NT TOOLS--SYSDIFF UTILITY
The sysdiff.exe utility is one of the useful command line tools that NT provides to manage your system. This NT 4.0 utility can profile an NT 4.0 server and install applications for NT. It's located on the NT 4.0 CD-ROM in the \Support\Hqtool directory.
NEWS SERVER FOR NT
You can use a news server on your NT network to deliver news from the
Internet to your users' desktops. One tool for performing this task is
DNews News Server Software. DNews News Server allows you to provide
fast access to 50,000-plus Internet (Usenet) news groups. Having your
own local news server software allows you to create your own public or
private discussion groups for enhanced communications across the
organization and the Internet. For more info on this product, visit http://netwinsite.com
NT TOOLS--NETWORK CLIENT ADMINISTRATOR TOOL
One of several useful command line tools NT provides for managing your
system is the Network Client Administrator. This tool can create
floppy disks for installing network client software. You'll find it in
NT's Network Administrator group.
STORAGE ANALYSIS AND MANAGEMENT FOR NETWARE SERVERS
Collecting data about the network is one of the critical functions of
network management. FileWizard 5 from Knozall provides enterprise
storage management capabilities for Windows NT servers and
workstations, Novell NetWare networks, and Unix servers running NFS.
You can view a FileWizard report to determine what kind of files are
on the network, who owns them, when they were last used, how big they
are, and when servers would run out of space. For more information,
visit http://www.knozall.com
USING NT'S HARDWARE QUERY TOOL
NT provides several useful command line tools for managing your
system. One example is the Hardware Query Tool, which interrogates
your hardware. To run the tool, put a blank floppy disk in drive A:,
double-click the Makedisk icon in the \Support\Hqtool folder of the NT
CD-ROM, then boot your computer with the disk and begin the program.
REMOTE CONTROL
The more machines and operating systems you have on your network
nodes, the harder it is to coordinate the activities on those systems.
One tool designed to reduce administration time is Agent from ISE.
Agent allows a central node to issue commands that are then executed
on any one of those remote nodes. This client/server product uses
TCP/IP to communicate between nodes, so you can manage and create
remote tasks from a single point of control. You can invoke jobs,
initiate backups, and pop up message windows. For a free 30-day trial,
visit http://www.i-s-e.com/Product_Line/Agent/agent.htm
DRAG-AND-DROP FILE MANAGEMENT
Looking for a better file manager than Windows NT Explorer? Here's
another alternative to Windows NT Explorer--Drag and File from Canyon
Software. Drag and File's features include these abilities:
- Copy, move, or delete files across multiple directories and
drives.
- Display and select the contents of multiple drives and directories
(including the contents of zipped files).
- Hide or display duplicate files.
- Associate data files to multiple applications.
- Split screen mode--two file managers, one toolbar and drive bar.
- Integrated ftp. Start an ftp session and drag and drop files
between ftp and local drives. Download manager enables you to save
actions and resume or redo them later.
- New File Compare feature.
- Encrypt files.
- Shred files.
For the full details, visit: http://www.canyonsw.com/dnf.htm
OPTIMIZE YOUR HARD DRIVE
Windows 95 had a built-in disk defragmentation tool. NT doesn't.
Defragmentation is a necessary and effective task in the maintenance
of your system's hard drive. Defragmentation reduces access time to
files and facilitates faster backups. Fortunately, you can use
Diskeeper for Windows NT to defragment your drives for NT.
Defragmentation reduces access time to files and facilitates faster
backups. For more information, visit: http://www.execsoft.com
PERFORMANCE TUNING TOOL FOR NT
Tuners are expert systems that can make intelligent and instant
decisions to improve performance on your NT systems. AutoPilot is one
such tuning tool that you can use to analyze and fine-tune your NT
systems. Suggestions for fixes are provided instantly, and, in some
cases, fixed automatically. For more information, visit: http://www.sunbelt-software.com/autoplt.htm
TRUSTED ENTERPRISE MANAGER
NT doesn't provide the ability to push user administration down
through the organization, making delegation of specific administrative
tasks impossible. This forces you to centralize NT user account
administration to ensure the integrity and security of your network.
