
  4. You can then move the groups around in the list order
  5. Click OK
  6. Close the registry editor

See Knowledge Base Article Q102987 at http://www.microsoft.com/kb/articles/q102/9/87.htm for more information

Q. How can I configure the system so that certain commands run at boot up time?

A. There is a utility called AUTOEXNT which is supplied in a zip file. You use perform the following:

  1. From the AUTOEXNT.ZIP file extract the files autoexnt.exe, autoexnt.bat and servmess.dll to %systemroot%/system32
  2. Also extract the file INSTSRV.EXE to any directory (a temp directory will do)
  3. At the command prompt enter
    instsrv install
    This will create a new service called AutoExNT
  4. Edit the file %systemroot%/system32/autoexnt.bat and put in any commands you want to be run when the machine boots (such as a CHKDSK, etc.)

When the system boots in future the AutoExNT service will check for the existence of the file autoexnt.bat and execute any commands in it.

A version of this is also shipped with the resource kit, however it is better to use the downloadable version. To install the Resource kit version you have to type
instexnt install

Q. What are the .cpl files in the system32 directory?

A. Each .cpl file represents one or more control panel applets (Start - Settings - Control Panel). Below is a list of common .cpl files and what Control Panel Applets they represent

.cpl file name Control Panel Applets
ACCESS.CPL Accessibility options
APPWIZ.CPL Add/remove programs
CONSOLE.CPL Console
DESK.CPL Display
DEVAPPS.CPL PCMCIA, SCSI adapters and tape drives
INETCPL.CPL Internet
INTL.CPL Regional Settings
JOY.CPL Joystick
MAIN.CPL Fonts, keyboard, mouse and printers
MLCFG32.CPL Mail
MMSYS.CPL Sounds and multimedia
MODEM.CPL Modems
NCPA.CPL Network
NTGUARD.CPL Dr Solomons
ODBCCP32.CPL ODBC
PORTS.CPL Ports
RASCPL.CPL Dial up monitor
SRVMGR.CPL Server, services and devices
SYSDM.CPL System
TELEPHON.CPL Telephony
TIMEDATE.CPL Date/time
TWEAKUI.CPL TWEAKUI
UPS.CPL UPS

If you renames any of these files then the items they represent in the Control Panel would not be shown, e.g.
rename timedate.cpl timedate.non
would remove the date/time control panel applet.

Also, setting HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (REG_DWORD) to 1 will hide the Control Panel, Printers and My Computer in Explorer and Start Menu. You would normally need to create this value as it does not exist by default.

Q. How can I create a non-network hardware configuration?

A. You may have some machines that are not always connected to the network, and a solution is to create an alternate hardware profile which has all network devices and services disabled.

  1. Start Control Panel (Start - Settings - Control Panel)
  2. Start the System Control Panel Applet
  3. Select the Hardware Profiles tab
  4. Select the current configuration and click Copy
  5. In the To box enter the name "No Network" and click OK
  6. From the Available Hardware Profiles box, select "No Network" and click Properties
  7. Click the Network tab, and check the "Network disabled hardware profiles" box and click OK
  8. Check the wait for time is set, e.g. 30 seconds and then click OK
  9. You can also change the name of "Original Configuration" to "On Network" if you want by selecting it and clicking rename and typing the new name.

To actually use this configuration when you boot up the machine, after you select the operating system to load, e.g. "Windows NT Workstation 4.0" you will receive another menu with your hardware profile choices. Select the required and click enter.

Q. Can I administer my domain from an NT Workstation?

A. Yes, if you install the NT Server client based Administration tools:

  1. Insert the NT Server CD-ROM into your NT Workstation
  2. Run the file <CD-ROM drive>:\clients\srvtools\winnt\setup.bat. This will detect you processor and install the correct images into the %SystemRoot%\System32 folder. You will have to press return.
  3. Remove the CD-ROM
  4. You now need to create shortcuts either on the desktop or start menu for the applications:
    - dhcpadmn.exe --- DHCP Manager
    - poledit.exe --- System Policy Editor
    - rasadmin.exe --- Remote Access Administrator
    - rplmgr.exe --- Remoteboot Manager
    - srvmgr.exe --- Server Manager
    - usrmgr.exe --- User Manager for Domains
    - winsadmn.exe --- WINS Manager

Q. How can I remove the option "Press Spacebar for last known good config"?

A. The choice is hard coded into NT and therefore cannot be removed, however you can remove the functionality of what it does.

Several sets of configuration information are stored in NT, the current configuration and one or more sets of old configuration that are known to work. What NT does in the registry is to point to the current configuration and also a link to one of the other sets. It is possible to change the link to the last known good config, thus pressing space at bootup will have no effect.

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\Select (if you look at HKEY_LOCAL_MACHINE\SYSTEM you can see the control sets)
  3. Double click on LastKnownGood and change to whatever value Current is
  4. Click OK and exit the registry editor

Q. How do I enable drag and drop printing?

A. To enable drag and drop printing, all you have to do is create a shortcut to the printer on your desktop

  1. Double click on My Computer
  2. Double click Printers
  3. Right click on the printer, and drag to the desktop. Release and select "create shortcut here"

You can then just drag files over the printer and they will be printed (providing they are registered file types that NT knows how to print)

Q. How can I configure the command prompt?

A. When you are in a cmd.exe session, it is possible to change the prompt to display other information, such as time, date, OS version etc. To change the prompt just use

prompt <text>
e.g. prompt johns prompt

While basic text will work it is not very helpful, and below is a list of all the codes you can use

$A & Ampersand
$B | Pipe
$C ( Open parenthesis
$D Current date
$E Escape code (ASCII code 27)
$F ) Close parenthesis
$G > greater-than sign
$H Backspace (erases previous character)
$L < Less-than sign
$N Current drive
$P Current drive with path
$Q = Equal sign
$S Space
$T Current time
$V Windows NT version number
$_ Carriage return and linefeed

If you have command extensions, you can also use

$+ Zero or more + characters depending on the depth of the PUSHD directory stack
$M Displays the remote name associated with the current drive letter

Q. How do I enable/disable command extensions?

A. When you use CMD.EXE, there are various extensions which are enabled by default. To enable/disable perform the following

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_CURRENT_USER\Software\Microsoft\Command Processor
  3. Double click on EnableExtensions
  4. Set to 1 for them to be enabled, or set to 0 for extensions to be disabled
  5. Click OK

Q. How can I disable the OS2/POSIX subsystems?

A. It is possible to disable one or both of these

  1. Start the registry editor (regedt32.exe, not regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems
  3. Double click on Optional
  4. On each line is one subsystem, simply remove the one you wish to disable. If you want to disable both, set the value to Null
  5. Click OK
  6. Close the registry editor and reboot

Q. How can I configure NT to display a thumbnail of bitmaps as the icon instead of the Paint icon?

A. Perform the following, for best effect make explorer use large icons

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_CLASSES_ROOT\Paint.Picture\DefaultIcon
  3. Double click on Default in the left hand pane, and change to %1, click OK
  4. Close the registry editor. The change will take immediate effect.

Q. How can I configure NT to automatically refresh the screen?

A. Usually when you delete a file, create a new folder etc the screen does not update until you press F5 (for refresh), however you can automate this

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Update
  3. Double click on UpdateMode and change the value to 0, press OK
  4. Close the registry editor

This change is immediate and the next time you start Explorer the new auto update will be in effect.

Q. How can I run a control panel applet from the command line?

A. It is possible to run Control Panel applets from the command line by just typing

control <applet name>

There are some instances when the .cpl file represents more than one control panel applet when you need to pass a parameter of which applet to run, below is a list

e.g. control main.cpl printers
will run the printer control panel applet

However it is better to associate the .cpl extension with control.exe, which means you only need to type the applet name. This is accomplished using the assoc and ftype commands

assoc .cpl=ControlFile
ftype ControlFile=control.exe %1 %*

You can now just enter the command and it will run (be sure to include the .cpl extension).

For a full list of control panel applets to .cpl files see Q. What are the .cpl files in the system32 directory?

Q. How can I configure a program/batch file to run every x minutes?

A. NT comes with a powerful built in scheduling tool, the at command, however it is not really suitable for running a command every 5 minutes, to do this you would have to submit hundreds of at jobs to run at certain times of the day. There are a number of tools supplied with the Windows NT Resource Kit which will help.

The first is called sleep.exe, and is user to set a command file to wait for n seconds (like the timeout command), and its usage is simply
sleep 300
which would make the batch file pause for 5 minutes, so if you wanted a command file/program to run every 5 minutes you could write a batch file with the following (name run5.bat)
<program name>
sleep 300
run5

There are a number of problems with this approach, the command session has to stay open, and the 5 minutes does not start until the program has closed (however this can be solved by running the program in a separate thread by putting the word "start" in front of the program, e.g. start <program>).

Another program is called SOON.EXE and this schedules a task to run in n seconds from now, to use soon the scheduler service has to be running (start - settings - control panel - services). Again you could create a batch file to use it (runsoon.cmd)
soon 300 runsoon.cmd
notepad.exe
Run the command file using the at command or soon, e.g. from the command line
soon 300 runsoon.cmd
to get it started

Q. What registry keys do the Control Panel applets update?

A. The table below shows the control panel applet and the corresponding registry area, those not shown are stored in multiple areas.

Accessibility Options HKEY_CURRENT_USER\Control Panel\Accessibility
Date/Time HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation
Devices HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Display HKEY_CURRENT_USER\Control Panel\Desktop and HKEY_LOCAL_MACHINE\HARDWARE\RESOURCEMAP\VIDEO
Fonts HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
Internet HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Keyboard HKEY_CURRENT_USER\Control Panel\Desktop
Modems HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Unimodem
Mouse HKEY_CURRENT_USER\Control Panel\Mouse
Multimedia HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia
Ports HKEY_LOCAL_MACHINE\HARDWARE\RESOURCEMAP
Printers HKEY_CURRENT_USER\Printers
Regional Settins HKEY_CURRENT_USER\Control Panel\International
SCSI Adapters HKEY_LOCAL_MACHINE\HARDWARE\RESOURCEMAP\ScsiAdapter
Services HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Sounds HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default
Tape devices HKEY_LOCAL_MACHINE\HARDWARE\RESOURCEMAP\OtherDrivers\TapeDevices
Telephony HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony
UPS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS

Q. How can I run a script at shutdown time?

A. There is no direct way to accomplish this, however it is possable to write a script and then call the shutdown.exe utility that is shipped with the NT Resource kit

shutdown /l /y

You could then add a shortcut to this script on the desktop. An alternative is to use a utility called ShutUp which can be downloaded from http://www.zdnet.com/pcmag/download/utils/shutup-a.htm .

Q. How can I create my own tips to be shown when NT starts?

A. The tips that NT displays are stored in key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Tips, and can easily be edited using the registry editor. You will notice that the names of the values are incremented by one so to add a new tip just either edit an existing one or create a new value (of type string) and set its name to the next available number.

The tips are displayed sequentially and the counter is stored in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Tips\Next and can be changed if you want. The values are stored in hexadecimal.

To control if tips are shown set the value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Tips\show to 01000000 to display and 00000000 to not display.

Q. How can I change the location of the event logs?

A. In event viewer you will notice that there are 3 different logs, Application, System and Security and each of these are mapped to a .EVT file in the %systemroot%/system32/config directory, however for performance/disk space reasons you may wish to move them and this can be done by performing the following

  1. Start the Registry Editor (regedit.exe)
  2. Move to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog key. Under this key are 3 other sub-keys, Application, Security and System. Select on of them
  3. Under each of the sub-keys is a value called File, double click this value
  4. Edit the value to the location you require and click OK
  5. Repeat for the other 2 log settings
  6. Close the registry editor and reboot the machine for the change to take effect

Q. How can I configure the default Internet Browser?

A. When you start an Internet Browser they usually perform a check to see if they are the default browser, however you may have turned this check off and want to change the default browser

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_CLASSES_ROOT\http
  3. Expand the tree and move to HKEY_CLASSES_ROOT\http\shell\open\command, double click on default and set the string to the command you wish to run for Internet addresses, for example
    "E:\PROGRA~1\Plus!\MICROS~1\iexplore.exe" -nohome for Internet Explorer
    E:\Program Files\Netscape\Communicator\Program\netscape.exe -h "%1" for Netscape
    Click OK
  4. Move to HKEY_CLASSES_ROOT\http\shell\open\ddeexec\Application, and again double click Default, change to the browser, NSShell for Netscape, IExplore for Internet Explorer.
  5. You may also want to change the icon associated, move to HKEY_CLASSES_ROOT\http\DefaultIcon, (do I need to say) double click Default and set to the icon
    %SystemRoot%\system32\url.dll,0 Internet Explorer
    E:\Program Files\Netscape\Communicator\Program\netscape.exe,0 Netscape Navigator
  6. You should repeat the above for https as well, i.e. HKEY_CLASSES_ROOT\https\shell\open\command etc.

Q. I receive a RDISK error, disk is full.

A. When you run the rdisk.exe it updates the directory %systemroot%\repair with the following files

File Registry Hive
AUTOEXEC.NT This is not a registry hive but rather a copy of the autoexec.nt file located in the %systemroot%\system32 directory
CONFIG.NT As above
DEFAULT._ HKEY_USERS\.Default
NTUSER.DA_ New user profile
SAM._ Parts of HKEY_LOCAL_MACHINE\Security
SECURITY._ HKEY_LOCAL_MACHINE\Security
SETUP.LOG Details of location of system and application files along with cyclic redundancy check information for use with a repair
software._ HKEY_LOCAL_MACHINE\Software
system._ HKEY_LOCAL_MACHINE\System

As the system is used the files setup.log, sam._ and security._ will grow. The sam._ and security._ files are only updated if rdisk.exe is run with /s qualifier, e.g. rdisk /s.

