 Single File Version_files/upsection.gif){kind=small}
 Single File Version_files/uptotop.gif){kind=small}
This FAQ is copyright © 1999 John Savill (SavillTech Ltd) all rights reserved. No part of this document should be reproduced, distributed or altered without my permission. You may print it for your own use personnel use.
The Web version of the Windows NT FAQ is at http://www.ntfaq.com/. To subscribe to the Windows NT FAQ send a mail to nt-faq@ed-com.com with subscribe in the body of the message to receive the updated single file version of the FAQ once a week.
This single file version of the FAQ is available for download from http://www.ntfaq.com/faqcomp.zip.
One months of additions are listed here.
Q. What are the differences between NT Workstation and NT Server?
A. See table Below
| Workstation | Server | |
| Connection to other clients | 10 | Unlimited |
| Connection to other networks | Unlimited | Unlimited |
| Multiprocessing | 2 CPUs | 4 CPUs |
| RAS | 1 connection | 255 connections |
| Directory Replication | Import | Import and Export |
| Macintosh Services | No | Yes |
| Logon Validation | No | Yes |
| Disk Fault Tolerance | No | Yes |
| Network | Peer-to-peer | Server |
A. NT actually stands for Northern Telecom but Microsoft
licensed it and in the Windows sense stands for New Technology. Its also
interesting to note its heritage
RSX -> VMS -> ELN -> NT all major
designs of David Cutler
Also VMS +1 letter = WNT (Windows NT) :-) (aka HAL
and IBM in 2001)
Q. What is the NT Boot Process?
A. Firstly the files required for NT to boot are
The common Boot sequence files are
The boot sequence is as follows
A. Virtual Memory makes up for the lack of RAM in computers by using space on the hard disk as memory, Virtual Memory. When the actual RAM fills up (actually its before the RAM fills) then virtual memory is created on the hard disk. When physical memory runs out, the Virtual Memory Manager chooses sections of memory that have not been recently used and are of low priority and writes them to the swap file. This process is hidden from applications, and applications views both virtual and actual memory as the same.
Each application that runs under Windows NT is given its own virtual address space of 4GB (2GB for the application, 2GB for the operating system).
The problem with Virtual Memory is that as it writes and reads to the hard disk, this is much slower than actual RAM. This is why if an NT system does not have enough memory it will run very slowly.
A. In the late 1980's the Windows environment was created to run on the Microsoft DOS operating system. Microsoft and IBM joined forces to create a DOS replacement that would run on the Intel platform that led to the creation of OS/2, and at the same time Microsoft was working on a more powerful operating system that would run on other processor platforms. The idea was that the new OS would be written in a high level language (such as C) so it would be more portable.
Microsoft hired Dave Cutler (who also designed Digital's VMS) to head the team for the New Technology Operating System (NT :-) ). Originally the new OS was to be called OS/2 NT.
In the early 1990's Microsoft released version 3.0 of its windows OS which gained a large user base, and it was at this point that Microsoft and IBM's split started as the two companies disagreed on the future of their OS's. IBM viewed Windows as a stepping stone to the superior OS/2, where as Microsoft wanted to expand Windows to compete with OS/2, so they split, IBM kept OS/2 and Microsoft change OS/2 NT to Windows NT.
Nt was once called OS/3, and OS/2 V3, I am informed by a alpha tester for IBM & MS, he had a set of 5.25 diskettes from Microsoft, and that's how he got them.
The first version of Windows NT (3.1) was released in 1993 and had the same GUI as the normal Windows Operating System, however it was a pure 32 bit OS, but provided the ability to also run older DOS and Windows apps, as well as character mode OS/2 1.3 programs.
For a detailed history have a look at http://windowsnt.miningco.com/
Q. How do I install the SYMBOL files?
A. Symbol files are produced by the linker when a program is built, and are used to resolve global variables and function names in an executable.
For more information see Microsoft Knowledge Base article Q148659
A. Windows NT (both the Workstation and Server) is a 32-bit Operating System. It is a preemptive, multi-tasking Operating System, which means that the Operating System controls allocation of CPU time, not the applications, stopping one application from hanging the OS. NT supports multiple CPU's giving true Multi-tasking, using symmetrical multiprocessing, meaning the processors share all tasks, as opposed to asymmetrical multiprocessing, where the OS uses one CPU and the applications another. NT is also a Fault Tolerant Operating System, with each 32bit application operating in its own Virtual Memory address space (4 GigaBytes) which means one application cannot interfere with another's memory space.
Unlike earlier version of Windows (such as Windows for Workgroups and Windows 95), NT is a complete Operating System, and not an addition to DOS.
NT supports different CPU's: Intel x86, IBM PowerPC (Not to be supported for NT5.0) and DEC Alpha.
NT's other main plus is its Security with a special NT file system (NTFS) that allows permissions to be set on a file and directory basis.
A. Originally there were .ini files in Windows, however the problem with .ini files are many, e.g. size limitations, no standard layout, slow access, no network support etc. Windows 3.1 (yes Windows not Windows NT) had a registry which was stored in reg.dat and could be viewed using regedit.exe and was used for DDE, OLE and File Manager integration. In Windows NT the Registry is at the heart of NT and is where nearly all information is stored, and is split into a number of subtrees, each starting with HKEY_ to indicate that it is a handle that can be used by a program.
| HKEY_LOCAL_MACHINE | This contains information about the hardware configuration and installed software. |
| HKEY_CLASSES_ROOT | This is just a link to HKEY_LOCAL_MACHINE\SOFTWARE\Classes and contains links between applications and file types as well as information about OLE. |
| HKEY_CURRENT_CONFIG | Again this is a link to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current and contains information about the current configuration. |
| HKEY_CURRENT_USER | This is a link to HKEY_USERS\<SID of User> and contains information about the currently logged on users such as environment, network connections, printers etc. |
| HKEY_USERS | Contains information about actively loaded user profiles, including .default which is the default user profile. |
Each of the subtrees has a number of keys, which in turn have a number of subkeys. Each key/subkey can have a number of values which has 3 parts
To edit the registry there are two tools available, regedt32.exe and regedit.exe.Regedit.exe has better search facilities, but does not support all of the Windows NT registry value types. If you want to just have a look around the Registry:
Q. What files make up the registry, and where are they?
A. The files that make up the registry are stored in %systemroot%/system32/config directory and consist of
There are also other files with different extensions for some of them
Q. How do I restrict access to the registry editor?
A. Using the registry editor (regedt32.exe)
Q. What is the maximum registry size?
A. The maximum size is 102MB, however it is slightly more complicated than this.
The registry entry that controls the maximum size of the registry is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\RegistrySizeLimit. By default this entry will not exist so it will need to be created:
The minimum size is 4MB, and if anything less than this is entered in the registry then it will be forced up to 4MB. The maximum is 80% of the paged pool (which has a maximum size of 128MB, hence 102MB which is 80% of 128MB). If no entry is entered then the maximum size is 25% of the paged pool. The paged pool is an area of physical memory used for system data that can be written to disk when not in use.
An important point to note is that the RegistrySizeLimit is a maximum, not an allocation, and so setting a high value will not reserve the space, and it does not guarantee the space will be available.
This can also be configured using the System Control Panel applet, click on the Performance tab and the maximum registry size can be set there. You would then need to reboot.
For more information see Knowledge Base Article Q124594
There is another complication, during early boot, NTLDR loads some code, allocates working memory, and reads in parts of the registry. All of this has to fit in the first 16MB of memory regardless of how much memory is physically installed. The entire system file is read; enough memory is required to contain the whole file as stored on disk without regard to how much of it is useful.
Some problems
A number of ways to get rid of the excess space:
To turn this off use REGEDT32 to add the value "ReportBootOk:REG_SZ:0" [zero] to HKEY_Local_Machine\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon This will prevent creation of the LastKnownGood ControlSet. If a boot fails because the 16 MB limit with NTLDR is exceeded, no dump can be produced and MS will not solve the problem. This 16 MB problem will not be changed in NT 5.
Q. Should I use REGEDIT.EXE or REGEDT32.EXE?
A. You can use either for NT. REGEDIT does have a few limitations, the largest is that it does not support the full regedit data types such as REG_MULTI_SZ, so if you edit this type of data with REGEDIT it will change its type.
REGEDIT.EXE is based on the Windows95 version and has features that REGEDT32.EXE lacks (such as search). In general REGEDIT.EXE is nicer to work with. REGEDIT.EXE also shows your current position in the registry at the bottom of the window.
Q. How do I restrict access to a remote registry?
A. Access to a remote registry is controlled by the ACL on the key winreg.
It is possible to set up certain keys to be accessible even if the user does not have access by editing the value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths\Machine (use regedt32). You can add paths to this list.
Q. How can I tell what changes are made to the registry?
A. Using the regedit.exe program it is possible to export portions of the registry. This feature can be used as follows:
Q. How can I delete a registry value/key from the command line?
A. Using the Windows NT Resource Kit Supplement 2 utility REG.EXE you can delete a registry value from the command line or batch file, e.g.
reg delete HKLM\Software\test
Would delete the HKEY_LOCAL_MACHINE\Software\test value. When you enter the command you will be prompted if you really want to delete, enter Y. To avoid the confirmation add /force to the command, e.g.
reg delete HKLM\Software\test /force
A full list of the codes to be used with REG DELETE are as follows:
| HKCR | HKEY_CLASSES_ROOT |
| HKCU | HKEY_CURRENT_USER |
| HKLM | HKEY_LOCAL_MACHINE |
| HKU | HKEY_USERS |
| HKCC | HKEY_CURRENT_CONFIG |
To delete a entry on a remote machine add the name of the machine, \\<machine name>, e.g.
reg delete HKLM\Software\test \\johnpc
Q. How can I audit changes to the registry?
A. Using the regedt32.exe utility it is possible to set auditing on certain parts of the registry. I should note that any type of auditing is very sensitive lately and you may want to add some sort of warning letting people know that their changes are being audited.
You will need to make sure that Auditing for File and Object access is enabled (use User Manager - Polices - Audit).
To view the information use Event Viewer and look at the Security information.
Q. How can I clean up/remove invalid entries from the registry?
A. Microsoft have released a utility called RegClean which will go through your machines registry and delete any unused/unnecessary keys. The current version is 4.1a and can be downloaded from http://support.microsoft.com/download/support/mslfiles/RegClean.exe .
Once downloaded just click on the Executable and it will check your registry, once the check is completed you will be given an option to fix errors "Fix Errors" button. You can click the Exit button to exit.
RegClean creates an uninstall file in the directory the image is located in, of the name
"Undo <machine name> <yyyymmdd> <hhmmss>.reg"
e.g. "Undo
workstation 19980320 104323.reg"
To undo the changes just double click (or single depending on your config ;-) ) this file.
See http://support.microsoft.com/support/kb/articles/q147/7/69.asp for more information.
Q. I make changes to HKEY_LOCAL_MACHINE\HARDWARE but they are lost on reboot.
A. This is because HKEY_LOCAL_MACHINE\HARDWARE is recreated by the system at boot time and this means any settings such as ACL's are lost. The rest of HKLM (SOFTWARE, SYSTEM, SAM, SECURITY) is stored on disk, and is not recreated during system boot.
Q. What data types are available in the registry?
A. Below is a table of data types supported by Regedt32.exe, regedit.exe does not support REG_EXPAND_SZ or REG_MULTI_SZ
| REG_BINARY | This is raw binary data |
| REG_DWORD | This is a double word (4 bytes). It can be displayed in binary, hexadecimal or decimal format |
| REG_EXPAND_SZ | An expandable text string that contains a variable (for example %systemroot%) |
| REG_MULTI_SZ | A multiple line string. Each "line" is separated by a null |
| REG_SZ | A text string |
Q. How can I automate updates to the registry?
A. There are 2 main methods you can use to create scripts that can be run to automate the updates. The first is to create a .reg file which can then be run using
regedit /s <reg file>
The format of the file is
REGEDIT4
[<key name>]
"<value
name>"="<value>" a string value
"<value
name>"=hex:<value> a binary value
"<value
name>"=dword:<value> a dword value
for example
REGEDIT4
[HKEY_USERS\.DEFAULT\Control
Panel\Desktop]
"Wallpaper"="E:\\WINNT\\savtech.bmp"
"TileWallpaper"="0"
[HKEY_USERS\.DEFAULT\Control Panel\Colors]
"Background"="0 0
0"
Would set the default background and color before anyone logs on.
The second method is to user a Windows 95 style .inf file. These are run using the command
rundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128 <inf file>
The format of the file is as follows
[Version]
Signature = "$Windows NT$"
Provider=%Provider%
[Strings]
Provider="SavillTech Ltd"
[DefaultInstall]
AddReg = AddReg
DelReg = DelReg
UpdateInis =
UpdateInis
[AddReg]
[DelReg]
[UpdateInis]
Below are the keys to be used
| HKCR | HKEY_CLASSES_ROOT |
| HKCU | HKEY_CURRENT_USER |
| HKLM | HKEY_LOCAL_MACHINE |
| HKU | HKEY_USERS |
The file below is an .inf file which performs the same as the .reg file described earlier
[Version]
Signature = "$Windows NT$"
[DefaultInstall]
AddReg = AddReg
[AddReg]
HKU,".DEFAULT\Control
Panel\Colors","Background",0000000000,"0 0 0"
HKU,".DEFAULT\Control
Panel\Desktop","Wallpaper",0000000000,"E:\WINNT\savtech.bmp"
HKU,".DEFAULT\Control
Panel\Desktop","TileWallpaper",0000000000,"1"
INF files can be generated automatically using the SYSDIFF utility if you have a difference file (sysdiff /inf <name of difference file> <dir to create to>)
A registry entry can also be deleted using .REG files. That is, if one has a .reg file with, e.g.,
[HKEY_CURRENT_USER\Test]
to enter a key, then one can use
[-HKEY_CURRENT_USER\Test]
to remove it.
Q. How do I apply a .reg file without the success message?
A. To apply a .reg file (a registry information file) the normal method from the command prompt is to enter
C:\> regedit <registry file>.reg
This applies the change and gives a confirmation message:
"Information is <filename>.reg has been successfully entered into the registry"
If you would like to avoid this confirmation message and apply the change silently use the /s switch, e.g.
C:\> regedit /s <registry file>.reg
Q. How can I remotely modify the maximum registry size?
A. The maximum registry size is usually defined using the System properties control panel applet, Performance tab. When you change this value all it actually does is to update the registry entry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\RegistrySizeLimit
You could therefore modify this from the command line using a registry script. For example
REGEDIT4
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control]
"RegistrySizeLimit"="24000000"
Run using
C:\> regedit /s <reg name>
You could add this to a login script.
Alternatively run remotely by submitting with the AT command. The change will
not take effect until the machine reboots. If you wanted the reboot to occur you
could add a reboot using the Resource Kit SHUTDOWN.EXE utility (as explained
in
Q.
How can I configure the machine to reboot at a certain time?)
Q. I can't update DWORD values using REG.EXE.
A. There is a bug in REG.EXE supplied with the NT 4.0 resource kit. Download a fixed version from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/reg_x86.exe
Q. How can I install a .inf file from the command line?
A. The normal method to install a .inf file is to right click on it and select Install from the context menu however it is also possible to install from the command line. The syntax is:
C:\> rundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128 .\<file>.inf
Q. How can I compress the registry?
A. The following procedure can be used to compact the registry files, but also to restore the 'repair disk data' when you messed up the registry:
1) As always, make sure you have a backup of you're system, including the registry
2) Run Start: "RDISK /S-". This automatically updates the repair info located under %systemroot%\repair. The registry data are reorganized and compressed.
3) Next step is to expand these files to a temporary location.
EXPAND %systemroot%\REPAIR\DEFAULT._ %temp%\DEFAULT
EXPAND
%systemroot%\REPAIR\SAM._ %temp%\SAM
EXPAND %systemroot%\REPAIR\SECURITY._
%temp%\SECURITY
EXPAND %systemroot%\REPAIR\SOFTWARE._
%temp%\SOFTWARE
EXPAND %systemroot%\REPAIR\SYSTEM._ %temp%\SYSTEM
4) Check your %temp% folder and %systemroot%\system32\config to find the difference in size between the different files that make up the registry. Probably the SOFTWARE hive will have a remarkable difference. In my case it shrinked from over 10Mb to 3.5Mb.
5) The registry files in %systemroot%\system32\config should be replaced by the reorganized ones in your %temp% folder. You can do this by:
When I performed these steps I notices a serious performance gain during system startup.
Q. Access to the registry tools has been stopped, is there any way to get access?
A. I include this as I had the exact problem on site a couple of days ago and I want Administrators to be aware that this can be done.
If the scheduler service is running on your PC (or if you can start it) you can submit the registry editor to start via the scheduler and it will then be started under the system context. For example
C:\> at <1 minute in the future> /interactive
regedt32.exe
One minute from submission regedt32.exe will be started giving you full access to the registry. Cool!
You can also re-enable the tools by writing a small .reg file and double click on it which gives full access:
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
Save as disableregistrytools.reg, double click from Explorer and you will have full registry access.
Q. Where does Windows 2000 store the last key accessed?
A. In Windows 2000 when you start the registry editor it remembers where you last were and automatically reopens that key. This information is actually stored in the registry in location:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
If this annoys you, it could be reset at each logon to null via a script with a .reg file, e.g.
Windows Registry Editor Version
5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"=""
Q. What's new in the Windows 2000 version of RegEdit?
A. As we saw in the last registry tip, the Windows 2000 version of Regedit.exe now remember the last key that was open when you start the application.
The second major change is the introduction of a favorites menu to which you can add you most used and 'favorite' registry keys (you would have to be sad :-) ).
REGEDT32.EXE has not had any major functionality changes.
Q. What service packs and fixes are available?
A. See table below. All directories are off of ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/. Just click on the file name for a direct FTP link For people in Europe ftp.sunet.se/pub3/vendor/microsoft/bussys/winnt/winnt-public/fixes may provide faster access.
There are also Microsoft BBS numbers where Service Packs can be downloaded from, e.g. for the UK it is 44 1734 270065, however the fixes tend to be a few days later than on the FTP site.
| File Name | Directory | Description (Microsoft Article No.) | Hotfixes |
| Sp1_400i.exe | /ussp1/i386 | Service Pack 1 | PostSP1 |
| Sp2_400i.exe | /ussp2/i386 | Service Pack 2 (around 14MB) | PostSP2 |
| Nt4sp3_i.exe | /ussp3/i386 | Service Pack 3 (around 18MB) | PostSP3 |
| NT4SP4I.EXE | NA | Service Pack 4 (around 33MB) | PostSp4 |
| SP5I386.EXE | NA | Service Pack 5 (around 34.5MB) | PostSp5 |
Service Pack 1 Hotfixes /hotfixes-postsp1/
| KRNL40I.EXE | /32proc-fix | Q140065 |
| AFD40I.EXE | /afd-fix | Q140059 |
| CDFS40I.EXE | /cdfs-fix | Q142687 |
| NDIS40I.EXE | /mcanet-fix | Q156324 |
| NDIS40I.EXE | /ndis-fix | Q142903 |
| NTBCKUPI.EXE | /NTBackup-fix | Q142671 |
| NTVDM40I.EXE | /ntvdm-fix | Q134126 |
| PCM40_I.EXE | /pcmcia-fix | Q108261 |
| SCSIFIXI.EXE | /scsi-fix | Q171295 |
| SPX40I.EXE | /spx-fix | Q153665 |
| SYN40I.EXE | /syn-attack | Q142641 |
| NTFS40I.EXE | /toshiba-fix | Q150815 |
| STONE97I.EXE | /winstone97 | Q141375 |
Service Pack 2 Hotfixes /hotfixes-postsp2/
| ALPHA40.EXE | /Alpha-fix | Q156410 |
| DNS40I.EXE | /dns-fix | Q142047, Q162927 |
| IISFIX.EXE | /iis-fix | Q163485, Q164059 |
| KRNL40I.EXE | /krnl-fix | Q135707, **Q141239** |
| TCP40I.EXE | /oob-fix | Q143478 |
| RAS40I.EXE | /ras-fix | Q161368 |
| RPC40I.EXE | /RPC-fix | Q159176, Q162567 |
| SECFIX_I.EXE | /sec-fix | Q143474 |
| SERIALI.EXE | /serial-fix | Q163333 |
| SETUPDDI.EXE | /setupdd-fix | Q143473 |
| SFMSRVI.EXE | /sfmsrv-fix | Q161644 |
| WTCP40I.EXE | /TCPIP-fix | Q163213 |
Service Pack 3 Hotfixes /hotfixes-postsp3/
A number of post Service Pack 3 hotfixes have been replaced by newer fixes and are not listed above, they can be found at ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/archive . These include
Service Pack 4 Hotfixes /hotfixes-postsp4/
A post Service Pack 4 hotfix rollup has been released and can be downloaded
from:
http://www.microsoft.com/ntserver/nts/downloads/recommended/nt4postsp4hotfix/
Individual hotfixes are:
| BIOSFIXI.EXE | /Y2K/BIOS2-fix | Q216913 |
| CLIKFIXI.EXE | /Clik-fix | Q195540 |
| DISCFIXI.EXE | /Disc-fix | Q221331 |
| GINAFIXI.EXE | /Gina-fix | Q214802 |
| KRNLIFXI.EXE | /Kernel-fix | Q234557 |
| MSMQFIXI.EXE | /Y2K/MSMQ-fix | Q230050 |
| MSV-FIXI.EXE | Msv1-fix | Q214840 |
| NPRPCFXI.EXE | /Nprpc-fix | Q195733 |
| SP4HFIXI.EXE | /roll-up | Q195734 |
| RNR-FIXI.EXE | /Rnr-fix | Q214864, Q216091, Q217001 |
| SCRNSAVI.EXE | /Scrnsav-fix | Q221991 |
| SMSFIXI.EXE | /Sms-fix | Q196270 |
| SMSSFIXI.EXE | /Smss-fix | Q218473 |
| TCPIPFXI.EXE | /Tcpip-fix | Q195725 |
| Y2KUPD.EXE | /Y2K/Y2KUPD | Q218877, Q221120 |
Service Pack 5 Hotfixes /hotfixes-Postsp5/
| CSRSSFXI.EXE | /Csrss-fix | Q233323 |
| DIALRFXI.EXE | /Dialer-fix | NA |
| IGMPFIXI.EXE | /IGMP-fix | Q238329 |
| IOCTLFXI.EXE | /IOCTL-fix | Q236359 |
| LSAREQI.EXE | /LSA3-fix | Q231457 |
| NDDEFIXI.EXE | /NetDDE-fix | Q231337 |
| NTFSFIXI.EXE | /NTFS-fix | Q229607 |
| Q234351I.EXE | /Perfctrs-fix | Q234351 |
| RASFFIXI.EXE | /RAS-fix | Q230677 |
| PWDFIXI.EXE | /RASPassword-fix | Q230681 |
| RPSLWFXI.EXE | /Rpcltscm-fix | Q239132 |
| RPWDFIXI.EXE | /RRASPassword-fix | Q233303 |
| WINHLP-I.EXE | /Winhlp32-fix | NA |
| BIOSFIXI.EXE | /Y2K/BIOS2-fix | Q216913 |
The file names above are for the Intel platform (hence the ending I), but they may also be available for Alpha and PPC, just substitute the I for a A(Alpha) or P(PPC).
I should note a health warning, "If it ain't broke, don't fix it" and I would tend to agree with this, so unless you have a problem, or require a new feature of a Service Pack think if you really want it. Also if you are going to apply it to a live system, try and test it first, as sometimes a Service Pack will introduce new problems.
Q. What are the Q numbers and how do I look them up?
A. The Q numbers relate to Microsoft Knowledge Base articles and can be viewed at http://support.microsoft.com/support/
Q. How do I install the Service Packs?
A. If you receive the Service Pack by downloading from a Microsoft FTP site, then copy the file to a temporary directory and then just enter the file name (e.g. Sp2_400i.exe). The file will be expanded and among the files created a file called UPDATE.EXE will be created. Just run this file. If there is no UPDATE.EXE, just .sym files you have downloaded the symbols version which is used for debugging NT, download the normal version (see above).
If you receive Service Packs via CD, if you just insert the CD (for SP2 and later) and an Internet Explorer page will be shown and you can just click on install for the Service Pack.
Q. How do I install the Hot fix?
A. Again copy the file to a temporary directory and run the file name. A few files will be created, one called HOTFIX.EXE. Run "HOTFIX /install" which will install the Hot Fix.
The newer Hot fixes (Java fix for Service Pack 3 onwards) you just double click on the downloaded file.
A. Use the command Hotfix /remove to remove a hotfix. Before you can do this you will need to expand the original hotfix file using the <hotfix> /x command.
To force the remove using the registry editor (regedt32) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\HOTFIX and delete the entry for the HOTFIX. Then use explorer to goto %SystemRoot%\HOTFIX\HF00?? and copy the backed up files back to their original location.
Q. How do I install Service Pack 3?
A. Before you install Service Pack 3 you must remove Internet Explorer 4.0 preview if installed:
Also before installing SP3 make sure you have an up to date Repair Disk (RDISK /S). To install Service Pack 3 download Nt4sp3_i.exe and follow the instructions below
Q. Emergency Repair Disk issues after installation of Service Pack 3.
A. Due to changes in Service Pack 3 the Emergency Repair Disk process has changed. The file setupdd.sys that is on the 2nd NT installation disk has been superseded by the one supplied with service pack 3. To extract the file from the Service Pack 3 executable, follow the instructions below:
This is discussed in the Service Pack 3 readme file, and also in knowledge base article Q146887.
Q. How do I remove the Java Hotfix for Service Pack 3?
A. Manually unpack the hotfix
javafixi
/x
Then type
hotfix -y
And it will remove the
hotfix.
This method may become the new standard for hot fixes.
Q. How do I install multiple Hotfixes at the same time?
A. When you extract the files in a hotfix, generally the following will be extracted
The hotfix.exe is the same executable for all the hotfixes, and the hotfix.inf is basically the same, the only difference is the files that are to be copied, e.g. tcpip.sys, and a description of the hotfix. To install multiple hotfixes at the same time all that is needed is to decompress the hotfix files and update the hotfix.inf with the information on which files to copy.
The reason we copied the .inf files is that you can just cut and paste the hotfix specific information to the common hotfix.inf. When you decompressed a hotfix you will see which files were created, you could then search the .inf file for the file name and it would be in two places, the directory it belongs in and the [SourceDisksFiles] section. You could then go to the bottom of the file and cut and paste the HOTFIX_NUMBER and COMMENT and add to the end of HOTFIX.INF.
This is very hard to explain and an example is probably the best way to demonstrate this. Suppose you want to install
The procedure would be as follows
To install just type
hotfix
from the directory created (i.e. hotfix), you will see a dialog copying the files (the ones you have specified in the hotfix.inf file :-) ), and the system will reboot. To see what hotfixes are installed:
Q. How do I install Hotfixes the same time as I install Service Pack 3 onwards?
A. Update.exe that ships with Service Pack 3 checks for the existance of a hotfix subdirectory, and if in that directory the files hotfix.exe and hotfix.inf are present you are asked when running update.exe if you also want to install the hotfixes.
Q. I have installed Service Pack 3, now I cannot run Java programs.
A. An updated virtual machine used to be available for Internet Explorer 4.0 from the Microsoft site but now you need IE 4.0.
There is also a hotfix for Service Pack 3 available from Microsoft ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/java-fix/JAVAFIXI.EXE or install service pack 4 or above.
Q. I have installed Service Pack 3, however the Policy Editor has not been updated.
A. This is caused by a mistake in the Service Pack 3 update.inf file. The entry for poledit.exe (the executable for the policy editor) is specified in the [MustReplace.system32.files] section whereas the file should actually be in the [SystemRoot.files].
To install the new Policy Editor perform the following
Alternatively you can update the update.inf fiile and move the location of poledit.exe from [MustReplace.system32.files] to [SystemRoot.files].
Q. How can I tell if I have the 128 bit version of Service Pack 3 installed?
A. The easiest way to tell this is to examine the secure channel dynamic link library (SCHANNEL.DLL):
Q. How do I install a service pack during a unattended installation?
A. There are various options, however all of them require for the service pack to be extracted to a directory, using
NT4SP3_I /x
and you then enter the directory where you want to extract to.
You could extract to a directory under the $OEM$ installation directory which would then be copied locally during the installation and you could add the line
".\UPDATE.EXE -U -Z"
to CMDLINES.TXT. This will increase the time of the text portion of the installation as the contents have to be copied over the network.
With Service Pack 4 you could just add and not need to expand the service pack first.
[Commands]
".\sp4\sp4i386.exe -z -u"
Simply create a folder called sp4 under $OEM$ and copy sp4i386.exe to it.
If using the above you should ensure you have the following in unattended.txt
[Unattended]
OemPreinstall=yes
An alternate method is to install from a network drive, this requires a bit more work:
Q. What order should I apply the Hot fixes?
A. There is no specific order to apply post Service Pack 4 and Service Pack 5 hotfixes.
The Service Pack 3 hotfixes are, for the most part, cumulative. This means that the latest binary also includes fixes previously made to the same binary.
For example, the 01/09/98 version of Tcpip.sys (teardrop2-fix) also includes previous fixes to Tcpip.sys (such as land-fix, icmp-fix, and oob-fix).
When you apply multiple fixes, please install them in the following order to ensure a newer fix is not replaced by an older one.
For the Microsoft version of the list please see ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/postsp3.txt
Q. I get an error message when I try to re-apply a hotfix after installing a service pack?
A. If when you try and reinstall a hotfix (after re-applying a service pack etc.) you get the error
Hotfix: The fix is already installed.
Hotfix: Internal consistency
error: Invalid Tree pointer = <garbage characters displayed>.
you need to remove the hotfix before trying to reinstall.
