Home | Our Constitution | Our Projects | Business Opportunities | Links
Windows
NT Tips
STORING USER PROFILES
You can impact network traffic and efficiency based on where you store different types of profiles. To avoid version problems, don't store roaming user profiles on the Netlogon share (\Winnt\System32\Repl\Import\Scripts) if you have more than one logon server. For example, assume that you're validated by \\ServerA when you log on, and your roaming profile is copied from that server. Any changes to your user profile are saved to \\ServerA when you log off. If you're validated by \\ServerB the next time you log on, your newer user profile won't be downloaded. However, because mandatory user profiles aren't copied back to the server upon logoff, they can be stored on the domain controller's Netlogon share. When you set a user's profile path to %Logonserver% (e.g., %Logonserver%\Filename.man), his or her profile is copied from the logon server used to validate the logon. If more than one logon server is used in your organization, use the Folder Replication service to automatically copy mandatory user profiles to all logon servers.
USING NTDETECT.COM TO TROUBLESHOOT INSTALL PROBLEMS
If Setup hangs at the "Setup is inspecting your computer's hardware configuration" screen, use Ntdetect.com to find out which hardware component might be the problem. To do so, follow these steps: 1. Make a Windows NT Setup disk, copy Ntdetect.chk from the Windows NT 4.0 CD-ROM to the diskette, and rename the extension to .com. 2. Use the MS-DOS DISKCOPY command to copy the contents of the Windows NT Setup disk to a formatted, blank floppy disk. 3. Replace the Ntdetect.com file on the copy of the Windows NT Setup disk you created with the Ntdetect.chk file located on the Windows NT 4.0 CD-ROM (Support\Debug\I386\Ntdetect.chk). 4. Rename Ntdetect.chk to Ntdetect.com. 5. Insert the copy of the Windows NT Setup disk you created into the floppy disk drive and restart the computer. 6. The debug version of Ntdetect.com will display hardware information on the screen as it is detected. To move to the next screen, press any key. Continue until Setup hangs. The contents of the screen at the point of lockup should give you an indication of which hardware component is causing the problem.
TROUBLESHOOT WINDOWS NT BOOT PROBLEMS
A Windows NT machine that won't boot is useless. No matter the cause, your users are still stuck. We've got answers to several common boot process problems to help you get your users back up and running fast. http://www.techrepublic.com/article.jhtml?id=r00320000817det01.htm
USE CISCO'S EIGHT-STEP TROUBLESHOOTING METHOD TO FIX YOUR NETWORK
Even if you don't use Cisco equipment on your network, Cisco's eight- step troubleshooting method can help solve your system's connectivity issues. Warren Heaton explains the method and shares an additional tip for preventing recurrences. http://www.techrepublic.com/article.jhtml?id=r00220000323eje01.htm
CONFIGURING A SOUND CARD
Unfortunately, Windows NT is not a plug-and-play operating system. It instead uses an auto-detect feature that does find some hardware but very seldom detects a sound card. To manually configure that sound card for your NT workstation, follow these steps: 1. Go to My Computer | Control Panel | Multimedia | Devices. 2. Click Add and select the appropriate driver from the List Of Drivers list box. If you're unsure of the sound card type, consult with the manufacturer. (Many sound cards will function if a Sound Blaster driver is used.) Click OK. 3. Insert the Windows NT Workstation 4.0 CD into the CD-ROM drive and click OK. 4. When the Base I/O Address dialog box appears, select the appropriate I/O address from the I/O Address drop-down list. The selected address will be tested by the operating system. If an error message appears, select a different address. 5. Select the appropriate interrupt from the Interrupt drop-down list and the appropriate DMA channel from the DMA Channel drop-down list. If the configuration settings are incorrect, reselect the Interrupt and DMA settings until no error messages appear. 6. Restart the computer to implement the new device.