If the contents of the %systemroot%\repair directory exceeds 1.44 MB then you will receive the error "The Emergency Repair disk is full. The configuration files were saved in your hard disk". You should look at the contents of the repair directory and ascertain which file is the problem, i.e. setup.log is 1MB!

If setup.log if the problem then you can perform the following.

  1. Create a copy of setup.log in the repair directory
    copy %systemroot%\repair\setup.log %systemroot%\repair\setup.backup
  2. Edit the setup.backup file using notepad
  3. Move to the [Files.WinNt] section and remove all entries except those starting with %systemroot%\system32 (or whatever %systemroot% equates to, e.g. winnt)
  4. Save the modified file
  5. Run RDISK.EXE
  6. When completed delete the setup.log that was created
    del %systemroot%\repair\setup.log
    And copy the backup version back
    copy %systemroot%\repair\setup.backup %systemroot%\repair\setup.log

If the problem is not setup.log and is that the sam._ and security._ files are too large then the problem is there are too many accounts on the system so you need to delete some of your user accounts :-) Only joking!

What you can do is locate an ERD that was created early in the computers life where the sam._ and security._ files are small and copy these to the %systemroot%\repair directory and in future do not run rdisk.exe with /s option. This does mean that account information will not be recoverable and you will need to know what the Administrator password was when the original ERD was created (as if it was used accounts would be set back to this state).

Obviously you will still want to be able to restore accounts in the event of a disaster so I would suggest one of the following

For more information see Knowledge base article Q130029 at http://premium.microsoft.com/support/kb/articles/q130/0/29.asp

Q. How can I change the alert for low disk space on a partition?

A. By default when a partition has less than 10% free disk space an event ID 2013 is created with the following text

"The disk is at or near capacity. You may need to delete some files".

To view these events use Event Viewer, however it is possible to change the percentage that the alert is created

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
  3. If the value DiskSpaceThreshold exists then double click on it and skip to step 5
  4. If the value does not exist, from the Edit menu select New - DWord value. Enter a name of DiskSpaceThreshold. Click OK then double click on the new value
  5. Set the base to decimal and enter a value that you want the event to be generated at from 0-99.
  6. Click OK
  7. Restart the machine

Q. Is it possible to delete/rename the Administrator account?

A. It is not possible to delete the Administrator account, if you try and delete it an error "Cannot delete built in accounts" will be displayed. You can however rename it, in fact it is recommended that the account be renamed to avoid the possibility of hacking, most hackers try to enter a system using an admin account. To rename the Administrator account perform the following

  1. Log onto the machine as an Administrator
  2. Start User Manager (or User manager for Domains)
  3. Select the Administrator account and select Rename from the User menu.
  4. Enter a new name and click OK

Q. How can I tell NT how much secondary cache (L2) is installed?

A. NT will try and detect how much L2 cache is installed at startup time however it cannot always tell and will use a default of 256. If you have more you can manually configure NT with your exact amount

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
  3. Double click on SecondLevelDataCache
  4. Click the decimal base and then enter the amount, e.g. 512 if you have 512K of cache.
  5. Click OK
  6. Close the registry editor and reboot the machine

Q. What commands can be used to configure the command window?

A. The commands below may be useful:

mode con lines=n - Where n is the number of lines to keep (if n is larger than can fit on the screen a scroll bar will be added)
mode con cols=n - Where n is the number of columns to show (again a scroll bar will be added)

Q. What switches can be used in boot.ini?

A. The boot.ini file has a number of lines and some of these relate to the Windows NT Operating system, e.g.

multi(0)disk(0)rdisk(0)partition(2)\WINNT="Windows NT Workstation Version 4.00"

There are a number of switches that can be appended to the Windows NT startup line to perform certain functions. To edit the file perform the following

  1. Start a command session (cmd.exe)
  2. Modify the attributes on the file c:\boot.ini to make the file editable
    attrib c:\boot.ini -r -s
  3. Edit the file
    edit c:\boot.ini
  4. Once finished save the file and reset the files attributes
    attrib c:\boot.ini +r +s

The switches that can be added are as follows

/BASEVIDEO The computer starts up using the standard VGA video driver. Use this if you have installed a graphics driver that is not working.
/BAUDRATE Specifies the baud rate to be used for debugging. If you do not set the baud rate, the default baud rate is 9600 if a modem is attached, and 19200 for a null-modem cable.
/CRASHDEBUG The debugger is loaded when you start Windows NT, but remains inactive unless a Kernel error occurs. This mode is useful if you are experiencing random, unpredictable Kernel errors.
/DEBUG The debugger is loaded when you start Windows NT, and can be activated at any time by a host debugger connected to the computer. This is the mode to use when you are debugging problems that are regularly reproducible.
/DEBUGPORT= comx Specifies the com port to use for debugging, where x is the communications port that you want to use.
/HAL=<hal> Allows you to override the HAL used, for example using a checked version
/KERNEL=<kernel> Same as above but for the kernel
/MAXMEM:n Specifies the maximum amount of RAM that Windows NT can use. This switch is useful if you suspect a memory chip is bad.
/NODEBUG No debugging information is being used.
/NOSERIALMICE=[COMx | COMx,y,z...] Disables serial mouse detection of the specified COM port(s). Use this switch if you have a component other than a mouse attached to a serial port during the startup sequence. If you use /NOSERIALMICE without specifying a COM port, serial mouse detection is disabled on all COM ports.
/ONECPU Disables the second (third, fourth) processor(s) in a multiple cpu machine.
/PCILOCK Stops Windows NT from dynamically assigning IO/IRQ resources to PCI devices and leaves the devices configured by the BIOS.
/SOS Displays the driver names while they are being loaded. Use this switch if Windows NT won't start up and you think a driver is missing. This option is configured by default on the [VGA] option on the boot menu.

You can then edit the boot.ini file and either add Windows NT startup entries or modify existing entries, for example you could add a debug entry in the file as follows

multi(0)disk(0)rdisk(0)partition(2)\WINNT="Windows NT Workstation Version 4.00 [debug]" /debug /debugport=com2

Q. How can I change the Volume ID of a disk?

A. Windows NT provides functionality to change the volume name of a disk by using the command

label <drive>: <label name>

Windows NT does not provide built in functionality to change Volume ID's, however NT Internals has produced a free utility that can be downloaded from http://www.ntinternals.com/misc.htm called VolumeID which can change the volume ID of a FAT or NTFS volume. To view a drives current Volume ID you can just perform a dir <drive>: and the volume serial number is shown on the second line down, e.g.

Volume in drive E is system
Volume Serial Number is BC09-8AE4

To change enter the command

volumeid <drive letter>: xxxx-xxxx

Q. Is it possible to move the Task bar?

A. The Task bar can be moved any of the 4 sides, left, right, top and bottom. To move just single click on the task bar and drag to the side you wish the task bar to reside on.

If you have lost the task bar just press Ctrl-Esc to redisplay.

Q. How can I change the default editor used for editing batch files?

A. By default if you right click on a batch file and select Edit then the batch file will be opened in Notepad, however the application used can be changed as follows:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_CLASSES_ROOT\batfile\shell\edit\command
  3. Double click on default
  4. Change the value to the editor you want to use, e.g. for word change it to
    D:\Program Files\Microsoft Office\Office\winword.exe %1
  5. Once completed click OK and close the registry editor

There is no need to reboot, the change take immediate affect. To reset back to notepad change the entry to

%SystemRoot%\System32\NOTEPAD.EXE %1

Q. What are the default protections on an NTFS boot partition?

A. Below is a list from Knowledge base article Q172008 at http://support.microsoft.com/support/kb/articles/q172/0/08.asp

<root>:\- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   System - Full Control

<boot partition>:\Msapps and <subdirectories>- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\Program Files and <subdirectories>- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\Temp- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   System - Full Control

<boot partition>:\Users- 

   Administrators - Special (RWXD)
   Everyone - List (RX)
   System - Full Control

<boot partition>:\Users\Default- 

   Creator/Owner - Full Control
   Everyone - Special (RWX)
   System - Full Control

<boot partition>:\Win32app- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Read (RX)
   Server Operators - Full Control
   System - Full Control

<boot partition>:\%SystemRoot%- 

   Administrators- Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\Config- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\Cookies- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\Cursors- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\Desktop- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\Fonts- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\Help- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\History- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\Inf- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\Java and <subdirectories>- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\Media- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\Nwspool- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\Profiles- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\profiles\Administrators 

   Administrators - Full Control
   System - Full Control

<boot partition>:\%SystemRoot%\profiles\All Users and <subdirectories>- 

   Administrators - Full Control
   Everyone - Read
   System - Full Control

<boot partition>:\%SystemRoot%\profiles\Default User and <subdirectories>- 

   Administrators - Full Control
   Everyone - Read
   System - Full Control

<boot partition>:\%SystemRoot%\Profiles\<username> and <subdirectories>- 

   Administrators - Full Control
   <username> - Full Control
   System - Full Control

<boot partition>:\%SystemRoot%\Repair- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Read
   Server Operators - Full Control
   System - Full Control

<boot partition>:\%SystemRoot%\Shellnew- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\System- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\System32- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\System32\Cache- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\System32\Dhcp- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Read (RX)
   Server Operators - Full Control
   System - Full Control

<boot partition>:\%SystemRoot%\System32\Drivers and <subdirectories>- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Read (RX)
   Server Operators - Full Control
   System - Full Control

<boot partition>:\%SystemRoot%\System32\Inetsrv and <subdirectories>- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\System32\Lls- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\System32\Logfiles- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\System32\Netmon and <subdirectories>- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\System32\Os2 and <subdirectories>- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\System32\Ras 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change (RWXD)
   Server Operators - Full Control
   System - Full Control

<boot partition>:\%SystemRoot%\System32\Repl 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Read (RX)
   Server Operators - Full Control
   System - Full Control

<boot partition>:\%SystemRoot%\System32\Repl\Export and <subdirectories>- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Read (RX)
   Replicator- Change (RWXD)
   Server Operators - Change (RWXD)
   System - Full Control

<boot partition>:\%SystemRoot%\System32\repl\import and <subdirectories>- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Read (RX)
   Replicator- Change (RWXD)
   Server Operators - Change (RWXD)
   System - Full Control

<boot partition>:\%SystemRoot%\System32\Spool and <subdirectories>- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Read (RX)
   Print Operators- Full Control
   Server Operators - Full Control
   System - Full Control

<boot partition>:\%SystemRoot%\System32\Viewers- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

<boot partition>:\%SystemRoot%\System32\Spool\Wins- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change (RWXD)
   Server Operators - Change (RWXD)
   System - Full Control

<boot partition>:\%SystemRoot%\Temporary Internet Files and <subdirectories> 

   Administrators- Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

Any other directories- 

   Administrators - Full Control
   Creator/Owner - Full Control
   Everyone - Change
   Server Operators - Change
   System - Full Control

These permissions do not apply to a drive that is converted to NTFS using the CONVERT utility. A converted NTFS drive consists of all files and directories with Everyone - Full Control as the default permission. To reset to the normal protections see Q. How can I restore the default permissions to the NT structure?

Q. How do I configure the default keyboard layout during login?

A. You can change the keyboard layout using the keyboard control panel applet (start - settings - control panel - keyboard - Input Locales) however this does not affect the layout used during logon (which is by default English (United States)). To change this perform the following:

  1. Start the registry editor  (regedit.exe)
  2. Move to HKEY_USERS\.DEFAULT\Keyboard Layout\Preload
  3. Double click on 1 and change the number to your local layout (you could get this by looking at HKEY_CURRENT_USER\Keyboard Layout\Preload1). Click OK
  4. You may also change HKEY_USERS\.DEFAULT\Control Panel\International\Locale to this value however it is not mandatory to do so.
  5. Close the registry editor
  6. Logoff and then on again

A table of the codes to the countries is given below:

00000402 Bulgarian
0000041a Croatian
00000405 Czech
00000406 Danish
00000413 Dutch (Standard)
00000813 Dutch (Belgian)
00000409 English (United States)
00000809 English (United Kingdom)
00001009 English (Canadian)
00001409 English (New Zealand)
00000c09 English (Australian)
0000040b Finnish
0000040c French (Standard)
0000080c French (Belgian)
0000100c French (Swiss)
00000c0c French (Canadian)
00000407 German (Standard)
00000807 German (Swiss)
00000c07 German (Austrian)
00000408 Greek
0000040e Hungarian
0000040f Icelandic
00001809 English (Irish)
00000410 Italian (Standard)
00000810 Italian (Swiss)
00000414 Norwegian (Bokmal)
00000814 Norwegian (Nynorsk)
00000415 Polish
00000816 Portuguese (Standard)
00000416 Portuguese (Brazilian)
00000418 Romanian
00000419 Russian
0000041b Slovak
00000424 Slovenian
0000080a Spanish (Mexican)
0000040a Spanish (Traditional Sort)
00000c0a Spanish (Modern Sort)
0000041d Swedish
0000041f Turkish

These can also be seen in the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout\DosKeybCodes

Q. How can I add my own information to General tab of the System Control Panel applet?

A. When you receive a PC from a manufacturer you may see extra lines of description text and a company logo in the General tab of a System Control Panel applet, and this can be changed or added as follows:

  1. Create a bitmap you want with dimensions 180 by 114. Save the picture in the %systemroot%/system32 folder (e.g. d:\winnt\system32) with a name of OEMLOGO.BMP. If the picture is greater than this size then it will be clipped from the top left corner. If it is smaller then a black border will be added.
  2. Create the file %systemroot%/system32/OEMINFO.INI (e.g. d:\winnt\system32\oeminfo.ini) with the following format:
    [general]
    Manufacturer=SavillTech Ltd
    Model=SuperDuper 1
    [Support Information]
    Line1=" "
    Line2="For support ...."
    Line3=" "

You do not need to reboot the machine, the system control panel applet will pick up the files when started. The information above would give the following:

sysgen.gif (15357 bytes)

Q. How can I change the program associated with a file extension?

A. The easiest way is to:

  1. Start Explorer
  2. Hold down the shift key and right click on a file with the extension you wish to change
  3. From the context menu displayed select the "Open with"
  4. Select the Application from the list (or click other) and check the "Always use this program to open this type of file"
  5. Click OK

An alternative method is to:

  1. Start Explorer
  2. Select Options (or Folder Options for IE 4.0 installations) from the View menu
  3. Click "File Types" tab
  4. Select the File type and click Edit
  5. You can edit the open and print actions for the file type. To change the open select Open in the actions and click Edit, you can then change the command
  6. Click OK when finished

Q. Can I remove one of the startup folders on the Start Menu?

A. Unfortunately no, one is your own user startup folder (%system root%\Profiles\<Username>\Start Menu\Programs\Startup) and the other is the All Users (%system root%\Profiles\All Users\Start Menu\Programs\Startup). Both are system files and therefore undeletable.