To remove a hotfix you would usually use hotfix /r or hotfix -y (depending on the version, to check how use /? on the hotfix for the syntax) however there are situations where it will refuse to remove the hotfix:
Hotfix: Fix <name of hotfix> was not removed.
All the hotfix actually does when you install one is to check a registry entry so see if it already there, so to get round this problem we can go into the registry and remove the hotfixes corresponding entry.
The fix is still installed on the system, all you have done is removed NT's knowledge of its installation so you will now be able to re-install the hotfix in the normal way.
Q. When should I reapply a Service Pack?
A. You should reapply any Service Pack (and subsequent hotfixes) whenever you add any system utilities/services or hardware/software. A good rule of thumb is if the computer says "Changes have been made you must shutdown and restart your computer" reapply your service pack before the reboot.
The only problem is once you reinstall a service pack, unless you uninstall then reinstall, you will lose the ability to uninstall it.
A. Due to a lot of public pressure, Microsoft agreed to no longer include any new functionality in Service Packs, but would rather produce a separate add-on which would update various option components.
Option Pack 4 is the first of these (to keep in step with Service Pack 4) and can be downloaded from http://www.microsoft.com/ntserver/nts/downloads/recommended/NT4OptPk/default.asp or is supplied as part of MSDN. The download is about 27MB.
If you download from the web you have to download a special program, download.exe, which you then run which downloads or installs the software.
Included in Option Pack 4 are:
More information can be found at http://www.microsoft.com/NTServer/nts/exec/overview/WhatNew.asp
To install the Option Pack you must be running Service Pack 3 or above (I tested with Service Pack 4 and you get warnings that it has not been tested on Service Pack 4 but it works fine) and you must have Internet Explorer 4.01 or above.
Once you start the installation you should click Next to the introduction screen and you will then have two options
If you select Upgrade Only then only existing components on the system will be upgrade to Option Pack 4 version, clicking Upgrade Plus allows you to install extra software.
If you select Upgrade Plus you can then choose which components to install. Items such as IIS have sub-components such as NNTP server (news) which you can optionally install.
Depending on the components you selected you will be asked some minor questions and then the machine will reboot.
Q. How can I tell which version Service Pack I have installed?
A. When a Service Pack is installed using the normal method (e.g. not just copying the files to a build location) the service pack version is entered into the registry value CSDVersion which is under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion.
The value is of the formal "Service Pack n", e.g. "Service Pack 4" but can have extra information if it is a beta or release candidate, e.g. "Service Pack 4, RC 1.99".
To check this from the command line you could use the REG.EXE Resource Kit supplement 2 utility:
C:\>reg query "HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\CSDVersion"
REG_SZ CSDVersion Service Pack 4, RC
1.99
Make sure you put the value in double quotes (").
An alternative is to just run WINVER.EXE which will tell you your current build and Service Pack version. You can also use WINMSD.EXE or Help/About in Explorer.
Q. I receive an error trying to install Service Pack 4 for NT 4.0.
A. If when installing Service Pack 4 you receive the error:
"Service Pack Setup Error. You do not have permissions to update Windows NT. Please contact your system administrator."
it may be caused by the update.exe image being in the wrong directory.
If you have expanded the service pack using nt4sp4i.exe /x it will create a subdirectory, update, which will include the files
When running update.exe it must be in the update subdirectory. If not you should move the image accordingly.
Q. Setupdd.sys is missing in Service Pack 4/5.
A. Setupdd.sys is included on the Service Pack 4/5 CD and in the Y2K download version of Service Pack 4 but not the normal version.
This file is needed to replace the one on the second Windows NT installation disk to repair a system that has Service Pack 3 or above. To create a set of NT installations disks insert the NT installation CD-ROM and type winnt32 /ox.
You can download SETUPDD.SYS here.
Q. Important steps for installing Service Pack 4.
A. Service Pack 4 makes some permanent changes to the registry and so before installing you should perform the following steps to facilitate a Service Pack uninstall in the event of a problem. Before installing the service pack make sure you have performed the installation on a test server and as with another "fix" don't install unless you need a fix supplied by the Service Pack or have been instructed to install it by a Microsoft support engineer. If it ain't broke, don't fix it.
Q. Uninstalling Service Pack 4.
A. As was explained in "Q. Important steps for installing Service Pack 4.", Service Pack 4 makes some changes to registry which can't be undone. Because of this, in the event of a Service Pack 4 uninstall the following files are left unrestored
Additionally the files below are also not restored:
Crypt32.dll, Comctl32.dll, Schannel.dll, Cryptdlg.dll, Pstorerc.dll, Psbase.dll, Pstores.exe, Pstorec.dll, Cryptext.dll, Cryptui.dll, Mssign32.dll, Wintrust.dll, Softpub.dll, Mssip32.dll, Mscat32.dll, Initpki.dll, Cryptnet.dll, Xenroll.dll, Dssig.dll, Sigres.exe, Dssbase.dll, Reaenh.dll (128 bit security only), Rsabase.dll, Certmgr.msc, and Syske.exe.
To uninstall the Service Pack either start the Add/Remove programs control panel applet (Start - Settings - Control Panel - Add/Remove programs), select "Windows NT Service Pack 4" and click Remove, or, move to the %systemroot%\$NtServicePackUninstall$\spuninst directory and run spuninst.exe.
If you wanted to completely uninstall the service pack, undoing the registry changes and restoring all original files you would need to restore the %systemroot% directory from a back and repair the registry using the ERD disk you created. Alternatively you could uninstall as normal then use the ERD to repair the registry and replace the six files that the uninstall does not fix.
Q. How can I tell who installed/uninstalled Service Pack 4?
A. When Service Pack 4 is installed or uninstalled an Event is written to the System Event Log. The Event ID is 4353 so you could just create a filter (View - Filter Events) to view only Event ID 4353. It gives information of the person and time it was actioned.
The messages are
Windows NT Service Pack 4 was installed (Service Pack 3 was previously installed).
or
Windows NT Service Pack 4 was uninstalled. Restoring Windows NT to Service Pack 3.
 Single File Version_files/evt4353.gif)
Q. Service Pack 4 unattended installation switches.
A. The following switches can be used with UPDATE.EXE program supplied with Service Pack 4
| -u | Unattended mode |
| -f | Force all apps to close at shutdown |
| -n | Do not create an uninstall directory |
| -o | Overwrite OEM files without asking |
| -z | Do not reboot when installation is complete |
| -q | Quiet mode - no user interaction |
Q. New Event Logs in Windows NT 4.0 Service Pack 4.
A. Service Pack 4 adds 4 new Event log messages to the System Event Log:
These can all be viewed using the Event Viewer which is located in the Administrative Tools program folder.
Q. When will Service Pack 6 for NT 4.0 be released?
A. Service Pack 6 is currently in beta and I would expect it around September 1999.
Q. I receive an error that setup.log cannot be found when installing a service pack.
A. If when you try and install a service pack you receive one of the following errors:
Service Pack Setup could not find the Setup.log file in your repair directory
or
Service Pack Setup cannot open or modify your SETUP.LOG file
The problem is either
If the file SETUP.LOG in the %systemroot%\repair is missing then you can copy it off your Emergency repair disk however if this is not an option you could copy from another machine but you may need to update the first few number of lines in the file (I copied a setup.log file from a NT Server Terminal Server installation to an NT Workstation and installed Service Pack 5 with no problems after changing the device and directory! This is not a supported method though).
Below is an example of the first lines of setup.log
[Paths]
TargetDirectory="\WINNT"
TargetDevice="\Device\Harddisk0\partition2"
SystemPartitionDirectory="\"
SystemPartition="\Device\Harddisk0\partition1"
[Signature]
Version="WinNt4.0"
[Files.SystemPartition]
ntldr="ntldr","2a36b"
NTDETECT.COM="NTDETECT.COM","b69e"
[Files.WinNt]
\WINNT\Help\31users.hlp="31users.hlp","12bfc"
...
etc.
If you copy from another machine you may need to update the TargetDirectory and also the TargetDevice (which is where the %systemroot% is located and can be compared against the boot.ini file) and SystemPartition (which is the active partition, starting from 1, e.g. C:, this should not need to be changed).
If the TargetDirectory is different you should perform a global replace in the file from the old name, e.g. WINTSRV to the new name, e.g. WINNT.
If you do have a setup.log file in the repair directory and still get problems installing check that its format matches that given above.
If you don't have any SETUP.LOG files I have an example one you can download and modify from an NT Workstation installation (but don't mail me asking for support) but the correct procedure is outlined at http://support.microsoft.com/support/kb/articles/Q173/3/84.asp which involves reinstalling NT over your existing installation.
Q. How can I perform a function in a logon script depending on machines Service Pack version?
A. A new utility from SavillTech, CmdInfo sets error level values depending on the Service Pack version of the client machine, depending on the results different actions can be taken.
CmdInfo can be downloaded from http://www.savilltech.com/download/cmdinfo.zip.
CmdInfo can also perform actions depending on the OS version, installation type. Below is an example of usage to detect SP version in a logon script:
@ECHO OFF
CMDINFO.EXE /sp
IF ERRORLEVEL 5 GOTO SP5
IF
ERRORLEVEL 4 GOTO SP4
IF ERRORLEVEL 3 GOTO SP3
IF ERRORLEVEL 2 GOTO
SP2
IF ERRORLEVEL 1 GOTO SP1
IF ERRORLEVEL 0 GOTO SP0
:SP5
ECHO
Service Pack 5 is installed on this NT computer.
ECHO No further upgrades are
necessary.
GOTO END
:SP4
ECHO Service Pack 4 is installed on this
NT computer.
ECHO Press any key to install Service Pack 5...
PAUSE >
NUL
rem Let's assume drive X: is mapped to a sharepoint...
rem
X:\SP5\UPDATE\UPDATE.EXE -u -f -o
GOTO END
rem (etc.
...)
:END
EXIT
Q. What is new in Windows NT 5.0?
A. NT 5.0 is the next major release of NT. It is expected to include the following new features:
For more information on what's new please goto http://www.microsoft.com/NTServer/Basics/Future/WindowsNT5/Features.asp
A. Below is a list of useful links at Microsoft
Q. How do I get the Microsoft Windows 2000 Beta?
A. Windows 2000 is currently in beta test. The technical beta program is closed and is not accepting additional requests at this time. The Windows 2000 beta is not generally available at present for free. If you want this beta, there are five approaches you can consider taking:-
A. Microsoft have renamed NT 5.0 to Windows 2000 in an attempt to simplify the product lines. Below is an extract from the Microsoft press release:
Four products to make up initial Windows 2000 offerings, all "Built on NT Technology".
The company has decided to rename the next release of the Windows NT® line of operating systems—formerly known as Windows NT 5.0—as Windows 2000. Now that millions of people use the Windows NT operating systems every day, Microsoft has decided to rename its next releases to reflect their shift into the mainstream market and to help customers understand the products. All currently released operating systems will retain their names.
The company has also expanded the Windows server line to meet customer demand for solutions that are more powerful than Windows NT Server Enterprise Edition and for lower cost clustering alternatives for branch-office servers.
"Windows NT was first released five years ago as a specialized operating system for technical and business needs. Today it has proven its value as the preferred technology for all users who want industry-leading cost-effectiveness, rich security features and demonstrated scalability," said Jim Allchin, senior vice president at Microsoft. "The Windows NT kernel will be the basis for all of Microsoft's PC operating systems from consumer products to the highest-performance servers."
The Windows 2000 line, which Microsoft will begin to roll out in 1999,
will include four products. Windows 2000 Professional is a desktop operating
system aimed at businesses of all sizes. Microsoft designed Windows 2000
Professional as the easiest Windows yet, with high-level security and
significant enhancements for mobile users. The operating system is also designed
to provide industrial-strength reliability and help companies lower their total
cost of ownership with improved manageability.
Microsoft offers the Windows 2000 Server as the ideal solution for small- to medium-sized enterprise application deployments, web servers, workgroups and branch offices. Windows 2000 Server will support new systems with up to two-way SMP; existing Windows NT Server 4.0 systems with up to four-way SMP can be upgraded to this product.
Windows 2000 Advanced Server is a more powerful departmental and application server that provides network operating system and Internet services. Supporting new systems with up to four-way SMP and large physical memories, this product is ideal for database-intensive work. In addition, Windows 2000 Server integrates clustering and load-balancing support to provide excellent system and application availability. Organizations with existing Windows NT 4.0 Enterprise Edition servers with up to eight-way SMP can install this product.
The Windows 2000 line will also include the new Windows 2000
Datacenter Server, which is the most powerful server operating system ever
offered by Microsoft. Windows 2000 Datacenter Server supports up to 16-way SMP
and up to 64GB of physical memory, depending on system architecture. Like
Windows 2000 Advanced Server, it provides both clustering and load balancing
services as standard features. Microsoft designed this product especially for
large data warehouses, econometric analysis, large-scale simulations in science
and engineering, online transaction processing and server-consolidation
projects.
Microsoft believes its new Windows 2000 name will help both its partners and customers. "The new name also serves our goal of making it simpler for customers to choose the right Windows products for their needs," said Brad Chase, vice president at Microsoft. "The new naming system eliminates customer confusion about whether 'NT' refers to client or server technology. Also, with our across-the-board improvements in ease of use, mobile support and total cost of ownership that provide benefits to so many users, 'NT' technology is no longer just for high-end workstations." Microsoft will use the tagline "Built on NT Technology" to help its customers through the naming transition.
The company believes that the Windows 2000 name and NT tagline will help people to identify which operating system will work best in their environment. And—as the name implies—Windows 2000 is ready for the next millennium.
Q. Getting the most out of NT 5.0 beta 2.
A. Windows NT Expert Thomas Lee has submitted these tips for getting the most out of NT 5.0 Beta 2.0. Dated 04/11/1998
Now that NT5 Beta 5 Beta 2 Workstation and Server have been in the field for some time, some experience in these releases has been gained. In these public newsgroups, we often see issues being repeated since later users have not seen the related posts.
To help in assisting new users, I've complied what I modestly called:
I've written both specific answers to the these noted problems, plus some general tips on how to get the most out of NT5 B2.
I can't get DHCP to work.
Two things to check: first that the DHCP server has been authorised and second that the subnet has been activated, To find out more about setting up a DHCP server, refer to the Walkthroughs.
In general, read the walkthroughs for all the functions before asking more questions in the newsgroups. But if you are unclear, certainly post!
CDR is broken in B2
This is a known issue. But please file a bug report on your details, especially including your exact hardware configuration.
In general, try to read the older messages - the last couple of weeks or so to see if the issue has come up. A lot of issues are repeated, and repeated, suggesting, to some, that newsgroups are write only.
So how do I create a domain - there was nothing in the setup about that!
In Windows 2000, the creation of a domain controller is not done during the installation of the OS. With Win2k, you install the OS first then you create a Domain Controller by DCPROMO.EXE either from the command prompt of from Start/Run. Prior to running DCPROMO.EXE, you must install and setup a DNS service. For more details on setting up a DC, see advsetup.txt on the CD.
In general, please read all the files in the root of the CD before asking further questions in the newsgroup please! [J.S. There is also an example in the FAQ Q. How do I promote a server to a domain controller?]
Beta 2 is does not support my <pick your hardware device>
First, check the HCL in \support\hcl.txt to see if this card is supported. If it is and it does not work, try the standard tricks: take card out, see what works. Check the IRQs, etc. IF all else fails, file a bug report.
If your device in NOT on the HCL, file a bug report explaining the details of your system, the precise way the card fails (BSOD, installs but fails, reduced functionality). Also try Win98 drivers if you can find them. Finally file a bug report.
In general, the HCL is your friend. Please consider consulting it prior to asking questions on the newsgroups. Also, Help is your other friend - check Help for configuration questions.
The Find dialog is broken.
The find/search dialog does work, it's just not user friendly. This is a bug, and is "fixed in later builds" - a common reply to bugs submitted regarding this dialog!
But file searching can be significantly improved by use if the index server. This does devour a lot of disk resources initially ( it content indexes your entire disk setup).
Once it has completed the first pass (which can take hours depending how much disk space you have and hot much horsepower your system has. Initial indexing is an ideal task to kick off at night, and come back to seeing complete in the morning. Once installed, it's efficient, and is very useful for searching. Development staff, developing HTML, Office documents, C Code, etc., will love the ability to search for specific strings in the myriad of .cpp, .htm, .shh, .asp files, etc! Check it out.
In general, for certain users, Index server is a real pal.
I can't work out how to do something in NT5 B2.
Try looking in the help. The server help, especially, has a lot of really great background information. Help is massively different, and better, in Windows 2000 than in NT4! The Help text include documentation on how to carry out most basic configuration tasks, back ground concepts (and much of it well written), and places to go for more information (e.g. web sites, books, RFCs, etc). Take a look - Help has gotten a whole lot better.
In general, Help is a friend.
Why is this wise guy always asking me to read the documentation?
Simple, really. A number of procedures will be new, and the details of these are documented. Secondly, the release notes document known issues, work arounds, etc.
Windows 2000 is a lot different from NT4. I'd like to find the 'This sure isn't Kansas any more Toto' quote from the Wizard of oz as the start-up sound. MS are aware and really have tried to document the key points. The walkthroughs make a great self paced self study tour of Windows 2000 - enjoy the ride.
In general: the product documentation is your friend.
Why that guy always saying 'file a bug report'
Why IS that guy always telling me to file a bug report??? Well, to put it bluntly: The product shipped as NT5 B2 is in beta test. It is not a final product. There are most likely thousands of bugs still remaining ranging from serious show stoppers to trivial things that simply will never get fixed (e.g. the titles on a dialog box). That is not abnormal for such a large product this far from shipping.
Win2000 is simply NOT ready go to ship today - MS need to find, and resolve, these bugs. If you find something wrong, it may just be simple user error but it may well be a bug. So if you think it's broken, tell MS.
You, as future users, can influence and have helped to shape the product as it evolves. MS has listened to the feedback and are incorporating it. With the NT team embark on the death march to Beta 3, if you don't tell MS, you may well have to live with the consequences - and condemn others.
MS have made it clear that Windows 2000 will not ship before it's ready. They have said they will ship when customers tell them it's ready. You are the customer - tell MS what you've found out and what you think.
In general: Make a difference. File a GOOD bug report.
OK, Cool, so how do I do it.
If you are on an internal beta, you will know how to do this - it was on the release notes accompanying your CD (and in email). Please follow directions, and discuss the issue on the internal newsgroups. Please read those groups.
If you are not on the technical beta, then go to ntbeta.microsoft.com. Fill in a short survey, and give them your email alias. You will then get a userid and password to enter the site. Go back, and with your password, you can drill down to a web tool to file a bug report. Spend a bit of time, if you can, to look at the site for more details on bug reporting. Oh, and the ntbeta.microsoft.com has not been renamed. Yet.
In general: The ntbeta.microsoft.com site is your friend.
How much do I need to tell MS about a bug. How good is good?
To some degree, the more you can provide, the better. Filing good bug reports means report as much as possible, including all your hardware, the exact nature of problem, and if possible precise steps to reproduce it.
In general, If MS can't reproduce it - it's not a bug.
Written by that guy who is always asking folks to read the documentation, use Help, and file good bug reports.
And for the humour impaired: this entire post is classified ":-) "
Q. What hardware is needed to run Windows 2000?
A. Below is a list of the minimum hardware needed to install Windows 2000.
The minimum memory is the minimum memory and setup program performs a test to check you have that amount or the installation will not proceed (very annoying when I tried to install server on my portable which (then) only had 32MB of RAM). You can hack the txtsetup.sif files, however, to install either Server or Workstation on systems with less memory. There is no check on CPU type.
The 64bit Alpha processor continues to be supported, although memory requirements are slightly larger (eg 96MB for Server) than Intel systems. Support for archaic 1st generation systems such as the Jensen has been dropped for Windows 2000.
This information is also in the file setup.txt on the Windows 2000 (NT 5.0 Beta) CD-ROM.
Q. Where is the Hardware Compatibility List for Windows 2000?
A. The HCL for Windows 2000 is supplied on the CD in both text and HTML Help format. It can also be found at ftp://ftp.microsoft.com/services/whql/win2000hcl.txt.
Q. How can a FAT partition be converted to an NTFS partition?
A. From the command line enter the command convert d: /fs:ntfs . This command is one way only, and you cannot convert an NTFS partition to FAT. If the FAT partition is the system partition then the conversion will take place on the next reboot.
After the conversion File Permissions are set to Full Control for everyone, where as if you install directly to NTFS the permissions are set on a stricter basis.
Q. How can a NTFS partition be converted to a FAT partition?
A. A simple conversion is not possible, and the only course of action is to backup all the data on the drive, reformat the disk to FAT and then restore your data backup.
Q. How do I run HPFS under NT 4.0?
A. If you want NT support for HPFS, you can upgrade from 3.51 to 4.0 which will retain HPFS support. You can manually install the 3.51 driver under NT 4.0, however this is not supported by Microsoft.
Q. How do I compress a directory?
A. Follow instructions below (this can only be done on an NTFS partition)
Q. How do I uncompress a directory?
A. Follow the same procedure above, but uncheck the compress box.
Q. Is there an NTFS defragmentation tool available?
A. There are a number available for NT that I know of.
Windows 2000 has a limited built in defragmentation tool which can be used as follows:
)
Q. Can I undelete a file in NT?
A. It depends on the file system. NT has no undelete facility, however if the filesystem was FAT then boot into DOS and then use the dos undelete utility. With the NT Resource kit there is a utility called DiskProbe which allows a user to view the data on a disk, which could then be copied to another file. It is possible to search sectors for data using DiskProbe.
If the files are deleted on an NTFS partition booting using a DOS disk and using the undelete.exe program is not possible since DOS cannot read NTFS partitions. NTFS does not perform destructive deletes which means the actual data is left intact on the disk (until another file is written in its place) and so a new application from Executive Software, Network Undelete can be used to undelete files from NTFS partitions. A free 30-day version can be downloaded from http://www.networkundelete.com/.
Executive Software also have a free utility Emergency Undelete which can undelete locally deleted files, http://www.execsoft.com/.
It is important that once any file is delete all activity on the machine is stopped to reduce the possibility of other files overwriting the data that wants to be recovered.
A. Native NT does not support FAT32. NT Internals have released a read-only FAT32 driver for Windows NT 4.0 from http://www.sysinternals.com/fat32.htm, or a full read/write version can be purchased from http://www.winternals.com/.
Windows 2000 has full FAT 32(x) support with the following conditions:
Q. Can you read an NTFS partition from DOS?
A. Not with standard DOS, however there is a product called NTFSDos which enables a user to read from a NTFS partition. The homepage for this utility is http://www.sysinternals.com/.
Q. How do you delete a NTFS partition?
A. You can boot off of the three NT installation disks and follow the instructions below:
Usually a NTFS partition can be deleted using FDISK (delete non-DOS partition), however this will not work if the NTFS partition is in the extended partition.
You can delete an NTFS partition using Disk Administrator, by selecting the partition and pressing DEL (as long as it is not the system/boot partition).
There is also a utility called delpart.exe that will delete a NTFS partition from a DOS bootup.
Q. Is it possible to repartition a disk without losing data?
A. There is no standard way in NT, however there is a 3rd party product called Partition Magic which will repartition FAT, NTFS and FAT32, however there is a bug in the product which makes the boot partition unbootable if it is repartitioned. A fix is available for this from their web site
Q. What is the biggest disk NT can use?
A. The simple answer to this question is that NT can view a maximum partition size of 2 terabytes (or 2,199,023,255,552 bytes), however there are limitations that restrict you well below this number.
FAT has internal limits of 4 GB due to thefact it uses 16-bit fields to store file sizes, 2^16 is 65,536 with a cluster size of 64 KB gives us the 4 GB.
HPFS uses 32bit fields and can therefore handle greater size disks, but the largest single file size is 4GB. HPFS allocates disk space in 512 byte sectors which can cause problems in Asian markets where sector sizes are typically 1024 bytes which means HPFS cannot be used.
NTFS uses 64-bits for all sizes, leading to a max size of..... 16 exabytes!!! (18,446,744,073,709,551,616 bytes), however NT could not handle a volume this big.
For IDE drives, the maximum is 136.9 GB, however for a standard IDE drive this is constrained to 528MB. The new EIDE drives can access much larger sizes.
It is important to note that the System partition (holding ntldr, boot.ini, etc.) MUST be entirely within the first 7.8Gb of any disk (if this is the same as the boot partition this limit applies) This is due to the BIOS int 13H interface used by ntldr to bootstrap up to the point where it can drive the native HDD IDE or SCSI. int 13H presents a 24 bit parameter for cylinder/head/sector for a drive. If say by defragmentation the system are moved beyond this point you will not be able to boot the system.
Windows 2000 has no such limitation. These are limits imposed by the specific machine BIOS. Newer machines/BIOSes typically don't have this limitation.
Q. Can I disable 8.3 name creation on a NTFS?
A. From the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem, change the value NtfsDisable8dot3NameCreation from 0 to 1.
You may experience problems installing Office 97 if you disable 8.3 name creation and may have to re-enable it during the installation of the software.
Q. How can I stop NT from generating LFN's (Long File Names) on a FAT partition?
A. Using the registry editor change the value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\Win31FileSystem from 0 to 1 and only 8.3 file names will be created.
The reason for not wanting the LFN's to be created is that some 3rd party disk utilities that directly manipulate FAT can destroy the LFN's. Utilities such as SCANDISK and DEFRAG that come with DOS 6.x and above do not harm LFN's.
Q. I can't create any files on the root of a FAT partition.
A. The root of a FAT drive has a coded limit of 512 entries, so if you have exceeded this you will not be able to create any more files. I don't have this many! Remember Long File Names take up more than one entry, see the next FAQ for more information, so if you have many LFN's on the root this will drastically reduce the number of files you can have.
A. Long File Names are stored using a series of linked directory entries. A LFN will use one directory entry for its alias (the alias is the 8.3 name automatically generated), and a hidden secondary directory entry for every 13 characters in its name, so if you had a 200 character long file name, this would use 17 entries!
The alias is generated using the first six characters of the LFN, then a ~
and a number for the first 4 versions of a files with the same first six
characters, e.g. for the file
john savills file.txt
the
names generated would be johnsa~1.txt, johnsa~2 etc.
After the first 4 version of a file, only the first two characters of the file name are used, and the last 6 are generated, e.g. jo0E38~1.txt
Q. How do I change access permissions on a directory?
A. You can only set access permissions on an NTFS volume. Follow the instructions below:
Q. How can I change access permissions from the command line?
A. A utility called CACLS.EXE comes as standard with NT, and
can be used from the command prompt. Read the help with the CACLS.EXE program
(cacls /?). To give user john read access to a directory called files
enter:
CACLS files /e /p john:r
/e is used to edit the
ACL instead of replacing it, therefore other permissions on the directory will
be kept. /p sets permission for user:<permission>
Q. I have a CHKDSK scheduled to start next reboot, but I want to stop it.
A. If the command chkdsk /f /r (find bad sectors, recover information from bad sectors and fix errors on the disk) is run, on the next reboot the check disk is scheduled, however you may want to cancel this check disk. To do this perform the following:
Q. My NTFS drive is corrupt, how do I recover?
A. To restore an NTFS drive using the information below, it must have been created using Windows NT 4.0, if it was not created using NT 4.0 you should see Knowledge base article Q121517. To restore an NTFS partition you must locate the spare copy of the boot sector and copy it to the correct position on the drive. You need the NTdiskedit utility (you can also use Disk Probe that comes with the resource kit and instructions for Disk Probe can be found at http://support.microsoft.com/support/kb/articles/q153/9/73.asp or Norton disk edit) which is available from Microsoft Support Services.
Q. How can I delete a file without it going to the recycle bin?
A. When you delete the file, hold down the shift key.
Q. How can I change the serial number of a disk?
A. The serial number is located in the boot sector for a volume. For FAT drives its 4 bytes starting at offset 0x27; for NTFS drives its 8 bytes starting at offset 0x48. You'll need a sector-level editor to modify the number (like the Resource Kit's Diskprobe).
Q. How can I backup the Master Boot Record?
A. The Master boot record on the hard disk used to start the computer (the system partition) is the most critical sector so make sure this is the sector you backup. The boot partition is also very important (where %systemroot% resides). You need the DiskProbe utility that comes with the Resource Kit.
Q. How do I restore the Master Boot Record?
A. Follow the instructions below, however be very careful!!!
Q. What CD-ROM file systems can NT read?
A. NT's primary file system is CDFS a read only file system, however it can read any file system that is ISO9660 compliant.
Q. How do I disable 8.3 name creation on VFAT?
A. Start the registry editor (regedit.exe) and set the value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\Win95TruncatedExtensions to 0.
Q. How do I create a Volume Set?
A. A volume set allows you to take all the unused space on one or more drives (up to 32 drives per volume set) and combine it into a single, large, system recognizable drive. To create a volume set:
The main problem with volume sets is that if one drive in the volume set fails, the entire volume set becomes unavailable.
Q. How do I extend a Volume Set?
A. Extending a volume set is very simple, however a reboot will be required
The reboot will take longer than normal as the new area added has to be formatted to the same file system as the rest of the volume set.
Note: Only NTFS Volume Sets can be extended.
Q. How do I delete a Volume Set?
A. When you delete a volume set all the data stored will be lost. To delete a volume set:
Q. What is the maximum number of characters a file can be?
A. This depends on if the file is being created on a FAT or NTFS partition. The maximum file length on a NTFS partition is 256 characters, and 11 characters on FAT (8 character name, . , 3 character extension). NTFS filenames keep their case, whereas FAT filenames have no concept of case (however the case is ignored when performing a search etc on NTFS). There is the new VFAT which also has 256 character filenames.