To distribute the administrative load, check out Trusted Enterprise
Manager, which helps distribute user administration, increase
productivity, improve customer service, apply security procedures, and
decrease LAN management cost. For more information, visit: http://www.symark.com/nt.htm
DRAG AND ZIP
With all of the utilities for compressing files, wouldn't it be great
if you could find one that could handle most of these files? Check out
Drag and Zip--a plug-in application for file manager. Its features
include:
- Zips and unzips files (ZIP, LZH, GZ, TAR, CAB, ARG, ZOO, and
more).
- Creates multidisk Zip files.
- Creates multidisk self-extracting Zip files.
- Works with Uuencoded, Xxencoded, MIME, and Bin/Hex files.
- Makes Win 16 and Win 32 self-extracting files.
- Makes autolaunch and password-protected self-extracting Zip files.
- Scans Zip files for viruses.
Drag and Zip works on Windows 95/98 and NT systems. Download an
evaluation copy at: http://www.canyonsw.com/dnz.htm
AUDITING PRINT ACTIVITY
To better understand the cost of doing business, many companies track
copy machine usage, postage use, and even printing activity. They can
use this information to bill users, clients, or departments to track
usage patterns and reduce wasted printing. Print Manager can help you
centralize tracking and auditing of all printing activity on a network
of Windows NT servers. For more information, visit: http://www.sunbelt-software.com/printmgr.htm
DRAG AND VIEW
Because many applications can exist on your network workstations, some
users may be unable to read or view files other users have created if
they don't have the same applications. Having a tool that enables
users to view documents and files without needing a copy of the
application could be useful. You might want to try Drag and View,
which enables you to see the contents of files. Its features include
the following abilities:
- View, rotate, flip, convert, and perform color effects on graphics
files.
- Convert between 17 bitmapped formats.
- Do screen captures.
- Special DWG version views, prints, and zooms AutoCAD DWG files.
- View word processing documents (Word, Works, WordPerfect, Ami Pro,
Q&AWrite, ASCII, HEX).
- View spreadsheets (Excel, Lotus, Quattro) and databases (FoxPro,
Clipper, dBase).
- Play animated GIF files; MIDI, WAV, and RMI sound files; and
digital video AVI files.
- Display latest Internet formats, interlaced GIF, progressive JPEG
and PNG.
- Display HTML with Internet Explorer ActiveX control. Use it as
quick and dirty HTML editor.
- Perform text searches (except graphics files).
Drag and View supports Windows 95/98 and Windows NT. Download an
evaluation copy from: http://www.canyonsw.com/dnv.htm
E-MAIL MARKETING TOOL FOR NT
Many companies are using the Internet as a marketing tool to reach new
and existing customers. One way to reach these customers (with their
permission, of course) is e-mail. If you want to provide your
marketing and sales team the ability to send customized messages to
thousands of customers and prospects with a few simple mouse clicks,
check out Email Marketing Manager. For more information, visit: http://www.softwareshelf.com/emark.htm
MANAGING E-MAIL LISTS
If you want to reach your customer using the power of e-mail, you'll
soon learn what a huge task it can be to manage e-mail lists and
responses. One tool that could help you manage the task is List
Manager, an application that allows your NT system to administer all
of your e-mail lists with minimal internal effort, avoiding costly
outsourcing expenses. It can handle tasks like subscriptions, message
acceptance, and distribution. For more information, check out: http://www.ntpsoftware.com/products/lm
REMOTE PRINTER CONTROL FOR NT
When a printer goes down, typically you run over to the workstation to
which it's attached to troubleshoot and restart print jobs. However,
using a tool like Print Console--a remote network printing console for
NT--you can see all printers in a domain or domains from your
workstation. You can manipulate print jobs and printers as if you were
at that server. For more information, visit: http://www.sunbelt-software.com/printcons.htm
SECURITY TEST ANALYSIS TOOL
Your network is only as strong as its weakest link. STAT checks the
critical and vulnerable points in your network and warns you about the
weak links in the chain. Suggestions for fixes are provided and in
some cases fixed automatically. For more information, visit: http://www.sunbelt-software.com/stat.htm
BUILDING REPORTS OF MESSAGE ACTIVITY