System Policy

Q. How do System Policies work?

A. You have a different System Policy for Windows 95 machines, and Windows NT machines. The Windows NT Policy editor is shipped with Windows NT server, and the Windows 95 System Policy editor is on the Windows 95 CD-ROM in the \ADMIN\APPTOOLS\POLEDIT directory. Policies alter registry settings on the target machine, and once the registry settings have been changed, the changes remain until changed by something else, therefore if you implement restrictions they will remain even if the policy file is deleted. By default, Windows clients look for policy files in the NETLOGON share on the domain controller (for NT, the machine that validates the logon, for Windows 95 the PDC unless you implement load balancing). Windows NT looks for the policy file NTCONFIG.POL and Windows 95 machines CONFIG.POL.

An important thing to note, is that NTCONFIG.POL/CONFIG.POL are not copied to BDC's by default and you have to setup directory replication.

Q. How do I modify a Policy?

A. In this example we will modify the Logon Banner:

  1. Start the System Policy Editor (Start - Programs - Administrative Tools - System Policy Editor)
  2. Select New Policy from the File menu
  3. Double click on Local Computer
  4. Double click on Windows NT System and the double click Logon
  5. Click on Logon Banner until it changes to a tick
  6. Enter a caption and text and click OK
  7. From the File menu, select Save as
  8. Save in the %system root%/system32/repl/Import/Scripts as NTCONFIG.POL
  9. Close the System Policy Editor

Q. How do I create my own Policy template?

A. When system policy editor is run you can select which templates to include. There are 3 which are supplied with NT, and are stored in the %systemroot%/inf directory

The only ones you will use normally are common.adm and winnt.adm. Windows.adm was supplied for compatibility with windows95 machines, however policies created with Windows NT will not work on Windows 95 so this template is not used.

To select which templates to use, select "Policy template" from the options menu.

The structure of an adm file is simple and follows the structure shown below

CLASS MACHINE or USER

CATEGORY !!<string for first level>
____CATEGORY !!<string for second level> this is optional
________POLICY !!<string for name to be displayed next to check box>
________KEYNAME !!<string for the keyname where the value is, do not include the first \>
____________VALUENAME !!<actual value name>
____________VALUEON "1" VALUEOFF "0"
____________PART !!<displayed in the bottom of the system policy screen> TEXT
____________END PART
________END POLICY
____END CATEGORY
END CATEGORY

[strings]
<strings defined>="Windows NT Network"

Simple! The !! means what's after is a string and has to then be defined in the [strings] section. You don't have to use strings and can just put the entries directly be enclosing in quotes if it contains a space, it just might help for long key names if used repeatedly. For every keyword (except for class) there must be a end keyword, e.g. for category there must be a end category, same as an if and endif etc.

For examples, look at the common.adm and winnt.adm files and then compare to how they look in the system policy editor to get the display and effect you want. There are many other combinations and effects such as a drop down box which can be accomplished using the following

____PART !!<string> ____DROPDOWNLIST
____VALUENAME ""<actual value>
________ITEMLIST
____________NAME "<string>" VALUE NUMERIC n
____________NAME "<string>" VALUE NUMERIC n
____________NAME "<string>" VALUE NUMERIC n
________END ITEMLIST
____END PART

Q. Where can I get information on Profiles and Policies?

A. There is an excellent page at http://www.usyd.edu.au/su/is/dts/DTSwinNTProfiles.html which covers the subject well.

Security

Q. How do I enable auditing?

A. Logon as the Administrator (or a member of the Administrators group) and perform the following

  1. From the Start Menu, Programs, Administrative Tools and start User Manager
  2. From the Policies menu, select Audit
  3. Enable the events you want to Audit and click OK
  4. Exit User Manager

It is also possible to configure auditing on a file/directory. Right click on the file/directory, select properties, and select the security tab and then select auditing.

Q. How do I view/clear the security log?

A. Logon as the Administrator (or a member of the Administrators group) and perform the following

  1. From the Start Menu, Programs, Administrative Tools and start Event Viewer
  2. From the Log menu, select Security
  3. Double click any entry for more information
  4. Close the individual event information window
  5. To clear, select Log and clear all events. It will ask if you want to save the info, click No.
  6. It will prompt again if you are sure, click Yes
  7. Close Event Viewer

Q. Where can I get more information on the Event Viewer?

A. See Frank Heyne: Windows NT Eventlog (English) for more information

Q. Where can I get information on NT security problems?

A. There are various sites:

Q. How can I restore the default permissions to the NT structure?

A. Follow the procedure below:

  1. Logon as administrator.
  2. The built-in SYSTEM account needs access to the Windows NT default directories and subdirectories. To get this access, do the following:
    - In File Manager use Security/Permissions to grant the SYSTEM account FULL CONTROL to the root directory of the NTFS volume that contains Windows NT.
    - Next, select the option to Replace Permissions on Subdirectories, which gives SYSTEM access to the entire volume
  3. Start Registry Editor (Regedit.exe).
  4. Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager
  5. Double-click the value BootExecute.
  6. Under BootExecute, you may find a few entries, such as:
    autocheck autochk *
    After any entries, add on a separate line:
    setacl /a \DosDevices\<systemdrive>:\<winnt_root>\System32\winperms.txt \DosDevices\<systemdrive>:
    Here <systemdrive> is the drive that Windows NT is installed on and <winnt_root> is the Windows NT root directory on that drive.
  7. Save changes by clicking OK.
  8. Exit the registry editor and restart the computer.
  9. On restart, the system will set security on the system files to the norm

The procedure above will only work on an NT 3.51 system. To perform the above on an NT 4.0 system you require the Windows NT Resource Kit SUpplement 2 and should perform the following

  1. Logon as an Account that has "Backup files and folders" privilege
  2. Run the FIXACLS.EXE utility (Start - run - fixacls)
  3. Click the Continue button
  4. Click OK when completed.

FIXACLS sets the permissions to the values defined in %SYSTEMROOT%\INF\PERMS.INF. Therefore, access to this file is also required to run FIXACLS.

Q. How can I copy files and keep their security and permissions?

A. By default when you copy files from one NTFS partition to another, the files inherit their protections from the parent directory. It is possible to copy the files and keep their settings using the SCOPY program that comes with the NT resource kit. SCOPY can copy owner and security audit information:
SCOPY c:\savilltech\secure.dat d:\temp\ /o /a
would copy the owner and auditing information. You can also use /s to copy information in subdirectories.

The restriction for this command is that both the origin and target drives must be NTFS or the command will fail.

Q. How do I enable auditing on certain files/directories?

A. Auditing is only available on NTFS volumes. Follow the instructions below:

  1. Start Explorer
  2. Right click on the file/directory you want to audit, and from the context menu select properties
  3. Select the Security tab and click Auditing
  4. If you have selected a directory, check the "replace auditing on subdirectories"
  5. Click the Add button and add the user(s) who you wish to audit by selecting and clicking Add. When finished adding users, click OK
  6. Select the events you wish to audit and then click OK

You must ensure that File access auditing is enabled (Start - Programs - Administrative Tools - User Manager - Policies - Audit).

These events can then be viewed using the Event Viewer (Start - Programs - Administrative Tools - Event Viewer - Log - Security)

Q. How do I use the System Key functionality of Service Pack 3?

A. Service Pack 3 introduced a new feature in NT with the ability of increasing security on the SAM database. This is performed by introducing a new key in one of 3 modes

  1. A secure key generated by the system which is used to encrypt the SAM which is stored on the local hard disk
  2. A secure key generated by the system which is stored on a floppy disk which has to be placed in the computer at bootup
  3. A password given by the user is used to encrypt the SAM and has to be entered on bootup

To generate the system key you use the syskey.exe, however be warned, once you activate the encryption you cannot turn it off without performing a system recovery using an ERD produced before syskey was enabled. To enable encryption perform the following

  1. Make sure Service Pack 3 is installed
  2. Log on to the system as a member of the Administrators group (only administrators can run syskey.exe)
  3. Create a new ERD (rdisk /s) and store somewhere safe and label the disk "Pre System Key ERD"
  4. Run the System Key generation utility (Start - Run - syskey.exe)
  5. A dialog box will be displayed with encryption disabled. Select Encryption enabled and click OK
  6. Click OK to the warning dialog box
  7. Select which of the 3 encryption modes you require, if password enter a password and then enter again for verification. If you choose stored on floppy disk you will be prompted to insert a disk and then click OK.
  8. Click OK and a success message will be displayed, click OK
  9. You now need to reboot the machine
  10. Once rebooted you should create a new ERD (rdisk /s)

Once rebooted if you choose a password once the GUI phase of NT starts a dialog box will be displayed and you should enter the password you gave and click OK, after that you may log on as normal. If you choose floppy disk you will be prompted to insert the disk and then click OK

Although you cannot remove the system key, you can change the mode by running syskey.exe and click Update. You will be asked to either enter the existing password or insert the system key floppy if changing from one of these modes.

For more information see Q143475 at http://www.microsoft.com/kb/articles/q143/4/75.htm

Q. How do I remove the System Key functionality of Service Pack 3?

A. As stated in the previous FAQ there is not a simple remove function however if you restore the SAM from an ERD that was taken before the system key was enabled, it will remove this feature from the system.

  1. Boot off of the NT installation disks
  2. After disk 2 press R for repair
  3. Deselect everything except "Inspect registry files" and select continue
  4. Continue as per normal, inserting disk 3 and then the ERD (the one created before syskey was run)
  5. Once completed reboot and you should no longer have the system key in use

Q. How can I configure the system to stop when the security log is full?

A. To avoid security logs being lost you can configure the system to halt if the security log becomes full so that only Administrators can logon, they can then archive the log and purge

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. If CrashOnAuditFail exists then skip to step 4, if not from the Edit menu select New - DWORD value and enter a name of CrashOnAuditFail. Click OK
  4. Double click on CrashOnAuditFail and set to either:
    1 - Stop if the audit log is full
    2 - This is set by the operating system just before the system crashes due to a full audit log. When set to 2 only the administrator can logon.
  5. Close the registry editor

When this happens the OS will display a BSOD.

Backup's

Q. What backup software is available for Windows NT?

A. Windows NT ships with NTBACKUP.EXE which is suitable for backing up most installations however its features are quite basic, for the larger more complex installations one of the following may be worth a look

Q. How do I add a tape drive?

A. Before you can add a tape drive you should first ensure that the correct SCSI driver is loaded for the card the tape drive is connected to. Once the SCSI driver is loaded you should perform the following

  1. Start the Tape Devices control panel applet (Start - Settings - Control Panel - Tape Devices)
  2. Click the detect button for NT to detect your tape drive. If this works goto step 5
  3. If the drive could not be detected the click the drivers tab
  4. Click the Add button and select your tape drive from the list or click the Have Disk button and select the location for the driver.
  5. Click OK
  6. Restart the computer

Q. What types of backup does NTBACKUP.EXE support?

A. NTBACKUP.EXE supports 5 different types of backups

Q. What backup strategies are available?

A. The main backup strategy is on a weekly plan as follows

As you know an incremental backup only backs up those files that have changed since the last backup and then sets them as backed up so this type of backup should be quite fast. In the event of a failure you would have to first restore the normal backup and then any subsequent incremental backups.

An alternative would be as follows

Differential backups and incremental backups are the same except that differential does not mark the files as backed up, therefore files backed up on Monday will still be backed up on Tuesday etc. Therefore to restore the backup you would only need to restore the normal backup and the latest differential backup.

It is important to not just have on week's worth of tapes, you should have a tape rotation and have maybe 10 tapes and rotate on a fortnightly basis.

If you wanted an extra backup as a one off you would use a copy backup as this does a full backup but does not mark files as backed up and therefore would not interfere with other backup schemes in use.