NTFS filenames can contain any characters, including spaces, uppercase/lowercase except for the following
" * : / \ ? < > |
which are reserved for NT, however the file name must start with a letter or number.
VFAT filenames can also contain any characters except for the following
/ \ : | = ? " ; [ ] , ^
and once again the file name must start with a letter or number.
NTFS and VFAT also creates a 8.3 format file name, see Q. How to LFN's work?
Q. How can I stop chkdsk at boot time from checking volume x?
A. When NT boots it performs a check on all volumes to see if the dirty bit is set, and if it is a full chkdsk /f is run. To stop NT performing this dirty bit check you can exclude certain drives. The reason you may want to do this is for some type of removable drive, e.g. Iomega drives:
Where x is the drive letter, e.g. if you wanted to stop the check on drive f: you would type autocheck autochk /k:f *. To stop the check on multiple volumes just enter the drive names one after another, e.g. to stop the check on e: and g: autocheck autochk /k:eg *, you do not retype the /k each time.
If you are using NT 4.0 with Service Pack 2 or above, you can also use the CHKNTFS.EXE command which is also used to exclude drives from the check and updates the registry for you. The usage to disable a drive is
chkntfs /x <drive letter>:
e.g. chkntfs /x f:
would exclude the check of drive f:
To set the system back to checking all drives just type
chkntfs /d
Q. How can I compress files/directories from the command line?
A. A utility is supplied with the resource kit called compact.exe which can be used to view and change the compression characteristics of a file/directory.
Q. What protections can be set on files/directories on a NTFS partition?
A. When you right click on a file in Explorer and select properties (or select Properties from the File menu) you are presented with a dialog box telling you information such as size, ownership etc. If the file/directory is on a NTFS partition there will be a security tab, and within that dialog, a permissions button. If you press that button you can grant access to users/groups on the resource at various levels.
There are six basic permissions
These can be assigned to a resource, however they are grouped for ease of use
The permissions above can all be set on a directory, however this list is limited for a file, and permissions that can be set are only No Access, Read, Change and Full Control.
Another permission exists called "Special Access" (on a directory there will be two, one for files, one for directories), and from this you can set which of the basic permissions should be assigned.
Q. How can I take ownership of files?
A. Sometimes you may want to take ownership of files/directories, usually as someone has removed all access on a resource and can't see it. You would log on as the Administrator and take ownership. You cannot give ownership to someone else using standard NT functionality, only take ownership.
Q. How can I view the permissions a user has on a file from the command line?
A. A utility is supplied with the resource kit called perms.exe which can be used to view permissions on files/directories. The usage is
perms <domain>\<user> <file>
e.g. perms
savilltech\savillj d:\file\john\file.dat
You can add /s to also show details of sub files/directories. The permissions shown equate to
| R | Read |
| W | Write |
| X | Execute |
| D | Delete |
| P | Change Permission |
| O | Take Ownership |
| A | All |
| None | No Access |
| * | User is the owner |
| # | A group the member is a member of owns the file |
| ? | Permissions cannot be determined |
To output to a file just add > filename.txt at the end, e.g.
perms <user> <file> > file.txt
Q. How can I tell the total amount of space used by a folder (including sub folders)?
A. There are two ways of doing this (there are more!), one using explorer and one from the command line. Using Explorer
From the command line you can just use the dir command with
/s qualifier which also lists all sub-directories,
e.g.
dir/s d:\savilltechhomepage
would list all
files/folders in the savilltechhomepage directory and at the end the total
size.
Q. There are files beginning with $ at the root of my NTFS drive, can I delete them?
A. NO!!! These files hold the information of your NTFS volume. Below is a table of all the files used by the file system:
| $MFT | Master File Table |
| $MFTMIRR | A copy of the first 16 records of the MFT |
| $LOGFILE | Log of changes made to the volume |
| $VOLUME | Information about the volume, serial number, creation time, dirty flag |
| $ATTRDEF | Attribute definitions |
| $BITMAP | Contains drive cluster map |
| $BOOT | Boot record of the drive |
| $BADCLUS | A list of bad clusters on the drive |
| $QUOTA | Quota information (used on NTFS 5.0) |
| $UPCASE | Maps lowercase characters to uppercase version |
If you want to have a look at any of these files use the command
dir /ah $mft
Its basically impossible to delete these files anyway as you can't remove the hidden flag and if you can't remove the hidden flag you can't delete it!
Q. What file system do Iomega ZIP disks use?
A. By default, the formatted ZIP disks are FAT, however you can format these with NTFS is you want. NTFS has a higher overhead than FAT on small volumes (an initial 2MB) which is why you don't have NTFS on 1.44 floppy disks.
Q. What cluster size does a FAT/NTFS partition use?
A. The default cluster size for a FAT partition is as follows:
| Partition size | Sectors per cluster | Cluster size |
| <32MB | 1 | 512 bytes |
| <64MB | 2 | 1K |
| <128MB | 4 | 2K |
| <255MB | 8 | 4K |
| <511MB | 16 | 8K |
| <1023MB | 32 | 16K |
| <2047MB | 64 | 32K |
| <4095MB | 128 | 64K |
This is why FAT volumes larger than 511MB are not recommended due to the amount of potentially wasted space due to the 16KB and above cluster size.
The default for NTFS is as follows:
| Partition size | Sectors per cluster | Cluster size |
| <512MB | 1 | 512 bytes (or hardware sector size if greater than 512 bytes) |
| <1024MB | 2 | 1K |
| <2048MB | 4 | 2K |
| <4096MB | 8 | 4K |
| <8192MB | 16 | 8K |
| <16384MB | 32 | 16K |
| <32768MB | 64 | 32K |
| >32768 MB | 128 | 64K |
NTFS better balances the trade off between disk defragmentation due to smaller cluster size and wasted space due to a large cluster size.
When formatting a drive you can change the cluster size using the /a:<size> switch, e.g.
format d: /a:1024 /fs:ntfs
Q. How much free space do I need to convert a FAT partition to NTFS?
A. The calculation below can be used for disks of a standard 512 bytes per sector:
To summarize:
Free space needed = (<size of partition in bytes>/100) + (<size of partition in bytes>/803) + (<no of files & directories> * 1280) + 196096
For more information see Knowledge Base article Q156560 at http://support.microsoft.com/support/kb/articles/q156/5/60.asp
Q. NT becomes unresponsive during an NTFS disk operation such as a dir.
A. When you perform a large NTFS disk operation such as a dir/s *.* or a ntbackup :\*.* NT can sometimes become unresponsive because NT updates NTFS files with a last access stamp and if viewing thousands of files the NTFS log file can become full and waits to be flushed to the hard disk, this can cause NT to become unresponsive. To stop NTFS updating the last access stamp perform the following:
This should improve the performance of your NTFS partitions.
Below is an example or a .reg file that can be used to automate this:
REGEDIT4
;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisableLastAccessUpdate"=dword:1
Q. I have missing space on my NTFS partitions (Alternate Data Streams).
A. Its possible to hide data from both explorer and the dir command within an NTFS file that you cannot see unless you know its stream name. NTFS allows multiple streams to a file in the form of <filename>:<stream name>, you can try it
You can have as many streams as you want. If you copy a file it keeps the streams, so copying normal.txt to john.txt, john.txt:hidden would exist. You cannot use streams from the command prompt as it does not allow : in files names except for drive letters.
Microsoft provide no way of detecting or deleting these streams. The two ways to delete are
One application I have found to detect alternate data steams is by Frank Heyne and can be downloaded from http://www.heysoft.de/nt/ep-lads.htm.
Alternatively you can use Lizp which is downloadable from http://www.lizp.com/. I have not used it in earnest, however what I have seen looks very good. An example use would be
 Single File Version_files/lizpnt.gif)
Its also possible to write a function to enumerate every altstream in every
file matching c:\winnt\*. To do this, let's define a function, we'll call it
las, and it'll take one argument, the wild path. Then we could type
(las
'c:\winnt\*)
and we'd get what we wanted.
Here's such a function definition:
(sequence
(define
(las Dir)
(filter
'(lambda
(o)
(cdr o) )
(mapcar
'(lambda
(FileInfo)
(if
(getfilesize
(car FileInfo) )
(cons
(car FileInfo)
(getaltstreams
(car FileInfo) ) )
(cons nil nil) ) )
(dirlist Dir) ) ) )
'(Enhanced with las) )
Even though you could type all this in at the prompt, on one long line, it's easier to save the code above to a file. Let's call the file las.lzp.
Now, from the Lizp prompt, you could type
(eval (load 'las.lzp))
and voila, you'll have a new function, las. Now try the thing above:
(las 'c:\winnt\*)
Suppose we think our Lizp should have this functionality always. Then type
(Compile (load 'las.lzp) 'Lizp_with_las.exe true)
and we'll have a new version of Lizp, called Lizp_with_las.exe.
Finally, suppose we wanted a GUI application which asked us for the wild path, and then displayed the alternate streams in a window. Save the following lines to a file, let's call it las_gui.lzp:
(local
(Result)
(setq Result
(las
(inputbox
'((Wild path to check for Alt Streams)) ) ) )
(messagebox
(if Result Result
'((No Alt Streams found in path.)) ) )
(exit) )
Now, from Lizp_with_las' prompt, type
(Compile (load 'las_gui.lzp) 'Las.exe nil
and you'll have a new program, Las.exe, doing what we want. Note the last argument to the Compile function: the first time we compiled, we used "true", this last time we used "nil". This is because the first time we wanted the new program to create a console when run (because it was going to be our new Lizp interpreter). The second time we don't need a console.
Another way to delete these streams is to edit them in notepad and delete all the text. When you quit notepad NT tells you that the file is empty and will be deleted and you only have to confirm.
If you want to write your own programs to detect streams have a look at
Basically the only reliable way of handling streams is to use the BackupRead() function. The only "problem" is that BackupRead() requires SeRestorePrivilege/SeBackupPrivilege rights which most users will not have
BackupRead() actually does is to turn a file and its associated metadata (extended attributes, security data, alternate streams, links) into a stream of bytes. BackupWrite() converts it back.
Q. How can I change the Volume ID of a disk?
A. Windows NT provides functionality to change the volume name of a disk by using the command
label <drive>: <label name>
Windows NT does not provide built in functionality to change Volume ID's, however NT Internals has produced a free utility that can be downloaded from http://www.sysinternals.com/misc.htm called VolumeID which can change the volume ID of a FAT or NTFS volume. To view a drives current Volume ID you can just perform a dir <drive>: and the volume serial number is shown on the second line down, e.g.
Volume in drive E is system
Volume Serial Number is
BC09-8AE4
To change enter the command
volumeid <drive letter>: xxxx-xxxx
Q. How do I read NTFS 5.0 partitions from Windows NT 4.0?
A. Service Pack 4 includes a read/write driver for NTFS 5.0 volumes (an updated ntfs.sys driver). More details will follow once Service Pack 4 is released, the non-disclosure agreement limits me from saying any more.
Q. How do share and file system protections interact?
A. In general when you have protections on a share or on a file/directory the privileges are added, for example if user John was a member of 2 groups, one with read access and another with change the user would have read and change access. The exception to this if a group has "no access" which means no mater what other group memberships there are, any user in that group will have no access.
The opposite is true when protections are set on the file system and on the share where the most restrictive policy is enforced, e.g. if the file has full control set for a user and the share only has read then the user will be limited to read-only privileges, likewise if the file had only read-only but the share had full the user would still be limited to read-only.
Share protections are only used when the file system is accessed through a network connection, if the user is using the partition locally then the share protections will be ignored.
Q. How can I backup/restore my Master Boot Record?
A. The Windows NT Resource kit supplies a utility DISKSAVE.EXE which enables a binary image of the Master Boot Record (MBR) or Boot Sector to be saved.
DISKSAVE has to be run from DOS and so you will need to create a bootable DOS disk and copy DISKSAVE.EXE to the disk. To create a DOS bootable disk just use the command
C:\> format a: /s
from a DOS machine (do not do it from a Windows NT command session).
Once you boot with the disk you will have a number of options:
F2 - Backup the Master Boot Record - This function will prompt for a path and filename to save the MBR image to. The path and filename are limited to 64 characters. The resulting file will be a binary image of the sector and will be 512 bytes in size. The MBR is always located at Cylinder 0, Side 0, Sector 1 of the boot disk.
F3 - Restore Master Boot Record - This function will prompt for a path and filename for the previously save Master Boot Record file. The only error checking is for the file size (must be 512 bytes). Copying and incorrect file to the MBR will permanently destroy the partition table information. In addition, the machine will not boot without a valid MBR. The Path/filename is limited to 64 characters.
F4 - Backup the Boot Sector - This function will prompt for a path and filename to save the Boot Sector image to. The path and filename are limited to 64 characters. The resulting file will be a binary image of the sector and will be 512 bytes in size. The function opens the partition table, searches for an active partition, then jumps to the starting location of that partition. The sector at that location is then saved under the filename the user entered. There are no checks to determine if the sector is a valid boot sector.
F5 - Restore Boot Sector - This function will prompt for a path and filename for the previously save Boot Sector file. The only error checking is for the file size (must be 512 bytes). Copying and incorrect file to the Boot Sector will permanently destroy Boot Sector information. In addition, the machine will not boot without a valid Boot Sector. The Path/filename is limited to 64 characters.
F6 - Disable FT on the Boot Drive - This function may be useful when Windows NT will not boot from a mirrored system drive. The function looks for the bootable (marked active) partition. It then checks to see if the SystemType byte has the high bit set. Windows NT sets the high bit of the SystemType byte if the partition is a member of a Fault Tolerant set. Disabling this bit has the same effect as breaking the mirror. There is no provision for re-enabling the bit once it has be disabled.
Q. How do I convert an NTFS partition to NTFS 5.0? - NT 5.0 only
A. Windows NT 5.0 introduces NTFS 5.0 which enables a number of new features. By default when you install Windows NT 5.0 it will automatically convert any NTFS 4.0 partitions to NTFS 5.0 (however this may change).
Service Pack 4 has an updated NTFS.SYS which can read NTFS 5.0 partitions so apply this to any systems that need to read Windows 2000 NTFS 5.0 partitions.
To check the version of an NTFS partition use the CHKNTFS.EXE utility.
C:\> chkntfs <drive>:
The type of the file system is
NTFS 5.0.
or
The type of the file system is NTFS
4.0
<drive>: is not dirty
If the file system is not NTFS 5.0 and you want to upgrade it use the command
C:\> chkntfs /e <drive>:
The machine will need to be rebooted for the upgrade to take place.
Q. I cannot compress files on an NTFS partition.
A. If when you try and compress files on an NTFS partition using Explorer (right click on a file/directory, select properties and check the compress box) the option is not available or when you try from the command prompt using the command:
C:\> compact /c ntfaq.txt /s
you get the error
"The file system does not support compression"
the cause is normally that the cluster size of the NTFS partition is greater than 4096. To check the cluster size of your NTFS partition use the CHKDSK command, e.g.
C:\> chkdsk <disk>: /i /c
The /i /c are used to speed up the chkdsk and at the end of the display it will tell you the bytes in each allocation unit:
2048 bytes in each allocation
unit.
1012032 total allocation units on disk.
572750 allocation units
available on disk.
If this number is greater than 4096 you will need to backup all the data on the disk and then reformat the partition using any of the following methods:
Once reformatted you can then restore your backed up data.
To understand more about the 4,096 limit please read Knowledge base article Q171892 at http://support.microsoft.com/support/kb/articles/q171/8/92.asp
Q. How can I modify the CHKDSK timer?
A. Service Pack 4 introduces a new feature which before performing a chkdsk of a disk if its dirty bit is set a 30 second countdown timer is given allowing you to cancel to chkdsk from running.
If you want to modify this 30 second value perform the following:
The change will take effect at the next reboot
Q. How can I view the current owner of a file?
A. The normal method would be to right click on the file in Explorer, select Properties, click the Security tab and click Ownership. This will then show the current owner and give the option to take ownership.
To view from the command line you can use the SUBINACL.EXE utility that is shipped with the Windows NT Resource Kit Supplement 2. To view the current owner use as follows:
C:\> subinacl /file <file name>
//++++
//
D:\Documents\<file name>
//----
+ Owner =
builtin\administrators
+ Primary Group= lnautd0001\domain users
+
System ACE count =0
+ Disc. ACE count =1
lnautd0001\saviljo
ACCESS_ALLOWED_ACE_TYPE FILE_ALL_ACCESS
You could perform on *.* to list owners for all files in all subdirectories (no need for any /s switch).
Q. How can I view/defrag pagefile fragmentation?
A. System Internals has released PageDefrag, a free utility that shows fragmentation in the pagefile and then offers the option of defragmentation at boot time.
The utility can be downloaded from http://www.sysinternals.com/pagedfrg.htm. Once you download just unzip the file and run pagedfrg.exe. Below is a sample output.
 Single File Version_files/pagedfrg.gif)
I understand that Executive Software's Diskeeper 4.0 can also defragment pagefiles however I have not seen it in action (http://www.diskeeper.com/).
Q. I get a disk maintenance message during setup.
A. If during setup up get the message:
Setup has performed maintenance on your hard disk(s) that requires a reboot to take effect. You must reboot and restart Setup to continue.
Press F3 to reboot.
This is returned when the Autochk part of the installation was able to repair the partition, but will require a reboot.
For a FAT partition, this could include corruption of extended attributes was fixed, the dirty bit was cleared, orphaned long filename entry was fixed (or any other fixing of lfns), directory entry fixed, crosslinked files fixed, non-unique filename uniqued, or any other structural issues at all fixed. There will of course be other specific "fixing steps" that would cause this for NTFS, or other non-file system specific structures.
In short this is not a problem as long as the setup does not get stuck in a loop keep running this stage.
Q. Where is Disk Administrator in Windows 2000? - Windows 2000 only
A. As with every other Administration tool in Windows 2000, Disk Administrator has been replaced with a Microsoft Management Console (MMC) snap-in.
By default it is accessible via the Computer Management MMC snap-in
 Single File Version_files/diskman.gif)
Alternatively create your own MMC console
You now have your own MMC with just the Disk Management. You could save by selecting "Save As" from the Console menu, enter "Disk Admin" as the name and click Save. You will now see under the Programs menu a new folder, My Administrative Tools with Disk Admin as a MMC snap-in.
Q. How do I convert a basic disk to dynamic? - Windows 2000 only
A. Windows 2000 introduces the idea of a dynamic disk needed for fault tolerant configurations. To convert perform the following:
Converting Basic disks to Dynamic disks don't require reboots - however any volumes contained on them after the conversion will generate a popup that basically says a re-boot is necessary before the volumes can be used. I generally say - NO, do not reboot - until all the volumes are identified and all the popups go away, then perform a single re-boot.
When you upgrade from basic to dynamic any existing partitions become simple volumes. Any existing mirrored, striped or spanned volumes sets created with NT 4.0 become dynamic mirrored, striped or spanned volumes respectively.
If you get a message that says you are out of space then you may not have enough unallocated free space at the end of the disk for the private region database that Dynamic disks use to keep volume information. To be Dynamic it needs about 1 MB of this space, sometime the space is not visible to the user in the GUI but it is still there.
You may not have the space if the partition(s) on the disk take up the entire disk and were created with Setup, an earlier version of NT or another OS. If partitions are created within Windows 2000 the space is reserved, partitions created with Setup will reserve the space in a later release.
To undo this conversion run Dmunroot.exe which will revert boot and system partition back to basic but all other volumes will be destroyed. Alternatively you should backup any data on the disk you wish to preserve, then delete all partitions - that should activate the menu choice "Revert to Basic Disk", the entire disk HAS to be unallocated or free space.
Q. How do I delete a volume in Windows 2000?
A. To delete a volume just perform the following, be warned you will lose any data on these volumes.
Q. How do I import a foreign volume in Windows 2000?
A. If you take a disk from another machine and place in a Windows 2000 box it will be shown as foreign and its partitions not available, however its partition information can be imported and volumes used. Any volumes that were part of a set will be deleted during the import phase unless the whole set of disks are imported.
 Single File Version_files/importforeign.gif)
 Single File Version_files/foreignchoose.gif)
The data on the imported volumes will now be accessible (you have to refresh in Explorer to see them (press F5)).
Q. How can I wipe the Master Boot Record?
A. The normal method is using the DOS FDISK command:
C:\> fdisk /mbr
however there are some cases where this does not work and a more direct method may be needed.
A program called DEBUG.EXE is supplied with DOS, Windows 9x and NT and can be used to run small Assembly language programs and just such a program can be used to wipe the MBR. Perform the following, but BE CAREFUL, this WILL wipe your MBR leaving your system unbootable and its data lost.
 Single File Version_files/mbrwipe.gif)
You can now install a replacement MBR via a normal installation.
Thanks to Mark Minasi for giving permission to reproduce this Assembler code and a full explanation can be found in Windows NT Magazine Summer 1999 issue
Another method from David Lynch:
C:\> debug
-a
xxxx:0100 mov ax,0301
xxxx:01xx mov
cx,1
xxxx:01xx mov dx,80
xxxx:01xx int 13
xxxx:01xx int 3
xxxx:01xx
<CR>
-G
This is much shorter. It has 2 theoretically possible failure cases
There is nothing special about filling the MBR with 0's. It just need to not be valid. Any invalid MBR is the same as no MBR.
Q. How can I cancel a scheduled NTFS conversion?
A. If you have scheduled a NTFS conversion for next reboot using the CONVERT command it can be canceled as follows:
Q. What is the Encrypted File System (EFS)?
A. New to Windows 2000 and the NTFS 5.0 file system is the Encrypted File System (EFS) which as the name suggests is used to encrypt files.
NTFS is a secure file system however with more and more people using portables and utilities such as NTFSDos which bypasses NTFS security another layer or protection is needed.
EFS uses a public and private key encryption and the CryptoAPI architecture. EFS can use any symmetric encryption algorithm to encypt files however the initial release only uses DES. 128-bit keys are used in North America, 40-bit internationally.
No preparation is needed to encrypt files and the first time a user encrypts a file an encryption certificate for the user and a private key are automatically created.
If encrypted files are moved they stay encrypted, if users add files to an encrypted folder the new files are automatically encrypted. There is no need to decrypt a file before use, the operating system automatically handles this for you in a secure manner.
In the event of a users private key being lost (either by reinstallation or new user creation) the EFS recovery agent can decrypt the files.
Q. What do I encrypt/decrypt a file?
A. Encrypting and compressing a file/folder is mutually exclusive, you can encrypt a file or compress it, not both.
To decrypt a file perform the following:
 Single File Version_files/fileprop.gif)
 Single File Version_files/encryptfile.gif)
 Single File Version_files/encryptfileorfolder.gif)
To decrypt repeat the above but unselect the box. If you decrypt a folder it will ask if you also want to decrypt all child folders and files.
Compress encrypted file will not save in most case. Encrypt compressed file
makes sense. There is a technical issue here. It is not because of reparse
point. Neither compression nor encryption uses reparse point. The reason we do
not support both is backup\restore. We provide a way for backup operator to
backup encrypted file. The operator has no way to read the file in plaintext.
The NTFS compression result depends on the disk cluster. If the backup source
and the restore destination has the different cluster size, NTFS could not
restore the encrypted data because NTFS does not know how to understand the
data.
Sparse and encryption.
Encryption is compatible with
sparse. In other words, you can encrypt a sparse file and still keep it a sparse
file.
Q. What do I encrypt/decrypt a file from the command line?
A. A command line utility, CIPHER.EXE, can be used to encrypt and decrypt files from the command line.
CIPHER [/E | /D] [/S:dir] [/I] [/F] [/Q] [dirname [...]]
/E Encrypts
the specified directories. Directories will be marked so that files added
afterward will be encrypted.
/D Decrypts the specified directories.
Directories will be marked so that files added afterward will not be
encrypted.
/S Performs the specified operation on directories in the given
directory and all subdirectories.
/I Continues performing the specified
operation even after errors have occurred. By default, CIPHER stops when an
error is encountered.
/F Forces the encryption operation on all specified
directories, even those which are already encrypted. Already-encrypted
directories are skipped by default.
/Q Reports only the most essential
information.
dirname Specifies a pattern, or directory.
Used without
parameters, CIPHER displays the encryption state of the current directory and
any files it contains. You may use multiple directory names and wildcards. You
must put spaces between multiple parameters.
Q. How can a user request an EFS recovery certificate?
A. To request a EFS certificate you first need the domain to have a trusted list of Certificate Authorities and the user needs to be a domain Administrator.
You will now have a File Recovery certificate under the Personal\Certificates folder.
Q. How can I add a user as an EFS recovery agent for a domain?
A. Recovery agents are users who can recovery encrypted files for a domain. To add new users as recovery agents they must first have recovery certificates.
Refresh the machine policy
C:\> secedit /refreshpolicy machine_policy
The agent will only be able to recover files encrypted after the user was made an agent. If an encrypted files is unencrypted and the encrypted or even just opened the new agent WILL be able to recover it as the file will "refresh" its recovery certificates (if the recovery policy has changed).
The local admin on a standalone PC or the first logon admin on a DC is the recovery agent by default. However this can be modified. You can remove the default recovery agent and assign any one as the recovery agent. In other words, admin can not read other person's encrypted file unless he is the recovery agent. The purpose of assigning the first logon admin as the recovery agent is to make life easier for most of our customer. The corp user is recommended to modify the recovery agent.
Q. How do I delete an orphaned share?
A. An orphaned share is one that the directory it shares has been deleted. If you delete a directory in Explorer that is shared any shares will automatically removed. If you delete by a different method, such as from the command prompt then the share will be left and it may result in messages in the System Event Log of the form:
The server service was unable to recreate the share NTFAQ because the
directory D:\ntfaq files no longer exists.
You can manually update the registry to remove these "rogue" shares.
 Single File Version_files/deadshare.gif)
If you type net share the share name will still be displayed until the lanmanserver service is restarted. If you manually restart it will also stop the services, net logon, computer browser and Distributed File System.
Another method (if you have access) is to use Server Manager in NT 4.0, connect to the machine and orphaned shares are grayed out, you can then delete them. Windows 2000 Computer Manager does not display orphaned shares in a different colour making this approach impossible in Windows 2K.
Q. How can I check who last opened a file?
A. The only way I know of would be to enable auditing on the file and then examine the Security Event log for access.
 Single File Version_files/fileopenaudit.gif)
In order to do this you will need the following:
A. You need to reset the Disk Administrator configuration by performing the following:
 Single File Version_files/windiskfirstrun.gif)
Q. I'm unable to use the Encrypted File System under Windows 2000 as I'm a member of a 4.0 domain.
A. Because a machine in a domain uses the domain policy for recovery if the domain does not support EFS (such as a 3.51 or 4.0 domain) EFS is disabled. To get around this perform the following:
secedit /refreshpolicy
machine_policy /enforce
Q. What is Distributed File System?
A. Distributed File System (or Dfs) is a new tool for NT server that was not completed in time for inclusion as part of NT 4.0, but is now available for download. It basically allows Administrators to simulate a single server share environment that actually exists over several servers, basically a link to a share on another server that looks like a subdirectory of the main server.
This allows a single view for all of the shares on your network, which could then simplify your backup procedures as you would just backup the root share, and Dfs would take care of actually gathering all the information from the other servers across the network.
You do not have to have a single tree (Dfs directory structures are called trees), but rather could have a separate tree for different purposes, i.e. one for each department, but each tree could have exactly the same structure (sales, info. etc).
For more information on DFS see http://www.microsoft.com/ntserver/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp
A. Dfs is available for download from Microsoft http://www.microsoft.com/ntserver/nts/downloads/winfeatures/NTSDistrFile/default.asp. Follow the instructions at the site and fill in the form about your site. The file you want for the I386 platform is dfs-v41-i386.exe.
Once downloaded just double click on the file, and agree to the license. It will then install files to your drive which you need to install.
Windows 2000 has Dfs built-in as a core component.
A. Follow the instructions below, you must have first downloaded and expanded the file dfs-v40-i386.exe:
Windows 2000 does not require you to install Dfs, it is built into the operating system, all it requires is configuration.
Q. How do I create a new folder as part of the Dfs?
A. Once Dfs is installed a new application, the Dfs Administrator, is created in the Administrative Tools folder. This app should be used to manage Dfs. To add a new area as part of the Dfs tree follow the procedures below:
A. Follow the procedure below:
Q. How do I create a Dfs root volume in Windows 2000?
A. Windows 2000 currently supports one Dfs root per server however this will be expanded in future versions of the operating system/service packs.
The Distributed File System has its own DFS Microsoft Management Console snap-in which has a shortcut on the Administrative Tools folder.
To create a new Dfs root perform the following:
 Single File Version_files/newdfsroot.gif)
 Single File Version_files/domaindfsroot.gif)
 Single File Version_files/nt83.gif)
Q. How can I add a replica Dfs root volume in Windows 2000?
A. If your Dfs root was created as a fault-tolerant Dfs root you may add other Dfs servers as part of the Dfs root replica set.
To add a new Dfs root replica member perform the following:
These root replicas will all contain the Dfs root information by utilitizing and replicating via the Active Directory. You can actually see the Dfs information using the Active Directory Users and Computers snap-in, select Advanced Features view, System, Dfs.
Q. How can I add a child node to Dfs in Windows 2000?
A. Once your Dfs root is created the next step is to populate with child nodes/leafs which actually link to information.
To add a new Dfs child node perform the following:
 Single File Version_files/nt84.gif)
Any subdirectories of the child leaf will also be published to the Dfs with the parent directory, for example if a share, ntfaq, was added as a child node to Dfs, any subdirectories of that share would be viewable on the Dfs tree as children of the documents Dfs entry.