Companies need to know what information and activity is taking place through their e-mail systems and need to track the volume of traffic so they can scale systems accordingly. If you use Microsoft's Exchange server to handle mail, you might want to try a utility called Promodag Reports. This utility analyzes all the messages exchanged through Microsoft Exchange Server from inside and outside the Exchange organization (including messages from Internet, Fax, Profs, Notes, MS Mail, CC:Mail). Promodag Reports builds a Microsoft Access relational database from message tracking files and provides analytical reports and graphs. For more information, visit: http://www.mercurysys.com
MANAGING DIAL-IN CONNECTIONS
Keeping control of your dial-in connections can be a daunting task. Fortunately, tools like RAS Manager work with Windows NT RAS, providing additional levels of dial-in management and security. RAS Manager gives you control of your RAS resources and enforces your policies. This software sets the standard for controlling remote access to Windows NT networks. For more info, visit: http://www.acotec.com/index_e.html
PRINTER MANAGEMENT ON YOUR NT NETWORK
Managing a multitude of printers scattered across your NT network can be time consuming and difficult. One tool that can help you manage these printers is Print Queue Manager for Windows NT, which allows full printing management for a Windows NT network. Features include print redirection, printing disaster recovery, load balancing, printer status, printer grouping, and print broadcasting. For more information, visit: http://www.sunbelt-software.com/pqm.htm
PROTECTING YOUR NT SYSTEM
Are you protecting your systems from viruses? With more ways to get infected, you need to be vigilant in the tracking and elimination of viruses. One of the most popular tools for virus fighting is Norton AntiVirus for Windows NT. This utility provides complete and easy-to-use antivirus protection for Windows NT workstations and servers. For more information, visit: http://www.symantec.com
TAKE CONTROL OF REMOTE DESKTOPS
Whether your job is providing user support or training new users on your system, you constantly experience the need to look over the user's shoulder. That method of support is generally impractical and frequently impossible--but one utility can make this a reality: Control/T, a system management tool for Windows platforms. Control/T is also suitable for classroom training and product demonstrations. For more info, check out: http://www.cai.com/products/controlit.htm
MANAGING RIGHTS AND PERMISSIONS
If you manage access and permissions for multiple services and group or user accounts, you could use Domain Assistant for Windows NT. This program enables you to assign and reassign rights, ownership, and access status to either individuals or groups. It can find and replace account security properties across a selected domain. It can also locate and identify files whose owners you've deleted from the system, making it possible to delete or reassign these files. For more info, visit: http://www.ntpsoftware.com/products/da
PROTECTING FILES THROUGH REPLICATION
Protecting data files is a top priority of any network administrator. The Double-Take utility monitors file changes as they occur on one or many source servers, replicating them in real time to a server over existing network links. In the event of a server failure, Double-Take's target server has backup copies of all your critical files immediately available for users. The target server can even assume the identity of the failed server, virtually eliminating data loss and downtime. For more info, visit: http://www.dbl.co.uk/double-t.htm
ANOTHER STORAGE MONITORING SOLUTION
We've mentioned a few other tools that help you manage and report on
disk usage. Another one you should test is Storage Accountant, a
Windows NT service and reporting program that allows network
administrators to see by logical or physical grouping who is using how
much of the server's disk storage. Reporting functions allow
administrators to obtain the information necessary for charge-backs
and cost allocation. Check it out at
http://www.ntpsoftware.com/products/sm
AUTOMATING FILE ARCHIVAL
How long do you keep old files on your servers? Would you benefit from
archiving old, unused files to tape or getting rid of them altogether?
If so, check out this tool for identifying such files. File Archivist
is a Windows NT service that locates unused files on the server,
catalogs them, and moves them to a staging area. From there you can
write them to tape and delete them from the system. Network
administrators can specify a period of time after which unused files
get archived. For more info, visit
http://www.ntpsoftware.com/products/fa
DISK REPORTING MADE EASY
Need to get a better handle on disk usage on your NT systems? If so,
check out DiskAdvisor 4.0, a complete disk-reporting tool for Windows
NT. You can generate both standard and customizable reports for all
major storage criteria, including wasted space, quotas, disk-space
usage, and file security in both interactive and batch modes.