Q. What options are available when using NTBACKUP.EXE?

A. Once you start NTBACKUP a list of all drives on the machine will be shown. You can either select a whole drive or double click on the drive and then select directories. Once you have selected the drives/directories click the Backup button.

When performing a backup there are a number of fields that should be completed.

Q. Can I run NTBACKUP from the command line?

A. NTBACKUP is fully usable from the command line using the format below

ntbackup <operation> <path> /a /b /d "text" /e /hc:<on/off> /l "<filename>" /r /t <backup type> /tape:n /v

The parameters have the following meanings

<operation> This will be backup . If you wanted to eject a tape you could enter eject (but must also include the /tape parameter)
<path> The list of drives and directories to be backed up. You may not enter file names or use the wildcard character
/a Append backup sets to the end of the tape. If /a is omitted then the tape will be erased
/b Backup the local registry
/d "text" A description of the tape
/e Logs only exceptions
/hc:<on/off> If set /hc:on then hardware compression will be used, if /hc:off then no hardware compression will be used.
/l "<filename>" Location and name for the logfile
/r Restricts access (ignored if /a is set)
/t <backup type> The type of backup, normal, Incremental, Differential, Copy or Daily
/tape:n Which tape drive to use (from 0 to 9). If omitted tape drive 0 is used
/v Performs verification

Q. How do I schedule a backup?

A. Before a backup can be scheduled, you must ensure the scheduler service is running on the target machine, it does not have to be running on the issuing machine. For information on the schedule service see Q. How do I schedule commands?

Once the scheduler service has been started it is possible to submit a backup command using the ntbackup.exe image (image is a name for an executable)

at 22:00/every:M,T,W,Th,F ntbackup backup d: /v /b

The command above would schedule a backup at 10:00 p.m. on weekdays of drive D: and the local registry with verification.

Q. How do I restore a backup?

A. To restore a backup saveset is simple and will depend on what was backed up, however the basics are

  1. Start NTBACKUP (Start - Administrative Tools - Backup)
  2. Double click on the tape unit that has the backup saveset you want. Select the saveset
  3. Check the Restore File Permissions if the saveset was backed up off of a NTFS volume
  4. Click OK

Q. How do I backup open files?

A. Sometimes fills can be corrupted as a backup program will try to backup an open file and when restored the file is corrupt. To stop NTBACKUP from backing up open files perform the following

  1. Start the registry editor
  2. Move to HKEY_CURRENT_USER\Software\Microsoft\Ntbackup\Backup Engine
  3. Check "Backup files in use". If it is set to 1 double click on the value and set to 0. Click OK
  4. Close the registry editor

If you do have "Backup files in use" set to 1 then you should also set the following parameter

HKEY_CURRENT_USER\Software\Microsoft\Ntbackup\User Interface\Skip open files

The values for this are

0 - Do not skip the file, wait till it can be backed up
1 - Skip files that are open/unreadable
2 - Wait for open files to close for Wait time (which is another registry value in seconds)

For more information have a look at Q159218 (http://premium.microsoft.com/support/kb/articles/q159/2/18.asp)

To backup open files without corruption you should look at Open File Manager software from http://www.stbernard.com (yeah the advert with the cute dog!). You can download a 15 day free trial.

Q. What permissions do I need to perform a backup?

A. The operator performing the backup requires the "back up files and directories" user right. This can be given directly using user manager, or the preferred way is to make the user a member of either the Administrators group or the backup operators group.

Q. How do I backup the registry?

A. Most of the registry hives are open, making them unable to be copied in the normal way, however there are several methods available to you

Recovery

Q. How do I create an Emergency Repair Disk?

A. From the Start Menu, select Run, and type RDISK. Click on Update Repair Info. It will then recreate the repair information stored in the winnt\repair directory. It will ask if you want to create a repair disk, insert a blank formatted disk and select Yes. RDISK /S updates the information in the %systemroot%/repair and also the SAM and SECURITY keys. Permissions on the repair should be strict as a user with access to the files could create a repair disk and use it to crack the system passwords.

Q. How do I create an NT Boot Disk?

A. Follow the steps below

  1. Format the disk using NT, this is so the boot sector of the disk can find Ntldr
  2. Copy over Ntldr, NTdetect.com and Boot.ini
  3. If you have a non-SCSI enabled BIOS and use a SCSI adapter you will also need Ntbootdd.sys

Q. I get the error "Can't find NTLDR"

A. This is a core file which must be in the root directory, and that fact that it cannot find it may mean other files are also missing, however to fix this problem perform the following:

  1. Boot the system with a DOS bootable floppy disk (if it is a FAT partition). If it is a NTFS partition use the NT boot disk shown in the above step
  2. In the i386 directory of the CD-ROM there will be a file NTLDR._, which is the compressed version of NTLDR.
  3. You can expand this file using expand.exe that comes with DOS and Windows for Workgroups
    expand d:\i386\ntldr._ c:\ntldr.

Q. How do I recover a lost administrator password?

A. If there are no other accounts in the administrator group then the only way is to reinstall NT into a new directory (not the same, as it will upgrade and see the old password) and it will let you enter a new Admin password. Also if you have an old ERD that you knew the password at time of making, you could use this and restore the SAM and security portions of the registry.

There is also a piece of software from http://www.winternals.com that can break into an NT system (LockSmith) that will change any password. The software is not free, and will cost around US$100.

A similar piece of software is also available from http://www.mirider.com that allows you to boot off of a set of disks and change the Administrator password.

Q. I have set a drive to no access, now no-one can access it.

A. Logon as an Administrator and then perform the following

  1. Start Explorer
  2. Right click on the drive, and select Properties
  3. Select the Security tab, and click on Ownership
  4. Click "Take Ownership"
  5. Messages will be displayed "You do not have access to the directory, do you wish to set the protection to Full Access", to which you should click Yes

Q. If I copy a file with Explorer or from the command line, the permissions get lost.

A. The only time a file keeps it permissions if is it is moved on the same partition. If it is copied it inherits the protection of the owning directory (a move across drives is a copy and delete). Also FAT does not support permissions so anything copied to FAT will lose protections.

Q. How can I get my taskbar back?

A. Press Ctrl-Alt-Del, then select Task Manager, click the applications tab, select New Task, and type Explorer.

Q. I get the error "NTOSKRNL.EXE missing or corrupt" on bootup.

A. This is usually due to an error in the boot.ini file. The entry for NT is either missing or incorrect. Edit the boot.ini file and check the entry for NT is correct, for example for an IDE disk the entry should look something like
multi(0)disk(0)rdisk(0)partition(2)\winnt="Windows NT workstation"
Check that disk and partition are correct. If you have recently added a new disk or altered the partitions try changing the disk() and partition() values. If you are sure everything is OK, then the actual file may be corrupt so copy NTOSKRNL.EXE off of the installation CD onto the %systemroot%/system32 directory.

Q. How do I configure Directory Replication?

A. Directory Replication is the process of replicating directories and their contents from one machine to one or more machines. The only machines that can be export servers are Windows NT Server machines. Import servers can be an NT server, NT workstation or OS/2 LAN Manager machine.

The main usage for Directory Replication is for the export of login scripts from the PDC to the BDC(s), where the PDC is the export server and the BDC the import server. This means when you login the BDC can also supply the login script as well as the authentication of the user, leaving the PDC free. This is the case that will be explained below.

  1. You must add an account that will be used for the Directory Replication (i.e. Repuser). You cannot use the name Replicator as there is a user group of this name. Start User Manager for Domains (Start - Programs - Administrative Programs - User Manager for Domains)
  2. From the User menu, select New User.
  3. Name the user RepUser, with a full name and description. Set the password.
  4. Unselect "User must change password at next logon" and select "Password never expires"
  5. Click Groups and add to "Backup Operators" group
  6. Click Hours and ensure the user has 24hours for all days
  7. Close User Manager for Domains

The user has now been added to the domain, and the export server now needs to be configured

  1. Logon to the Export Server machine, the Primary Domain Controller as an Administrator
  2. From Control Panel click on Services
  3. Select "Directory Replication" and click Startup. Select Automatic, and for "Log on as" click the "..." button and select the Repuser and click Add. Next type in the password for the Repuser that you set.
  4. Click OK and a message "User <domain>\Repuser has been granted the Logon as a Service right and added to the local Replicator local group" will be displayed.
  5. Close the Services Control Panel applet
  6. Double click the "Server" Control Panel applet and click the Replication button
  7. In the export by default it will show %systemroot%/system32/Repl/Export which is where login scripts should be held. Clear any entries in the Export or Import machine list.
  8. Make sure "Export Directories" and "Import Directories" are checked, and close the Replication applet.
  9. From the Services Control Panel Applet click on "Directory Replication" and click Start
  10. Logoff of the PDC and logon to the BDC (or whatever the import machine)
  11. Start the Services Control Panel Applet and as before enable the Replication Service to automatically start at reboot but do not manually start it now.
  12. Start the Server Control Panel Applet and select Replication
  13. Select "Import Directories" and check the list of machines to import from is blank
  14. Click OK and it will start the "Directory Replication" service

You may be wondering why you should keep your login scripts in the export area, when your NETLOGON share is import/scripts, well it will actually replicate to itself from the export/scripts to import/scripts so they will be the same.

Some people have problems with replication and adding Repuser to the Domain Administrators group may fix the problem. Also only directories directly under the /export directory will be replicated, files will not be, they have to be in a subdirectory of export.

Q. What tuning can I perform on Replication?

A. There are several registry settings that can be configured for Replication:

Q. How do I remotely create an Emergency Repair Disk?

A. You can schedule an ERD creation using
at \\<machine name> <time> /interactive /every:M,T,W,Th,F %windir%\system32\rdisk /s-

It may be preferable to store the contents of this disk on a location at the server, so the following batch script could be used:

%windir%\system32\rdisk /s-
net use z: \\<server name>\temp /persistent:no
if not exist z:\%computername% md z:\%computername%
copy %windir%\repair\*.* z:\%computername%\
net use z: /delete
exit

This would then be submitted as
at \\<machine name> <time> /interactive /every:M,T,W,Th,F \\<server>\<share>\ERD.BAT

You could also just put the call to ERD.BAT in the login script so the contents of the repair disk will be updated every time the user logs on.

Q. How do I promote a Backup Domain Controller to the Primary Domain Controller?

A. When possible you should always promote a BDC to the PDC while the main PDC is still active, in this way the original PDC will be demoted to a BDC and no information will be lost, however sometimes the PDC will not be available (i.e. its crashed) and a BDC needs to be promoted, as in the absence of a PDC, a BDC does not automatically promote itself.

  1. Log on to a BDC as an Administrator
  2. Start Server Manager (Start - Programs - Administrative Tools - Server Manager)
  3. If the PDC is not available then a warning will be displayed "Cannot find Primary DC for <domain>"
  4. Click on the BDC you want to promote to the PDC
  5. From the Computer menu select "Promote to PDC"
  6. Again if the PDC is not available then a warning "Cannot find Primary for <Domain>". Click OK to continue
  7. The Netlogon service will be stopped on the BDC, it will be changed to a PDC and then the Netlogon service will be started again.
  8. This machine is now the domain PDC

Q. How do I reinstate my old PDC back into the Domain as the PDC?

A. It is not possible to have 2 PDC's in a domain so assuming the machine crashed, i.e. has not been demoted to a BDC before being shutdown, then when it starts it will still be configured to be a PDC

  1. Start up the old PDC machine
  2. Logon to the machine as an Administrator
  3. Start Server Manager (Start - Programs - Administrative Tools - Server Manager)
  4. The machine will still be described as a Primary Domain Controller, however its icon is just a wire frame and it is not acting as a PDC, i.e. it does not authenticate logons
  5. Select the machine, and from the Computer menu select "Demote to Backup Domain Controller"
  6. Click "Yes" to make the change
  7. Once the machine is a BDC, click on the computer again and from the Computer menu select "Promote to PDC"
  8. Click "Yes to make the change
  9. Server manager will then automatically demote the temporary PDC back to its BDC status and promote this machine back to the PDC

Problem Solving

Q. I have installed Office 97 now I can no longer use Desktop Themes.

A. There was a bug with Office97 that corrupted the JPEG loader. Download the patch (ThemeFix.exe)

Q. I cannot delete a file called AUX.BAT or COM1!

A. A file of which the name (or a part of it) is equal to a DOS devices (NUL, COMx, AUX, LPTx, PRN...) cannot be deleted with Explorer or the usual DEL syntax. Use DEL \\.\drive:\path\AUX.BAT instead (replace drive and path with appropriate values). (The files may be the remains of a failed installation, you can create them e.g. with COPY some existing file \\.\drive:\path\COM1)

Q. The AT command does not work!

A. A sine qua non to use AT is a running Schedule service. To start it, type 'net start schedule' on the command line or use Control Panel/Services (if you want to use it regularly, set the Startup Type to Automatic). A common problem is that people try to use the example given in the online help: AT sometime CMD /C DIR > TEST.OUT.

Unfortunately, in NT 4.0, this does not work anymore. You must use AT sometime CMD /C "DIR > TEST.OUT" instead. The execution of the command starts by default in %systemroot%\system32, as can be seen from the output of the above example. You should specify the complete path if the command is in a different directory, e.g. AT sometime C:\TEMP\TEST.BAT. A further problem is that the command is executed in the security context of the LOCAL SYSTEM account, not the caller. However, the SYSTEM account does not have access to network resources, so your program cannot reside or access files on mapped drives (even if they are mapped from the local machine!). Also, environment variables (e.g. PATH) may be set differently. You can test the environment interactively with AT sometime /INTERACTIVE CMD.