Q. How can I add a replica child node to Dfs in Windows 2000?
A. The Windows 2000 version of Dfs allows child replica sets to be created in which a single Dfs leaf points to multiple shares on different servers the File Replication Service will keep the contents of all shares in sync with each other. This allows fault tolerance AND load balancing.
Members of a node replica set must:
To add a new Dfs child replica member perform the following:
 Single File Version_files/nt85.gif)
Multi-master replication is used except on the first replication path where the contents of the Primary server is copied to the other members. Any content currently in the other shares is moved to a NtFrs-PreExisting subdirectory (but a checksum is performed and if the files match with the primary servers share they are moved back into the main directory to save network bandwidth in copying them from the Primary server).
Replication is every 15 minutes by default.
Q. How do I assign User Rights for a standalone server (not the PDC/BDC) in a domain?
A. In NT Workstation, User Manager/Policies/User Rights... assigns the privileges (e.g. the Shutdown or Log On Locally privilege) for the local machine. However, in NT Server the User Rights you assign with User Manager for Domains affect the Domain Controller(s). To modify privileges for the local machine, first choose Select Domain... from the User menu, and type in the name of the computer at the Domain prompt (you cannot browse the domain).
Q. I can't FTP to my server, although the FTP service is running?
A. Have you unchecked the "Allow only anonymous connections" option, but still receive a "530 User xyz cannot log in. Login failed." message? To log on to the FTP server with your domain account, it is not sufficient to specify your name at the User prompt. The FTP service checks local accounts only, even if the computer is participating in a domain. Use domainname\username instead, e.g. if the domain name was savilltech and the user was john, enter savilltech\john as the username.
Q. How do I validate my NT Logon against a UNIX account?
A. There is software to do this available at
Q. Can I synchronize the time of a NT Workstation with a NT Server?
A. Yes, enter the command
NET TIME \\<name of the server to set time to> /SET /YES
Please note that users will require "Change System Time" user right, via User Manager\User rights. There is a utility on the resource kit called TimeServ which runs the time synchronization as a service and works even when there are no logged on users.
Also see Q. How do I configure a user so it can change the system time?
Q. How can I send a message to all users?
A. Ensure the "Messenger" service is started (Control Panel
- Services - Messenger - Auto). To send a message type:
c:> net
send <machine name> "<message>"
Or instead of a machine
name type * to broadcast to all stations
There are also various GUI utilities, and one of the best is NT Hail at http://www.geocities.com/SiliconValley/Bay/1999/NT_Hail.html
Q. How do I change a Workstations Name?
A. Follow the steps below
Q. How do I stop the default admin shares from being created?
A. This can be done through the registry.
This can also be done using the policy editor. Start the policy editor (poledit.exe), load the default computer profile, and expand the Windows NT Network tree, then Sharing and set "Create hidden drive shares" to blank for server/workstation.
There are a few other options though. The first is to use NTFS and set
protections on the files so people may be able to connect to the share, but they
will not be able to see anything. The second is to delete the shares each time
you logon, this can be done through explorer, but it would be better to have a
command file run each time with the lines
net share c$
/delete
and for all the other shares, however these shares are there
for a reason so your machine can be administered by the servers, so if you
delete them system managers may have something to say about it!
Q. How do I disconnect all network drives?
A. Use net use * /del /yes
Q. How do I hide a machine from Network Browsers?
A. Using the registry editor set the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters and set value Hidden from 0 to 1 which should be of type DWORD. You should then reboot. You can also type
net config server /hidden:yes
The above command also automatically creates quite a lot of other values under \Parameters key, too.
You can still connect to the computer, but it is not displayed on the browser.
A. NT does not support remote boot. It is possible to reboot a machine from another computer using the Shutdown Manager that comes with the NT resource kit.
You could also reboot by using the shutdown.exe resource kit utility and specify another machine name.
C:\>shutdown \\<machine name> /r /y /c
Software such as PC Anywhere can also remotely reboot machines.
Q. How can I get a list of users currently logged on?
A. Use the net sessions command, however this will only work if you are an Administrator. You can also use control panel and choose server.
The resource kit utility, Net Watch, can also show current logged on users that are connected to the Netlogon share if you connect to the domain controller, however these connects terminate after a finite amount of time so will not necessarily show all users.
Q. How do I configure NT to be a gateway to an ISP?
A. Firstly the hardware required would be a network and a modem. The network card would be so the other clients in the network can communicate with the "to be" gateway, and the modem to connect to the gateway. Dial-up networking is not covered here, and you should first be confident with dial-up networking before attempting this.
This would enable the machines to send out IP packets to the internet, however the packets would have no way of finding there way back, as the ISP would not know to route them through the gateway, so you ISP will have to either a) have host entries for each of the machines or b) point to the gateway as another DNS.
Other things to check are as follows:
Have a look at http://support.microsoft.com/support/ntserver/serviceware/nts40/e9mslcs1z.asp for more information.
Q. How do I install the FTP server service?
A. In prior version of NT, the FTP server service was installed as part of TCP/IP, however as of NT 4.0, it became part of IIS/PWS, so it needs to be installed manually. Before you install the FTP server, TCP/IP must be installed.
Q. How do I get a list of all connections to my PC?
A. Use the command netstat -a
Q. How can I get the Ethernet address of my Network card?
A. Type ipconfig /all from a command box.
Q. How can I configure the preferred Master Browser?
A. On the NT server you want to be the preferred master browser change the registry setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\IsDomainMaster to True
Q. Is it possible to protect against Telnet attacks?
A. There was a recent well-known problem that a telnet client could connect to an NT machine on port 135, type 10 characters and it would hang NT. There is no simple way to protect NT from a certain port attack. It is possible to configure NT to only accept incoming packets from a set of configured ports, however you have to name the ports you want to accept input from:
To protect against the port 135 attack, install the RPC hotfix for Service Pack 2.
Service Pack 3 and some its Hotfixes are also highly desirable, and address a number of Internet attack methods.
Q. What Telnet Servers/Daemons are available for Windows NT?
A. A Telnet Server on NT allows connection to an NT machine using a Telnet client from any hardware platform. Products are available from:
Q. How do I install MSN under NT?
A. The new MSN 2.0 only runs under Windows 95, however a version for NT 4.0 is being developed. In the mean time it is possible to use MSN to connect to the Internet, however you cannot read Mail
Q. What FireWall products are available for NT?
A. Below are a selection of FireWall systems for NT:
Q. How do I install the Remoteboot Service?
A. Before installing the Remoteboot service you must have both the NetBEUI and DLC protocols installed. The remoteboot service will only run on NT server.
Q. How many connections can NT have?
A. NT workstation can have up to 10 concurrent connections, with one exception, Peer Web Services which allows unlimited concurrent connections.
Q. How can I secure a server that will be a Web Server on the Internet?
A. Below are points to be aware of
Q. How can I stop a user logging on more than once?
A. There is no way in NT to stop a user logging on more than once, however it is possible to restrict a workstation so that only a certain user can login, and with this method each user would be tied to one workstation and thus could only logon once.
This solution is far from ideal, and it may be plausible to write a login script that checked if a user was currently logged on and if so, logoff straight away (using the logout command line tool).
Q. How can I get information about my domain account?
A. From the command prompt type
net user <username> /domain
And all your user information will be displayed including last logon time, password change etc.
Q. A machine is shown as Inactive in Server manager when it is not.
A. Sometimes Server Manager fails to see a machine has
become active, you can attempt to force it to see the machine by
typing:
C:> net use \\<machine
name>\IPC$
If this fails it may be the machine has been configured to be invisible to the network such as if hidden from Network Neighborhood as seen in 'Q. How do I hide a machine from Network Browsers?'.
Q. How do I automatically FTP using NT?
A. I use a basic script to update my main site and the mirrors using two batch files. The first consists of a few lines:
d:
cd \savilltechhomepage
ftp -i
-s:d:\savmanagement\goftp.bat
The -i suppresses the prompt when performing a multiple put, and the -s defines an input file for the FTP like:
open ftp.savilltech.com - the name of the FTP
server
johnny -
username
secret - password
cd
/www - remotely move to a base directory
lcd
download - locally change directory
cd
download - remotely move to a sub directory of the current
directory
binary - set mode to
binary
put faqcomp.zip - send a
file
cd .. - move down a directory
remotely
lcd .. - move down a directory
locally
cd ntfaq
lcd ntfaq
mput *.html - send
multiple files (this is why we needed -i)
close -
close the connection
Q. How can I change the time period used for displaying the password expiration message?
A. Follow Instructions below:
Q. How can I modify share permissions from the command line?
A. The Windows NT resource kit ships with a utility called RMTSHARE.EXE that is used to modify permissions on shares, the syntax to grant access to a share is as follows
rmtshare \\<server name>\<share> /grant
<username>:<permission>, e.g.
rmtshare \\bugsbunny\movies /grant
savillj:f
Valid permissions are f for full, r for read, c for change and n for none. To revoke access to a share type
rmtshare \\<server name>\<share> /grant <username>,
e.g.
rmtshare \\bugsbunny\movies /grant savillj
This would remove savillj's access to the share. To view share permissions enter:
rmtshare \\<server name>\<share> /users, e.g.
rmtshare
\\bugsbunny\movies /grant
RMTSHARE.EXE also allows the creation and deletion of shares. Type rmtshare /? for help.
Q. How can I change the protocol binding order?
A. Network bindings are links that enable communication between the network adapter(s), protocols and services. If you have multiple protocols installed on a machine you can configure NT to try a certain protocol first for communication:
Q. What criteria are used to decide which machine will be the Master Browser?
A. There are 5 roles a machine can have
When an election takes place, a number or criteria are used. Firstly the browser type
If two machines have the same role then the operating system is used
If there is still a tie, the Windows NT version is used
To set a machine as a certain type of browser perform the following
Q. How can I get a list of MAC to IP addresses on the network?
A. An easy way to get a list of MAC to IP addresses on the local subnet is to ping every host on the subnet and then check you ARP cache, however pinging every individual node would take ages and the entries only stay in the ARP cache for 2 minutes. An alternative is to ping the broadcast mask of your subnet which will ping every host on the local subnet (you can't ping the entire network as you only communicate directly with nodes on the same subnet, all other requests are via the gateway so you would just get a ARP entry for the gateway).
What is the broadcast mask? The broadcast mask is easy to calculate if the subnet mask is in the format 255.255.255.0 or 255.255.0.0 etc. (multiples of 8 bits). For example if the IP address was 134.189.23.42 and the subnet mask was 255.255.0.0 the broadcast mask would be 134.189.255.255, where 255 is in the subnet mask the number from the IP address is copied over, where 0 it is replaced with 255, basically the network id part is kept. If the subnet mask is not the basic 255.255 format, you should use the following, all you need is the IP address and the subnet mask
for example, IP address 158.234.24.98 and subnet mask 255.255.248.0
|
Network |
Host | |||||||||||||||||||||||||||||||
| 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |
| 1 | 0 | 0 | 1 | 1 | 1 | 1 | 0 | 1 | 1 | 1 | 0 | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 1 | 1 | 0 | 0 | 0 | 0 | 1 | 1 | 0 | 0 | 0 | 1 | 0 | |
| 1 | 0 | 0 | 1 | 1 | 1 | 1 | 0 | 1 | 1 | 1 | 0 | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | |
|
Byte 1 |
Byte 2 |
Byte 3 |
Byte 4 | |||||||||||||||||||||||||||||
The first row is the subnet mask 255.255.248.0, the second row the IP address 158.234.24.98 and the third row is the broadcast mask, 158.234.31.255.
To get the MAC to IP addresses, you would therefore perform the following
ping <broadcast mask>
arp -a
Voila, a list of IP addresses and their MAC address (you can add > filename to get the list to a file, e.g. arp -a > iptomac.lst). You could repeat this exercise on the various subnets of your organization.
Unfortunatly due to limitations in NT's implementation of PING the above will not work correctly so put the following into a file
REM arpping.bat
ping -n 1 -l 1 %1.%2
arp -a %1.%2
You can then call the batch file as follows:
C:\> for /l %i in (1,1,254) do arpping 160.82.220 %i
In this case it would generate a list of all MAC to IP addresses for 160.82.220.1 to 160.82.220.254. Again you could put this all in a file, redirect to a file and then search, e.g.
REM test.bat
for /l %%i in (1,1,254) do arpping.bat 160.82.220
%%i
Notice you have to use two %%. You could run as
C:\> test.bat > file.txt
Then search listing.txt for (example) dynamic
C:\> findstr dynamic file.txt
160.82.220.1 00-00-0c-60-8b-41
dynamic
160.82.220.9 00-60-97-4b-bf-4c dynamic
160.82.220.13
00-10-4b-49-94-e1 dynamic
160.82.220.17 00-80-5f-d8-a4-8b
dynamic
160.82.220.22 00-a0-d1-02-a4-cf dynamic
160.82.220.25
00-60-08-75-0d-7a dynamic
160.82.220.26 00-10-4b-44-e4-73
dynamic
160.82.220.33 00-10-4b-44-d6-33 dynamic
160.82.220.34
00-10-4b-4e-67-6a dynamic
160.82.220.35 00-60-97-4b-c4-53
dynamic
160.82.220.39 00-10-4b-44-eb-ae dynamic
160.82.220.41
00-10-4b-49-7b-f7 dynamic
160.82.220.42 00-00-f8-21-7a-7f
dynamic
160.82.220.43 08-00-20-88-82-57 dynamic
160.82.220.221
00-80-5f-88-d0-55 dynamic
Q. How can I control the list of connections shown when mapping a network drive?
A. When you map a network drive (Explorer - Tools - Map network drive), if you click the down arrow on the path, a list of previous connections will be shown. These are stored on the registry and can be edited
Q. How do I grant users access to a network printer?
A. The same way as files have security information, so do printers, and you need to set which users can perform actions on each network printer
Q. How can I create a share on another machine over the network?
A. From a Windows NT Server machine a share can be created by opening Server Manager, highlight the target system, select Computer, Shared Directories, and click on New Share.
The Windows NT Resource kit comes with a utility called RMTSHARE.EXE and this can be used to create shares on other machines providing you have sufficient privilege. The basic syntax is as follows
rmtshare \\<computer name>\"<share name to be
created>"="<path>" /remark="<share description>"
e.g.
rmtshare \\savillmain\miscfiles=d:\files\misc /remark="General files"
You only need to use double quotes around the share to be created and the path if there are spaces in the share/file name, e.g. if the share was to be called misc files instead of miscfiles it would have to be in quotes, e.g.
rmtshare \\savillmain\"misc files"="d:\my files\misc" /remark="With space share"
There is also a wizard to share and administer your NT server c:\%systemroot%\system32\wizmgr.exe.
Remember share names cannot contain the " / \ [ ] : | < > + ; , ? * = characters.
Q. I get errors accessing a Windows NT FTP Server from a non Internet Explorer browser.
A. If you run the Microsoft FTP Server Service then you may find problems accessing an area other than the root from a non Internet Explorer browser. This is because most other FTP Servers use the UNIX type naming conventions and that is what browsers such as Netscape expect, however the Microsoft FTP service outputs using dos naming conventions. This can be resolved by forcing the FTP server service to use Unix conventions rather than dos
You will need to stop and start the FTP server service for this change to take effect (Start - Settings - Control Panel - Services - FTP Service - stop - start)
Q. How can I view which machines are acting as browse masters?
A. There are 2 utilities shipped with the NT resource kit (one GUI, on command line) which can be used to view current browse master status.
BROWMON.EXE - Select from the Diagnostics Resource Kit menu. The master browser will then be displayed for each domain. Double clicking on a machine will then list the other machines that are browsers and a subsequent double click on these machines will tell their status, e.g. backup browser.
BROWSTAT.EXE - Start a command session. There are a number
of commands that can be used, however to get a general view enter the
command
browstat status <domain name>
Browsing is
active on domain.
Master browser name is: PDC
Master browser is running
build 1381
2 backup servers retrieved from master
PDC
\\PDC
\\WORKSTATION
As can be seen the master browser name is shown, as are backup servers.
Q. Is there any way to improve the performance of my modem internet connection?
A. By default, NT will use a Maximum Transmission Unit (MTU) (packet size) over the path to a remote host of 576. Problems can arise if the data is sent over routes etc that cannot handle data of this size and the packets get fragmented.
The parameter EnablePMTUDiscovery set to 1 forces NT to discover the maximum MTU of all connections that are not on the local subnet. To change this perform the following:
By discovering the Path MTU and limiting TCP segments to this size, TCP can eliminate fragmentation at routers along the path that connect networks with different MTUs. Fragmentation adversely affects TCP throughput and network congestion.
Q. How can I remotely tell who is logged on at a machine?
A. The easiest way to do this is to use the NBTSTAT command. There are two ways to use this command depending on if you know the machines name or just its IP address. If you know the machines name enter the command
nbtstat -a <machine name>
e.g. nbtstat -a pdc
The output will be of the format:
NetBIOS Remote Machine Name Table
Name Type
Status
---------------------------------------------
PDC <00> UNIQUE
Registered
PDC <20> UNIQUE Registered
SAVILLTECH <00> GROUP
Registered
SAVILLTECH <1C> GROUP Registered
SAVILLTECH <1B>
UNIQUE Registered
SAVILLTECH <1E> GROUP Registered
PDC <03>
UNIQUE Registered
SAVILLJ <03> UNIQUE
Registered
SAVILLTECH <1D> UNIQUE Registered
INet~Services
<1C> GROUP Registered
..__MSBROWSE__.<01> GROUP
Registered
IS~PDC.........<00> UNIQUE Registered
MAC
Address=00-A0-24-B8-11-F3
The user name is the <03>.
If you only know the IP address use the command
nbtstat -A <IP address>
e.g. nbtstat -A
10.23.23.12
The output is the same and notice we just use a capital A instead of a lowercase a.
This will only work if the remote machine in question is running it's messenger service, otherwise the username is not returned.
Q. How do I remove a NT computer from a domain?
A. The first way would be to logon to the machine you wish to remove from the domain and start the Network Control Panel Applet (Start - Settings - Control Panel - Network or just right click on Network Neighborhood and select properties). Select the Identification tab and click Change. Just enter a different domain or workgroup, you will receive a notice welcoming you to the new domain/workgroup. The problem with this is the machine can still rejoin the domain as its account has not been removed from the domain.
To actually remove the computer account from the domain perform the following:
Alternatively you can remove a computer from the command line using the Resource Kit utility NETDOM
netdom /Domain:<domain> MEMBER <machine name>
/delete
e.g. netdom /Domain:savilltech MEMBER kevinpc /delete
You can use this command from any machine workstation or server as long as you are logged on as an administrator. When you enter the command it will find the PDC and delete, the output is as follows:
Searching PDC for domain SAVILLTECH ...
Found PDC \\PDC
Member
\\KEVINPC successfully deleted.
Q. How can I shutdown a number of machines without going to each machine?
A. I have a number of machines setup in my Lab and at the end of an entertaining evening of computing I don't want to have to goto each machine and shut them down so I wrote a small batch file that uses the shutdown.exe resource kit utility. Just enter the following into a file with a .bat extension:
rem Batch file to shutdown local machine and the PDC, BDC
shutdown
\\pdc /t:2 /y /c this shuts down a machine called PDC in 2 seconds,
repeat with other machine names
shutdown \\bdc /t:2 /y /c
this shuts down a machine called BDC in 2
seconds
shutdown /l /y /c /t:5 this line shuts down
the local machine in 5 seconds
You can then just right click the file in explorer and drag onto the desktop, release and select "Create shortcut". Clicking this icon will then shutdown all the machines in the file. On a NT Server these shutdowns are not graceful and the users will not be asked to save work if they are not logged on or the machine is locked. If they are logged on then they have the option of saving files (unless a force switch is used).
If you have installed a SP4 or SP5 on Win NT, remote shutdown command will shutdown machine immediately without stopping services (dirty shutdown event ID 6008)
Q. How can I close all network sessions/connections?
A. The command below will close all network sessions
net session /delete
Q. How can I connect to a server using different user accounts?
A. It is possible to specify a user account to use when connecting to a share using the /user switch, e.g.
C:\> net use k: \\server\share /user:domain\user
If you then attempt to connect to the server again with a different username an error will be given. A workaround is to connect to the server using its IP address rather than its NetBIOS name, e.g.
C:\> net use l: \\<ip address>\share /user:domain\user
Q. How do I set the comment for my machine that is displayed in Network Neighborhood?
A. There are 3 ways to set this, from the command line, edit the registry or via the GUI.
The easiest way is via the Server control panel applet
An alternative method is from the command prompt using the "net config" command.
C:\> net config server /srvcomment:"machine comment"
Note that even if you are performing this on a workstation machine you still use "net config server" as this is a configuration on the server service of the machine.
Both of the methods shown update a single registry value so this can also be edited directly.
This method only works once the Server Service has been restarted, however, both other methods work instantly. This is because the registry area is only read during startup of the service.
You can remotely change the comment of other machines by using the NT Server utility "Server Manager". Double click on a machine and you will then be presented with the same dialog box as with the Server control panel applet. This has the advantage of allowing the Administrator to set a common description format.
Q. How can I define multiple NetBIOS names for a machine?
A. This would be useful if, for instance, you wanted to migrate a number of shares to a different machine and rather than having to switch all clients to the new machine instantly you could define the new machine to also answer to the old machines NetBIOS name and then slowly migrate the machines. To define extra names for a machine perform the following:
There is bug when using multiple NetBIOS names on print servers, see 'Q. The additional NetBIOS name of my server does not work for print services.'
Q. How can I manage my NT domain over the net?
A. Microsoft have released "Web Administrator 2.0 for Microsoft Windows NT Server" which allows you to use to manager the following via the web
The additional software required has to be installed on a server (though it does not have to be a domain controller) with
Internet Information Server 4.0 is available as part of Option Pack 4 which can be obtained from http://www.microsoft.com/windows/downloads/contents/updates/nt40ptpk/default.asp or as part of MSDN. Option Pack 4 has its own requirement that Internet Explorer 4.0 be installed.
Once all the software is installed you can download the Web Admin tools from http://www.microsoft.com/ntserver/nts/downloads/management/NTSWebAdmin/default.asp
To begin the installation just execute the required executable and the installation wizard will begin.
Once the installation is complete you will be able to administer your domain by connecting to http://<the server name>/ntadmin/default.asp. For example if I had installed the software on titanic in the savilltech.com I would connect to http://titanic.savilltech.com/ntadmin/default.asp.
You will need Internet Explorer 4.0 or above to use the site and once connected you can perform a number of options. Below is an example of viewing/changing users.
 Single File Version_files/ntwebadmin.gif)
Q. How can I remotely manage services?
A. The Windows NT Resource kit has two utilities, SC.EXE and NETSVC.EXE, which allow remote services to be managed. The resource kit has help on both on these but we will only look at NETSVC.EXE.
To view the services on a remote machine use
C:\> netsvc /query \\<server name> /list
To see the current state of a service use
C:\> netsvc <service name> \\<server> /query
You can then modify the state of the service using the /start, /stop, /pause and /continue switches, e.g.
C:\> netsvc <service name> \\<server> /stop
A. Below is a summary of all the net.exe usage methods.
net accounts
Used to modify user accounts. Specified on its own will give information about the current logon.
Options:
| /forcelogoff:<minutes or no> | Minutes until the user gets logged off after logon hours expire. No means a forced logoff will not occur |
| /lockoutthreshold:<number of failed attempts> | This parameter allows you to configure the number of failed logon attempts before the account is locked. The range is 1 to 999. |
| /lockoutduration:<minutes> | This parameter specifies the number of minutes accounts remain locked before automatically becoming unlocked. The range is 1 to 99999. |
| /lockoutwindow:<minutes> | This parameter lets you configure the maximum number of minutes between two consecutive failed logon attempts before an account is locked. The range is 1 to 99999. |
| /minpwlen:<length> | Minimum number of characters for the password. Default is 6, valid range is between 0 and 14 |
| /maxpwage:<days> | Maximum number of days a password is valid. Default is 90, valid range is between 0 and 49710 |
| /minpwage:<days> | Number of days that must occur before the password can be changed. Default is 0, valid range is between 0 and maxpwage |
| /uniquepw:<number> | Password may not be reused for number attempts |
| /sync | Forces a domain sync |
| /domain | Performs any of the above actions on the domain controller |
net computer
Used to add and remove computer accounts from the domain.
Options:
| \\<computer name> | Name of the computer to be added or removed |
| /add | Add the specified computer |
| /del | Removes the specified computer |
net config server
Allows modifications to the server service. Entered with no parameters give details of the current configuration
Options:
| /autodisconnect:<minutes> | Number of minutes an account may be inactive before disconnection. Default is 15, valid range between 1 and 65535. -1 means never disconnected. |
| /srvcomment:"text" | Set the comment for the machine |
| /hidden:<yes or no> | Specified is the computer is hidden in the listing of computers |
net config workstation
Allows modifications to the workstation service. Entered with no parameters give details of the current configuration
Options:
| /charcount:<bytes> | Number of bytes to be collected before data is sent. The default is 16, valid range is between 0 and 65535. |
| /chartime:<msec> | Number of milliseconds NT waits before sending data. If charcount is also set whichever is satisfied first is used. Default is 250, valid range is between 0 and 65535000. |
| /charwait:<seconds> | Number of seconds NT waits for a communications device to become available. Default is 3600, valid is between 0 and 65535. |
net continue <service name>
Restarts the specified paused service.
net file
Lists any files that are open/locked via a network share.
Options:
| id | Identification of the file (given by entering net file on its own) |
| /close | Close the specified lock |
See Q. How can I tell who has which files open on a machine? for more details.
net group
Adds/modifies global groups on servers. Without parameters will list global groups.
Syntax:
net group <group name> [/command:"<text>"] [/domain]
net group
<group name> [/add [/comment:"<text>"] or /delete] [/domain]
net
group <group name> <user name> /add or /delete [/domain]
Options:
| groupname | Name of the global group |
| /comment:"<text>" | Comment if a new global group is created. Up to 48 characters |
| /domain | Performs the function on the primary domain controller |
| username | Username to which apply the operation |
| /add | Adds the specified user to the group or the group to the domain |
| /delete | Removes a group from a domain or a user from a group |
net localgroup
Performs actions on local groups. Same parameters as net group.
net name
Adds/removes a name to which messaging may be directed to. Running the command on its own will list all messaging names eligible on the machine.
Options:
| name | The messaging name to be added/removed |
| /add | Add the name |
| /delete | Remove the name |
net pause <service name>
Used to pause a service from the command line.
net print
Used to list/modify print jobs.
Options:
| \\computername | Indicates the computer that hosts the printer queue |
| sharename | Name of the printer queue |
| job | The job number to modify |
| /hold | Pauses a job on the print queue |
| /release | Removes the hold status of a job on the print queue |
| /delete | Deletes a job off of the print queue |
net send
Sends a message to a computer, user or messaging name.
Options:
| name | Name of the user, computer or messaging name. Can also use * to send to everyone in the group |
| /domain:<domain name> | All users in the current domain or the specified domain |
| /users | To all users connected to the server |
| message | The message to send |
net session
Lists or disconnects sessions. Used with no options lists the current sessions.
Options:
| \\<computer name> | The computer of whose session to close |
| /delete | Closes the session to the computer specified. Omitting a computer name will close all sessions |
net share
Used to manage shares from the command line.
Syntax:
net share <sharename>=<drive>:\<directory>
[/users=<number> or /unlimited] [/remark:"text"]
net share
<sharename> [/users=<number> or /unlimited] [/remark:"text"]
net
share <sharename or device name or drive and path> /delete
Options:
| <sharename> | Name of the share |
| <device name> | Used to specify the printer name if specifying a printer share |
| <drive>:<path> | Absolute path |
| /users:<number> | Number of simultaneous connections to the share |
| /unlimited | Unlimited usage |
| /remark:"<text>" | Comment for the share |
| /delete | Delete the specifed share |
net start <service name>
Start the specified service
net statistics [workstation or service]
Gives information about either the server or workstation service.
net stop <service name>
Stops the specified service
net time
Used to synchronize the time of a computer.
Options:
| \\<computer name> | The name of the computer to which synchronize the time |
| /domain:<domain> | Synchronize the time with the specified domain |
| /set | Sets the time |
net use
Connects or disconnects to a network share. Used with no qualifiers lists the current network mappings.
Syntax:
net use <device name> or * \\<computer name>\<share name>
[password or *] [/user:[domain\user] /delete or [persistent:[yes or no]]
net
use <device name> /home /delete or /persistent:[yes or no]
Options:
| <device name> | Name of the device to map to. Use * to use the next available device name |
| \\computer name | The name of the computer controlling the resource |
| \sharename | Name of the share |
| \volume | Name of the volume if on a NetWare server |
| password | Password to which to map |
| * | Gives a prompt to which to enter the password |
| /user:<domain>\<user> | Specifies the user to connect as |
| /home | Connects to a users home directory |
| /delete | Closes a connection |
| /persistent:[yes or no> | Sets if the connection should be reconnected at next logon |
net user
Used to add/create/modify user accounts
Syntax:
net user <username> [password or *] [/add] [options] [/domain]
net
user <username] /delete /domain
| username | The name of the account |
| password | Assigns or changes a password |
| * | Gives a prompt for the password |
| /domain | perform on a domain |
| /add | Creates the account |
| /delete | Removes the account |
| /active:[yes or no] | Activates or deactivates the account |
| /comment:"<text>" | Adds a descriptive comment |
| /counterycode.nnn | nnn is the number operating system code. Use 0 for the operating systems default |
| /expires:<date or never> | The expiry date of the account. Date format is mm,dd,yy or dd,mm,yy which is determined by the country code |
| /fullname:"<name>" | The full name of the account |
| /homedir:<path> | Path for the users home directory |
| /passwordchg:[yes or no] | Used to specify if the user can modify the password |
| /passwordreq:[yes or no] | Used to determine if the account needs a password |
| /profilepath:<path> | Used to specify the profile path |
| /scriptpath:<path> | Path of the logon script |
| /times:<times or all> | Hours user may logon |
| /usercomment:"<text>" | A comment for the account |
| /workstations:<machine names> | Names the user may logon to. * means all. |
net view
Lists shared resources on a domain. Used with no parameters lists all machine accounts in a domain.