Altogether, 18 predefined storage management reports are available,
with almost as many ways to manipulate them. For more info, visit
http://www.netcomsoft.com.au/da.html
GRAPHICAL MONITORING TOOL FOR NT
Monitoring the performance and stability of your NT systems is vital
in ensuring that your system is running at its best and that it will
be ready when you need it. NTManage combines graphical fault and
performance monitoring with a rules-based notification and fault
management system to help you do that. Though designed for the Windows
NT platform, NTManage's flexible SNMP interface allows monitoring and
management of all kinds of TCP/IP- and SNMP-enabled devices. For more
info, visit
http://www.lanware.net/products/ntmanage/overview.asp
MONITORING NT EVENTS AND SERVICES
You have a lot of activity to track and monitor on your NT system to
keep it finely tuned and running at its best. System Sentinel is a
suite of network services dedicated to the real-time monitoring,
notification, and execution of corrective action related to Windows NT
events, TCP/IP protocol, and system services. The product provides
advanced monitoring through event filtering, caching, and routing of
events. Send notification to media such as alphanumeric pagers,
e-mail, ODBC databases, and Web servers. Scripts can execute to take
corrective action. For more info, visit
http://www.ntpsoftware.com
PATCH TO NT GATEWAY FOR EXCHANGE
Novell has released a patch file for GroupWise 5 NT Gateway for
Exchange--Patch 2. It provides the following fixes:
- Filtering switches /blockdom and /allowdom now work with directory
synchronization as well as directory exchange.
- The gateway can now initialize a migration in certain non-English
environments.
- Patch corrects a problem where GroupWise users could get deleted if
the location of the gateway changed to another domain.
- Mail from Exchange to GroupWise now works with a user ID on both
GroupWise and Exchange.
- Mail a user on an external GroupWise domain sends to MS Exchange no
longer drops any recipients.
- Patch fixes the problem with replies to mail sent from the Internet
to MS Exchange through GroupWise 5.2 GWIA. Replies still don't work if
GroupWise 5.5 GWIA is used with Internet addressing.
You'll find the patch in the file exchnt2.exe, available for download
from the Novell Support Web site at
http://support.novell.com/misc/patlst.htm
RESTORING DELETED FILES
Do you remember the undelete command for DOS and Windows 3.1? Now it's
back in Windows 95/98 and NT. File Rescue allows full recoverty of
files after you've removed them from the Recycle Bin or deleted them
from a command line or shared directory. For more info, visit
http://www.file-rescue.com
SALVAGE 98 FOR NETWARE AND NT
Now you can recover those files you thought were long gone. Salvage 98
enables users to undelete files with an easy-to-use Windows Explorer
interface, allowing you to search for deleted files by the owner, the
person who deleted them, or the deletion date. The tool works with
NetWare 3.x, 4.x, and 5 using the IntranetWare Client for Windows 95,
98, or Windows NT. For more details and to download a trial version,
visit
http://www.wiredred.com/salvage_98.html
SETTING DISK USAGE LIMITS
Need a way to limit and enforce disk space quotas on your NT systems?
If so, take a look at QuotaAdvisor 4.0. Designed to remedy the lack of
storage controls in the Windows NT environment and the increasing
abundance of file-polluting conditions, QuotaAdvisor 4.0 monitors,
manages, and enforces disk storage limits at the user or group level.
Its driver technology enforces quotas before they are written. For
more info, visit
http://www.netcomsoft.com.au/quotaadvisor.html
TRACKING UPDATES TO YOUR NT OS
Having a tough time keeping up with what service packs and fixes
you've applied to your NT systems? Service Pack Query Tool (SPQuery)
enables you to determine not only which service pack you've installed,
but also what fixes you've already applied. Version 2.0 shows you this
information on all your machines in all domains. The SPQuery single
machine license allows the query of all of the machines on the network
and generates a full report. As an administrator, you can use this
information to keep track of all configuration data on the networked
machines. For more info, visit
http://www.mtesoft.com/spquery3.html
WORKING WITH MACS ON YOUR NT SYSTEM
If you work in a mixed-desktop environment of NT, Windows, and Mac
systems, you may need to format, read, and write Mac-formatted disks
on your non-Mac systems. One way to do this is using a tool such as
Mac-in-DOS. This utility enables PC users to read, write, and format
Macintosh disks from PC drives. It includes support for network, Jaz,
Syquest, Bernoulli, 3.5 disk, CD-ROM, and other drives. For more info,
visit
http://www.softwareshelf.com/mid.htm
THE QUESTION:
TechRepublic reader ashott@optonline.net, who was using DHCP Manager,
needed a reg hack or any other way to shorten the time between when a
lease is dropped and when it's returned to the pool.
Copy and paste this URL into your browser:
www.techrepublic.com/trbbs/message_detail.jhtml?thread_id=2955&thread_title=
DHCP+and+Reg+Hack&ooc=open
THE ANSWER:
User powerstroke@mailcity.com stated that the registry setting is
located in HKEY_LOCAL_MACHINE\System\CurrentControlSet\
services\DHCPServer\Parameters, noting that the database cleanup is how
often it removes expired clients.