Q. I can't format a disk/ create an Emergency Repair disk?

A. There are a number of possible problems. Firstly if using Service Pack 2 ensure you have the kernel fix applied. Also some virus killers (such as Dr Solomons) lock up drives making a format impossible as NT thinks the drive is locked (this is why you can't create an Emergency Repair disk). Stop the virus process using control panel - services and click on the Virus Killer process and press stop. Once the disk is formatted or the Emergency Repair disk go back to control panel and start the virus killer process again.

Q. When I change CD's/access the floppy drive NT crashes.

A. This is probably the bug in Service Pack 2. If you have service pack 2 then apply the KERNEL Fix.

Q. After a new installation of NT, I can logon but no shell starts.

A. Usually a normal user will have this problem, not an Administrator, as the problem is security on files. To cure this problem the security on the %systemroot% needs to be set so the Everyone group has RX access (Read, Execute)

If the shell does not start from any account you will need to:

For more information see http://www.microsoft.com/kb/articles/q155/5/79.htm

Q. I have a Matrox Millenium graphics card and the windows blink and flash when moved.

A. If you are using the graphics card at 1600 x 1200 resolution in True Color (24-bit) or True Color (32-bit) mode, a window's frame may blink or flash when you drag the window across the screen. This is a known problem, and resolve, enable the Show Window Contents While Dragging option from the Plus tab on the Display control dialog (Start - Settings - Control Panel - Display)

Q. When I start NT I get NTDETECT twice.

A. This is caused by a missing or corrupt NTDETECT.COM. To resolve, copy the latest NTDETECT.COM from either the latest service pack, or if no service packs have been applied, from NT installation disk 1.

Q. My desktop disappears after a crash.

A. By default, if Explorer crashes it automatically restarts, however this may have been corrupted or changed so using the registry editor change the value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell to 1.

Q. I have installed a second CPU, however NT will not recognize it.

A. When moving from a single CPU to dual-CPU, multiprocessor versions of a number of NT files, including the HAL and the OS kernel, must be installed.  The UPTOMP.EXE utility, contained in the NT Resource Kits, installs the multiprocessor files.   The files can be installed manually (see the MS Knowledge Base articles Q156358 "How to Manually Add Support for a Second Processor" and Q168132 "After Applying Service Pack NT Reports Single Processor").

The MS Knowledge Base article Q142660 (http://www.eu.microsoft.com/kb/articles/q142/6/60.htm ) "Upgrade from Uni- to Multiprocessor (Uptomp.exe) and Win32k.sys" describes a known problem when using UPTOMP.EXE on a version 4.0 NT system.  The fix, described in the article, adding the following line to the file uptomp.inf, located at the base directory of the Resource Kit installation, e.g., reskit.

win32k.sys = 0, 2, win32k.sys

Finally, if you install the multiprocessor files on a system to which a Service Pack has been applied, you probably need to reapply the Service Pack after running UPTOMP.EXE and before rebooting.  Until you reapply the Service Pack your disk contains a mix of file versions, with the multiprocessor files at the revision level of the distribution media and files already present at the Service Pack revision level.  Such a mix of versions can cause your reboot to fail.

Q. I reinstalled NT, now I cannot logon.

A. When you reinstall NT, a new SID is created. It is therefore necessary to remove the computer account for the machine from the NT server, and then add a new entry.

Q. I have Windows 95 installed, and I am trying to start the NT installation but it fails.

A. If you want to install NT with 95 installed, start a DOS session (command.com) and first type
lock
which enables direct disk access for the NT installation program. Remember also to use winnt.exe (not winnt32.exe)

Q. An Application keeps starting every time I start NT.

A. Applications can be started from a number of places

The easiest way would be to search the registry using REGEDIT on the application name

Q. Each time I start NT I get a file delete sharing violation?

A. There is a problem with TweakUI and the clear document history at startup option which can result in an error "Cannot delete <filename>, there has been a sharing violation". Disable the TweakUI Document History clear option or live with pressing OK each time.

Q. Sometimes when I run a program or Control Panel applet it says "no disk in drive a:".

A. It is possible the NT path statement has an "a:" included. Check the following

Q. When I try and create an Emergency Repair Disk I get an error "One or more configuration files missing".

A. Run the "RDISK /S" a few times and this error will fix itself.

Q. I have installed Service Pack 3, now I cannot run Java programs.

A. Download the latest version of Internet Explorer which includes the latest virtual machines. There is also a hotfix for Service Pack 3 available from Microsoft ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/archive/java-fix/JAVAFIXI.EXE .

Q. Every time I start NT, explorer is started showing the system32 directory.

A. This is caused by an incorrect program call at startup, search the areas a program can be started from for an incorrect entry, these are listed at An Application keeps starting every time I start NT.

Q. I have removed my IDE CD-ROM drive, now NT will not boot.

A. Unless it is hardware related, such as you have not connected the cable correctly or you have not set the master/slave correctly you need to perform the actions below before disconnection the CD-ROM drive. Therefore if you have already disconnected the CD-ROM you should reconnect it temporarily.

  1. Start the SCSI Control Panel applet (Start - Settings - Control Panel - SCSI) and click the drivers tab
  2. Select the "IDE CD-ROM (ATAPI 1.2)" and click Remove
  3. Next click the Devices Control Panel applet and select the ATAPI device and click startup. Set the startup type to disabled.
  4. Select the ATDISK device and choose startup. For the type select Boot and choose OK.
  5. Copy ATDISK.SYS from the i386 directory on the NT installation CD-ROM to the %systemroot%\system32\drivers directory
  6. Shutdown Windows NT and remove the CD-ROM

You should not be able to boot normally. See Knowledge base article Q125933 for more information.

Q. I get the error, The procedure entry point WNetEnumCachedPasswords could not be located in the dynamic link library MPR.DLL

A. This is usually caused by an incorrect mapi32.dll, sometimes software installs the Windows95 version. Copy mapi32.dll from your NT installation CD-ROM to %systemroot%/system32.

Q. What information is shown in the Blue Screen of Death (BSOD) ?

A. The NT operating system has 2 basic layers, the user mode and kernel mode. The user mode cannot directly access hardware, is limited to an assigned address space and operates at Ring 3 (lower priority). If a user mode program has an error, then NT just halts the programs process and generates an Operation error, and as the application runs in its own virtual address it cannot affect any other program. Common components that run in user mode are

NT 4.0 introduced a change in the NT architecture as Kernel mode process run much faster (Ring 0) they moved Video and Printer drivers from User mode to Kernel mode. Kernel mode is a privileged processor mode, allowing direct access to the memory and hardware. Kernel mode errors are not usually recoverable and a reboot of the system will be required. The BSOD is a built in error trapping mechanism which is used to halt any further processing to avoid system/data corruption. This means a faulty graphics/print driver could now crash NT. Components in kernel mode are

But what does the BSOD (or STOP message screen) show? Below is the basic structure of the BSOD, however what you see will differ and you may not have some of the sections as I'll explain below

--------------------------------------------------
Section 1: Debug Port Status Indicators
DSR CTS SND
--------------------------------------------------
Section 2: BugCheck Information
*** STOP: 0x0000000A (0x00000002,0x00000000,0xDB30442D)
IRQL_NOT_LESS_OR_EQUAL *** Address db30442d has base at db300000 - matrxmil.SYS

CPUID: GenuineIntel 5.2.4 irql:1f SYSVER 0xF0000565
--------------------------------------------------
Section 3: Driver Information

Dll Base DateStmp - Name Dll Base DateStmp - Name
80100000 2cd348a4 - ntoskrnl.exe 80400000 2cd348b2 - hal.dll
80010000 2cd348b5 - ncrc810.sys 80013000 2cda574d - SCSIPORT.SYS

etc..
--------------------------------------------------
Section 4: Kernel Build and Stack Dump
Address dword dump Build [1381] -Name
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx - matrxmil.SYS
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx - ntoskrnl.exe
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx - ntoskrnl.exe
etc..
--------------------------------------------------
Section 5: Debug Port Information
Restart and set the recovery options in the system control panel
or the /CRASHDEBUG system start option if this message reappears,
contact your system administrator or technical support group

OR if you system is started with /debug or /crashdebug

Kernel Debugger Using : Com2 (Port 0x2f8, Baud Rate 9600)
Beginning Dump of physical memory
Physical memory dump complete. Contact your system administrator or
technical support group

Section 1: This section will only be shown if the system was start /debug or /crashdebug. To tell if your system is debugger enabled, just look at the boot menu when you start the machine and the words [debugger enabled] will be shown next to the Windows NT menu choice. To enable /debug follow the instructions below:

  1. Modify boot.ini to be editable
    attrib c:\boot.ini -r -s
  2. Edit the file and edit the Windows NT start line to include /debug (to tell the system to load the kernel debugger into memory at bootup) or /crashdebug (to tell the system to load the kernel debugger but swap it out to the pagefile). Other options are /Debugport to tell which COM port to use (by default COM2) and /Baudrate for the speed (by default 19200, better to be 9600), e.g.
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(0)\WINDOWS="Windows NT" /debug /debugport=com3 /baudrate=9600
  3. Save the file
  4. Set boot.ini attributes back
    attrib c:\boot.ini +r +s

The 3 letter words are signals, e.g. RTS is Ready to Send, DSR Data Send Ready, CTS Clear to Send, and SND means data is being sent to the COM port

Section 2: This sections contains the error (or BugCheck) code with up to four developer-defined parameters (defined in the KeBugCheckEx() function call). In this case the BugCheck was 0x0000000A IRQL_NOT_LESS_OR_EQUAL which means a process attempted to access pageable memory at a process level that was to high and is usually caused by a device driver.

For a full list of what the codes mean see knowledge base article Q103059 at http://www.microsoft.com/kb/articles/q103/0/59.htm .

Section 3: This lists out all drivers that were loaded at the time of the crash. It is split into 2 sides, with 3 columns to each site. The first column is the link time stamp (in seconds since the year 1970) and can be converted into real time using the cvtime.exe application (f$cvtime on VMS :-) ).

Section 4: This shows the build number of the Operating System and a stack dump that shows the addresses that were used by the failed module. The top lines may show the offending code/driver, however not always as kernel trap handlers may execute last to preserve error information.

Section 5: This will depend on if you have the /debug setup, but it basically just shows the communication settings and if a .dmp file has been created.

Q. I have created my own application service, however when the user logs off the application stops.

A. When a user logs off, a number of messages are sent. For graphical applications the messages WM_QUERYENDSESSION and WM_ENDSESSION are sent, and to console (character mode) applications the message CTRL_LOGOFF_EVENT is sent. If your application responds to these messages then it may cause it to stop. You will need to modify your program to either ignore or handle the messages differently. There is more information on this in the resource kit.

Q. I can't install any software.

A. Sometimes the file config.nt can become corrupted, specifically the files= line, therefore:

  1. Start Notepad (Start - Programs - Accessories - Notepad)
  2. Open %systemroot%/system32/config.nt, e.g. d:/winnt/system32/config.nt
  3. Check at the bottom the line
    files=40
    If the files is something like
    files=20$%THY
    it has been corrupted and you should change to only have a number after the equals sign
  4. Save the file
  5. Reboot

Q. I get an error "This application is not supported by Windows NT".

A. This can sometimes be caused by the files

%SystemRoot%\system32\config.nt
%SystemRoot%\system32\autoexec.nt

not having everyone:full access protection if the boot partition is NTFS. To check/change this protection

  1. Start Explorer (Start - Programs - Explorer)
  2. Move to %SystemRoot%\system32 (e.g. d:\winnt\system32)
  3. Right click on the file (config.nt/autoexec.nt) and select properties
  4. Click the security tab and click Permissions
  5. You can then change/view the protection
  6. Click OK when finished

Q. I have installed IE 4.0 now my shortcut icons are corrupt.

A. This is caused my an incompatibility between the final version of Internet Explorer 4.0 and TweakUI. To fix this you will need to uninstall TweakUI.

  1. Start the Add/Remove Control Panel Applet (Start - Settings - Add/Remove Programs)
  2. Select TweakUI and click Add/Remove

If you get an error saying it was unable to be removed you can manually remove it by entering the following command

rundll32 syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 4 e:\winnt\inf\tweakui.inf

You should then reboot the computer.

If you find after the reboot the icons are still corrupt, install TweakUI again and then remove. TweakUI can be downloaded from http://www.microsoft.com/windows95/info/powertoys.htm

Q. I have lost access to the root of the boot partition, now I can't logon.

A. If you set the root of the boot partition to no access then you will be unable to logon. To get round this perform the following

  1. Logon to the NT machine as Administrator
  2. When you get the blue screen and "Path too Long" press the OK button
  3. Press Ctrl-Alt-Del and the Windows NT Security dialog box will be shown
  4. Press the Task Manager button and the task manager will be shown
  5. Select the Applications tab and click the "New Task" button
  6. Enter the path "%systemroot%\system32\cmd.exe"
  7. Enter the command
    CACLS d:\ /e /g everyone:F
    where d is the boot partition
  8. Select Task Manager again and click "New Task", and enter %systemroot%\explorer.exe, the desktop should now appear
  9. Logout and login again to confirm everything is OK
  10. You should now set the permissions on the root, see Q155315 at http://premium.microsoft.com/support/kb/articles/q155/3/15.asp for more information

Q. I receive the error "The procedure entry point WNetEnumCachedPasswords could not be located in the dynamic link library MPR.DLL"

A. This problem is caused by the file mapi32.dll being replaced by an application installation, usually with the Windows 95 version. To correct the problem reinstall the mapi32.dll file from the NT installation CD-ROM

  1. Insert the NT installation CD-Rom
  2. Backup your current mapi32.dll
    copy %systemroot%\system32\mapi32.dll %systemroot%\system32\mapi32.old
  3. Move to your processor type on the CD-ROM, e.g.
    cd i386
  4. Enter the command
    expand -r mapi32.dl_ %systemroot%\system32

Be aware that if you have applied service packs, mapi32.dll was redelivered in some of the service packs so you should take mapi32.dll from the service pack delivery (expand the service pack and then copy the file over).