INSTALLATION ERROR MESSAGES
There are some common error messages that can occur during Windows NT installs. Here's what a couple of those messages are really telling you: * "The partition you have chosen is not recognized by Windows NT."-- This message most likely means that your drive is formatted with FAT 32. If that's the case, you must reformat to FAT 16 or NTFS. * "Setup is unable to locate the hard drive partition prepared by the MS-DOS portion of setup."--This message indicates that the temporary setup files are inaccessible. Setup (Winnt.exe) by default places temporary files on the first available drive that has enough free space, but because Winnt.exe sees drives that NT may or may not support, these temporary files may be inaccessible to Setup. (Unsupported drives may include compressed drives, unsupported SCSI drives, or drives on secondary IDE or ESDI controllers.) To fix this problem, use the WINNT command with the /T switch. The /T switch specifies the target drive to which temporary files will be stored by Setup. For example, to install temporary files in the D: drive, type WINNT /T:D:
AUTOMATING YOUR WINDOWS NT INSTALLATION: THE UDF
Tired of wasting time with manual installs? James McPherson takes a look at the mysteries of the UDF. http://www.techrepublic.com/article.jhtml?id=r00219990909ken01.htm
SIMPLE SECURITY TIPS FOR WINDOWS NT SERVERS
Do you need NT security advice? Ed Engelking presents a few tips you can use to secure your Windows NT Server. http://www.techrepublic.com/article.jhtml?id=r00220000525eje02.htm
INSTALLATION ERROR MESSAGES
Today we'll
interpret a couple more error messages commonly encountered during the
NT installation process: * "The following non-Microsoft networking component
is installed on this computer:
REMOVING A NIC REFERENCE
Occasionally
Windows NT won't let you remove a network card reference from the Network
icon in Control Panel. If this happens, don't despair. There's a registry
edit that will allow you to remove all references to the NIC. Here's how:
1. Using Regedt32, navigate to HKEY_LOCAL_MACHINE. 2. Delete the following
subkeys: \SOFTWARE\Microsoft\
MONITORING YOUR NT NETWORK FOR FREE!
If you're running Microsoft Windows NT, use these in-depth instructions to learn how to use existing utilities like Performance Monitor to piece together your own network-monitoring system. http://www.techrepublic.com/article.jhtml?id=r00320000529ron01.htm
LOOK LIKE A WINDOWS NT REGISTRY PRO WITH THESE QUICK TIPS
The Windows NT registry can be intimidating to deal with, but these quick tips will help get you started. Learn how to set the [Num Lock] key, hide the User ID during logon, and more. http://www.techrepublic.com/article.jhtml?id=r00320000726det01.htm
DHCP MANAGER OPTIONS
You can use the DHCP Manager to configure three different types of client options. Here's a list and a general description of the three option types: * GLOBAL--Global options apply to all DHCP scopes defined on the DHCP server and all clients that lease addresses from these scopes. They can be used, for example, to provide all clients in a given scope with the same DNS server IP address. * SCOPE--Scope options apply specifically to one scope. An example of a scope option is configuration of a different default gateway for each scope per subnet. * CLIENT--Client options apply only to a specific client that has a reserved DHCP address lease, configured through a client reservation. Client options will override any scope or global option. To configure any of these options, simply open up DHCP Manager and navigate to the DHCP Options menu. There, you'll see all three.
DHCP FROM THE GROUND UP
Are you new to DHCP (Dynamic Host Configuration Protocol)? TechRepublic takes a look at the basics. http://www.techrepublic.com/article.jhtml?id=r00220000619eje01.htm
DAVE INTEGRATES MACs INTO A WINDOWS NETWORK
Windows NT/2000 Network administrators are always on the lookout for software that allows Macs to share resources on their networks. Maybe it's time you met DAVE--a tool that welcomes Macs to the Network Neighborhood. http://www.techrepublic.com/article.jhtml?id=r00220000824jim02.htm
DHCP CLIENTS
Most network administrators would probably agree that DHCP as an invention rates right up there with sliced bread. Unfortunately, not all client machines can use DHCP. Listed below are those clients that can receive configuration information from a DHCP server: * Windows 2000 Professional * Windows 2000 Server * Windows NT Workstation 3.5 or later * Windows NT Server 3.5 or later (as long as the DHCP Server service isn't running) * Windows Millenium, Windows 98, Windows 95 * Windows for Workgroups 3.11 * Microsoft Network Client 3.0 for DOS * Microsoft LanManager 2.2c * BOOTP clients (as long as Service Pack 2 or later has been installed)