CHANGE FILE NAME ASSOCIATIONS FROM THE COMMAND LINE
Another command line tip is the use of the ASSOC command. To change a
file name association, run ASSOC as follows:
ASSOC [.ext[=[filetype]]]
The term .ext specifies the file extension to associate with the file.
The term filetype specifies the file type to associate with the
extension.
ASSOC with no parameters displays a list of file associations. ASSOC
with just an extension displays the current association of the
extension. ASSOC with an extension and equal sign but no file type
deletes the association.
COMMAND LINE ENHANCEMENTS IN NT 4.0
NT 4.0 provides several useful command line enhancements, including
the following.
CD /D changes the current directory and current drive at the same
time. As an example, assume that the current drive is D: and the
current directory on C: is the root directory. If you type CD /D
c:\downloads, the current drive will become C: and the current
directory on C: will become C:\downloads.
MD can create multiple levels of directory in a single command. Assume
you have no directory called C:\jim. If you type MD C:\jim\fred, NT
will create a directory called \jim and then create another directory
in \jim called fred.
RD /S does a complete tree delete. RD /S \jim will remove directory
\jim, even if there are subdirectories or files in \jim.
DEL /S can delete in subdirectories. For example, DEL /S *.TXT will
delete all text files in either the current directory or any
subdirectory of the current directory.
FOR /D makes wild cards match directory names instead of file names.
FOR /L is equivalent to a BASIC FOR/NEXT loop.
In addition, NT 4.0 enhances access to FOR variable references. If you
write batch files, run HELP FOR from the command line to see all the
new features of this command.
To see the complete list of commands enhanced in NT 4.0, enter CMD /?
on a command line.
CREATE USER TEMPLATES
Adding lots of new users to your network can be tedious. Creating a
user template makes it easy to add multiple new users with the same
group and access privileges. To do so:
1. Open the User Manager for Domains.
2. Add a new user by selecting User/New User from the menu bar.
3. Label this user as a template for the user level, such as
Template--Worker or Template--Secretary.
4. Set the proper configuration option for Groups, Profile, and
Dial-in.
5. The next time you need to add a user, simply select the template
account and select User/Copy from the menu bar. NT makes a duplicate
of the template user, so to complete the new user account setup, all
you need to do is change the name and password.
MONITOR WEB SERVER PERFORMANCE
When you install IIS on NT Server 4.0 (or Personal Web Server on NT
Workstation 4.0), the software adds its own monitoring entries to the
Windows NT Performance Monitor. To access these new monitoring
devices:
1. Launch the Performance Monitor from the Start button's Programs,
Administrative Tools menu.
2. Select Edit, Add To Chart.
3. Select ftp, Gopher, http, and/or IIS from the Object pick list.
REMOVING THE RECYCLE BIN
The Recycle Bin may be more of a pain than a help, especially if you
delete files often. To disable it so all files are truly deleted when
you delete them:
1. Right-click the Recycle Bin icon and then click Properties.
2. You will then see tabs for each accessible drive, plus a global
tab. You will also see a check box to disable the Recycle Bin.
3. Choose the drive you want, or the global setting, and choose the
option to delete instead of sending files to the Recycle Bin. (A
sliding control allows you to set the percentage of your disk used for
the Recycle Bin, if you choose to leave the Recycle Bin enabled.)
You can also just hold down the shift key while deleting files to
bypass the Recycle Bin and permanently delete files.
RESET YOUR SYSTEM CLOCK
If you have a computer with an unreliable clock, you can use your LAN
to correct it. At the command prompt, type
NET TIME \\computername /SET /YES
This sets the clock on your computer to the same time as the one on
the server.
SQL 7.0 BUG: SLOW PERFORMANCE
Microsoft has reported that SQL Server 7.0 may infrequently run slower
than SQL Server 6.5 when processing certain rare types of left outer
joins that involve large result sets. A supported fix that corrects
this problem is available from Microsoft, but it has not been fully
regression tested and should be applied only to systems experiencing
this problem. If this specific problem does not severely affect you,
Microsoft recommends that you wait for the next SQL Server service
pack, which will contain this fix.