Q. How can I perform a kernel debug?

A. To perform a kernel debug, the computer should be connected via a null modem cable or a modem connection for dial in purposes. The computers will be referred to as "Host" for the machine that will perform the debug, and "Target" for the machine that has the problem and is being debugged.

The computers should both be running the same version of Windows NT and the symbol files for the Target machine should be installed on the Host computer. The symbol files are supplied on the Windows NT installation CD-ROM in the Support\Debug directory.

The Target computer's boot.ini entry needs to be modified to allow debugging as follows:

  1. Modify boot.ini to be editable
    attrib c:\boot.ini -r -s
  2. Edit the file and edit the Windows NT start line to include /debug (to tell the system to load the kernel debugger into memory at bootup). Other options are /Debugport to tell which COM port to use (by default COM2) and /Baudrate for the speed (by default 19200, better to be 9600), e.g.
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(0)\WINDOWS="Windows NT Debug" /debug /debugport=com2 /baudrate=9600
  3. Save the file
  4. Set boot.ini attributes back
    attrib c:\boot.ini +r +s

In the example above the Target machine will allow debug connection using Com2: at a speed of 9600 bps.

The host computer needs to be configured with the information it needs to perform the debug and the installation of the symbol files.

To install the symbol files move to the \support\debug directory on the CD-ROM and enter the command

expndsym <CD-ROM>: <target drive and directory>
e.g. expndsym f: d:\symbols

This may take some time. Remember if you have installed service packs on the target machine the symbol files for these will also need to be installed on the host computer. The symbol files for service packs need to be download from Microsoft separately.

The next stage is to configure the environment variables needed for the debugging, such as the symbol file location etc., these are outlined below.

_NT_DEBUG_PORT COM port to be used, e.g. COM2:
_NT_DEBUG_BAUD_RATE Speed for the connection, e.g. 9600, make sure this matches the /baudrate specified on the target machine
_NT_SYMBOL_PATH Location of the symbols files (where you expanded them to using the expndsym utility)
_NT_LOG_FILE_OPEN Name of the file used for the log of the debug session (optional)

It may be worth putting the definition of the above into a command file to avoid having to type in the commands every time, e.g.

echo off
set _nt_debug_port=com2
set _nt_debug_baud_rate=9600
set _nt_symbol_path=d:\symbols\i386
set _nt_log_file_open=d:\debug\logs\debug.log

Next you should copy over the kernel debug software which is located in the support\debug\<processor> directory on the NT installation CD-ROM, e.g. support\debug\I386. It is easier just to copy over the entire directory as it is not very large (around 2.5MB). The actual debugger for the I386 platform is I386KD.EXE and you would just enter I386KD to start the debugger. To enter a command press CTRL+C and wait for the kd> prompt.

Q. How do  I configure remote debugging?

A. If you find you do not have the knowledge to debug a Windows NT problem you may need to get Microsoft to perform the debug for you, and in this scenario 3 computers will be involved, the computer at Microsoft, the host machine and the target.

The Microsoft machine will need to connect via RAS to either the host machine, or a computer on the same network, so one machine will need to run the RAS server service.

The configuration is the same as in the previous FAQ, except that on the host machine instead of entering the command I386KD.EXE the command

remote /s "I386KD -v" debug

where debug is the name of the session (this can be anything). At the Microsoft end once they had connected to the network they would enter the command

remote /c <computer name of the host> debug

again debug is the name of the session and must match that configured at the host machine.

Q. I get the error "Not enough server storage is available to process this command".

A. This problem may be due to the machines having a non-zero PagedPoolSize in the registry. This can be set by performing the following:

  1. Log onto the server as an Administrator
  2. Start the registry editor (regedit.exe)
  3. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
  4. Double click on PagedPoolSize and set to 0
  5. Click OK
  6. Close the registry editor
  7. Reboot the machine

If PagedPoolSize is 0 then it allows NT to dynamically allocate memory, the installation of software such as ARCServe is known to cause this problem.

Another cause for this error is if you installed Service Pack 3 before installing any network components. If this is the case then re-apply Service Pack 3 and any subsequent hotfixes.

Q. I can't delete a directory called con.

A. CON is a reserved name, so to delete you must use the UNC,

rd \\.\<drive letter>:\<dir>
e.g. rd \\.\c:\john\con

Q. I get an error when I try to export a profile other than Administrator.

A. This is usually due insufficient privilege on the Protected Storage System Provider\<SID> key. To be able to export your profile perform the following:

  1. Logon as you
  2. Start the registry editor (regedt32.exe)
  3. Select the "HKEY_CURRENT_USER on Local Machine" window
  4. Move to Software\Microsoft\Protected Storage System Provider\<SID>
  5. Select Permissions from the Security menu
  6. Click Add
  7. Select Domain Admins (or whatever you want), access type READ and click Add. When finished click OK

You should now be able to export this profile. To be able to export someone else's profile perform the following:

  1. Logon as an Administrator
  2. Start the registry editor (regedt32.exe)
  3. Select the "HKEY_USERS on Local Machine" window
  4. From the registry menu select "Load hive"
  5. Move to the persons profile area in the %systemroot%\Profiles\<name>, e.g. d:\winnt\Profiles\batman
  6. Select the NTUSER.DAT file and click OPEN
  7. When asked for a key name enter their name (e.g. John) and click OK
  8. Now move to <user name>\Software\Microsoft\Protected Storage System Provider\<SID>
  9. Select Permissions from the Security menu
  10. Click Add
  11. Select Domain Admins (or whatever you want), access type READ and click Add. When finished click OK
  12. Select Unload Hive from the registry menu
  13. Close the registry editor

You will now be able to export this users profile.

Support

Q. What Newsgroups are good for NT information?

A. The ones I subscribe to are:

Q. Where can I get more information?

A. There are various sites on the web that have extra information

Training

Q. Where can I go for Training in Microsoft Products?

A. To find a training center in you area goto http://www.microsoft.com/isapi/train_cert/locator/locator0.idc.

Mountain Micro at http://www.mountainmicro.com provide a self study set for gaining your MCSE

Q. Where is information about becoming a MCSE?

A. Goto http://www.microsoft.com/train_cert

Utilities

Q. Where can I find the resource kit?

A. It is available from most large book shops. Workstation is around US$50, Server US$150. You can purchase it online from http://www.jsiinc.com .

Q. Where is a replacement for WinPopUp?

A. Have a look at http://www.snowcrest.net/ps

Q. How do I run an application as a service?

A. The NT Resource Kit includes a utility called SRVANY.EXE which runs an applications as a service. There is more information on this at http://www.microsoft.com/kb/articles/q137/8/90.htm, also read the file that comes with the resource kit (Start - Resource Kit - Configuration - Running an application as a service).

Q. How can I shutdown a computer remotely?

A. Use the Shut Down workstation utility supplied with the NT Resource Kit.

Q. Where can I find a Unix su (substitute user) like utility?

A. Background for those unfamiliar with Unix: It is a good idea for system administrators to do everyday's work with a low privileged account and only change to an account which is a member of the Administrators group if you really have to do administrative work. To avoid closing all open applications and log off, it is useful to have a utility that allows you to temporarily start applications running in the security context of a different account.

The Resource Kits ships SU.EXE, a free equivalent is SU.ZIP (on Cica in /admin <LINK>). Both require setting system privileges for the caller. An alternative is SUSRV.ZIP (also from Cica), which has to be installed as a service, but does not require privileges. There is no equivalence to Unix suid programs (i.e. a file attribute which achieves that the file is run in the security context of the owner instead of the caller, without specifying a password).

Q. I'm running NT on Alpha - Can I run INTEL programs?

A. Digital have produced a special on-the-fly binary translator available at http://www.service.digital.com/fx32/.

Q. What is TWEAKUI?

A. TWEAKUI is part of the Power Toys set released for Windows95, however TWEAKUI (and a number of the other utilities) also runs on NT4.0. The utility basically puts a graphical front end to some of the more useful Registry settings and allows the user to remove icons from the desktop (such as Rubbish Bin), automatically login and many other useful config options. Download it from http://www.microsoft.com/windows95/info/powertoys.htm , then run the file and a number of files will be created. Right click on the TWEAKUI.INF and select install, and a TWEAKUI option will be in the control panel.

Q. What else is good?

A. Below are some sites that are worth a look

Q. Do Windows 95 Powertoys work in NT?

A. Some of them do, and I suspect as time goes on they all will. The ones that currently work on NT 4.0 are

As part of the Powertoys for Windows 95 there is also a QUICKRES utility that allows a change of resolution without a reboot, however this does not work in NT, but the NT resource kit includes an identical utility (called QUICKRES.EXE).

Q. Is there a X-terminal for NT?

A. There is a very good free X-server called MIX at http://www.microimages.com

Q. Where is File Manager?

A. It is still shipped with NT 4.0, just run WINFILE.EXE

Q. Where do I get Themes for NT?

A. Desktop Themes are supplied on the NT Resource kit, however if you have Windows95 installed with the plus pack you can copy the files themes.cpl and themes.exe to the %systemroot$/system32 directory and reboot your machine. These files are contained in Plus_3.cab on the Windows 95 CD-ROM.

Q. Where can I get UNIX tools for NT?

A. There is an excellent selection of utilities available for download from http://www.cygnus.com/misc/gnu-win32/ .

Compatibility

Q. Does application x work with NT 4.0?

A. See the list below

Q. Does game x work with NT 4.0?

A. See http://www.cris.com/~dstaines/nt40games for an extensive lists of games that work with NT4.0, and tips to make them work.

Q. Does NT run 16bit applications?

A. There is no definitive answer. NT does not allow an application to directly access hardware, so any application that directly tried to access hardware would cause a violation, also private device drivers are not supported (such as a VXD). A VXD is usually a .386 file.

Besides direct hardware access, some 16 bit apps will not run under NT because they use a 16 bit API function call that either has no 32 bit equivalent, or the 32 bit equivalent has a completely different function call (different number/types of arguments) and NT can't convert the 16 bit version to the 32 bit version. If either of these things occur, NT will halt execution of the 16 bit app and throw some sort of error similar to the one it throws when direct hardware access occurs. This doesn't happen very often, but it seems that NT 4.0 has more problems with 16 bit code than NT 3.51 due to the 16 bit to 32 bit conversion process.

As a side note, this conversion of 16 bit code to 32 bit code is one of the reasons that NT will run 16 bit code slower than Win95 given all other things held equal. This has nothing to do with the Pentium Pro's problem with 16 bit code, it is an NT problem.

Q. Will NT 3.51 drivers work with NT 4.0?

A. Standard NT drivers will automatically be upgraded from the NT CD. 3rd party drivers may not work and the supplier should be contacted. In particular Video drivers and Printer drivers were moved for NT4.0 from Win32 to the NT executive to improve performance and reduce memory use (basically moved from Ring 3 - user mode to Ring 0 - kernel mode). This does have the effect that a graphics driver could crash NT.

Hardware

Q. How do I change the letter associated with a drive?

A. From the Start Menu, select Administrative Tools and Disk Administrator. Right Click on the partition and choose "Assign Drive Letter", then just select the drive letter you wish to use. It is a good idea to recreate the Emergency Repair Disk after changing any drive information.

Q. How can I get NT to recognize my second harddisk?

A. Sometimes the Enhanced IDE (EIDE) adapter is misidentified as an ATAPI controller which loads the ATAPI.SYS driver. Disable this driver (Control Panel - Devices - Startup - Disable) and load the correct EIDE driver.

Q. How do I install a HP scanner?

A. There is full information on this at http://pw2.netcom.com/~gmelendz/index.html

Q. How do I install dual screens?

A. NT 5.0 will have support for this, however in the mean time you are limited to certain applications with specialty drivers, such as two Matrox Millenium cards to drive the two screens, with matching special programs.

Q. How much memory can NT support?

A. NT is a 32-bit operating system which means it can support 2^32 amount of memory (4 Gigs). However NT splits memory into 2 parts, 2 gigs for the programs and 2 gigs for the Operating System. There are known to be some problems when having more than 64MB even in NT4.0, please see Q117373

Q. How much memory do I need for NT?

A. For NT Workstation on Intel 12MB is the minimum, however 16MB is the recommended min, 24MB will reduce virtual memory usage and increase performance. For RISC based processors 24MB is recommended, and 32MB to improve performance. Most NT people will say the real acceptable performance numbers are 40MB for NT Workstation and 64MB for NT Server. It really does depend on what you will be running on the server.

For NT Server 16MB is the minimum, however most sites have 32MB.