PROVIDE DHCP FAIL-OVER ON YOUR NT NETWORK
Richard Charrington explains how you can implement continuous DHCP service on your network, even in the event of DHCP failure. You can use this process to free up a DHCP server for maintenance and more, all without interruptions to the service. http://www.techrepublic.com/article.jhtml?id=r00220000316eje02.htm UNDERSTANDING DNS IN WINDOWS NT 4.0 Have you ever wished you had a better understanding of DNS? Check out this TechRepublic overview of DNS and how it's used in Windows NT 4.0. http://www.techrepublic.com/article.jhtml?id=r00220000711jim02.htm
STORING USER PROFILES
User profiles can be stored in various network locations for optimum efficiency. Here are few more tips to keep in mind for storage locations: Server-based or roaming user profiles should never be stored in the root level of a user's home folder. Because every file in the user profile folder is copied over the network for server-based user profiles, storing server-based user profiles in a user's home folder can result in very long logon times. For this reason, server-based user profiles should be stored in dedicated user profile folders. However, this dedicated folder can be a subfolder of the home folder or of some other user folder. Unfortunately, you can't use the %username% environment variable for the user profile path because %username% doesn't expand when followed by additional text (as in \\Servername\Sharename\%username%\profile). A good practice is to place server-based user profiles on NTFS- formatted partitions. You can then use Windows NT security features to prevent users from deleting mandatory profiles or other users' roaming profiles. Mandatory user profile paths shouldn't point to the folder that stores the local user profile because user profile changes are always cached locally. If you set a mandatory user profile path to the local profile folder, user profile changes made by the user will be saved whenever the user logs off. For example, if you store User1's mandatory profile locally in the \\User1\Winnt\Profiles\User1 folder, the user's profile will always be overwritten, even if it has the .man file extension. To avoid this problem, store mandatory user profiles on a server or in a folder on the local computer other than the Windows NT profiles folder (typically named C:\Winnt\Profiles).
OPTIMIZING THE WINS CACHE
Name resolution must take place for a PC to access computers on a network. Most NT networks have a WINS server, which performs the necessary conversions and maintains a cache of all NetBIOS names. By default the NetBIOS name stays in the cache for 10 minutes (600,000 milliseconds). You can employ a simple registry edit to increase the amount of time that the NetBIOS name remains in the cache, which can help reduce overhead caused by NetBIOS name resolution. Using Regedt32, navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ NetBT\Parameters\CacheTimeout. Change the Cache timeout value to 900,000 (milliseconds), or 15 minutes. NOTE: Please remember that editing your registry can be risky, so be sure you have a verified backup before you begin.
GET THE BEST PERFORMANCE OUT OF WINS
Do you know how to squeeze the most out of WINS? The TechRepublic staff has written an article to help you maximize WINS on your network. http://www.techrepublic.com/article.jhtml?id=r00220000515eje02.htm
HOW SAMBA UNITES UNIX AND NT SYSTEMS
Samba can be your Statue of Liberty in the virtual melting pot of cyberspace. Dave Mays discusses Samba's history and explains how it has overcome the language gap in a foreign land. http://www.techrepublic.com/article.jhtml?id=r00220000309eje02.htm
MIGRATING DOMAIN USER ACCOUNTS
Consider
all the time you've spent creating domain user accounts. When it's time
to move them to a new machine, you want the process to be as simple as
possible. Let's look at a couple of ways to do it. Domain user accounts
are easy to move. You simply install the new machine as a backup domain
controller (BDC), sync it with the primary domain controller (PDC), and
then promote the BDC to a PDC. That's all there is to it! If you actually
want to merge two domains or just move some accounts, the following procedure
should help. You'll need the Addusers.exe utility from the Resource Kit.
1. Log on as Administrator to the machine that has the accounts you wish
to move.
2. Run the following command: addusers /d
3. You don't need the information about global or local groups, so edit
the file to remove the [Global] and [Local] sections and their contents.
4. Copy the file to the machine on which you want to create the accounts.
5. Log on as an Administrator to the machine to which the accounts should
be added (for a domain, log on to the PDC).
6. Run the following command: addusers /c
WHICH WINDOWS NT DOMAIN MODEL BEST FITS YOUR BUSINESS NEEDS?