To resolve this problem immediately, contact Microsoft Product Support
Services to obtain the fix. For a list of Microsoft Product Support
Services phone numbers and information on support costs, please go to
the following address on the World Wide Web:
http://www.microsoft.com/support/supportnet/overview/overview.asp
UNATTENDED, CUSTOMIZED INSTALLATIONS
You can deploy customized installations throughout your organization
using the tools in the Windows NT Workstation or Server version 4.0.
These tools include unattended setup and the new sysdiff utility.
Unattended setup lets a handful of technicians deploy the new
operating systems without disrupting your end users' work day.
The sysdiff utility prepares "snapshots" of the operating system
before and after installation of apps. When the final snapshot (the
"difference" file) is applied during or after Windows NT Setup, the
changes you made to the master system by installing applications
(registry settings, binary files--everything) are copied to the new
installation. Or you can use sysdiff to create an INF from the
difference file, and use the INF to install the applications during or
after Windows NT Setup. This lets you include in your customized
installation applications that do not have a scripted setup. You can
also use sysdiff with unattended setup to create "spare" hard disks
with the operating system and the applications preinstalled, ready to
replace crashed disks in mission-critical computers.
Unattended setup and sysdiff are described in Part 1, Windows NT
Workstation Deployment, of the Windows NT Workstation Resource Guide.
A printed version of the Resource Guide is included with the Windows
NT Workstation Resource Kit, and the Windows NT Server Resource Kit
includes an online version of the Windows NT Workstation Resource
Guide.
Disabling the Timer for NT Boot Loader
by Tim Boone
When your Windows NT system is set up in a dual-boot configuration,
the Windows NT boot loader displays a menu of operating system
choices (usually MS-DOS and Windows NT), waits 30 seconds for
input, and then starts Windows NT if you fail to provide any input.
If you want to boot to the other operating system, but get
distracted before you make a selection, you'll have to reboot and
try again. Of course, you can increase the value in the 'Show List
For' text box in the Control Panel's System dialog box, but you'll
still have the same problem if the timer counts down before you
make a choice.
You can disable the boot loader's timer so that the menu of
operating system choices remains on the screen until you make a
choice. To do so, you have to edit the boot.ini file and change the
timeout value. First, though, you have to turn off boot.ini's
Read-Only attribute. Once you've done that, open the boot.ini file
in Notepad and change the timeout value from timeout=30 to
timeout=-1.
At this point, you should save the file and reboot your system.
It's important to note that you can't make this change in the
Control Panel's System dialog box because only values from 0 to 999
are valid in the Show List For text box. Now turn boot.ini's
Read-Only attribute back on.
THE QUESTION:
TechRepublic reader jim@pandzik.com was looking for a short batch file
for Windows 95/98 that would delete everything in the Temporary
Internet Files, Cookies, and History folders.
Copy and paste this URL into your browser:
www.techrepublic.com/trbbs/message_detail.jhtml?thread_id=4060&thread_title=
Deletion+Program&ooc=open
THE ANSWER:
User bugars recommended Wilson WindowWare's WinBatch, which will help
Jim create a batch or macro for anything he can do with keystrokes.
http://www.windowware.com/
PREVENTING GUEST ACCESS TO EVENT LOGS
(contributed by Selvini Livio, selvini.livio@tiscalinet.it)
Default Windows NT configuration gives guests the ability to view event
logs (system and application logs). The security log is protected from
guest access by default; it's viewable by users who have the "Manage
Audit Logs" user right. To restrict guest access to the event log
files, use the Registry Editor to open the key
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\.
For each [LogFileName] add (or change) the key value as follows:
RestrictGuestAccess
data type: REG_SZ
value: 1
Set the value for each of the logs to 1. The change takes affect on the
next reboot. Needless to say, you'll have to change the security on
this key to prevent access to everyone except Administrators;
otherwise, malicious users can reset these values.
Simple Security Tips for Windows NT Server
by Tim Boone
Some people think that NetBIOS is inherently insecure and that any
NT machine that has NetBIOS bound to TCP/IP (or that isn't blocking
ports 135 to 139) is asking for trouble. If you use it carefully
(with the messenger and alerter services disabled), you'll be OK.
The main gate to all of your NT services is the "right to log on
from the network." I highly recommend restricting this right
severely -- by default, it's allowed to everyone. Depending on how
many admins there are, you should either create a new
Administrators group or simply remove administrators from the
listing and add back in the individual users you want there. Now
you have a much shorter list of users allowed to log in from the
network, and Administrator isn't one of them. This is important,
because you can't lock out Administrator from bad log-in attempts,
so it opens a ripe opportunity for brute force attacks. Also, if
you can't log on from the network, you can't get into the Registry,
event logs, enumerate shares -- you name it.