Q. I cannot see my CD-ROM drive from NT?

A. If it is a IDE CD-ROM Drive ensure you have the ATAPI CD-ROM driver installed (or one supplied with drive).

  1. In Control Panel, double click SCSI adapters (I know its IDE, but trust me)
  2. There should be a ATAPI CD-ROM driver, if there is not continue
  3. Click on the Drivers tab.
  4. Add, standard mass storage device, and select the ATAPI driver. If it is SCSI and you have a disk, click have disk and then select your drive.
  5. Click OK
  6. Reboot

If it is a SCSI CD-ROM ensure the correct SCSI driver is loaded.

Q. What are the IRQ's used for?

A. An Interrupt allows the piece of hardware to get the CPU's attention. For something like a Network card this is important as the card has limited buffer space so unless the CPU does not move the data out of the buffer it will get lost. Below is a table of the common IRQ uses.

IRQ Level Common Use Comments
0 Timer Hard-wired on motherboard
1 Keyboard Hard-wired on motherboard
2 Cascade from IRQ 9 May be available depending on Motherboard
3 COM2 or COM4  
4 COM1 or COM3  
5 LPT2 This is usually free as not many people have 2 parallel ports. Sound blaster cards usually use this.
6 Floppy disk controller  
7 LPT1 Sound blaster cards can use this
8 Real-time clock Hard-wired on motherboard
9 Cascade to IRQ 2 Wired directly to 2, sometimes tell software 9 when mean 2
10 Unused This is usually used by Network cards, many of them not allowing it to be changed
11 Unused Usually used by SCSI controllers
12 PS/2, Bus mouse If you are not using a PS/2 or bus mouse this can usually be used by another device
13 Math Coprocessor Used to signal errors
14 Hard disk controller If you are not using an IDE hard disk you may use this for another device
15 Some computers use this for the secondary IDE controller If you do not use the secondary IDE controller you may use this for another device

Note about attempting to free IRQ's used by unused motherboard devices: if your BIOS lets you disable the device manually and doesn't get reset by any Plug-and-Play software you have (for instance, Windows 95), you are probably okay. Otherwise, you'll just have to experiment to determine whether you can really use the IRQ occupied by the unused motherboard device.

Q. How Many CPU's does NT support?

A. NT Workstation can support 2 CPU's, NT Server supports 4 CPU's, however the OEM version of NT Server can support up to 32 CPU's.

Q. Is there a list of hardware NT supports?

A. Microsoft has a NT hardware compatibility list at http://www.microsoft.com/hwtest/hcl/

Q. Can I test my hardware to see if it is compatible with NT?

A. It is possible to create an NT Hardware Qualifier Disk. Boot to DOS, and insert the NT CD-ROM and a blank formatted floppy disk. On the CD-ROM goto \SUPPORT\HQTOOL and run makedisk. Then just boot off of the floppy disk.

Q. Can I test my SCSI devices?

A. A tool is provided on the NT installation CD that will test SCSI adapters from Adaptec and BusLogic, to use this tool perform the following:

Q. How do I disable mouse detection on a COM port (for UPS usage)?

A. Follow the steps below after first removing the UPS from the computer

  1. Start a command prompt (Start - Run - Command)
  2. Move to the boot partition
    c:
    cd\
  3. Change the attributes of boot.ini so it can be edited
    attrib boot.ini -r -s
  4. Edit the file (edit boot.ini) and for each line with multi(x) (for IDE) and scsi(x) (for SCSI) drives add at the end
    /noserialmice=comx ----------------------- where x is the com port number
    Exit edit
  5. Set the permissions back on boot.ini
    attrib boot.ini +r +s
  6. Shutdown NT and power off
  7. Attach the UPS
  8. Boot the machine and start NT, and NTDETECT will no longer try and search for a mouse on that com port

Q. Where can I get a driver for x?

A. If you have a piece of hardware that does not have a driver with NT you should check in two places, the maker of the hardware, i.e. for the Iomega Ditto goto www.iomega.com . If there is nothing there you should try the Microsoft site as they make the drivers for some hardware, for example the HP NT 4.0 drivers are made by Microsoft. If you cannot find the driver in either of these places then e-mail the technical support of the hardware maker, asking them for the driver, in some cases the driver is not on the web site, but they will e-mail it to you (makes a lot of sense :-))

For Iomega drivers can be downloaded from 1-800-998-0037.

Q. My U.S. Robotics 56K modem only connects at 19200.

A. The USR .inf that is supplied with NT defaults to and has a limit of 19200. Download the latest mdmusr.inf from USR which will allow the top speeds.

Q. Can I user the IDE interface on my sound card?

A. It depends if it is ATAPI 1.2 compliant. If it is, there should be no problems, however if it is not, it will not work and you will be unable to use this port.

Q. Does NT support Plug and Play?

A. In a limited sense. There is a driver that can be installed that will detect Plug and Play devices, however it is not supported and you will receive no support. To install the driver

  1. On the NT installation CD, goto the DRVLIB/PNPISA/I386 (or whatever you processor)
  2. Right click on the file pnpisa.inf and select install
  3. Reboot the machine

Q. How do I install UPS?

A. Follow the instructions below:

  1. Start the control Panel (Start - Settings - Control Panel)
  2. Double click UPS
  3. Check the "Uninterruptible power supply is installed on" box
  4. Select the COM port the UPS is attached to be selecting from the drop down list
  5. Enter the settings in the UPS Configuration control group
  6. Enter any command line entries wanted, such as a command to page the manager of the machine of power loss.
  7. Click OK

Q. How do I give my tape drive a letter so it is visible from explorer?

A. NT on its own cannot do this, however there is a 3rd party "driver" that gives this functionality. For more information see http://www.tapedisk.com.

Q. How can I force NT to use a mouse on a given port?

A. When NT boots its hardware detection component checks all hardware and updates the registry, sometimes it may not detect the mouse however it is possible to force NT to use a mouse on a given port:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sermouse\Parameters
  3. From the Edit menu select New - DWord value
  4. Enter a name of OverrideHardwareBitstring and click OK
  5. Double click on the new value and set to 1 if the mouse is on Com1: or 2 if on Com2:
  6. Click OK and close the registry editor
  7. Reboot

For more information see knowledge base article Q102990 at http://premium.microsoft.com/support/kb/articles/Q102/9/90.asp

Q. How can I view which resources devices are using under NT?

A. The easiest way to view resource usage by devices is to use the built in WINMSD.EXE utility supplied with Windows NT:

  1. Start the WINMSD.EXE utility (Start - Run - winmsd)
  2. Click on the resources tab
  3. You can then view any of the following:
    - IRQ
    - I/O Port
    - DMA
    - Memory
    - Devices
    By clicking the appropriate button
  4. When finished click OK to close WINMSD

You could also use the winmsdp.exe utility that is supplied with the resource kit. The command

winmsdp /i

will output the IRQ usage information to the file msdrpt.txt.

Q. When I disconnect one of my devices (e.g. Zip drive) I get errors when I boot NT, how can I stop them?

A. The warnings are there for a reason however if you want to stop them perform the following:

  1. Start the regsitry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<device>
  3. Double click on ErrorControl
  4. Change to 0 to disable error reporting, 1 to re-enable.
  5. Click OK
  6. Close the registry editor

Batch Files

Q. What is a batch file?

A. A batch file is just a text file with a .bat or .cmd extension that adheres to a syntax and a set of valid commands/instructions. To run a batch file just enter the name of the file, you don't need to enter the .cmd or .bat extensions. In line with program the first batch file we write will output "Hello World".

  1. Start Notepad
  2. Enter the following contents
    @echo hello world
    Echo means output to the screen anything after it (the @ suppresses the command being printed to the screen, try it with and without the @). To stop commands from being displayed in the whole batch file have
    @echo off
    At the top of the batch file.
  3. From the file menu select "Save As"
  4. Enter a name of "<name>.cmd", make sure you enter the name in quotes or notepad will add .txt to the end!
  5. Start a command session (run cmd.exe)
  6. Enter the name of the batch file (no extension), e.g.
    testfile

Q. What commands can be used in a batch file?

A. Windows NT 4.0 introduced some extensions to cmd.exe, so to use these make sure HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions is set to 1. The following is a list of the more common commands you will use

call <batch file> This is used to call one batch from inside another. The execution of the current batch file is suspended until the called batch file completes
exit Used to stop batch file execution. If a batch file is called from inside another and exit is called both batch files are stopped
findstr <string> <filename(s)> Used to find a string in a file. There are a number of parameters from this and is quite powerful
for Standard for loop
for /L %n IN (1,1,10) DO @ECHO %n
Would print 1 to 10
goto <label> Causes the execution of a program to skip to a given point. The actual label name must be preceded with a colon (:), e.g.
goto label1
...
:label1
...
if <condition> .. The if statement has a great deal of functionality. Some of the more common ones are:
if /i <string1> <compare> <string2> <command>
The /i makes the comparison case insensitive and compare can be one of:
EQU equal
NEQ not equal
LSS less than
LEQ less than or equal
GTR greater than
GEQ greater than or equal
if errorlevel
if exists <file name>
rem <string> A comment
start <window title> <command> Starts a new command session and runs a given command. Unlike call the execution of the current batch file is not halted and continues

There are some extra utilities supplied with the NT Resource Kit which can be useful.

Q. How can I perform an action depending on the arrival of a file?

A. This is a common request as users on hosts have files FTP'd from a host and need to action it when it arrives. Below is a simple batch file to do this:

:filecheck
if exist e:\upload\file.txt goto actionfile
sleep 100
goto filecheck

:actionfile
...

This would check for file.txt every 100 seconds. The program sleep.exe is supplied with the resource kit so you would need the resource kit installed.

Q. How can I access files on other machines?

A. You can use the UNC naming conventions, e.g. \\<server name>\<share name>\<dir>\<file>. Alternatively you could map the drive, access the file using a drive letter and then unmap the drive, e.g.

net use g: \\savilltech\filetosee
... g:\dir\file.txt
net use g: /d

Q. How can I send a message from a batch file?

A. Use the NET SEND command, e.g.

net send <machine> "<message>"

Q. The command I enter asks for input, can I automate the response?

A. Most commands have a switch to confirm an action however if a command requires a response when run, for instance a logon may want you to enter a password try the following:

echo <password> | logon savillj

This runs the command "logon savillj" and assuming it then asked for a password, the echo would then echo the password with a return thus entering your password for you.

Various

Q. What is SAMBA?

A. Samba is a suite of programs which work together to allow clients to access to a server's filespace and printers via the SMB (Server Message Block) protocol. Initially written for Unix, Samba now also runs on Netware, OS/2 and VMS. For more information goto http://lake.canberra.edu.au/pub/samba/

Q. Why disk spanning function of PKZIP (command line version) not work under NT?

A. Because NT command processor CMD.EXE uses '&' character for separating several commands on the same command line and PKZIP uses the same character for creating multi-disk archives. Solution is to enclose '&' in quotes like this:
C:>pkzip "-&amp;" -pr <archive.zip> <files...>

Q. What virus killers are available for NT4.0?

A. Below is a table of virus killers I know about.

Cheyenne Software InocuLAN http://www.cheyenne.com
Data Fellows F-PROT Professional http://www.datafellows.com
McAfee Anti-Virus http://www.mcafee.com
Symantec's Norton Anti-Virus for NT http://www.norton.com
Ontrack Computer Systems VirusScan http://www.ontrack.com
Dr. Solomon's Anti-Virus Toolkit http://www.sands.com/prods/toolkit/
SOPHOS http://www.sophos.com

Q. Does NT support the LS120 (adrive)?

A. Yes, see http://www.ortechnology.com/adrive.html for more information.

Q. Is NT year 2000 compliant?

A. Yes. For more information see Year 2000 Issue - FAQ

Q. What does x stand for?

A. See the table below

ACL Access Control List A list that controls the access to an object
API Network Applications Interface A set of commands that allow programmers to build network-aware programs
BDC Backup Domain Controller An NT Server machine that receives a copy of the master user-database from the PDC and can validate logons
COLD Computer Output to Laser Disk  
DHCP Dynamic Host Configuration Protocol A service that automatically assigns IP-addresses to clients from a given range (scope)
DLC Data Link Control International standard protocol IEEE 802.2

Used with mainframe gateways and to control printers with a JetDirect-card
FAT File Allocation Table The DOS way of organizing a harddisk

Lots of wasted space on large disks

Little file security
HPFS High Performance File System The OS/2 way of organizing a harddisk
IPX/SPX Internetwork Packet Exchange / Sequenced Packet Exchange Novell NetWare protocol

Based on the Xerox protocol XNS(Xerox Networking Services)
MAC-addresses Media Access Control layer addresses 48-bit address that is hardwired into the netcard

DHCP, among others, use this to identify a machine requesting a certain IP-address within its lease duration
NBT NetBIOS over TCP/IP NetBIOS built on top of the TCP/IP suite
NDIS Network Driver Interface Specification Microsoft binding standard (interface between netcard driver and protocol)

Can load into high memory on DOS systems
NetBEUI NetBIOS Extended User Interface The actual NetBIOS transport protocol
NetBIOS Network Basic Input/Output System An API of 18 networking-related commands
NIC Network Information Center The organization that assigns domain names and IP-addresses to Internet hosts
NTFS New Technology File System The NT way of organizing a harddisk

Efficient storage

High level of security
ODI Open Data-link Interface Novell binding standard (interface between netcard driver and protocol)

Can not load into high memory on DOS systems
PDC Primary Domain Controller The NT Server machine that stores the master user-database in a domain
RAID Redundant Array of Inexpensive Drives A number of disks with data distributed all over them to allow for faster access

Can also provide data-recoverability

NT supports RAID level 0,1 and 5
RIP Routing Internet Protocol The protocol that takes care of routing on the Internet
SID number Security IDentification number Every object in an NT domain have a SID number

Reinstalling will not give the same SID number
SPS Standby Power Supply Device that is installed between the wall outlet and the computer inlet

The power goes directly into the computer with a branch to the batteries

When the power fail, the batteries take over, but with a delay

The delay should be 4 ms or better for proper operation
TCP/IP Transmission Control Protocol / Internet Protocol The protocol used for Inter- and Intranet communications
UDP User Datagram Protocol Part of the TCP/IP suite

It is used for communicating with DHCP-servers before IP-addresses are assigned
UPS Uninterruptible Power Supply Device that is installed between the wall outlet and the computer inlet

The power is directed through the batteries, thus stabilizing the variance of the power from the outlet

Because of this, the switch delay is 0 ms
WINS Windows Internet Naming Service A dynamic IP-to-name database

Q. What are the shortcuts available with the "Win" key?

A. See the table below

WIN + R Display the Run dialog
WIN + M Minimize all windows
WIN + Shift + M Undo minimize all windows
WIN + F1 Help
WIN + E Explorer
WIN + F Find Files
Ctrl +WIN + F Find Computer
WIN + TAB Cycle through minimized taskbar icons
WIN + BREAK Systems Properties

Q. How can I open a file with an application, other than the one it is associated with?

A. Usually you can right click on the file, and select open. If you hold down shift and right click on the file you will have "open with."