Need a break down of domains and domain models? TechRepublic looks into the different kinds of domains, domain models, trust relationships, and hardware requirements for a Windows NT Server 4.0. http://www.techrepublic.com/article.jhtml?id=r00220000417eje01.htm
MAKING EFFECTIVE USE OF PERMISSIONS
Windows NT gives you several ways to grant access to resources: to an individual or to a group of users, via file permissions or share permissions, and so on. In this article, we'll explore some techniques you can use to effectively manage Windows NT resources. http://www.techrepublic.com/article.jhtml?id=p00119990701tif01.htm
USING THE SPE TO CONTROL USER PROFILES
One of the biggest disadvantages about using roaming user profiles is that with time they can grow quite large. One way to help control the size of the profile is to control which folders are a part of that profile. To do so, follow these steps: 1. Open the System Policy Editor and double-click Default User. 2. Enable the Exclude Directories In Roaming Profiles check box under Windows NT User Profiles. 3. In the data box, type in the name of the directory or directories you wish to exclude. Make sure you use a semicolon between multiple directories. 4. Click OK and save the policy as Ntconfig.pol. 5. Save the file to the Netlogon share on all domain controllers. The Netlogon share is Winnt\System32\Repl\Import\Scripts.
AUDITING NETWORK LOGONS IN NT
How should you track logon history? Very carefully, says Jake Necessary. Here's his simple two-step process for auditing NT network logons. http://www.techrepublic.com/article.jhtml?id=r00320000320nec01.htm
HUMMINGBIRD RELEASES A STRONG DOCUMENT MANAGEMENT SYSTEM, BUT ONLY FOR NT
Enterprise solution vendor Hummingbird has released DOCSFusion, an IDM system that makes documents available and searchable on user desktops. Download a report from Gartner Research about this product. http://www.techrepublic.com/article.jhtml?id=r00620000914ggr01.htm
HARDWARE HEADQUARTERS
To generate a detailed hardware configuration report that includes whether or not your hardware is on the HCL, use the handy utility called NTHQ. First, you must create an NTHQ diskette that you can use to reboot the machine. Put a floppy that you can overwrite in your floppy drive. On the NT CD-ROM, go into the Support\Hqtool directory and execute the Makedisk batch file. This batch file will automatically create a bootable floppy that includes the hardware inventory software. Next, shut down NT and restart with that floppy in the drive. (You should first verify that your BIOS is set to boot from your floppy drive rather than your hard disk.) The NTHQ program will automatically start and create a RAM disk on which to store its compressed programs. It will prompt you twice--once to continue with the program and once to choose whether or not you want comprehensive discovery. When the program is finished finding your devices, you can browse around the different device categories within the GUI. Click the Save button to save the report. You'll be prompted for a destination drive. Select the floppy disk, and NTHQ will save the report to Nthq.txt.
STOPPING UNAUTHORIZED DNS ZONE TRANSFERS
If you do
not specifically configure your DNS server to accept zone transfer requests
only from designated sources, anyone on the Internet with the proper tools
can transfer a complete copy of your DNS zone database to their system.
This is normally done using the NSLOOKUP program and the ls -d command.
It's also possible for a cracker to configure a DNS server as a Secondary
Name Server for the zone and transfer the database in that fashion. Therefore,
it's best to configure the MS DNS server to accept zone transfer requests
only from selected IP addresses. To do so, follow these steps:
1. Go into the MS DNS Manager (Start | Programs | Administrative Tools
| DNS Manager).
2. Open the DNS server on which the zone is hosted.
3. Right-click on the zone and select Properties | Notify.
4. Add the IP addresses for any systems that will be allowed to do zone
transfers.
5. Enable the Only Allow Access From Secondaries Included On Notify List
check box.
6. Click OK. This will cause the DNS server to reject zone transfer requests
from any sources other than those listed in the Notify list. You can add
IP addresses to this list even if they're not for MS DNS servers without
causing errors on the DNS server.
WHAT'S IN A NAME? CREATING A DNS SERVER
DNS plays a crucial role in Internet communication. Brien Posey offers a primer on how to install and configure DNS on your network. http://www.techrepublic.com/article.jhtml?id=r00219990923eje02.htm
WEBREVIEW: QUESTIONS ANSWERED AT NTFAQ.COM
FAQ pages proliferate on the Web, generally reiterating what we already know. But every once in a while, one pops up with some valuable information. Mark Kaelin reviews one such site for NT administrators. http://www.techrepublic.com/article.jhtml?id=r00220000725jim02.htm
Home | Our Constitution | Our Projects | Business Opportunities | Links