Options:
| \\computer name | Specifies the computer whose resource should be viewed |
| /domain:<domain name> | The domain to be used |
| /network:<NetWare network> | A NetWare network to be used |
Q. How can I make net.exe use the next available drive letter?
A. The normal syntax to map a network drive is
C:\> net use <drive letter>: \\<server>\<share>
however this can be modified to
C:\> net use * \\<server>\<share>
which will make the net use command utilize the next available drive letter.
Q. How can I check if servers can communicate via RPC's?
A. Exchange ships with RPINGS.EXE and RPINGC32.EXE which can be used to test RPC communication between two servers. These programs are located in the SERVER\SUPPORT\RPCPING directory of the Exchange CD. Test as follows:
The connection will then be checked. Once complete close the RPINGC32.EXE utility by clicking Exit and on the target machine enter the sequence '@q'.
Below is an example of a successful test.
 Single File Version_files/rpcping.gif)
Q. How can I reduce the delay when using multiple redirectors?
A. The MUP (Multiple UNC Provider) first establishes whether Distributed File System (Dfs) is in use and passes the request to DFS.
The delays come from two locations:
Depending on the number of redirectors, protocols, and timer configurations for connectivity, these delays can exceed 13 seconds for each initial connection.
Service Pack 4 for Windows NT 4.0 has introduced an updated MUP.SYS giving better performance and a new registry entry which may speed up the initial connect to non-Windows UNC resources, DisableDFS. Perform the following change on each client:
Setting the DisableDFS value to 0 or deleting will set the machine back to its old behaviour.
If you have the Novell IntranetWare client also installed you must also perform the following before rebooting:
Knowledge base article Q171386 at http://support.microsoft.com/support/kb/articles/q171/3/86.asp has more information on this.
Q. How can a DOS machine connect to an NT domain?
A. Microsoft provide software to enable a DOS machine to participate on a network using a variety of protocols and to connect to a Windows NT domain.
NT Server ships with the "Network Client Administrator" which allows the creation of an installation disk set or a disk to allow Network based installation of a variety of clients, including a network client for DOS.
'Q. How do I install NT over the network?' has an example of creating a network installation disk, instead we will concentrate on creating an installation disk set.
To install on a DOS machine you perform the following:
When the machine reboots it will load all the network and protocol drivers and then attempt to logon to the network by issuing the
net start
command. You will then be asked for a username and password:
Type your user name, or press ENTER if it is ADMINISTRATOR:
Type your
password:
You will be asked if you want to create a password file. If you select yes then you will no longer be asked for a password at start-up time, like an auto-logon but be aware it means anyone accessing your computer can logon as you.
Q. Where are Windows 2000 network connections stored in the registry?
A. The Windows 2000 connections consist of entries of not only remote connections such as to your ISP, but also your Local Area Connection and these are contained under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\GUID\Connection registry key which GUID is the Globally Unique IDentifier of the connection.
Its just interesting to know as if you have a stray connection which gets corrupted maybe as you remove the network card you can manually remove by editing the registry.
Q. How do I install the loopback adapter in Windows 2000?
A. The loopback adapter is useful for those machines with no network card but would like to experiment with installing network protocols and other network related items. Obviously since there is no physical network connection you cannot talk to other machines.
You should then configure the device with an IP address etc. If you select DHCP it will use an address 169.254.x.x/16 (subnet mask 255.255.0.0) as no DHCP server can be contacted due to the lack of network connectivity.
Q. How can I turn off/on connection ghosting?
A. Windows uses Ghosted connections for when a user doesn’t need or want an actual connection until there is a need for the connection to be utilized. Once the user uses the connection, Windows NT/2000 will make the necessary connection. In some instances, this technique can cause problems; for example, there will be a delay the first time that an inactive, ghosted connection is used.
To turn off the ghosting and eliminate the initial delay when connecting perform the following:
Q. What is the Active Directory?
A. The Active Directory is Microsoft's implementation of a 'Directory Service' and a directory service is basically something that stores data in an organized format and has the mechanisms needed to publish and access the data.
Active Directory is not a Microsoft innovation, but rather an implementation of an existing model (X.500), an existing communication mechanism (LDAP) and an existing location technology (DNS), and each of these are covered in the FAQ.
Before the details of Active Directory are considered, it is important to have an overview of what it is trying to achieve. A directory in its most basic sense is just a container for other information, such as a telephone directory has various entries, and each entry has values. An example would be a name, address and telephone number that would make up a single entry in the directory.
Name: John Savill
Address: 2 SavTech Way, (yeah right
:-))
London
Tel: 353 3523
E-mail: john@serverfaq.com
In a large directory these entries may be grouped by location or by their type, e.g. lawyers, pest control, etc, or both which would lead to a hierarchy of each type of person in each location. The actual telephone directory would be a directory service as it contains not only the data but also a means to access and use it. The telephone operator would also constitute a directory service as it has access to the data and presents it to you where you can request data and an answer to your query is given.
Active Directory is a type of Directory Service, it holds information about all resources on the network and clients can query the Active Directory for information about any aspect of the network. Active Directory has a number of powerful features:
The last point regarding partitioning the information in the Directory into different stores does not mean that the Active Directory cannot be queried for information from other domains. Global catalogs are used which contain information about every object in the enterprise forest allowing forest wide searches.
Q. A number of Active Directory descriptions.
A. Below are some definitions for the active directory:
ONE SENTENCE SUMMARY OF DNS AND ACTIVE DIRECTORY:
A dns server is used by a client to provide the address of the client's nearest domain controller, which has a copy of Active Directory, which the client then uses to locate whatever object it's looking for.
ONE PARAGRAPH SUMMARY OF DNS AND ACTIVE DIRECTORY:
First a client contacts a dns (domain name system) server which looks up the client's domain, and provides him with the address of the closest dc in that domain. The client proceeds to contact the dc which can then authenticate him. Once authenticated, the client can search Active Directory (a database on the dc) to find objects the client is looking for, like an address for mail, a file, printer, or list of users in a group, etc. If the client cannot contact a dns server, it won't be able to find its domain controller, since only the dns server has the address of it.
ONE PAGE SUMMARY OF DNS AND ACTIVE DIRECTORY:
When dcpromo is performed on a W2K machine named, say, "fido" for the first time creating a new domain, say, "narnia", dcpromo creates two different kinds of "domains". First it creates a domain on the dns server, in our example: "narnia.extest.microsoft.com". This will be found on the extest dns servers, which are in exlab's minilab in bldg 43. Exlab maintains these as community dns servers to save testers the trouble of installing a dns server every time they want to install W2K. Simplified a little, the dns domain on the extest master dns servers looks like this:
extest.microsoft.com
narnia.extest.microsoft.com
bigthud
dc 172.30.224.34
blackie dc
172.20.32.13
etc. (this is
very approximate, but functionally identical)
Clients contact the dns server and it looks up the client's domain. Looking for "narnia" the dns server also discovers "bigthud" and "blackie", both dc's of "narnia". Let's say "bigthud" is the closest dc to the client. The dns server would send the client the address of the dc "bigthud", namely, 172.30.224.34. The client connects and accesses the Active Directory domain database stored on "bigthud" to find objects (like printers, file servers, users, groups, organizational units, etc) in the "narnia" domain. "bigthud" also stores links to other domains in the tree "com". Thus, the client can search a whole tree of domains.
If the search needs to go beyond the client's tree of domains, then a version of Active Directory listing the objects in the whole forest is also available. It is called the Global Catalog. The GC can be kept on any dcs in the forest you may choose, or all, but it does not have to be kept on all.
GC is a shorthand way to access an object ANYWHERE in the forest, but it only provides a few of its attributes, you have to go to the domain AD (always on a dc in that domain) to get the whole object. The GC can be configured to provide whatever object attributes you choose, too, not just a rigid default set of them.
To help in creating objects in AD, the dc also keeps a copy of the classes and hierarchy of classes for the whole forest, too. For example, if we had a class of "baseball players", and a derived class "pitchers" (which is just a player with a few records added of strikeouts and no-hitters, etc) then the class structure would be kept in AD in the part called the "Schema". If we then created an actual group of players we would use our Schema classes to make the players as objects (instances of the classes) in Active Directory. We can also add more classes, eg: "football players" and "quarterbacks" to the Schema, and we call that freedom an "extensible Schema".
The schema is a part of the W2K "configuration namespace" kept on all dcs in a forest. A namespace is a range of labels you put on things, eg: a supermarket "aisle" namespace: aisle=cookies, shelf=top, item=oreo. The configuration namespace in W2K consists of a number of defined items such as physical locations, W2k "sites" (a site is a child of a forest, and can contain machines from any domain, only condition being that all machines in a site have fast reliable net connections for dc replication), and "subnets" which are IP address groupings assigned to sites which help further speed up AD replication amongst dc's, eg: "your dc rocks if it's in the IP subnet and W2K site where its friends are".
Active Directory employs LDAP (Lightweight Directory Access Protocol, a standard Internet protocol that many applications use) to access its records. Why? Because its records are STORED on the dc in "LDAP distinguished name format". But what is LDAP distinguished name format? In the following LDAP distinguished name format example "fred" is a user in the "programming" organizational unit in "narnia" domain in "extest" domain in "microsoft" domain in "com" domain:
cn=fred,ou=programming,dc=narnia,dc=extest,dc=microsoft,dc=com
where cn stands for common name, ou stands for organizational unit, and dc in this case stands for "domain component", NOT domain controller. This is how "fred" appears in Active Directory, and a client such as an administrator can access attributes about fred using that syntax, assuming the client has security permissions to do so.
The client's actions are straightforward, as long as the client talks LDAP to Active Directory. However, an action may be done from a client running an application that uses a different name format. To support this, there are two other name formats that can be used (with a little translating) to access Active Directory:
1. "LDAP
URL":
Example:
LDAP://server1.narnia.extest.microsoft.com/cn=fred,ou=programming,dc=narni
a,dc=extest,dc=microsoft,dc=com.
2. "Active Directory Canonical
name":
Example:
narnia.extest.microsoft.com/programming/fred. This last
one, "Active Directory Canonical name" is what you'll see in user interfaces in
W2K.
A. X.500 is the most common protocol that is used for Directory Management and there are currently 2 main standards, the 1988 and 1993 standards with the 1993 standard providing a number of advances over the older standard. The Windows NT 5.0 implementation of its Directory Services is derived from the 1993 X.500 standard as described below.
The X.500 model uses a hierarchical approach to the objects in the name space with a root at the top of the namespace with children coming off of it. Domains in Windows 2000 are DNS names, for example savilltech.com is a domain name, legal.savilltech.com is a child domain of savilltech.com. Child domains are covered elsewhere.
 Single File Version_files/x500.gif)
The example shows a root of the directory service and then a number of children. In this case the first layer or children represent countries, however there are no rules and you may break these down however you want. Imagine each country as a child domain of the root, for example usa.root.com and england.root.com. Each child domain can then be broken into a number of organizations. These organizations can be broken down further into organizational units and various privileges/policies can be applied to each Organization unit. Each Organizational Unit has a number of objects such as users, computers, groups etc.
While the directory service is based on X.500, the access mechanism actually uses LDAP (Lightweight Directory Access Protocol) which solves a number of problems with X.500.
X.500 is part of the OSI model however this does not translate well into a TCP/IP protocol environment so LDAP uses TCP/IP for its communication medium. LDAP cuts down on the functions available with a full X.500 implementation making a leaner faster directory service while keeping the overall structure of X.500.
LDAP is actually the mechanism used to communicate with the Active Directory and performs basic read, write, and modify operations.
More on X.500 can be found at http://www.salford.ac.uk/its024/X500.htm
Q. What is the Global Catalog?
A. The Global Catalog contains an entry for every object in the enterprise forest (the term forest is explained later) but contains only a few properties of each object. The entire forest shares a global catalog with multiple servers holding copies. Searches in the whole enterprise forest can only be done on the properties in the Catalog where as searches in the users own domain tree can be for any property. Only Directory Services (or Domain Controllers) can be configured to hold a copy of the Global Catalog.
Do not configure too many global catalogs in each domain, as you will waste network bandwidth with the replication. One global catalog server per domain in each physical location is sufficient, however NT will set servers as Global Catalogs as it thinks are necessary so there should be no need for you to modify this unless you notice slow query response times.
Since full searches involve querying the whole domain tree rather that the global catalog, grouping the enterprise into a single tree will improve your searches as it will allow you to query on items not in the global catalog, thus a larger search criteria.
Q. How do I configure a server as a Global Catalog?
A. To configure a Windows 2000 domain controller as a global catalog server perform the following:
 Single File Version_files/globalcat.gif)
A. The Schema is a blueprint of all objects in the domain and when first created a default Schema exists which contains definitions for users, computers, domains etc. Because of this, you can only have one schema per domain as you cannot have multiple definitions of the same object.
The default schema definition is defined in the SCHEMA.INI file that also contains the initial structure for the NTDS.DIT (storage for the Directory data). This file is located in the %systemroot%\ntds directory. This file is a plain ASCII format file and can be typed out.
A. In Windows 2000 one domain can be a child of another domain, e.g. child.domain.com is a child of domain.com (a child domain always has the complete domain name of the parent in it), and a child domain and its parent share a two way transitive trust.
When you have a domain as a child of another, a domain tree is formed. A domain tree has to have a contiguous name space.
 Single File Version_files/tree.gif)
Notice in the second diagram the lack of contiguous names
means they are not part of the tree
The name of the tree is the root domain name, so in the example the tree would be referred to as root.com. Since the domains are DNS names and inherit the parent part of the name, if a part of the tree is renamed, then all of its children will implicitly also be renamed, for example if parent ntfaq.com of sales.ntfaq.com was renamed to backoffice.com the child would be renamed to sales.backoffice.com. This is not actually currently possible though.
Domain trees can currently only be created during the server to Domain Controller promotion process with DCPROMO.EXE, this may change in the future.
There are a number of advantages in placing domains in a tree. The first and most useful is that all members of a tree have kerberos transitive trusts with its parent and all its children. These transitive trusts also mean that any user or group in a domain tree can be granted access to any object in the entire tree. This also means that a single network logon can be used at any workstation in the domain tree.
A. You may have a number of separate domain trees in your organization that you would like to share resources and this can be accomplished by joining trees to form a forest.
A forest is a collection of trees that do not have to form a contiguous name space (however each tree still has to be contiguous). This may be useful if your company has multiple root dns addresses.
 Single File Version_files/forest.gif)
As can be seen from the example, the two root domains are joined via a transitive, two-way Kerberos trusts as in the trust created between a child and its parent. Forests always contain the entire domain tree of each domain and it is not possible to create a forest containing only parts of a domain tree.
Forests are created during the server to Domain Controller promotion process with DCPROMO and can currently not be created at any other time, this will change in the next version.
You are not limited to only 2 domain trees in a forest, you can add as many trees as you want and all domains within the forest will be able to grant access to objects for any user within the forest. Again this cuts back on having to manually manage the trust relationships. The effect of creating a forest is the following:
You may of course choose not to join trees to become a forest and may instead create normal trusts between individual elements of the tree's.
A. Windows NT 4.0 trust relationships are not transitive so if domain2 trusts domain1, and domain3 trusts domain2, domain3 does not trust domain1.
 Single File Version_files/transtrust.gif)
This is not the case with the trust relationships used to connect members of a tree/forest in Windows 2000, trust relationships used in a tree are two-way, transitive Kerberos trusts which means any domain in a tree implicitly trusts every other domain in the tree/forest. This removes the need for time-consuming administration of the trusts as they are created automatically when a domain joins a tree.
Kerberos is the primary security protocol for Windows NT. Kerberos verifies both the identity of the user and the integrity of the session data. The Kerberos services are installed on each domain controller, and a Kerberos client is installed on each Windows NT workstation and server. A user's initial Kerberos authentication provides the user a single logon to enterprise resources. Kerberos is not a Microsoft protocol and is based on version 5.0 of Kerberos. For more information see IETF RFCs (Requests For Comments) 1510 and 1964. These documents are available on the web from http://www.isi.edu/rfc-editor/rfc.html.
Q. How do I create a new Active Directory Site?
A. Active Directory has the concept of sites which can be used to group servers into containers which mirror the physical topology of your network, and allow you to configure replication between domain controllers (among other things). A number of TCP/IP subnets can also be mapped to sites which the allow new servers to automatically join the correct site depending on their IP address and for clients to easily find a domain controller closest to them.
When you create the first domain controller a default site, Default-First-Site-Name is created to which the domain controller is assigned. Subsequent domain controllers are also added to this site however they can then be moved. This site can be renamed if you wish.
Sites are administered and created using the "Active Directory Sites and Services Manager" MMC snap-in. To create a new site perform the following:
Now the site is created you can assign various IP subnets to it as follows:
 Single File Version_files/newsubnet.gif)
 Single File Version_files/newsubnet2.gif)
You now have a subnet linked to a site. You can assign multiple subnets to a site if you wish.
If you are confused about the bits masked in the subnet name it can be between 22 and 32 and is just the number of bits set in the subnet mask. The subnet mask is made up of 4 sets of 8 bits. To convert the subnet mask to bits you can use the illustration below.
 Single File Version_files/subnetmask.gif)
Therefore the subnet mask 255.255.255.0 would be 11111111.11111111.11111111.00000000 in binary which therefore uses 8+8+8 bits (24) to define the subnet mask. A subnet mask of 255.255.252.0 would be 11111111.11111111.11111100.00000000 which is 8+8+6 or 22.
Q. How do I move a server to a different site?
A. If your sites and subnets are configured then new servers will automatically get added to the site that owns the subnet however you can also manually move a server to a different site:
 Single File Version_files/moveserver.gif)
The move will take immediate effect.
Q. How can a server belong to more than one site?
A. By default a server will belong to one site however you may want to configure a server to belong to multiple sites.
Bear in mind sites are used for replication, for clients to find resources and to cut down on traffic on inter-site connections so just modifying the site membership may cause performance problems.
To configure a server to have multiple site membership perform the following:
The above does not create the objects in the Active Directory to evaluate the sites and these need to be added manually.
Q. How can I backup the Active Directory/System State?
A. The Active Directory is backed up using the NTBACKUP.EXE utility. The Active Directory is part of the machines System State which is defined as follows:
For all Windows 2000 machines the System State includes the registry, class registration database and the system boot files. For a Windows 2000 Server that is a certificate server it also contains the Certificate Services database. Finally for a Windows 2000 machine that is a domain controller it includes the Active Directory and the SYSVOL directory also.
To backup the System State using the Backup Wizard perform the following:
If you don't want to use the wizard it can be manually backed up as follows:
 Single File Version_files/actbackup.gif)
To backup only the System State from the command line use the command
C:\> ntbackup backup systemstate /f d:\active.bkf
Of course this is the most basic backup to file and you can use more complex options.
Q. How can I restore the Active Directory?
A. The Active Directory cannot be restored to a domain controller while the Directory Service is running so to restore perform the following:
The computer will boot into a special safe mode and will not start the Directory Service. Be warned that during this time the machine will not act as a domain controller and will perform not perform authentication etc.
Once you have restored the backup reboot the computer and start in normal mode to start using the restored information. You may find a hang after the restore has completed and I found a 30 minute wait on some machines.
Q. What are the FSMO roles in Windows 2000?
A. In Windows 2000 all domain controllers are equal and through a process known as multi-master replication changes are replicated to all domain controllers in the domain. However in keeping with George Orwell's Animal Farm some Domain Controllers are more equal than others.
Multi-master replication resolves conflicts however in some situations it is better to stop the conflict before it happens and to this end there are five difference Flexible Single Master of Operations (FSMO) roles (formally known as Floating Single Master of Operations as the roles were originally going to be dynamically changeable) each managing an aspect of the domain/forest. These roles can be moved between domain controllers but not dynamically, they must be manually moved in the same manner as a BDC has to be manually promoted to a PDC.
There are two types of roles, some are per domain, some are per forest. Only a domain controller in the domain can hold a domain specific FSMO role, any domain controller in the forest can hold a forest FSMO role. Domain controllers cannot hold FSMO roles in other domains/forests.
These roles are assigned in different GUI ways or using the NTDSUTIL utility.
The five roles are defined below:
| Role name | Description | Per domain/forest |
| Schema master | At the heart of the Active Directory is the schema which is like the blueprint of all objects/containers. Since the schema has to be the same throughout the entire forest only one machine can authorize modifications to the schema. | One per forest |
| Domain naming master | To add a domain to the forest its name has to be verifiably unique and so the Domain naming master FSMO's of the forest is contacted to authorize the domain name operation. | One per forest |
| RID master | Any domain controller can create new objects
(such as a user, group, computer account) however after creating 512 user
objects the domain controller must contact the domains RID master for
another 512 RID's (it actually contacts when it has less than 100 RID's
left, this means the RID master can be unavailable for short periods of
time without causing object creation problems). This is to ensure each
object has a unique RID. When a DC creates a security principal object it attaches a unique SID to the object. The SID is created using the domain SID and a relative ID (the RID). The RID master has to be available when attempting to move objects between domains with the resource kit movetree utility. |
One per domain |
| PDC emulator | For backwards compatibility reasons one domain controller in each 2000 domain must emulate a PDC for the benefit of 4.0 and 3.5 domain controllers and clients. | One per domain |
| Infrastructure master | When a user and group are in different domains there can be a lag between changes to the user (e.g. name) and its display in the group. The infrastructure master of the groups domain is responsible for fixing up the group-to-user reference to reflect the rename. The infrastructure master performs is fixups locally and relies upon replication to bring all other replicas of the domain up to date. | One per domain |
Q. How can I change the RID master FSMO?
A. The RID master is defined here.
To modify the role perform the following:
 Single File Version_files/changedc.gif)
 Single File Version_files/ridmaster.gif)
This can also be accomplished using the NTDSUTIL.EXE utility. Enter the commands it bold
C:\> ntdsutil
ntdsutil: roles
fsmo maintenance:
connections
server connections: connect to server <server
name>
server connections: quit
fsmo maintenance: transfer
rid master
Click Yes to the role transfer dialog
Server "titanic" knows about 5 roles Schema - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=savilltech,DC=com Domain - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=savilltech,DC=com PDC - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=savilltech,DC=com RID - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=savilltech,DC=com Infrastructure - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Na
me,CN=Sites,CN=Configuration,DC=savilltech,DC=com
fsmo maintenance:
quit
ntdsutil: quit
Q. How can I change the PDC emulator FSMO?
A. The PDC emulator is defined here.
To modify the role perform the following:
 Single File Version_files/pdcemulator.gif)
This can also be accomplished using the NTDSUTIL.EXE utility. Enter the commands it bold
C:\> ntdsutil
ntdsutil: roles
fsmo maintenance:
connections
server connections: connect to server <server
name>
server connections: quit
fsmo maintenance: transfer
pdc
Click Yes to the role transfer dialog
Server "titanic" knows about 5 roles Schema - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=savilltech,DC=com Domain - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=savilltech,DC=com PDC - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=savilltech,DC=com RID - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=savilltech,DC=com Infrastructure - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Na
me,CN=Sites,CN=Configuration,DC=savilltech,DC=com
fsmo maintenance:
quit
ntdsutil: quit
Q. How can I change the Infrastructure master FSMO?
A. The Infrastructure master is defined here.
To modify the role perform the following:
 Single File Version_files/infrastruct.gif)
This can also be accomplished using the NTDSUTIL.EXE utility. Enter the commands it bold
C:\> ntdsutil
ntdsutil: roles
fsmo maintenance:
connections
server connections: connect to server <server
name>
server connections: quit
fsmo maintenance: transfer
infrastructure master
Click Yes to the role transfer dialog
Server "titanic" knows about 5 roles Schema - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=savilltech,DC=com Domain - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=savilltech,DC=com PDC - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=savilltech,DC=com RID - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=savilltech,DC=com Infrastructure - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Na
me,CN=Sites,CN=Configuration,DC=savilltech,DC=com
fsmo maintenance:
quit
ntdsutil: quit
Q. How can I change the Domain naming master FSMO?
A. The Domain naming master is defined here.
To modify the role perform the following however make sure the machine is a global catalog:
 Single File Version_files/changedc2.gif)
 Single File Version_files/operman.gif)
This can also be accomplished using the NTDSUTIL.EXE utility. Enter the commands it bold
C:\> ntdsutil
ntdsutil: roles
fsmo maintenance:
connections
server connections: connect to server <server
name>
server connections: quit
fsmo maintenance: transfer
domain naming master
Click Yes to the role transfer dialog
Server "titanic" knows about 5 roles Schema - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=savilltech,DC=com Domain - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=savilltech,DC=com PDC - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=savilltech,DC=com RID - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=savilltech,DC=com Infrastructure - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Na
me,CN=Sites,CN=Configuration,DC=savilltech,DC=com
fsmo maintenance:
quit
ntdsutil: quit
Q. How can I change the Schema master FSMO?
A. The Schema master is defined here.
To modify the role perform you must use the 'Active Directory Schema Manager' and you must first register the .dll for the MMC snap-in
C:\> regsvr32 schmmgmt.dll
You can now start the Schema Manager via the Resource Kit Tools console or by creating a custom MMC and add the Active Directory Schema snap-in to it (Start - Run - MMC - Console menu - Add/Remove Snap-in - Add - Active Directory Schema - Add - Close - OK)
 Single File Version_files/schemamaster.gif)
To modify the role from the command line enter the commands in bold
C:\> ntdsutil
ntdsutil: roles
fsmo maintenance:
connections
server connections: connect to server <server
name>
server connections: quit
fsmo maintenance: transfer
schema master
Click Yes to the role transfer dialog
Server "titanic" knows about 5 roles Schema - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=savilltech,DC=com Domain - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=savilltech,DC=com PDC - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=savilltech,DC=com RID - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=savilltech,DC=com Infrastructure - CN=NTDS
Settings,CN=TITANIC,CN=Servers,CN=Default-First-Site-Na
me,CN=Sites,CN=Configuration,DC=savilltech,DC=com
fsmo maintenance:
quit
ntdsutil: quit
Q. What is Multi-master replication?
A. In a Windows 2000 domain, all domain controllers are equal which means changes can be made on ANY domain controller and each servers complete domain directory has to be kept up-to-date with each other through a process of multi-master replication.
Each time a change is made to the Active Directory the servers Update Sequence Number, or USN, where the change is implemented is incremented by one and this USN is also stored along with the change to the property of the object modified. These changes have to be replicated to all domain controllers in the domain and the Update Sequence Number provides the key to the multi-master replication.
Update Sequence Number increments are atomic in operation which means that the increment to the USN and the actual change occurs simultaneously, if one part fails the whole change fails which means its not possible for a change to be made without the USN to be incremented, which means changes will never be "lost". Each domain controller keeps track of the highest USN's of the other domain controllers that it replicates with so it can calculate which changes it needs to be replicated on each replication cycle.
At the start of the replication cycle each server checks its Update Sequence Number table and then queries the domain controllers it replicates with for their latest USN's. For example the table below represents the USN table for server A
| DC B | DC C | DC D |
| 54 | 23 | 53 |
Server A then queries the domain controllers for their current USN's and gets the following:
| DC B | DC C | DC D |
| 58 | 23 | 64 |
From this server A can calculate the changes it needs from each server:
| DC B | DC C | DC D |
| 55,56,57,58 | Up-to-date | 54-64 |
It would then query each server for the changes needed.
It is possible for multiple changes to the same property of an object to occur, and collisions are detected via a Property Version Number (PVN) which every property has. These work like the USN's and each time a property is modified, the PVN is incremented by one.
In the event of a modification to the same property of the same object then the change with the highest PVN takes precedence, and if the PVN's are the same for a property update then a collision has occurred. If the PVN's match then the time stamp is used to resolve any conflicts. Each change is time stamped and this highlights the need for the domain controllers time to be accurate with one-an-other. In the highly unlikely event that the PVN's match AND the time stamp is the same then a binary buffer comparison is carried out with the larger buffer size change taking precedence. Property Version Numbers are only incremented on original writes and not on replication writes (unlike USN's) and are not server specific but rather travels with the property.
A propagation-dampening scheme is also use to stop changes being repeatedly sent to other servers which already have the change and to this end each server keeps a table of up-to-date vectors which are the highest originating writes that are received from each controller and take the form of:
<the change>,<domain controller making the original change>,<USN of the change>
For example
<object savillj, property Password xxx>,Titanic,54
Domain controllers then also send this information with the USN's so they can calculate if they already have the change the other domain controllers are trying to replicate.
Q. How can I move objects within my Forest?
A. The Windows 2000 Resource Kit ships with the MOVETREE.EXE utility which can be used to move organization units, users or computers between domains in a single forest. This is useful for the consolidation of domains or to reflect organization restructuring.
Certain objects cannot be moved with MOVETREE such as Local and Domain Global groups and if the container they are in is moved these objects will be placed in an "orphan" container in the "LostAndFound" container in the source domain.
Associated data is not moved with MOVETREE such as policies, profiles, logon scripts and personal data. To accomplish the movement of these items you should write custom scripts using the 'Remote Administration Scripts'.