Q. How do I change the icon associated with a short cut?

A. Follow the steps below:

  1. Right click on the shortcut and choose Properties
  2. Click the Shortcut tab and click "Change Icon"
  3. Select your new icon, there are several sets of icons you can use that come with NT : SHELL32.DLL, PIFMGR.DLL, MORICONS.DLL and PROGMAN.EXE
  4. Click OK
  5. Exit

Q. Is it possible to map a drive letter to a directory?

A. You can use the SUBST command to map a pseudo drive letter to drive/directory
subst r: d:\winnt\system32
would map the letter r to the directory winnt\system32 on the d: drive.

Q. What keyboard shortcuts are available?

A. See the table below

F1 Help
F2 Rename
F3 Find
F4 Display combo box in Explorer
F5 Refresh
F6 Switch panes in Explorer
F10 Menu Mode
ALT + ENTER Properties
CTRL + Drag a file Copy
CTRL + G Goto
CTRL + U Undo
CTRL + A Select All
CTRL + ESC Start Menu
CTRL + SHIFT + ESC Task Manager

Q. How do I schedule commands?

A. Windows NT has a built in scheduler service which enables applications to be started at specified times. To schedule events the schedule service must be started:

  1. From the Control Panel (Start - Settings - Control Panel) start Services
  2. Click Scheduler (or Task Scheduler on Workstation) and click Startup
  3. Select Automatic and click OK
  4. You can now reboot, or just click Start which will start the Scheduler service.
  5. Close the Services Control Applet

The scheduler service only needs to be started on the target machine, not the issuing machine. If the scheduler service is not started on the target machine the error
The service has not been started
will be displayed.

To schedule a command you use the AT utility. AT is used with the following syntax:

at [<computername>] <time> [/interactive] [/every:date/day..] [/next:date/day..] <command>
e.g. at \\savmain 22:00 /interactive /every:M,T,W,Th,F sol.exe

The example would start the solitaire game on the SAVMAIN machine at 10:00 p.m. every weekday. The /interactive means the application can interact with the desktop, i.e. the currently logged on user. If /interactive is omitted and the application requires user interaction it will just start and finish instantly.

When a command is submitted it will be given an ID. To delete a scheduled command use:

at [<computername>] <id> /delete /yes
e.g. at \\savmain 3 /delete /yes - The /yes skips confirmation of the delete

The above may seem quite a lot to take in if all you want to do is a backup (see Q. How do I schedule a backup? for an example of using AT with a backup), so a utility called WINAT is shipped with the NT Resource Kit that puts a graphical interface to the AT command which you may find easier, however the functionality is the same. The advantage with WINAT is that it automatically starts the Schedule service on the target machine.

Q. What are the long path names in the boot.ini file?

A. The pathnames in the boot.ini file are the ARC (Advanced RISC Computing) pathnames, and are used to locate the NT system partition. There are two main types of ARC names depending on if the disks are IDE or SCSI. For IDE they will follow the convention below:

multi(x)disk(x)rdisk(x)partition(x)\%systemroot%

Both the multi and disk are not really used for IDE and should always be 0. The rdisk is the physical drive and will be 0 or 1 on the first IDE controller, or 2 and 3 on the second IDE controller. Partition() is the partition number on the disk and starts from 1.

The scheme is slightly different for SCSI:

scsi(x)disk(x)rdisk(x)partition(x)\%systemroot%

Scsi() is the controller number of the SCSI identified in the Ntbootdd.sys. Disk() is the SCSI ID of the physical disk. RDISK() is the SCSI logical unit number (LUN), which will nearly always be 0. Partition is the same is with IDE and is the partition number starting with 1.

Q. How can I execute a batch file using WINAT with Administrator Permissions?

A. From the Services Control Panel Applet (Start - Settings - Control Panel) double click Scheduler. Change the account/password to that of a user in the Administrative group. It may be wise to create a new account just for this use which would require the following attributes:

After changing the Scheduler information you will need to stop and start the service.

Q. I have 95 and NT installed, how can I configure the applications to run on both?

A. While it is possible to add the windows95 system directory to the NT path (which would mean you would find any .dll's etc. associated with applications), many applications write a large amount of information to the registry which would be missing. The best approach, and one I have tested, is to just install the application twice to the same directory, once when you are booted into NT, and once when you are booted into 95. This has the effect of only having one set of exe's, but duplicates both .dll's and registry settings to both machines. Obviously the applications cannot be on an NTFS or FAT32 partition.

Q. How can I stop and start services from the command line?

A. This can be accomplished using the
net stop <service name>
net start <service name>
A full list of the exact services is found in the registry (run regedit.exe) under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services key.

Alternatively, you can perform the stop and start using the name that is showed in the Services Control Panel applet by putting the name in quotes, i.e.
net stop "<service>"
net start "<service>"

Q. How do I delete a Service?

A. To delete a service that has not been automatically removed by a software uninstall you need to edit the registry:

  1. Start the registry editor (regedit.exe)
  2. Move to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services key
  3. Select the key of the service you want to delete
  4. From the Edit menu select Delete
  5. You will be prompted "Are you sure you want to delete this Key" click Yes
  6. Exit the registry editor

There is also a utility that is supplied with the NT resource kit called INSTSRV.EXE that can be used to install and remove services

instsrv <service name> remove

Alternatively, also with the resource kit is a utility SRVINSTW.EXE that again installs and removes services, but with a GUI wizard format allowing you to select the service either locally or remotely.

Q. What is USER.DMP?

A. USER.DMP is created by Dr. Watson when a program crashes, and is there to help you fix the problem. It can be examined using \support\debug\i386\dumpexam.exe or using windbg -z user.dmp. You can delete this file without any worries. The syntax for dumpexam.exe is

dumpexam -y <symbol file location> <dumpfile name and location>, e.g.
dumpexan -y d:\winnt\symbols d:\winnt\memory.dmp

The output from dumpexam will be placed at %SystemRoot%\MEMORY.TXT.

To stop this file from being created start the System Control Panel Applet and select the startup/shutdown tab and uncheck the "write debugging information to" checkbox.

Q. How do I configure a Print Separator Page?

A. A printer separator page is configured by creating a text file using a number of special control codes. The basic format of the separator page is as follows

$ ---- this can be any character, and must be the first character on the first line. Choose a character not normally used to be the control character, in this case $
$LUser Name $N ---- $L is used to display normal test until another code is found, $N displayed the username
$L, Job Number $I ---- $I displays the job number
$E ---- $E means end of page

Other characters you can use are

$B$S ---- Turn on block character printing
$D ---- Data job printer
$F<filename> ---- A file to print
$H ---- Printer specific control code
$x ---- Where x is a number of blank lines to print
$T ---- Time job was printed
$U ---- Turns off block character printing
$Wxx ---- Width of the separator page

To configure the printer to use the separator file:

  1. Start the Printer Control Panel Applet (Start - Settings - Printers)
  2. Right Click on a printer and select Properties
  3. Click the "Separator Page" button
  4. Enter the path and file name of the separator page file and click OK
  5. Click OK again to exit the Printer Setup

Q. How do I cut/paste information in a command box?

A. To copy the entire contents of a command window, you can maximize the window (Alt - Enter) and press the Print Scrn button. Alternatively:

  1. Right click the title bar
  2. Select Mark from the Edit Menu
  3. Click the left mouse button at the start of the text you wish to copy, and drag until the end of the selection
  4. Press Enter to copy the select, or right click the menu again, and select copy from the Edit menu
  5. To paste right click the menu bar, and select paste from the edit menu

Q. How in Notepad can I save a file without the .txt extension?

A. When you save the file, just put the file name in double quotes, e.g. "johns.bat" will save the file as johns.bat with no .txt extension.

Q. How can I move shares and their contents from one machine to another?

A. Moving the actual files and directories is simple, however share information is not contained in the directories, but rather is contained in the registry (under LanmanServer), it is therefore necessary to copy this registry information from the machine currently containing the shares, to the machine that will host the shares:

  1. To copy the files you will need to use the SCOPY utility that is supplied with the resource kit to keep the current permission/audit settings
    SCOPY <current>:\<dir> <new>:\<dir> /o /a /s
  2. On the machine that currently hosts the shares, start the registry editor (regedt32.exe, not regedit.exe)
  3. Move to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares
  4. Click on Shares, and select Save Key from the Registry Menu
  5. Enter the name of a file, e.g. shares.reg and click OK
  6. Copy this file to the target machine
  7. Again start the registry editor (regedt32.exe) and move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares and select Shares.
  8. From the Registry menu, select Restore and select the file you saved, e.g. shares.reg and click Open
    Warning: You will lost all currently configured shares on the machine
  9. You will prompted to continue, click Yes
  10. Close the registry editor
  11. Reboot the machine and once restarted you will see the new shares

Q. How do I enable Tab to complete file names?

A. NT has this functionality built in, however by default it is disabled. To enable perform the following

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_CURRENT_USER\Software\Microsoft\Command Processor
  3. Double click on the value CompletionChar
  4. Make sure the base is Hexadecimal and then set the value to 9 and click OK
  5. Close the registry editor
  6. Log off and on again
  7. Now from a command prompt pressing tab will complete file names

Q. How do I create a shortcut on the desktop to a directory/disk?

A. The procedure below works for and file/directory/disk (even the a: drive).

  1. Start Explorer (Start - Programs - Explorer or Win+E)
  2. Right click on the file/directory/disk and drag to the desktop
  3. Release the Right mouse button and from the menu that will be displayed, select "Create Shortcut(s) here"

Q. How do I create a shortcut from the command prompt?

A. There is a utility supplied with the Windows NT Server Resource Kit Version 4.0 Supplement One (phew) called shortcut.exe which can be used to create .lnk files. The application is quite powerful, and allows you to specify not only the resource to link to, but also an icon etc. An example is shown below

shortcut -t "d:\program files\johnsapp\test.exe" -n "Johns App.lnk" -i "d:\program files\johnicon\icon1.ico" -x 0 -d "e:\johns\data"

What does it mean?

-t this is the location of the resource to be linked to
-n the name of the link file to be created
-i the icon file
-x the icon index to use in the icon file
-d the starting directory for the application once started

You can copy shortcut.exe off of the CD with the resource kit, and it is located in <processor>\desktop (e.g. i386\desktop). There are no other files needed, just shortcut.exe.

Q. How can I create a spare set of Windows95 disks?

A. Microsoft distributed Windows 95 using a new method, storing 1.68 MB of data on a normal disk, this makes copying impossible using normal methods, however there is a piece of software called CopyQM which can be downloaded from http://www.sydex.com which performs an image copy and using the command below can duplicate a windows 95 installation disk

copyqm a: bios blind silent tracks=80 sides=2 convert=1.68m

You will be prompted to insert the master disk and it will then read in the information and ask you to insert the target disk.

Q. What FAX software is available for Windows NT?

A. There is an excellent site at http://www.stonecarver.com/ntfax-faq.html which has a full list of FAX servers for Windows NT.

Q. How can I delete files that are over x days old?

A. There is a utility called DELOLD which is used in the form of

delold <location>\*.* n

where n is the number of days old the files need to be for them to be deleted. This utility can be downloaded from ACI Software (http://www.michna.com/software.htm)

Q. How can I redirect the output from a command to a file?

A. The most basic use is as follows:

<command> ><file name>
e.g., dir/s >list.txt

However with this errors still get output to the screen, to rectify this use the 2> for the errors, e.g.

<command> ><file name> 2><error file>
e.g. dir/s >list.txt 2>error.txt

If you want the errors and output to goto the same file use the following

<command> ><file name> 2>&1

Q. How can I speed up the performance of my OS/2 applications?

A. Many applications written for OS/2 will run faster under a Virtual DOS Machine (VDM), this is because NT allocates more resources to a VDM than to the OS/2 subsystem. You should therefore disable the OS/2 subsystem as follows:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
  3. Double click on GlobalFlag and change from 0 to 20100000. Click OK to save
  4. Close the registry editor and reboot the machine