Make sure you have enabled account lockouts after a reasonable
number of bad log-in attempts. This makes it much more tedious for
someone to attack users who are allowed to log in from the network.
Also make sure that a reasonable password length is required and
that no one uses lame passwords.
Turn off the messenger and alerter services. This prevents
broadcast of the name of the console user in the NetBIOS name
table. The only information they could get is the machine name (which
a DNS lookup might reveal) and the domain or workgroup.
Disable the guest account. Explicitly set the ACL for all shares.
Do not ever leave it as "All access - Everyone."
Avoid running services under the local system account. Make
separate, bare-minimum permission accounts for most services. That
way, if a service gets compromised, you limit the scope of damage
and have a log of exactly which service did what.
Set the permissions on your Registry at a tighter level than
default. The resource kit has some good suggestions for this.
THE QUESTION:
TechRepublic reader Ellem recently got another hard drive and wanted to
know how to mirror the drives on an NT workstation.
Copy and paste this URL into your browser:
www.techrepublic.com/trbbs/message_detail.jhtml?thread_id=4621&thread_title=
NT+Workstation+and+RAID+1&ooc=open
THE ANSWER:
User kellyst@nabisco.com suggested using the Ftedit.exe tool from the
NT Resource Kit to mirror the drives, adding that Microsoft does not
support this action.
QUICK ACCESS TO A POPULAR ADMINISTRATOR KEY
(contributed by Colin Reed, tower@post4.tele.dk)
The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services key is
probably the key Windows NT administrators use most often. Instead of
going to Run, typing Regedit, and clicking through the entire Registry
Tree to get to this key, you can use a Windows Scripting Host (WSH)
script to access it quickly. Michael Harris posted this script in
response to a request I made for such a utility on the
microsoft.public.scripting.wsh usergroup.
The script requires the latest WSH 2.0 Beta, which you can download
from http://msdn.microsoft.com/scripting. This script will work only
with Regedit--not Regedt32.
strKey = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services"
set sh = createobject("wscript.shell")
sh.run "regedit"
wscript.sleep 1000
'if already open, collapse tree to root...
'
for n = 1 to 16
sh.sendkeys "{LEFT}"
next
'expand the root
'
sh.sendkeys "{RIGHT}"
'parse strKey in nodes...
'
arNodes = split(strKey,"\")
'send each node to navigate to it
'then the right arrow key to expand it...
'
for each n in arNodes
sh.sendkeys n
sh.sendkeys "{RIGHT}"
next
CUSTOMIZE YOUR SEND TO BUTTON
(contributed by Susan Eubanks, susaneubanks@hotmail.com)
You're just a right-click away from customizing your Send To button so
that it includes your frequent tasks. In Windows NT, go to the
WINNT\Profile\All Users\Send To folder. Right-click a blank space on
the screen, and select New, then Shortcut. At the Create Shortcut
window, make your selection. (You can include administrative shares to
a serve--i.e., \\servername\c$).) This tip works great on workstations
frequently used for copying files.
DISABLING THE WINDOWS LOGO KEY
Administrators commonly disable browsing on public terminals by
defining a system policy that revokes user access to Windows Explorer,
the Run command, and the Find command. But even after you've removed
Explorer, users can access disabled features using shortcuts with the
Microsoft Windows logo key (e.g., logo key+E). Here's a quick script
you can use with the Microsoft Windows NT Server 4.0 Resource Kit
utility regini.exe to disable the right and left Windows logo keys and
lock down your public or high-security systems.
Create a file with an .ini extension, enter the commands below, and
run the script by entering its full name (e.g., nologoskey.ini) at a
command prompt. You must reboot the system to disable the Windows logo
keys. Of course, you can also make these modifications manually with a
Registry editor and reboot.
;
; This mapping disables both Windows logo keys
;
\Registry\Machine\SYSTEM\CurrentControlSet\Control\Keyboard Layout
Scancode Map = REG_BINARY 24 \
0x00000000 0x00000000 3 \
0xE05B0000 0xE05C0000 \
0x0
See Microsoft Support Online article Q181348
(http://support.microsoft.com/support/kb/articles/Q181/3/48.asp) for an
explanation of the binary values that appear in the script. The article
states that if you encounter problems, you can delete the Registry key
this script creates
(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\KeyboardLayout\Scancode Map)
with a Registry editor running locally or over the network. If you
delete the key, you need to reboot the system to restore access to the
Windows logos keys.