The syntax of MOVETREE is
MoveTree [/start | /continue | /check] [/s SrcDSA] [/d DstDSA] [/sdn SrcDN] [/ddn DstDN] [/u Domain\Username] [/p Password] [/quiet]
| /start | Start a move tree operation with /check option by default. Instead, you could be able to use /startnocheck to start a move tree operation without any check. |
| /continue | Continue a failed move tree operation. |
| /check | Check the whole tree before actually move any object. |
| /s <SrcDSA> | Source server's fully qualified primary DNS name. Required |
| /d <DstDSA> | Destination server's fully qualified primary DNS name. Required |
| /sdn <SrcDN> | Source sub-tree's root DN. Required in Start and Check case. Optional in Continue case |
| /ddn <DstDN> | Destination sub-tree's root DN. RDN plus Destinaton Parent DN. Required |
| /u <Domain\UserName> | Domain Name and User Account Name. Optional |
| /p <Password> | Password. Optional |
| /quiet | Quiet Mode. Without Any Screen Output. Optional |
You should first run in /check mode as this will perform a test without actually performing the move. Any errors will be displayed and also written to the file movetree.err in your current directory. If the test is OK run with the /start option.
An example use would be
C:\> movetree /check /s titanic.market.savilltech.com /d pluto.legal.savilltech.com /sdn OU=testing,DC=Market,DC=Savilltech,DC=COM /ddn OU=test2,DC=Legal,DC=Savilltech,DC=COM
This would move the OU testing from domain market.savilltech.com to test2 in domain legal.savilltech.com.
Q. How do I allow modifications to the Schema?
A. The Schema is extensible which means it can be changed but modifying the Schema is a dangerous task as it will affect the entire domain Forest (since a forest shares a common schema) and someone at Microsoft once said the following:
"If you find you have to change the schema find another way. If you still have to, look again. If after all that you find you still need to change the schema you better make sure your managers are fully aware of the implications"
That being said to allow modifications there are two ways.
If you want to use the GUI first register the .dll for the MMC snap-in (if you haven't all ready)
C:\> regsvr32 schmmgmt.dll
You can now start the Schema Manager via the Resource Kit Tools console or by creating a custom MMC and add the Active Directory Schema snap-in to it (Start - Run - MMC - Console menu - Add/Remove Snap-in - Add - Active Directory Schema - Add - Close - OK)
 Single File Version_files/schemamod.gif)
This can also be accomplished by directly editing the registry
Other related FAQ items:
Q. What are Tombstone objects?
A. Because of the complex replication available in Windows 2000 and the Active Directory just deleting an object would result in it potentially being recreated at the next replication interval and so deleted objects are 'Tombstoned' instead. This basically marks them as deleted and applies to all objects.
Objects marked as tombstoned are actually deleted 60 days after their original tombstone status setting, however this time can be changed by modifying tombstonelifetime under cd=DirectoryServices,cn=WindowsNT,cn=Services,cn=Configuration,dc=DomainName however it is not advised.
Q. How do I switch my 2000 domain to native mode?
A. Windows 2000 domains have two modes, mixed and native. Mixed mode domains allow Windows NT 4.0 Backup Domain Controllers to participate in a Windows 2000 domain.
In native mode only 2000 based domain controllers can participate in the domain and 4.0 based Backup Domain Controllers will no longer be able to act as domain controllers. Also the switch to native mode allows use of the new "Universal" groups which unlike global groups can be nested inside each other. Older NetBIOS based clients will still be able to logon using the NetBIOS domain name even in native mode.
To perform the switch perform the following:
 Single File Version_files/changemode.gif)
 Single File Version_files/nativesuc.gif)
You will need to check all other domain controllers in the domain and when the domain operation mode says "Native Mode" (instead of mixed mode) reboot them. This can take 15 minutes (or more if contact is not able to be made).
If a domain controller cannot be contacted (if on a remote site and only connects periodically) when you make the change the remote DC will switch mode the next time replication occurs.
Q. How can I force replication between two domain controllers in a site?
A. In Windows NT 4.0 replication between domain controllers could be forced using Server Manager. Replication can also be forced with Windows 2000 domain controllers as follows.
 Single File Version_files/forcereplication.gif)
This would replicate from TITANIC to the VENUS domain
controller
The replication is one way and if you want two way replication you will need to replicate in each direction.
Q. How can I change replication schedule between two domain controllers in a site?
A. By default domain controllers will replicate once an hour but this can be changed as follows. This is only for domain controllers in a single site, cross site replication is configured differently.
 Single File Version_files/interreplication.gif)
This replication schedule is one way and would to be repeated for the other direction.
Q. Can I rename a site? - Windows 2000
A. Basically yes. When you install your first domain controller it creates a default site of Default-First-Site-Name which is not very helpful and can be changed as follows:
 Single File Version_files/siterename.gif)
That's it!
Q. What DNS entries are added when a Windows 2000 domain is created?
A. Windows 2000 domains rely heavily on DNS entries however the entries are created automatically providing you have enable dynamic update on the relevant DNS zones. Below are explanations of what the entries are used for:
_ldap._tcp.<DNSDomainName>
Allows
a client to localte a Windows 2000 domain controller in the domain named by
<DNSDomainName>. A client searching for a DC in domain savilltech.com
would query the DNS server for _ldap._tcp.savilltech.com
_ldap._tcp.<SiteName>._sites.<DNSDomainName>
This
allows a client to find a Windows 2000 domain controller in the Domain and site
specified, e.g. _ldap._tcp.london._sites.savilltech.com for a DC in the London
site of savilltech.com
_ldap._tcp.pdc._ms-dcs.<DNSDomainName>
Allows
a client to find the Primary Domain Controller (PDC) FSMO role holder of a
mixed-mode domain. Only the PDC of the domain registers this record.
_ldap._tcp.gc._msdcs.<DNSTreeName>
Allows a
client to find a Global Catalog (GC) server. Only domain controllers serving as
GC servers for the tree will register this name. Should a server cease to be a
GC it will deregister the record.
_ldap._tcp.<site>._sites.gc._msdcs.<DNSTreeName>
Allows
a client to find a Global Catalog (GC) server in the specified site, e.g.
_ldap._tcp.london._sites.gc._msdcs.savilltech.com.
_ldap._tcp.<DomainGuid>.domains._msdcs.<DNSTreeName>
Allows
a client to find a domain controller in a domain based on its Globally Unique
IDentifier (GUID). A GUID is a 128-bit (8 byte) number this is generated
automatically for referencing objects in the Active Directory.
<DNSDomainName>
Allows clients to
find a Domain Controller by a normal Host record.
 Single File Version_files/dnsdc.gif)
Example DNS screen for a domain
Q. How can I manually defragment the Active Directory? - Windows 2000 only
A. By default Windows 2000 servers running directory services will perform a directory online defragmentation every 12 hours (by default) as part of the garbage collection process. This defragmentation only moves data around the database file (NTDS.DIT) and does not reduce its size.
To create a new, smaller NTDS.DIT and offline defragmentation must be performed as follows:
Below is an example of the entire procedure
Microsoft Windows 2000 [Version 5.00.2031]
(C) Copyright 1985-1999
Microsoft Corp.
D:\>ntdsutil
ntdsutil: files
file
maintenance: info
Drive Information:
C:\ FAT (Fixed Drive )
free(1.2 Gb) total(1.9 Gb)
D:\ NTFS (Fixed Drive ) free(152.4 Mb) total(1.9
Gb)
DS Path Information:
Database : D:\WINNT\NTDS\ntds.dit - 8.1
Mb
Backup dir : D:\WINNT\NTDS\dsadata.bak
Working dir:
D:\WINNT\NTDS
Log dir : D:\WINNT\NTDS - 30.0 Mb total
res2.log - 10.0
Mb
res1.log - 10.0 Mb
edb.log - 10.0 Mb
file maintenance: compact to
c:\temp
Opening database [Current].
Using Temporary Path:
C:\
Executing Command: D:\WINNT\system32\esentutl.exe /d
"D:\WINNT\NTDS\ntds.dit" /
/o /l"D:\WINNT\NTDS" /s"D:\WINNT\NTDS"
/t"c:\temp\ntds.dit" /!10240 /p
Initiating DEFRAGMENTATION
mode...
Database: D:\WINNT\NTDS\ntds.dit
Log files:
D:\WINNT\NTDS
System files: D:\WINNT\NTDS
Temp. Database:
c:\temp\ntds.dit
Defragmentation Status ( % complete )
0 10 20 30
40 50 60 70 80 90
100
|----|----|----|----|----|----|----|----|----|----|
...................................................
Note:
It
is recommended that you immediately perform a full backup
of this database.
If you restore a backup made before the
defragmentation, the database will be
rolled back to the state
it was in at the time of that
backup.
Operation completed successfully in 17.896
seconds.
Spawned Process Exit code 0x0(0)
If compaction was
successful you either need to
copy "c:\temp\ntds.dit" to
"D:\WINNT\NTDS\ntds.dit"
or run:
D:\WINNT\system32\ntdsutil.exe files "set
path DB \"c:\temp\"" quit quit
file maintenance: quit
ntdsutil:
quit
D:\>copy c:\temp\ntds.dit
%systemroot%\ntds\ntds.dit
Overwrite D:\WINNT\ntds\ntds.dit?
(Yes/No/All): y
1 file(s) copied.
Q. How can I audit the Active Directory?
A. It is possible to configure auditing on the Active Directory to produce both successful and failed entries in the Directory Service event log.
To configure perform the following:
 Single File Version_files/auditad.gif)
The logs can be viewed in the Security Log (using Event Viewer). The policy change may take a while to take effect as domain controllers poll for policy changes every five minutes. Other domain controllers in the enterprise receive the changes at this interval plus the time of replication.
Q. How can I automate a server upgrade to a Domain Controller during installation?
A. Its possible to run the DCPROMO.EXE utility automatically during an unattended installation using the following method:
The Dcpromo process can be scripted by using the dcpromo /answer:%path_to_answer_file% command. In the following example, the [DCInstall] section and parameters are added directly to the unattended answer file. The parameters for the DCInstall section are detailed in the Unattend.doc supplied with the resource kit but below are the main entries:
| AdministratorPassword | The new password for the domain Administrator account |
| AutoConfigDNS | Indicates if the wizard should configure DNS |
| ChildName | Name of the child part of domain |
| CreateOrJoin | Specifies if the domain will join an existing forest or create a new one |
| DatabasePath | Location for the Active Directory database |
| DNSOnNetwork | Used when a new forest of domains is being installed and no DNS client is configured on the computer |
| DomainNetBiosName | NetBIOS name for the domain |
| IsLastDCInDomain | Only valid when demoting an existing domain controller to a member server |
| LogPath | Path for the DS logs |
| NewDomainDNSName | Name of the new tree or when a new forest is being created |
| ParentDomainDNSName | Specifies name of parent domain |
| Password | Password for username being used to promote server |
| RebootOnSuccess | Whether an automatic reboot should be performed |
| ReplicaDomainDNSName | Name of the domain to be replicated from |
| ReplicaOrMember | Specifies if a 3.51 or 4.0 BDC being upgraded should become a replica domain controller or be demoted to a regular member server. |
| ReplicaOrNewDomain | Specifies if this is a new DC in a new domain or if its a replica of existing domain |
| SiteName | Name of the site, by default this is "Default-First-Site" |
| SysVolPath | Path of SYSVOL |
| TreeOrChild | If this is a new tree of child of existing domain |
| UserDomain | Domain for the user being used in promotion |
| UserName | Name of user performing the upgrade |
Because this process occurs after setup, the answer file created is named $winnt$.inf and is copied to the \system32 folder. Because the parameters are in this file, you must add the following text to the [GUIRunOnce] section of the unattended Setup answer file:
[GUIRunOnce] "DCpromo
/answer:%systemroot%\system32\$winnt$.inf"
[GUIUnattended] Autologon = yes ; automatically logs on the administrator account AutoLogoncount = n ; number of times to perform auto-admin logon
Easy :-) Don't use items like %systemroot% or %windir% etc as they are not understood during unattended installations.
You can just create a [DCInstall] section directly in your unattend.txt file and to avoid having multiple unattended setup files.
[DCInstall]
AdministratorPassword = cartman
CreateOrJoin =
Create
DomainNetBiosName = savtech
NewDomainDNSName =
savtech.com
RebootOnSuccess = Yes
ReplicaOrNewDomain = Domain
SiteName
= "London"
TreeOrChild = Tree
The script above would create a new forest with domain savtech.com at the top with the created domain controller in site London. Default locations for the SYSVOL, logs and Active Directory files will be used. The new domain Administrator account password would be cartman (Southpark rules!).
You can of course use this outside of an unattended installation if you wish after you've installed by just typing:
DCPROMO /answer:<DCInstall answer filename>
A small dialog saying DCPROMO is running in unattended mode will be displayed and then it will reboot.
Q. How do I enable circular logging for the Active Directory?
A. Active Directory can record either sequential or circular logs, although sequential is the default and is preferred. Circular logs overwrite transactions at specific intervals, whereas sequential logs are never overwritten (but data in sequential log files whose transactions have been committed to the database are deleted during garbage collection intervals.)
Sequential log files are not overwritten with new data. They grow until they reach a specified size. Once all the transactions in a log file are committed to the database, this log file is no longer needed. Active Directory’s garbage collection process deletes unnecessary log files every 12 hours (the default garbage collection interval). If your server never stays up longer than 12 hours between reboots, the old log files are never cleaned up and they take up more and more space on the disk (but you have bigger problems :-) ).
Some administrators prefer circular logging because it helps minimize the amount of logged data stored to the physical disk. Imagine circular logs as a donut with new data overwriting the oldest as needed. You must edit the registry to enable circular logging.
Q. How do I change Domain Names?
A. This is not so much a procedure but things to think about.
A knowledge base article exists at http://support.microsoft.com/support/kb/articles/q178/0/09.asp.
Q. How do I move a Workstation to another Domain?
A. Logon to the Workstation locally as Administrator (i.e. name of machine) and goto Control Panel. Double click Network and click change. Enter the new Domain name and click OK. You will receive a message "Welcome to Domain x". Reboot the machine and you are part of the new domain.
If you wish to administer this box from the new domain you will need to add <Domain>\DomainAdmins to the local administrators group by connecting to the local user database via User Manager for Domains (i.e. \\computername)
Q. How many user accounts can I have in one Domain?
A. The real problem is that each user account and machine account takes up space in the SAM file, and the SAM file has to be memory resident. A user account takes up 1024 bytes of memory (a machine account half as much), so for each person (assuming they each had one machine) would be 1.5 KB. This would mean for a 10,000 user domain each PDC/BDC would need 15MB of memory just to store the SAM! Imagine a network with 100,000 people. This is one of the reasons you have multiple domains and then setup trust relationships.
Q. How to I change my server from Stand Alone to a PDC/BDC?
A. You cannot change the role of a NT server, you will need to reinstall NT.
As an alternative, you can use a 3rd party utility called U-Promote, http://u-tools.com/UTools/UPromote.asp however this works by making registry changes that would render your system unsupportable by Microsoft and may lead to problems later in the servers life time, for example moving to Windows 2000.In Windows 2000 you can promote a server to a domain controller by using DCPROMO.EXE.
A. A PDC is a Primary Domain Controller, and a BDC is a Backup Domain Controller. You must install a PDC before any other domain servers. The Primary Domain Controller maintains the master copy of the directory database and validates users. A Backup Domain Controller contains a copy of the directory database and can validate users. If the PDC fails then a BDC can be promoted to a PDC. Possible data loss is user changes that have not yet been replicated from the PDC to the BDC. A PDC can be demoted to a BDC if one of the BDC's is promoted to the PDC.
Q. How many BDC's should I have?
A. Microsoft say one BDC for every two thousand users. This is fine considering a 486DX2 with 32MB of RAM can, on average, perform at least 10 logons per minute, however if everyone in your company arrives at 9:00 on the dot and log on (except for the helpful people who arrive half an hour late) there will be a surge of logon requests to deal with, resulting in large delays. To try and improve on this, it is possible to configure the Server service to throughput for Network Applications rather than File Applications. Remember the more powerful the processor, the more logons (for a Pentium 133, would be able to logon at least 30 people).
Q. How do I configure a Trust Relationship?
A. Domains by default are unable to communicate with other domains, which means somewhere in domain x cannot access any resource that is part of domain y. Before a trust relationship is configured
After a trust relationship is defined, say x trusts y the following happens
In the example above x is the trusting domain, and y is the trusted domain. Also the above is a one-way trust relationship, i.e. while domain y users can use domain x resources, users of domain x cannot use domain y resources. A two-way relationship would allow each domain to access resources of the other (if given permission).
The basics of a trust relationship is to first configure domain y to allow domain x to trust it, and then configure domain x to trust domain y:
Q. How do I terminate a Trust Relationship?
A. Firstly you have to stop domain x trusting domain y, then remove domain x's ability to trust domain y:
Q. How can I join a domain from the command line?
A. The NT Resource Kit Supplement 2 ships a new utility called NETDOM.EXE which can be used to not only join domains, but create computer account and trust relationships.
To join a domain there are 2 paths, the first is to just add the computer to the domain and create the computer account simultaneously which is OK if you are logged on as a domain administrator, if you are not a domain administrator the account needs to be added in advance and then you join the domain.
If you are logged on as a domain administrator then enter the command below to create the account and join the domain
netdom /domain:savilltech /user:savillj /password:nottelling member
<computer name> /joindomain
where <computer name> is the
name of your machine, e.g. johnstation
If you are not an administrator the domain admin people will have to add you an account first using either server manager or using NETDOM.EXE
netdom /domain:savilltech /user:savillj /password:nettelling member <computer name> /add
Once the account has been add the normal user could join the domain using the first command shown.
Q. How do I demote a PDC to a BDC?
A. Normally when you promote a BDC to the PDC, the existing PDC is automatically demoted to a BDC, but in the event that the PDC was taken off line and then a BDC promoted when the old PDC is restarted it will still think its the PDC and when it detects another PDC it will simply stop its own netlogon service.
To actually modify the machine to be a BDC the registry needs to be changed directly:
To avoid having to set security perform the registry change from the system account by submitting the registry editor via the schedule service.
C:\> net start schedule (only if not already
running)
C:\> at <time> /inter
regedt32.exe
C:\> net stop schedule (only
if you had to start it)
Q. How can I configure a BDC to automatically promote itself to a PDC if the PDC fails?
A. There is no way to do this, the assumption is that the PDC would be configured to write out the dump information and then reboot itself thus coming back online. You configure this behavior using the System Control Panel Applet - Startup/Shutdown tab.
A. To rename a Primary Domain Controller perform the following:
To Rename a Backup Domain Controller
Note: If the BDC begins to receive 7023 or 3210 errors after synching the domain in server manager, on the PDC choose the BDC and then synch that specific BDC with the PDC. After an event indicating that the synch is complete, restart the BDC.
Q. Can I move a BDC to another domain?
A. Normally no, the BDC shares a common SID with the PDC of the domain and so there is no way to move a BDC to another domain, you would need to reinstall the BDC.
System Internals have released NewSID 3.0 ( from http://www.sysinternals.com/) which has a SID-synchronizing feature that let's you have one machine copy the SID of another. This makes it possible to move a BDC to a new domain. On the BDC start NewSID and click "Synchronize SID", enter the name of the PDC and click OK.
Q. Can I change a PDC/BDC into a stand-alone server?
A. No, the PDC/BDC registry is different from that of a stand alone server, again a reinstallation would be needed.
As an alternative, you can use a 3rd party utility called U-Promote, http://u-tools.com/UTools/UPromote.asp however this works by making registry changes that would render your system unsupportable by Microsoft and may lead to problems later in the servers life time, for example moving to Windows 2000.
In Windows 2000 you can change a domain controller to a normal server by running DCPROMO.EXE.
Q. Can I administer my domain from an NT Workstation?
A. Yes, if you install the NT Server client based Administration tools:
Q. In what order should I upgrade my PDC and BDC's from 3.51 to 4.0?
A. The two different versions can coexist happily so you can upgrade in order you want however the safest option may be the following schedule:
Q. What tuning can I perform on PDC/BDC Synchronization?
A. There are several registry settings that can be configured for PDC/BDC Synchronization :
These are all values under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
| ChangeLogSize (REG_SZ) | Default size for the Change Log. By default 64KB with a maximum of 4MB |
| Pulse | This determines the gap in seconds between replication from the PDC to the BDC's. The lowest value is 60, and the max is 3600 (1 hour). The default is 300 (5 minutes). You may want to increase this time if the BDC's are over a slow WAN link. |
| PulseConcurrency | The number of BDC's that the PDC sends pulses to concurrently. By default this is 10. |
| PulseMaximum | The PDC performs a check that the BDC's are still there every so often. This is in seconds and once again the minimum is 60 and the maximum is 86,400. |
| Randomize | The number of seconds a BDC waits after an announcement before answering. 1 by default. |
| ReplicationGovernor | This is a percentage of the 128K blocks that are sent. If you had a slow link you may not want the PDC sending 128K blocks so you could change this to 25, meaning only 32K would be sent at a time. This will mean that the blocks are sent more frequently (25 would mean 4 times as often). |
| Update | By default this is set to no, which means only changes are replicated. Setting this to Yes will cause everything to be replicated even if there is no change. This needs to be set on the import server. |
Q. I cannot add a BDC over a WAN.
A. To add a BDC to a domain, the PDC has to be contactable. Therefore the first task is to check that communications are working.
If you are using TCP/IP then ensure you can PING the PDC,
ping <ip address of the PDC>
If this is OK then the problem is at the NetBIOS level. If you have WINS on the network ensure the BDC is configured to use the WINS server as when the PDC starts it will register the WINS name <domain><1Bh> which is used to identify the domain controller.
Alternatively the LMHOSTS file can be updated.
To use the lmhosts file during installation you should create the file on another machine and copy it over when the BDC is being installed.
Q. How can I synchronize the domain from the command line?
A. To force a domain synchronization use the command
net accounts /sync
Q. How can I force a client to validate its logon against a specific domain controller?
A. Before answering this it is best to understand what happens when a login occurs.
When a logon request is made to a domain, the workstation sends out a request to find a domain controller for the domain. The domain name is actually a NetBIOS name that is a 16-character name with the 16th character used by Microsoft networking services to identify the NetBIOS type.
The type used for a domain controller is <1C> and so the NetBIOS name for domain controller of domain "SAVILLTECH" would be "SAVILLTECH <1C>" The NetBIOS type has to be the 16th character, hence the name of the domain has to be filled with blanks to make its length up to 15 characters.
If the client is WINS enabled then a query for the resolution of "<domain name> <1C>" will be sent to the WINS server as defined in the clients TCP/IP properties. The WINS server will return up to 25 IP addresses that correspond to domain controllers of the requested domain, a \mailslot\net\ntlogon is broadcast to the local subnet and if the workstation receives a response then it will attempt logon with the local domain controller.
If WINS is not configured then it is possible to manually configure the LMHOSTS file on the Workstations to specify the Domain Controller. This file is located in the %systemroot%\system32\drivers\etc directory.
An example entry in LMHOSTS would be as follows
200.200.200.50 titanic #PRE #DOM:savilltech #savilltech domain controller
The above sets up IP address 200.200.200.50 to be host Titanic, which is the domain controller for savilltech and instructs the machine that this entry is to be preloaded into the cache.
To check the NetBIOS name cache you can use command nbtstat -c, which will show all the entries including their type. If WINS is not configured and there is no entry in LMHOSTS then the Workstation will send out a series of 3 broadcasts. In the situation where no response is received and WINS is configured to use DNS for WINS resolution a request to the DNS server will be sent and finally the HOSTS file checked. If all of this fails then an error "A domain controller for your domain could not be contacted.
To force a client to use a specific domain controller we need only do the following:
The machine is now configured to broadcase for a domain controller on a local subnet and then query a name server. If no domain controllers are found on the WINS server, or WINS is not used it will then search the LMHOSTS file. The next stage is to edit this file.
Service Pack 4 includes a new utility, SETPRFDC.EXE, which will direct a secure channel client to a preferred list of domain controllers.
The syntax is:
C:\> SETPRFDC <Domain Name> <DC1, DC2, ....., DCn>
SETPRFDC will try each DC in the list in order, until a secure channel is established. If DC1 does not respond, DC2 is tried, and so on. Once you run SETPRFDC on a WinNT 4.0, SP4 computer, the list is remembered until you change it. You can run SETPRFDC in batch, via the scheduler, or even in a logon script (for future logons). Don't forget to undo any LMHOSTS entries you might have set.
Q. How do I promote a server to a domain controller? - Windows 2000 only
A. Windows 2000 ships with a utility, DCPROMO.EXE, which is used to promote a stand-alone/member server to a domain controller and vice-versa.
In Windows 2000 domains are DNS names which means you can have a hierarchy of domains leading to parent-child domain relationships. The advantage of these parent-child relationships is that there have a bidirectional transitive trust which means that if domain b is a child of domain a, and domain c is a child of domain b, domain c implicitly trusts domain a. This is very different from the way trusts work in earlier versions of Windows NT.
Since Windows 2000 domains rely on DNS it is vital that DNS is correctly configured to enable the domain to be created (if you are creating a new top level domain). Information on configuring DNS for a domain can be found here.
A final pre-requisite is that an NTFS 5.0 volume is required to house the SYSVOL volume and so ensure you have at least one NTFS 5.0 volume (use CHKNTFS to check the versions of your partitions).
To upgrade a stand-alone/member server to a domain controller perform the following:
You now have a Windows 2000 domain controller. Additional domain controllers (old BDC's) can be added by performing the above and selecting "Replica domain controller in existing domain" in step 3. It would then ask you the name of the domain to replica.
Q. How can I generate a list of all computer accounts in a domain?
A. The normal method under Windows NT 4.0 and earlier is to use Server Manager (Start - Programs - Administrative Tools - Server Manager) and computer accounts can be viewed/added/deleted.
Under Windows NT 5.0 this information can be viewed using the Active Directory MMC (Microsoft Management Console) snap-in and browse the domain/Computers group. Of course under Windows NT 5.0 and the Active Directory computers can also be created in Organisation Units so would not all be shown under this tree (as shown below the computer account in the law OU would not be listed in the Computers group).
 Single File Version_files/netdom.gif)
A more complete method is to use the Windows NT Resource Kit NETDOM.EXE utility (which runs under Windows NT 5.0) to generate the list, e.g.
C:\> netdom member
Searching PDC for domain SAVILLTECH
...
Found PDC \\TITANIC
Listing members of domain SAVILLTECH ...
Member 1 = \\ODIN
Member 2 = \\garfield
It is also possible to list other domains using a mixture of command line switches, e.g.
C:\> netdom /d:<domain name> [/u:<domain>\<user to which query> /p:<password] member
The information in the [] is only needed if your account does not have privileges in the requested domain.
The advantage of the command line tool is it lists all computer accounts, even those in OU's in the Active Directory.
An alternative method is to use the net view /domain:<domain> command which has the advantage that you can pipe the output to a file or another command, e.g.
C:\> net view /domain:savtech
Q. How can I verify my Windows 2000 domain creation? - Windows 2000 only
A. To verify the tcp/ip configuration is OK check for the ldap.tcp.<domain> service record, e.g. ldap.tcp.savilltech.com
C:\> nslookup
> set type=srv
>
_ldap._tcp.savilltech.com
Server: [200.200.200.50]
Address:
200.200.200.50
_ldap._tcp.savilltech.com SRV service
location:
priority=0
weight=0
port=389
svr
hostname=titanic.savilltech.com
titanic.savilltech.com internet
address=200.200.200.50
The ldap record used to be ldap.tcp.<domain> but was modified in build 1946 onwards. The underscore is necessary to definitively differentiate our unique names in the DNS namespace from internic registered domain names on the internet. In this way we can ensure that there will never be a DNS name clash. My understanding is that RFC 1034\1035 (may be wrong with these numbers as they may have been superceded) say that the underscore character is NOT a valid character to use in a DOMAIN NAME. All internet registered names should never contain the underscore. Now, RFC2181 states that the underscore is a valid label to use in DNS (as well as plenty of other characters too) so we the underscore is used to prevent possible clash with INTERNET names. This change was introduced in earlier builds of windows 2000. For a while DC's generated both styles of names in DNS to support both styles of clients (ie newer and older builds). Now that client code is changed to look for underscores, we have now retired the ldap.tcp names in favour of the _ldap.tcp names.
Also make sure the NetBIOS computer name is OK
C:\> net view \\<computer name>
Finally check the NetBIOS Domain name works
C:\> usrmgr <domain name>
The NetBIOS domain name is used for backwards compatibility. Use a 4.0 version of usrmgr.
Q. How can I configure multiple Logon Servers with LMHOSTS?
A. Service Pack 4 adds support for multiple domain controllers for a single domain to be configured in the LMHOSTS file (located in %systemroot%\system32\drivers\etc). Normally when a computer starts, the WINS server is queried for any [1C] entries, domain controllers, and it will return a list. This list is not geographically aware and you could be given a domain controller on the other side of the world.
An alternative is to specify a list of domain controllers in the LMHOSTS file (which is now checked before WINS is #PRE is in the entry) and have different LMHOSTS files in different regions.
Example entries in the file would be
200.200.200.50 titanic #PRE #DOM:SAVILLTECH
200.200.200.80 cuttysark
#PRE #DOM:SAVILLTECH
You will need to ensure the computer is configured to use the LMHOSTS file
Q. Are trust relationships kept when upgrading for a 4.0 domain to a Windows 2000 domain?
A. When a 4.0 PDC is upgrade to Windows 2000 all trust relationships are maintained.
Q. How are trust relationships administered in Windows 2000?
A. Instead of using User Manager as in NT 4.0, a new MMC snap-in, Active Directory Tree Manager is used. Although the host application is different the usage is exactly the same.
To view/add/remove perform the following:
 Single File Version_files/win2000trust.gif)
- Example of one domain that trusts ours
Obviously you should try and use the tree and forest concept rather than manual trust relationships with pure Windows 2000 domains. This is discussed in the Active Directory section (which will be added shortly).