* AUTOMATIC LOGON IN WIN2K AND NT 4.0
When you're debugging code such as a device driver that takes down a
system, you'll appreciate knowing how to enable an automatic system
logon. The Registry's Winlogon key contains many entries that control
how the logon process works. Two of these entries let you set up a
system for automatic logon after a system restart or a logoff so that
you can use the extra time to focus on cleaning up your code. Go to the
following Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
Enter a valid account name in the DefaultUserName (type REG_SZ) entry
and the password for the account in the DefaultPassword (type REG_SZ)
entry. If either entry doesn't appear in the Winlogon key, create it
with a Registry editor.
If you forget to enter a DefaultPassword, the OS automatically
changes the AutoAdminLogon key value from 1 (true) to 0 (false), which
disables the AutoAdminLogon feature. If the AutoAdminLogon entry
disappears, you can recreate it manually--it has a data type of REG_SZ.
A value of 1 enables AutoAdminLogon and a value of 0 disables the
feature. Reboot the system to activate the changes.
When automatic logon is enabled and you want to log on to the system
as a different user, hold down the Shift key after logging off or
restarting and you'll see the regular logon dialog box--a technique
that works with Windows NT 4.0 and Windows 2000 (Win2K). Keep in mind
that if you configure a system for automatic logon, anyone can restart
the system and log on, so making this change exposes a potential
security vulnerability. See Microsoft Support Online article Q97597
(http://support.microsoft.com/support/kb/articles/Q97/5/97.asp) for
details.
* KEEPING RAS CONNECTIONS ACTIVE AFTER LOGOFF
The KeepRasConnections value entry in the Registry's Winlogon key
controls whether RAS maintains active connections after a user logs
off. If you want your dial-up or VPN connections to remain live, go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon, add the value entry KeepRasConnections:
REG_SZ: 1, and reboot. This entry doesn't typically appear in the
Winlogon key; you must create it with a Registry editor. See Microsoft
Online Article Q158909
(http://support.microsoft.com/support/kb/articles/q158/9/09.asp) for
more information.
FILENAME COMPLETION FOR DOS WINDOW
(contributed by Nicholas Kohner, snowboardripper@hotmail.com)
If you hate typing long directory names, such as Program Files, when
using a DOS prompt, then:
1. Use regedit32.exe.
2. Set HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar to 9 (tab char).
3. Set HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions to 1 (automatically expanded).
If more than one choice exists for the start of a word, keep pressing
Tab.
THE QUESTION:
TechRepublic member Joaxe needed to know how to configure a DHCP server
that would allow Wyse Technology's WinTerms to download BIOS updates
from an FTP server. Joaxe was unsure how to create options 161 and 162
for DHCP.
Copy and paste this URL into your browser:
www.techrepublic.com/trbbs/message_detail.jhtml?thread_id=4890&thread_title=
DHCP+Options+for+FTP&ooc=open
THE ANSWER:
User Bert.chew said that Joaxe could configure the DHCP server by going
to DHCP Options | Default and clicking the New button.
THE QUESTION:
TechRepublic member Jcolome has the NT Terminal Server CD but has lost
the install disks. Jcolome was looking for a way to create these disks
from within the CD.
Copy and paste this URL into your browser:
www.techrepublic.com/trbbs/message_detail.jhtml?thread_id=5030&thread_title=
NT+Terminal+Server+Install+Disks&ooc=open
THE ANSWER:
User Dtimko recommended running WINNT.EXE/OX to create the disks or
booting from the CD-ROM if he didn't want to use the disks.
THE QUESTION:
TechRepublic member Markosoteo was looking for a third-party utility
that would help retrieve information from Windows NT's User Manager.
Markosoteo wanted to be able to print out users, groups, etc., and
import data into Excel or Lotus Notes.
Copy and paste this URL into your browser:
www.techrepublic.com/trbbs/message_detail.jhtml?thread_id=5262&thread_title=
Extracting+information+from+User+Manager...&ooc=open
THE ANSWER:
User Imaxim recommended the shareware program Hyena, which can be found
at the Adkins Resource Web site. Hyena can export users, groups, etc.
to plain text.
http://www.adkins-resource.com/
|