Q. I can't promote a BDC to PDC.
A. If you receive an 'Access Denied' message when attempting to promote a BDC to the PDC it may be due to the fact the PDC has Service Pack 4 installed.
This is because Service Pack 4 upgraded the security mechanism used so you will either have to perform the promotion from a Service Pack 4 domain controller or upgrade the BDC in question to SP4.
Another reason for this error is trying to get a renamed and upgraded (3.51 to NT4) server to sync with the domain. The accounts database may have become out of date and thus couldn't be synchronised. NETLOGON may not even be startable.
The way round is to do a "connect as" from the PDC to the rogue BDC using an admin ID known to be good by the BDC before it was upgraded. Once the "connect as" (say to Cc) was accepted, the BDC would then accept the synchronise request from the PDC's Server Manager, restarting NETLOGON in the process.
Q. Unable to join a domain because of SMB signing, what can I do?
A. If the following error message is displayed when you attempt to add a computer running Windows NT to the domain:
"Unable to connect to the domain controller for this domain. Either the username or password entered is incorrect."
The error message is displayed even though networking is enabled and the correct administrator name and password credentials were supplied. The problem is that the PDC has SMB signing set to required and the client cannot communicate as it does not have SMB signing enabled.
Two options are possible. The first is to disable RequireSecuritySignature SMB signing on the domain controller as described in Q. How do I enable SMB signing? or install the machine into a workgroup, enable SMB signing then join the domain. Of course this would not work with BDC's.
Q. How can I create a child domain?
A. Windows 2000 allows the creation of a domain as a child of another domain. When two or more domains are joined in a parent-child relationship a domain tree is formed.
A child domain is created when executing the DCPROMO.EXE image and the parent domain must be accessible to create.
Instead of performing screenshots I've produced an animated GIF of the entire child domain creation (I was bored ;-) ). Click Refresh to make it start from the beginning, a gap of 2 seconds is shown between each screen.
 Single File Version_files/childdcpromo.gif)
Q. How can I create a domain trust through a firewall?
A. When creating trust relationships communications between the two domains is carried out over a number of protocols with each protocol using different TCP/IP port. Below is a list of ports which need to be enabled on the firewall for a trust relationship:
You may use LMHOSTS for name resolution (which would have #pre #dom entries for the domain controllers) or WINS can be used which requires:
Alternatively, a trust can be established through point-to-point tunneling protocol (PPTP). For PPTP, the following ports must be enabled:
If you only wish to perform management through a firewall and/or RRAS you can only allow TCP any-139, TCP 139-any and UPD 138-138 through the firewall. Also allow UDP 137-137 to the WINS Servers. This allows all the remote management tools to run from the management NT Workstations.
Also see the following knowledge base articles:
Q. How can I check the browse masters for a domain?
A. The resource kit has a utility BROWSTAT.EXE which allows status of the browse service to be ascertained. To check browse masters for a domain use the following command:
C:\> browstat status <domain>
To check statistics for a single server use the command
C:\> browstat stats \\<server>
Q. How can I stop a remote master browser?
A. The resource kit utility BROWSTAT can be used to remotely stop a browse master with the following command:
C:\> BROWSTAT TICKLE <transport> <domain> |
\\<server name>
Where
<transport> is the Windows NT transport device name, and <domain> is
the domain in which the master browser is located, and <server name> is
the computer name of the master browser.
To check which transport use the command:
C:\> net config rdr
Workstation active on NetbiosSmb
(000000000000) NetBT_Tcpip_{C2F....
The transport device is indicated by '<network service>_<NIC type>', where <network service> is the session-layer network service, and <NIC type> is the type of network interface card on your computer. The session-layer network services are NetBT for NetBIOS over TCP/IP, NwlnkNb for IPX, or Nbf for NetBEUI, e.g. NetBT_Tcpip.
C:\> browstat tickle NetBT_Tcpip_{C2F8C130-F2AF-11D2-B748-DAEDF5F58140} \\titanic
Q. How can I force a browser election?
A. The resource kit utility BROWSTAT can be used to force a browser election:
C:\> BROWSTAT ELECT <transport> <domain> |
\\<server name>
Where
<transport> is the Windows NT transport device name, and <domain> is
the domain in which the master browser is located, and <server name> is
the computer name of the master browser.
To check which transport use the command:
C:\> net config rdr
Workstation active on NetbiosSmb
(000000000000) NetBT_Tcpip_{C2F....
The transport device is indicated by '<network service>_<NIC type>', where <network service> is the session-layer network service, and <NIC type> is the type of network interface card on your computer. The session-layer network services are NetBT for NetBIOS over TCP/IP, NwlnkNb for IPX, or Nbf for NetBEUI, e.g. NetBT_Tcpip.
C:\> browstat elect NetBT_Tcpip_{C2F8C130-F2AF-11D2-B748-DAEDF5F58140} savilltech
Q. How can I modify the domain refresh interval?
A. Windows refreshes the domain list whenever the machine is locked for more than two minutes (120 seconds). This can lead to a delay while it does this until the user gets control of the system again.
You can modify the amount of time it waits until refreshing by performing the following:
Q. How is the list of cached domains stored?
A. When you logon a list of known (trusted) domains are displayed that you may logon to.
You can view these entries by performing the following:
There is no point editing this list as it will be recreated the next time the machine is started/locked.
A. You will no doubt be familiar with the concept of group policies in NT 4.0 and by utilizing the Group Policy Editor you can configure various restrictions, save it as file NTCONFIG.POL in the netlogon share and the settings will be applied to all users of the domain. Effectively all the policies of Windows NT 4.0 allowed were registry updates.
These policy settings could be configured for users, computers or groups of users.
Windows 2000 takes this to the next level and promises the following ideal
"The ability for the Administrator to state a wish about the state of their Users environment once, and then rely on the system to enforce that wish"
In Windows 2000 the Group Policy model has been completely updated and now utilizes the Active Directory and offers much more than just registry restrictions, for example
Group Policy Object's (GPO's) are a policy unit and can be applied to a site, domain or organizational unit (OU), in fact it will often be the case that a user/computer will have multiple GPO's applicable to them and in the event of a clash of a setting the order of precedence is Site, Domain then OU, SDOU, and so any setting defined at a site level can be overwritten by a domain setting, anything defined on a domain can be overwritten by an OU setting. There is a fourth type, the Local computer policy and this has bottom priority and any policies will be overwritten by any of the others which gives us an order of LSDOU.
The three mechanisms to apply Group Policies for sites, domains and OU’s are as follows:
By default when you select Group Policy for a container there will be no GPO
and you have the option of either adding an existing GPO to the container or
creating a new one. To create a new GPO just click the New button and enter a
name for the GPO. Once created clicking the Edit button can modify the specified
policy. A new instance of the Microsoft Management Console will be started with
the Group Policy Editor loaded with the selected GPO at the root.
Windows
NT 4.0 policies already in place are NOT upgraded to 2000 and you will need to
redefine all your policies as GPO's. In a mixed environment of both 4.0 and 2000
clients you will need to keep a NTCONFIG.POL in the NETLOGON share of the domain
controllers (even the 2000 DC's as they may authenticate 4.0 client logons in a
mixed environment) to ensure 4.0 clients still receive their policy settings.
Windows 2000 clients will ignore NTCONFIG.POL unless you make a policy change to
instruct them to implement the NTCONFIG.POL contents. If you do then the order
of reading is
As has been said, GPO information is stored in the Active Directory but the policy itself is stored on the SYSVOL container on each domain controller as sysvol\Policies\<GUID of GPO> (GUID is Globally Unique IDentifier).
To avoid any conflicts with GPO modifications only the PDC role holder can make changes to the GPO.
Another change is that old 4.0 policies are 'tattooed' in the registry, meaning that even after a policy has been removed, its settings stay in the registry until changed by something else. An advantage of the Windows 2000 Group Policies is that this does not occur. The reason for this is that in Windows 2000, registry settings written to the following two secure registry locations are cleaned up when a Group Policy Object no longer applies:
Finally unlike the 4.0 Group Policies the policy actually gets refreshed at certain times, well not ALL of the policy, software deployment and folder redirection are not updated as, for example, you would be unhappy if the GPO was modified to remove Word and you were using it at the time and it suddenly uninstalled! All 2000 machines refresh the policy every 90 minutes except domain controllers who replicate every 5 minutes. These times and the parts to replicate can be modified within the GPO.
Q. How can I force GPO updates to take effect?
A. Policies are refreshed every 90 minutes (5 on DC's). To force a machine to update the policy use the SECEDIT command.
To update the computer policy type
C:\> secedit /refreshpolicy machine_policy
To update the user policy type
C:\> secedit /refreshpolicy user_policy
Adding /enforce to any of the above forces a reapply of the security policy even if there is no GPO change.
Q. How can I enable the old NTCONFIG.POL to be used by Windows 2000 clients?
A. By default Windows 2000 based clients don't use NTCONFIG.POL but instead use Group Policy Objects (GPO) as defined in the Active Directory. NT 4.0 clients still use NTCONFIG.POL even in a 2000 domain.
It is possible to enable the 2000 clients to use NTCONFIG.POL however you should have a good reason as GPOs are superior to the old system policies. One reason to use NTCONFIG.POL in a 2000 domain may be that you have just created some 2000 clients in a newly upgraded 2000 domain but have not yet recreated your policies as GPOs.
To enable system policies (NTCONFIG.POL) perform the following
 Single File Version_files/enablentconfigpol.gif)
The updated GPO will take effect on the client the next time you logon (it will actually take effect max 90 minutes after you make the change but this only affects logon).
This update actually changes registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableNT4Policy to 0.
Q. How can I add additional templates to a Group Policy Object?
A. The old style NT 4.0 templates (.adm) are still supported in Windows 2000 Group Policy Objects (GPO) and are listed in the Group Policy under the 'Administrative Templates' branch. These settings are all "registry" based settings.
Windows 2000 ships with two .adm files
When a adm file is applied to a GPO it is copied from the %systemroot%\inf folder to the %systemroot%\SYSVOL\domain\Policies\<GUID of GPO>\Adm folder.
To add/remove a new template to a GPO perform the following:
The ADM file will be copied to the GPO's Adm folder.
Q. How can I apply a group policy to a security group?
A. Its not possible to apply a group policy to a security group however what you can do is to filter a group policy by changing the permissions on the Group Policy so that only certain users/groups have read and apply privileges.
Now only the selected users will run the GPO
A. Modern day PC users are used to having a system with large amounts of memory, disk and CPU power to run their applications. This is very different to UNIX and VMS environments where servers have all the memory, disks and CPU and users have "dumb" terminals which just send keystrokes to the server which in turn sends back screen updates.
There are a number of advantages with the UNIX/VMS approach. Most desktop computers are idle for most of the time with the CPU only 10% busy normally and a significant amount of memory spare, this is a waste of resources. A central server approach distributes resource's to sessions as needed, minimizing waste and ensuring resources are available when needed.
Installing applications and maintaining them on each desktop is very time consuming. A central server based install simplifies this significantly and lowers the Total Cost of Ownership (TCO).
Windows NT Terminal Server and Windows 2000 address this with client software for Windows 9x/NT and Windows for Workgroups machines that allow a window to be created which allows all processing and execution to be carried out on the server and the only task the local machine does is to pass back keyboard and mouse actions. The Terminal Server does all the computation and storage and passes back screen updates to the client.
 Single File Version_files/tsfull.jpg)
Here you can see an example Terminal Server session in its own
windows, with its own Start menu and taskbar. All applications in this window
are being run on the terminal server. The information shown in Explorer is the
Servers drives, not the local machine.
Obviously Windows NT/95 are operating systems of their own and it may seem pointless running terminal server client on these machines however it could be used for application management, install Office 97 on the Terminal Server and all clients use Office via the Terminal Server connection. Imagine running Office 97 on a Windows for Workgroups machine!
Communication is via RDP (Remote Desktop Protocol) which was designed by Microsoft.
Windows Terminal Server is based on Citrix's WinFrame product and Citrix provide a bolt-on, MetaFrame, which adds functionality to Terminal Server including support for DOS, OS/2, Unix, Java and much more. http://www.citrix.com/
Q. How do I install Windows NT 4.0 Terminal Server Edition?
A. The installation of Windows NT Terminal Server edition is the same as a normal Windows NT Server installation except during installation you will additional be asked:
Once installation is complete if IE 4.0 was selected it will be installed and configured and an additional reboot performed.
Due to the method applications need to be installed on Terminal Server (for use with clients) an upgrade of a Windows NT 4.0 server is not supported or advised.
It is also not advised to run backoffice applications on a Terminal Server due to the massive amounts of resources Terminal Server uses for its clients and as such Terminal Server is not part of the Backoffice suite of applications.
You will also notice that Terminal Server is supplied with Service Pack 3 installed, do NOT install a normal version of a service pack on Terminal Server, special service packs will be made available for Terminal Server installations.
Once install is complete you will notice 4 new tools under the Administrative Tools branch of the Programs Start menu
These will be looked it in detail later in the Terminal Server section. You will also notice User Manager is modified to include a new 'Config' button for each user which allows Terminal Server settings to be configured.
Q. How do I enable Terminal Server under Windows 2000?
A. Windows 2000 has Terminal Server components built into the operating system and they can be installed at installation time or at a later time. To install the components perform the following:
Once reboot is complete 4 new programs will be under the Administrative Tools branch of the Start menu
Q. How do I install Windows NT/9x based Terminal Server clients?
A. Terminal Server has built in support for the following clients
The first 4 all share a common piece of software and terminal server (both NT 4.0 and Windows 2000) ships with a utility to create it on a single floppy disk:
 Single File Version_files/tsclicreate.gif)
All the above does is copy the contents of %systemroot%\system32\clients\tsclient\win32\disks\disk1 to disk so you could directly copy or share this directory. There is also a net subdirectory of tsclient which also contains the clients with each client in its own subdirectory without the disk1 etc. folders, so you could share out this folder to allow access to all client installations. Sharing the net folder would be the prefered method.
To install the client perform the following:
 Single File Version_files/tsclient.gif)
A new folder "Terminal Server Client" has been added with 2 utilities and an uninstall option.
Q. How do I install Windows for Workgroups based Terminal Server clients?
A. Terminal Server has built in support for Windows for Workgroups but they must have TCP/IP 32b installed (this can be downloaded from Microsoft at http://support.microsoft.com/support/kb/articles/q111/6/82.asp). I found this out the hard way! TCP/IP can be installed using the Network setup icon in WFW. You may want to run MEMMAKER after installation of TCP/IP to "tidy" your memory, I had to, just choose Express.
To create floppy disks for Windows for Workgroups TS client installation perform the following:
All the above does is copy the contents of %systemroot%\system32\clients\tsclient\win32\disks\disk1 to disk so you could directly copy or share this directory. There is also a net subdirectory of tsclient which also contains the clients with each client in its own subdirectory without the disk1 etc. folders, so you could share out this folder to allow access to all client installations. Sharing the net folder would be the prefered method.
To install the client perform the following:
A new program group "Terminal Server Client" has been added with 2 utilities and an uninstall option.
Windows 2000 3D
Pinball on Windows for Workgroups 3.11, impressive :-)
Q. How do I connect to a Terminal Server from WFW/9x/NT/2000?
A. The first action is to install the client which is explained in 'Q. How do I install Windows NT/9x based clients?'.
Once the client is installed there are two methods to connect to a terminal server. The first is a very manual method and while simple may not be ideal for many normal users.
 Single File Version_files/tsclient1.gif)
 Single File Version_files/tsclient2.gif)
You should be aware that pressing Ctrl-Alt-Del will bring up the Local security menu and not the remote. To bring up the remote security menu select "Windows NT Security" from the Start menu. You will notice you don't have a shutdown button (unless you are an Administrator) as this would shutdown the terminal server machine.
An alternative is to setup a shortcut to connections and this is accomplished using the "Client Connection Manager".
 Single File Version_files/tsclient3.gif)
You may create a shortcut to this on the desktop by right clicking on it and selecting 'Create shortcut on desktop'.
This shortcut actually calls the normal Terminal Server Client with a parameter of the configuration name, e.g.
"C:\Program Files\Terminal Server Client\MSTSC.EXE" "TS 1 Connect"
This may be useful for you to build into batch menus etc. The actual connection details are stored in the registry under the 'HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client' key. You could therefore dump out this registry key and import into other machines automating the shortcut installations. The only item not read in is the password if autologon was selected.
To dump out to file just select the registry key in REGEDIT.EXE, e.g. "TS 1 Connect", and select "Export Registry File" from the File menu. Enter a file name and click OK. You can then copy this .reg file to any machine and execute using
C:\> regedit /s <file>.reg
Q. How do I close a Terminal Server connection?
A. If you click Start from a Terminal Server session you will see two options if connected to a Windows NT 4.0 box
 Single File Version_files/tsdiss.gif)
There is a major difference between the two.
If you select Logoff your session is logged off and your connection to the terminal server is closed and the connection slot you were using may be used by someone else.
If you select Disconnect you are not logged off, rather the session window closed but if you restart and logon as the same person it will remember all applications and their state. This may seem ideal but remember a Terminal Server has a finite number of allowed connections and a disconnected session constantly uses a connection stopping someone else from connecting.
A disconnected session remains active until one of the following:
If you connect to a Windows 2000 box you will see Disconnect and Shutdown, selecting Shutdown gives the option of logging off.
Q. How do I install applications for use with Terminal Server?
A. Installing applications on a terminal server has to be done in a special way to ensure it is usable by all users of the terminal server.
There are two modes in terminal server, Execute and Install. By default all users are logged on in Execute mode and this means they can run programs etc. When you want to install an Application for use by everyone the Administrator should change to Install mode.
The best way to install software is to use the Add/Remove programs control panel applet as this will automatically set the mode to Install during the installation and then back to Execute at the end. Alternatively you can manually change your mode to install by typing
C:\> change user /install
To change back to execute use
C:\> change user /execute
And to check you current mode use
C:\> change user /query
In this example we will use Add/Remove to install Winzip on a terminal server.
 Single File Version_files/tsinstallapp.gif)
All terminal server users will now have Winzip. An alternative would be to manually set the mode to install, install the software and set back to execute.
Q. I can't install Office 97 SR2 on Terminal Server.
A. If when you try and install Office 97 SR2 on a terminal server via the Add/Remove Programs control panel applet you get the error:
"Setup cannot register MSJET35.dll in the system registry because an older version is in use. Close all applications and try again"
this is because the Terminal Server License Service is using the file. To workaround this stop the licensing service
C:\> net stop "terminal server licensing"
Click Retry on the error dialog and install will continue.
 Single File Version_files/msjet35.gif)
Once installation is complete restart the service
C:\> net start "terminal server licensing"
Office 97 has now been installed for use by all your terminal server clients.
Q. How do I install Citrix Metaframe?
A. Citrix Metaframe is an add-on to Windows NT Terminal Server and although there is currently no version for Windows 2000 it is under development. To install perform the following:
 Single File Version_files/metaframeinst.gif)
Once the machine has rebooted upon logon a new toolbar is added to your desktop which allows control of the MetaFrame environment.
Q. How do I create Citrix Metaframe client media?
A. MetaFrame ships with a utility, ICA Client Creator, which is in the
MetaFrame Tools program group. It can also be started by clicking the client
creator button on the MetaFrame toolbar,  Single File Version_files/clicreabut.gif){kind=small}
.
Once started the utility will check for the CD-ROM and give options to create a variety of clients:
 Single File Version_files/clicrea.gif)
Select the client to install, the disk drive and whether to format the disks.
Alternativly all the clients are copied to the %systemroot%\system32\clients\ica directory, e.g. DOS is wfcdos, so share the directory and allow clients to map directory and install.
Q. How do I install the ICA DOS client?
A. You will first need to create the DOS ICA client installation disk as explained in 'Q. How do I create Citrix Metaframe client media?'.
The DOS machine will also need the ability to connect to the network as explained in 'Q. How can a DOS machine connect to an NT domain?'.
To install the client perform the following:
To run the client simply change to the wfclient directory (or add to the machines path variable) and run WFCLIENT.EXE.
When you run for the first time you will need to create a new entry, click Yes to create a new entry.
Enter connection details such as connection medium (Microsoft TCP/IP), server name/address.
You should then select the Entry and select Connect.
Q. How do install Backup Exec 7.X on TSE?
A. Be sure to disable Terminal Server Licensing before you start the installation.
Q. Can I use normal Service Packs on Windows NT Terminal Server Edition?
A. No, Terminal Server has modifications to its components meaning normal Service Pack's cannot be applied. Terminal Server Edition has Service Pack 3 built in and Service Pack 4 for terminal server was released April 1999.
In Windows 2000 this will not be the case as Terminal Server is just a component of the normal product.
Q. Can I use normal Hot fixes on Windows NT Terminal Server Edition?
A. It depends. Some components of Windows NT Terminal Server Edition are specially modified and some are not. You will need to check if the file you are replacing is specially modified for Terminal Server Edition:
Enter the command:
C:\> filever /v <filename>
-r--- W32i DRV ENU 4.0.1381.32772 shp 25,840 06-08-1998
atapi.sys
FileDescription ATAPI IDE Miniport Driver
OriginalFilenam
atapi.sys
ProductName Microsoft(R) Windows NT(TM) Operating System
ProductVersion 4.00
VS_FIXEDFILEINFO:
Signature: feef04bd
FileVer: 00040000:05658004
(4.0:1381.32772)
ProdVer: 00040000:05658004
(4.0:1381.32772)
We are interested in the FileVer property. If the final number is greater than 32767 then the file was built for Terminal Server, you should therefore only apply a hotfix that is specially released for Terminal Server.
The actually bit value we are interested in is the 0x8000 bit. If set then it is modified for Terminal Server. Below is a file that is not specially modified for Terminal Server
Signature: feef04bd
FileVer: 00040000:05650004 (4.0:1381.4)
ProdVer:
00040000:05650004 (4.0:1381.4)
Special Terminal Server fixes can be found under ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40TSE/
In Windows 2000 this will not be the case as Terminal Server is just a component of the normal product.
Q. I've reached 40 - 45 users and additional users can't log onto Terminal Server?
A. If you have more than 40 users you should increase the amount of PTEs (page table entries) on the system.
Microsoft says that you should increase this if you'll have more than 45 connections. But I've seen that this can be a problem with less users as well. TSE Memory Manager allocates 10,000 PTEs as default. TSE uses PTEs to map the location of physical memory pages. Each user who logs on to TSE requires a minimum of 200 PTEs.
If the PTE pool is exhausted, additional users will not be able to log on. The maximum allowed limit of PTEs are 50,000.
To change the number of PTE's on the system see Q. How do I increase the number of Page Table Entries on my system?
Q. How do I configure a CE based Terminal Server client?
A. One option for Terminal Server clients is to use a "thin" client which has no disks but an embedded operating system and one such device is a Windows CE based client. The advantage is the machine has zero maintenance apart from the initial configuration. The instructions below are for the Viewpoint series from http://www.boundless.com/ (many thanks for letting me have one to use).
When you first turn on the machine it will ask for certain details:
You will have no start bar, just a dialog asking for a connection to be made. You should configure sessions as you would a normal Terminal Server client by selecting the Configure tab.
Q. I am having troubles getting the ICA DOS client to work.
A. The ICA DOS client uses a LOT of memory and to get working I had to remove nearly every other process from memory, thankfully Citrix have now released a new 32 bit DOS client which can access more of your machines memory eliminating the memory problems.
It can be download from http://download.citrix.com/ and its usage is exactly the same as the old 16bit DOS client.
Q. Where can I download updates for MetaFrame?
A. These can be downloaded from http://www.citrix.com/support/ftpserve.htm.
Q. What Service Packs are available for Windows NT Terminal Server Edition?
A. Windows NT Terminal Server Edition is supplied with Service Pack 3 built in. The following Service Packs are available for Windows NT 4.0 Terminal Server Edition.
Service Pack 4 - http://www.microsoft.com/ntserver/terminalserver/downloads/recommended/tsesp4/ordercd.asp
Special hotfixes (when available) can be downloaded from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40TSE/hotfixes-postSP3
Q. How do I send a message to a Terminal Server client?
A. Terminal Server supports two methods of communicating with a Terminal Server client process.
The first is via the GUI:
 Single File Version_files/msgsend.gif)
To send from the command line perform use the MSG command,
msg <user> [/time:<seconds>] [/w] [/server:<server name>] <message>
For example:
C:\> msg savillj /w Get off that computer John!
The /w switch will force the administrators session to pause until the user has clicked OK to the message.
Q. How do I locate machines that are running Terminal Server?
A. Starting the Terminal Services Manager MMC snap-in (Start - Programs - Administrative Tools - Terminal Services Manager) will list machines running the Terminal Server services by expanding the domain. It can also be done with the following command:
qappsrv [/address] [/domain:<domain name>] [/continue]
For example
C:\> qappsrv /address
Known Terminal servers Network Node
Address
---------------------- ------- ------------
DEMO
[
A024E34948]*
The /domain is optional unless you wish to query a domain other than the machines membership and /continue does not pause after each screen of information.
Q. How can I check if a user is logged on via Terminal Server?
A. Starting the Terminal Services Manager MMC snap-in (Start - Programs - Administrative Tools - Terminal Services Manager) will list user processes by machine but this may be cumbersome if a large number of terminal servers are running. It can also be done with the following command:
query user [<user name>] [/server:<server name>]
For example
C:\> query user
USERNAME SESSIONNAME
ID STATE IDLE TIME LOGON
TIME
>administrator console 0 Active . 09/05/99
18:19
savillj
rdp-tcp#1 1 Active 10 09/05/99
14:23
The above lists all users.
You can also check what the user is running with the QPROCESS command:
C:\> qprocess <user name>
To check who is running a certain program (e.g. winword.exe)
C:\> qprocess <process>
will list all users running the passed program.
Q. Mouse movement is jerky in Terminal Server sessions.
A. By default the terminal server client sends updates to the terminal server every 100 milliseconds however you can change this as follows:
Q. Does MetaFrame run on Windows 2000?
A. The normal MetaFrame 1.8 does not, however a 1.8a will and a beta can currently be purchased from the Citrix web site, http://www.citrix.com/.
Installation is basically the same as 1.8.
Q. How can I switch a session between window and full screen?
A. Normally terminal server client sessions are in a window however you can switch to full screen mode so you can't tell you are in a session. To toggle between window and full screen mode press Ctrl+Alt+Break.
You can always tell a terminal server session as the Start menu text says Windows 2000 Terminal instead of Windows 2000 Professional or Server.
Q. How can I remote control another terminal server session in Windows 2000?
A. Users and Administrators may be familiar with the software which allows an Administrator to take control of a users desktop in order to, for example, install software or fix a problem. The Citrix Metaframe add-on for 4.0 TSE enabled Administrators to take control or view users sessions without the need for third party software.
The new Windows 2000 terminal server component now allows session shadowing without the need for the MetaFrame add-on, but now its called 'remote control'.
A condition is that console controlling must have a resolution equal or greater than that of the session that will be shadowed.
By default Administrators have the ability to shadow other users sessions providing the user agrees to have their session controlled/viewed. By default the ability to remote control a users session is defined on the user object on the ‘Remote Control’ tab and the default is to enable remote control providing the users gives permission.
Its possible to override these user settings by editing the configuration of the RDP connection using the ‘Terminal Services Configuration’ MMC snap-in, yes, as with everything else in Windows 2000, all of the Terminal Server tools are MMC snap-ins (but more on them later).
Under the connections branch, right click on the ‘RDP-Tcp’ connection and select properties. Select the ‘Remote Control’ tab and by default it will say to use the users settings however selecting on of the other options allows you to set the remote control to whatever your wishes.
In order to remote control a session you must be logged on as a terminal server session, you can’t remote control from the console (MetaFrame allows you to do this).
Once you have logged in as an Administrator to remote control a session just:
Q. What user environment extensions does the Windows 2000 terminal server component add?
A. A new built-in group has been added in 2000 called ‘Terminal Services Users’ which works in a similar way to the ‘Interactive Users Group’ and when a user logs on via Terminal Services they are part of this groups.
The Terminal Services Users group SID can then be applied to files, folders, anything with an ACL and allow only people logged on via Terminal Services access. You could also test for this group membership during login script etc to perform different actions.
On top of the ‘Remote Control’ tab for users, three extra tabs are added. As shown in figure 3, ‘Terminal Services Profile’ allows an alternative profile and local path to be specified when connecting via terminal server.
The ‘Environment’ tab allows you to specify a program to automatically run when you login via Terminal Services and options to connect to client drives and printers.
Finally the ‘Sessions’ tab allows times to be set before active and idle sessions are disconnected and how long after a session is disconnect before it is totally closed.
 Single File Version_files/usertermserv.gif)
Q. How do I install Active Desktop on Terminal Server?
A. Active Desktop is not supported on Windows Terminal Server through SP4.
Q. How do I enable client computers to logon to a Terminal Server?
A. To log on successfully to Windows 2000 Terminal Server, follow these steps:
Q. How do I connect two Workstations using RAS?
A. NT Workstation supports one inbound RAS connection so one NT station will be the RAS server, and one will be the client. The procedure below is what I did to connect two machines.
Server
If RAS is already installed
If RAS is not already installed, goto “My Computer” and double click “Dial-up Networking”, it will then detect your modem and then take you to step 3 as above.
Client
This assumes RAS is not installed
Q. Is it possible to dial an ISP using the command line?
A. Yes, use RASPHONE -d <entry> or RASDIAL <entry>
To disconnect you can type RASPHONE -h <entry> or RASDIAL /disconnect.
Q. How can I stop the RAS connections closing when I logoff?
A. Perform the following:
Q. How can I create a RAS Connection Script?
A. It is possible to write a script that will run when you connect during a RAS connection to automate actions such as entering your username and password. To specify a script perform the following
An example addition to the SWITCH.INF would be
; the phonebook entry
[Savill1]
; send initial carriage
return
COMMAND=<cr>
; wait for : (after username, may be different
at your site) omit the U as it may be capitals. You could just have
:
OK=<match>"sername:"
LOOP=<ignore>
; send username as
entered in the connection dialog box, alternaticly you could just enter the
username e.g. savillj<cr>
COMMAND=<username><cr>
; wait
for : (after password this time, may be different at your
site)
OK=<match>"assword:"
LOOP=<ignore>
; send the
password entered in the connection dialog box, again you could just manually
enter the password, e.g.
password<cr>
COMMAND=<password><cr>
NoResponse
; send
the "start ppp" command
COMMAND=ppp
default<cr>
OK=<ignore>
In depth information on all of the commands can be found in the SWITCH.INF file.
Q. How can I debug the RAS Connection Script?
A. It is possible to create a log file of the connection by performing the following steps
Each dial-up session will now be appended to the file %systemroot%/system32/RAS/device.log. To stop logging perform the steps above but set the value back to 0.
Q. How do I configure RAS to connect to a leased line?
A. The method will vary depending on your systems current setup, however assuming you have RAS already installed below are the actions needed to configure in your leased line. It is assumed the modems (at both ends) are configured correctly for leased line usage (&D0 for DTR override).
You should now configure the RAS connection (server/client) in the normal way (use the RAS service properties).
Once this has been done you may also want a phonebook entry for outgoing use as you would normally except under the Dialing section check the "Persistent connection" box.
Q. How can I disable RAS AutoDial?
A. The easiest way to do this is to disable the RAS AutoDial service:
To re-enable you would repeat the above but change the startup to automatic.
Q. RAS tries to dial out even on local resources.
A. Perform the following:
You may also wish to add addresses to the disabled list:
You will need to reboot the machine in both of the above cases.
A. When you configure the RAS server you set for each protocol the scope of the connection, the server or the whole network. To change this perform the following:
Clients should now be able to view the entire network.
Q. How do I force the "Logon Using Dialup Networking" to be checked by default on the logon screen?
A. This can be accomplished with a registry change on each client machine.
Q. Where are the RAS phone book entries and settings stored?
A. The actual phone book entries are stored in the file %systemroot%/system32/ras/rasphone.pbk (pbk - phone book). You could therefore copy this file to another machine to copy the phone book entries.
Another important file is %systemroot%/system32/ras/switch.inf which is used to create terminal login scripts (as discussed earlier in this section), and you may find phone book entries may refer to an entry in this file at the end of the entry:
DEVICE=switch
Type=Terminal
In this case, Type=Terminal means bring up a terminal window after connection so it does not use switch.inf,
DEVICE=switch
Type=Pipex
would cause the script "Pipex" (which is in switch.inf) to be run once a connection has been made. If these two lines are missing don't worry, it just means you don't need a terminal window once you have connected (probably means you are connecting to a Windows NT box). Usually if you connect to a non-NT machine you have to send it a username and password, along with the connection type (protocol), which is usually PPP on most modern systems, SLIP is an older option.
RAS information relating to phone book entries and outbound connections in the registry is actually stored under HKEY_CURRENT_USER\Software\Microsoft\RAS Phonebook, and contains details about redial attempts, display settings etc. Again you export this section of the registry to a reg file (using regedit.exe) and import into another machine to copy the machine specific settings.
Q. How can I change the number of rings that RAS server waits for before answering?
A. The normal method is to edit the file %systemroot%\system32\ras\modem.inf. Edit the file, find the sections relating to your modem and find the line
COMMAND_LISTEN=ATS0=1<cr>
Change the numeric value to the number of rings to answer after, e.g.
COMMAND_LISTEN=ATS0=10<cr>
would answer after 10 rings (you must really hate your users, don't we all :-) ). You must restart Windows NT for this change to take effect.
The above does not work if RAS is using any TAPI (Telephony Application Programming Interface )/Unimodem-based devices. If this is the case perform the following:
A. By default the RAS Server will wait 12 seconds before calling back a RAS client however this can be changed by editing the registry.
Q. Whenever I connect via RAS I cannot connect to local machines on my LAN.
A. To enable WWW and FTP browsing when you connect via RAS you enable the "use default gateway on remote network" of the RAS options. This has the effect of when the connection is made a new route is added to the route list superseding the existing LAN routes so any traffic destined for a node outside your local subnet will attempt to be sent using the RAS route. This is because a metric is used to identify the number of hops needed and once connected to RAS it will have a metric 1 and existing routes will be bumped out to a metric of 2.
To solve this a persistent route can be manually added for your LAN's subnet and the associated subnet gateway. While not connected via RAS you can examine your route information using the ROUTE PRINT command:
If your network was 160.82.0.0 (your company has a class B address) and the gateway was 160.82.220.1 for your local subnet you can add a route for the LAN only and all addresses outside of 160.82.0.0 will be routed using the RAS gateway.
C:\>route -p add <ip network> mask <subnet mask>
<local gateway for the route>
e.g. C:\>route -p add
160.82.0.0 mask 255.255.0.0 160.82.220.1
This would mean all addresses from 160.82.1.1 to 160.82.254.254 would be routed via 160.82.220.1 and anything else via the RAS gateway.
If you wanted to add a route for a single host (maybe your internet firewall which is on another subnet) use the following:
C:\>route -p add 192.168.248.8 mask 255.255.255.254 160.82.220.1
Notice the subnet mask of 255.255.255.254 which means only for this single host.
When connected via RAS you will still be able to access resources outside of your local subnet on the LAN with no problems.
Q. How can I disable the "Save Password" option in dial-up networking?
A. When you connect via RAS you can cache the password. If you feel this is a security problem then you can disable the option to enable the password to be saved.
If you disable the "save password" make sure "redial on link failure" is not activated as one redial attempts as it does not save user information it will attempt to connect as Administrator which will not work (unless the ISP has very poor security :-) ).
Q. How can I set the number of Authentication Retries for Dial-Up connections?
A. By default after two unsuccessful authentication attempts the dial-up networking (DUN) component will hang up the line however this can be changed to between 0 and 10. 0 means the line will be hung up after the first attempt, 1 will allow one retry etc.
Q. How can I set the Authentication Time-out for Dial-Up connections?
A. As well as changing the number of Authentication Retries that are allowed, the amount of time between each attempt can also be configured and after that time has elapsed it will count as a logon failure. This can be between 20 and 600 seconds.
Q. Enabling 128-bit RAS Data Encryption.
A. Service Pack 3 (128 bit version) introduced the ability to use 128-bit RAS data encryption with a Windows NT 4.0 RAS server as opposed to the normal 40-bit encryption.
To enable this 128-bit encryption perform the following:
It is now necessary to enable the 128-bit setting:
After reboot is completed clients connecting via RAS or PPTP will have to authenticate using 128-bit key encryption. A number of event logs can be viewed using Event Viewer (Start - Programs - Administrative Tools - Event Viewer).
If a successful connection is made you will see the log:
Event ID: 20107
Source: RemoteAccess
Description: The user RAS
connected to port COMx using strong encryption
If the connection was unsuccessful you will see entry
Event ID: 20077
Source: RemoteAccess
Description: An error occurred
in the Point to Point Protocol module on port COMx. The remote computer does not
support the required encryption type.
The client attempting connection would also receive a 629 error.
Q. Why does my RAS client have the wrong subnet mask, etc.?
A. The only parameter from DHCP that the RAS client uses is the IP address. Other parameters come as follows:
The subnet mask is that used by the NIC in the workstation, if fitted. IPCONFIG shows the mask as being the default mask for the class of IP address in use but this is irrelevant. MS used to display it as 0.0.0.0 which is clearly wrong, but the default is more subtly wrong. If there is no NIC in the client, then the subnet mask is irrelevant as all traffic is passed through the dial-up connection.
The default router is displayed as the same as the address of the client RAS interface. What is actually used as default router is the RAS server itself.
WINS server addresses and DNS server addresses for use by the client similarly do not come from the parameters set on the DHCP server but instead are those used by the RAS server itself.
Node Type is not taken from the DHCP parameters but can change on the RAS client depending on WINS information. If the RAS server has no WINS servers defined locally, a b-node Windows NT RAS client will remain a b-node client. If the RAS server has WINS servers defined locally, a b-node Windows NT RAS client will switch to h-node for the duration of the connection.
More information can be found in knowledge base article Q160699 at http://support.microsoft.com/support/kb/articles/q160/6/99.asp
Q. How long is the lease on the IP address when issued to a RAS client from DHCP?
A. When a RAS server is set to allocate IP addresses from DHCP, it grabs n+1 addresses when the service starts, (where n is the number of dial-up interfaces), and keeps them. Therefore, the lease time is largely irrelevant. When a client dials in, the RAS server issues one of these cached leases and the RAS server maintains the lease on behalf of the client. The RAS server only records the address of the DHCP server and the lease parameters. All other DHCP options are discarded.
You may notice that, if you use IPCONFIG or WINIPCFG on a RAS client to look at lease information, it has null dates (ie. Jan 1, 1980). When the client disconnects, the IP address will be released back to the RAS server, NOT back to the DHCP server. This causes a lot of confusion when people expect to get their IP addresses back to the DHCP server. These will only be released back to DHCP when the RAS service is stopped and then the lease expires in due course.
Thanks to Peter Smith
Q. How can I disconnect users from the RAS server?
A. It is possible to disconnect any user using the "Remote Access Admin" utility:
If you also wanted to revoke the users dial-in permission check the 'Revoke Remote Access Permission' check box from the dialog.
Q. How can I disable the modem speaker when dialing?
A. Its possible to disable the modem speaker in a number of ways. The easiest method is to use the RAS properties:
 Single File Version_files/rasquiet.gif)
An alternative (and you may try this if the above fails to work) is to edit the dial string and add the control sequence for your modem to disable the speaker, its normally M0 however this can vary.
A. When you configure the RAS server, you set for each protocol the scope of the connection, the server or the whole network. To change this perform the following:
Clients should now be able to only view local RAS server connections.
Q. How do I install the Windows 98 Virtual Private Network adapter?
A. Windows 98 contains the Virtual Private Network as standard and to install perform the following:
Once the machine has rebooted to create a new VPN connection start the Dial-Up Networking software and double click the 'Make New Connection'.
Under the device select "Microsoft VPN Adapter", click Next and enter the host name or IP address of the VPN server.
To make a connection dial into the Internet then double click the VPN connection, enter a username and password and you are connected!
Q. How do I install the Point To Point Tunneling Server?
A. Windows NT Server contains the Point To Point Tunneling Protocol as standard and to install perform the following:
Once the machine has rebooted it will operate as a Virtual Private Network server. Make sure any users who want to logon to it have RAS dial in rights (as configured using User Manager).
If you experience any problems with protocols make sure that the RAS server has the protocols configured, e.g. TCP/IP correctly. This can be done by starting the Network Control panel applet, select Services, select RAS and click Configure. Select the VPN port and click Network. You can then configure TCP/IP etc., ensure there are no problems with addresses etc.
Extra VPN connections can also be configured by clicking Add and selecting VPN2, VPN3 etc. You can only have simultaneous VPN connections for the number of VPN devices on the server.
Q. How do I install the Windows NT Virtual Private Network client?
A. Windows NT contains the Virtual Private Network as standard and to install perform the following:
Once the machine has rebooted to create a new VPN connection start the Dial-Up Networking software and double click New.
Under the device select "Microsoft VPN Adapter", and under Phone number the host name or IP address of the VPN server.
To make a connection dial into the Internet then select the VPN connection, enter a username and password and you are connected!
You can check PPP is working by using the IPCONFIG command
PPP adapter NdisWan4:
IP Address. . . . . . . . . : 200.200.200.16
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . .
: 200.200.200.16
Q. How can I remove the dial-up networking icon from My Computer?
A. The dial-up networking icon can be removed by editing the registry as follows:
To restore it using your reg file just double click on the reg file from Explorer and dial-up networking will be restored.
Q. I've connected two computers using two 56K modems but I never connect at more than 33Kb, why?
A. The problem is that your modems cannot send faster than 33.6k. The 56k technologies, such as X2, K56flex and the new standard V.90 are asymmetric - 56k from a service such as an ISP to you, and 33.6k (maximum negotiated rate, may be less) from you to an ISP.
Having one of your V.90 modems call the other won't create a connection faster than 33.6k since neither side can transmit faster than 33.6k. The 56Kb is possible because the line from your house to the telephone company switching office is analog, and that the rest of the path from the CO to the service (ISP) is 100% digital. At the service end, they specifically install digital modems designed to operate as the service end of V.90/X2/K56flex connection.
This means you would need on of the boxes the same kind of modem that an ISP would buy. You may find however that you can't get one of those without also having the digital phone circuit to connect it to.
If you need 56Kb look at ISDN. The easiest way to setup a system which can accept 56K V90 incoming connections is to get an ISDN2 or home highway and a 3COM Courier-I modem. The Courier-I can act as a standard and ISDN modem. It will also act in V90 mode as a server it it detects an incoming analogue call across the ISDN.
Q. My modem is not supported by RAS, what can I do?
A. Windows NT RAS has support for Unimodem modems and can be configured as follows:
Once enabled you will only have the options to select from the list of modems (in modem.inf) and not 'Have disk' or 'Install Modem' option.
If your modem does not exist on the list of modems download the modems .inf file from the manufacturer and copy to modem.inf in the %systemroot%\system32\RAS or just add details to the original modem.inf file. Make sure you backup the original modem.inf file.
Run the Network control panel applet and select services. Select Remote Access Services and click Properties. Remove any ports currently defined and click Add, add the ports and RAS will use the MODEM.INF file to get initialization information for the modem.
Q. I get error 'There is no answer' from the PPTP server, why?
A. This is caused by either the RAS Connection Manager and Remote Access Server cannot be started or they are set to manual startup.
To fix just start the RAS Connection Manager and RAS and change the RAS Connection Manager startup to automatic using the Services control panel applet.
To test try to PING the PPTP server over the internet.
Q. DEVICE.LOG does not capture modem commands, what can I do?
A. When you use a Unimodem the device.log no longer captures the command however you can create an alternate log file to capture the modem commands:
The log file will be created in the %systemroot% directory with name MODEMLOG_<modem>.TXT.
Q. How do I create a dial-up connection in Windows 2000?
A. Windows 2000 has removed the segregation between LAN and dial-up connections, they are all just connections now.
To create a Dial-up connection to an ISP or your work you need to create a new connection using a modem as the connection medium:
 Single File Version_files/ras20001.gif)
 Single File Version_files/ras20002.gif)
Your new connection will now be visible from 'Network and Dial-up Connections'. To change its properties right click on the connection and select Properties.
A. If you are viewing this page on the web then you are using TCP/IP now! TCP/IP is a suite of related protocols and utilities used for network communications. TCP/IP is actually two protocols, Internet Protocol (IP) and Transmission Control Protocol (TCP). There are many different implementations of TCP/IP however they all conform to a standard which means different implementations can communicate with each other.
Each machine that uses TCP/IP must have a unique TCP/IP address which is a 32 bit number, which is usually displayed in the dotted quad (or dotted decimal) format xxx.xxx.xxx.xxx, where xxx is a number from 0 to 255, for example the IP address 147.98.26.11 is shown in its 32 bit form, and how it breaks down into the dotted quad format
|
10010011 |
01100010 |
00011010 |
00001011 |
|
147 |
98 |
26 |
11 |
TCP/IP was originally used on ARPANET, a military network and grow to universities and is now used on virtually every computer system.
A. Below are the instructions on installing non-DHCP clients:
Q. Is there a way to trace TCP/IP traffic using NT?
A. As part of the Systems Management Server there is a Network Monitor module which enables the entire network to be monitored, also traffic over a modem. There is a limited version of this with NT 4.0 server, however only communications between the server and other computers can be monitored. The Network Monitor Service has to be installed (Control Panel - Network - Services - Add).
Q. I do not have a network card, but would like to install TCP/IP.
A. Microsoft provide a Loopback adapter that can be used for the testing of TCP/IP. To install the Loopback adapter perform the following actions:
Q. I have installed TCP/IP, what steps should I use to verify the setup is correct?
A. Follow the steps below:
Q. How can I trace the route the TCP/IP packets take?
A. In general TCP/IP packets will not always take the same route to a destination, however the start of the journey is likely to be the same, i.e. to your gateway, to the firewall etc. The command to use is tracert and the syntax is as follows
c:\tracert <host name or IP
address>,e.g.
c:\tracert news.savilltech.com
Tracing
route to news.savilltech.com [200.200.8.55]
over a maximum of 30
hops:
1 <10 ms <10 ms <10 ms 200.200.24.1
200.200.200.24.1 is the gateway
2 <10 ms 10ms
<10 ms 200.200.255.81
3 30 ms 10 ms 10 ms news.savilltech.com
[200.200.8.55]
Trace complete
The first column is the hop count, the next 3 columns show the time taken for the cumulative round-trip times (in milliseconds), the 4th column is the hostname if the IP address was resolved, and the last column is the IP address of the host. It is really like a street map telling each turn to take. An important thing to note is to look for looping routes, so host a goes to b then c then back to a, as this indicates a problem usually.
Tracert will not always work with some FireWalls for hosts outside the FireWall.
A. As has been shown the IP address consists of 4 octets and is usually displayed in the format 200.200.200.5, however this address on its own does not mean much and a subnet mask is required to show which part of the IP address is the Network ID, and which part the Host ID. Imagine the Network ID as the road name, and Host ID as the house number, so with "54 Grove Street", 54 would be the Host ID, and Grove Street the Network ID. The subnet mask shows which part of the IP address is the Network ID, and which part is the Host ID.
For example, with an address of 200.200.200.5, and a subnet mask of 255.255.255.0, the Network ID is 200.200.200, and the Host ID is 5. This is calculated using the following:
| IP Address | 11001000 | 11001000 | 11001000 | 00000101 |
| Subnet Mask | 11111111 | 11111111 | 11111111 | 00000000 |
| Network ID | 11001000 | 11001000 | 11001000 | 00000000 |
| Host ID | 00000000 | 00000000 | 00000000 | 00000101 |
What happens is a bitwise AND operation between the IP address and the subnet mask, e.g.
1 AND 1=1
1 AND 0=0
0 AND 1=0
0 AND 0=0
There are default subnet masks depending on the class of the IP address as follows:
Class A : 001.xxx.xxx.xxx to 126.xxx.xxx.xxx uses subnet mask 255.0.0.0 as
default
Class B : 128.xxx.xxx.xxx to 191.xxx.xxx.xxx uses subnet mask
255.255.0.0 as default
Class C : 192.xxx.xxx.xxx to 224.xxx.xxx.xxx uses
subnet mask 255.255.255.0 as default
Where's 127.xxx.xxx.xxx ??? This is a reserved address that is used for testing purposes. If you ping 127.0.0.1 you will ping yourself :-)
The subnet mask is used when two hosts communicate. If the two hosts are on the same network then host a will talk directly to host b, however if host b is on a different network then host a will have to communicate via a gateway, and the way host a can tell if it is on the same network is using the subnet mask. For example
Host A 200.200.200.5
Host B 200.200.200.9
Host C
200.200.199.6
Subnet Mask 255.255.255.0
If Host A communicates with Host B, they are both have Network ID 200.200.200 so Host A communicates directly to Host B. If Host A communicates with Host C they are on different networks, 200.200.200 and 200.200.199 respectively so Host A would send via a gateway.
Q. What diagnostic utilities are there for TCP/IP?
A. We have already seen PING and TRACERT, and below is a full list
For more information on these commands just enter the command with a -?, e.g. netstat -?
Q. What is routing and how is it configured?
A. When host a wants to send to host b, if they are on the same local network then the IP protocol resolves the IP address to a physical address using ARP (Address Resolution Protocol), and the physical address (e.g. 00-05-f3-43-d3-3e) of the source and destination hosts are added to the IP datagram to form a frame, and using the frame, the two hosts can communicate directly with each other.
If the 2 hosts are not on the same local network, then they cannot communicate directly with each other, and instead have to go through a router. You have probably already come across a router when you install TCP/IP, as the default gateway is just a router that you have chosen to use as a means of communicating with hosts outside your local network if no specific route is known. A router can be a Windows NT computer with 2 or more network cards (one card for connection to each separate local network) or it can be a physical hardware device, such as Cisco routers.
Assuming our two hosts are not on the same local network, host A will check its routing table for a router that connects to the local network of host B. If it does not find a match then the data packets will be send to the "default gateway". In most cases, there will not be one router that connects straight to the intended recipient, rather the router will know of another route to pass on your packet, which will then goto another router etc.
For example:
Host A - 200.200.200.5
Host B - 200.200.199.6
Subnet Mask -
255.255.255.0
Router - 200.200.200.2 and 200.200.199.2
Host A's routing
table - Network 200.200.199.0 use router 200.200.200.2
In this example, Host A would deduce that Host B is on a separate network, as its Network ID is 200.200.199. Host A would then check its routing table and see that it knows for network 200.200.199 (the zero means all) it should send to 200.200.200.2. The router would receive the packets and then forward them to network 200.200.199.
What actually happens is each router will have its own routing table that will point to other routes.
To actually configure a route, you use the route command, for example to configure a root for network 200.200.199 to use router 200.200.200.2 you would type
route -p add 200.200.199.0 mask 255.255.255.0 200.200.200.2
The -p makes the addition permanent, otherwise it will be lost with a reboot.
To view your existing information type route print.
A. ARP stands for Address Resolution Protocol and was touched on in the previous question as a means of resolving a IP address to an actual physical network card address.
All network cards have a unique 48 bit address, that is written as six hexadecimal pairs, e.g. 00-A0-24-7A-01-48, and this address is hard coded into the network card. You can view your network cards hardware address by typing
ipconfig /all
.
Ethernet adapter
Elnk31:
Description . . . . . . . . : ELNK3 Ethernet Adapter.
Physical
Address. . . . . . : 00-A0-24-7A-01-48
DHCP Enabled. . . . .
. . . : No
IP Address. . . . . . . . . : 200.200.200.5
Subnet Mask . . . .
. . . . : 255.255.255.0
Default Gateway . . . . . . :
200.200.200.1
Primary WINS Server . . . . : 200.200.50.23
Secondary WINS
Server . . . : 200.200.40.190
As discussed in the Subnet question, if a packets destination is on the same local network as the senders, then the sender needs to resolve the destinations IP address into a physical hardware address, otherwise the sender needs to resolve the routers IP address into a physical hardware address. When a NT machines TCP/IP component starts, it broadcasts an ARP message with its IP to hardware address pair. The basic order of events for sending to a host on the local network is as follows:
If you are sending to a destination not on your local network, then the process is similar except the sender will resolve the routes IP address instead.
To inspect your machines ARP cache, type:
arp -a
and a
list of IP address to hardware address pairs will be shown. Try pinging a host
on your local network and then displaying the ARP cache again and you will see
an entry for the host, also try pinging a host outside your local network and
check the ARP cache and an entry for the router will have been
added. You will notice that the word dynamic is listed with the records, and
this is because they were added as needed and are volatile, hence will be lost
on reboot. In fact the entries will be lost quicker than this! If an entry is
not used again within 2 minutes then it will be deleted from the cache. If it is
used within 2 minutes, it will not be deleted for a further 10 minutes, unless
used again and then it would be ten minutes from when used :-).
You may wish to add static entries for some hosts (to save time with the ARP
requests) and the format is
arp -s <IP address> <hardware
address>, e.g.
arp -s 200.200.200.5 00-A0-24-7A-01-48
Q. My Network is not connected to the Internet, can I use any IP address?
A. The basic answer would be Yes, however it is advisable to use one of the following ranges which are reserved for use by private networks:
10.0.0.0 - 10.255.255.255 this is a single class A
network
172.16.0.0 - 172.31.255.255 this is a group
of 16 contiguous class B networks
192.168.0.0 - 192.168.255.255
this is a contiguous group of 256 class C networks
The addresses above are detailed in RFC 1918 (Request for comment). The advantage of these addresses is that they should be automatically filtered out by routers, thus protecting the internet. Obviously if you did one day want to part of your network on the internet you would need to apply for a range of IP addresses (from Internic or from your ISP).
These addresses are routable and routers will route them by default. You
aren't supposed to route them publicly, and need to configure your router
accordingly. Internet backbone routers have been specifically configured to not
route these addresses, but that is a specific configuration
choice.
People using these addresses must specifically configure their
routers to not route these addresses.
Routers route these addresses by
default as they don't know whether they are gateway routers or some intermediate
router on a WAN (behind a gateway).
Q. How can I increase the time entries are kept in the ARP cache?
A. The default 2 minutes can be changed by performing the following:
Q. What other registry entries are there for TCP/IP?
A. There is a whole knowledge base article on them that may be useful at http://support.microsoft.com/support/kb/articles/q120/6/42.asp .
Q. How can I configure more than 6 IP addresses?
A. Using the TCP/IP configuration GUI you are limited to 6 IP addresses however more can be added by directly editing the registry:
Q. What are the common TCP ports?
A. Below is a list of the most common TCP ports.
| Keyword | Port | Description |
| echo | 7 | Echo |
| systat | 11 | Active Users |
| qotd | 17 | Quote of the day |
| msp | 18 | Message Send Protocol |
| ftp-data | 20 | File Transfer (Data Channel) |
| ftp | 21 | File Transfer (Control) |
| telnet | 23 | Telnet |
| smtp | 25 | Simple Mail Transfer |
| name | 42 | TCP Nameserver |
| bootps | 67 | Bootstrap Protocol Servre |
| bootpc | 68 | Bootstrap Protocol Client |
| tftp | 69 | Trival File Transfer |
| gopher | 70 | Gopher |
| finger | 79 | Finger |
| www | 80 | World Wide Web |
| kerberos | 88 | Kerberos |
| pop3 | 110 | TCP post office |
| nntp | 119 | USENET |
| nfs | 2049 | Network File System |
Q. How can I perform a migration to DHCP?
A. There are only a few basic registry entries that define a client as a DHCP client so an easy way to migrate clients to DHCP is to create a registry script that sets the required values via logon script. You should obviously be careful that there is no overlap between the addresses in the DHCP address pool and those statically assigned.
The DHCP service needs to be configured to start at system startup.Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP\ and change the value entry Start from 1 to 2.
TCPIP parameters are defined to each NIC (Network Interface Card).
The following is an example registry script you may consider using. If you are unsure of the card service goto HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\1 and write down the data for the value entry ServiceName
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<card
service>\Parameters\Tcpip]
"EnableDHCP"=dword:00000001
"IPInterfaceContext"=dword:00000001
"IPInterfaceContextMax"=dword:00000001
You should then add something into the logon script to detect the NIC installed into the computer, run the reg script and request an IP address, e.g.
if reg=elpc575 (for the 3com575tx) goto
dhcp
..
..
..
:dhcp
regedit /s NIC_dhcp.reg
ipconfig
/renew
net send %computername% Congrats Your computer has been configured for
DHCP!
endif
A quick way to find out which network card you are using is on you LAN you will have various types of NIC.
For instance you may have the 3c89d, netflx3,3c575tx for instance for the Neflx3 driver, when the install takes place on the NT 4.0 it adds a registry key in the HKEY_LOCAL_MACHINE\systems\Current control set\system\services\cpqNF31 with the parameters:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CpqNF31\Parameters\Tcpip]
"EnableDHCP"=dword:00000000.
You have to find out what the key name is because it is different for each NIC then you can run kix32.exe and use the arguement:
EXISTKEY (
"Key"
)
Checks for the existence of a registry key.
Parameters
Key - Identifies the key you want to check the existence
of.
Returns
0 the key specified exists (Note : this is different from the way
the EXIST function works...)
>0 the key does not exist, returncode
represents an errorcode
$ReturnCode=ExistKey(
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CpqNF31"
)
If $ReturnCode=0
? "Key exists...."
Endif
...to detemine if the key exist and then execute accordingly for that specific card.
You may also set the value IPAddress=0.0.0.0 and value SubnetMask=0.0.0.0 for the card service however they will be ignored anyway. Fill in the IPAddress and SubnetMask with 0.0.0.0. Blanking out or deleting the values won't work. Restart the workstation to complete the change.
This can also be done using Windows Scripting Host
From MS SupportOnline Article ID: Q197424
'-----------------------------------------------------------------------
' The following script reads the registry value name IPAddress to
' determine which registry entries need to be changed to enable DHCP.
' This sample checks the first 11 network bindings for TCP/IP, which is
' typically sufficient in most environments.
' ----------------------------------------------------------------------
Dim WSHShell, NList, N, IPAddress, IPMask, IPValue, RegLoc
Set WSHShell = WScript.CreateObject("WScript.Shell")
NList = array("0000","0001","0002","0003","0004","0005","0006", _
"0007","0008","0009","0010")
On Error Resume Next
RegLoc = "HKLM\System\CurrentControlSet\Services\Class\NetTrans\"
For Each N In NList
IPValue = "" 'Resets variable
IPAddress = RegLoc & N & "\IPAddress"
IPMask = RegLoc & N & "\IPMask"
IPValue = WSHShell.RegRead(IPAddress)
If (IPValue <> "") and (IPValue <> "0.0.0.0") then
WSHShell.RegWrite IPAddress,"0.0.0.0"
WSHShell.RegWrite IPMASK,"0.0.0.0"
end If
Next
WScript.Quit ' Tells the script to stop and exit.
Q. How do I assign multiple IP addresses to a single NIC?
A. It is possible to assign more than one IP address to a single NIC (Network Interface Card). To configure extra IP addresses under NT 4.0 perform the following:
 Single File Version_files/ipadd.gif)
Under Windows 2000 the procedure is the same except to get the TCP/IP protocol properties you need to:
Q. How do I install the Network Monitor Utility?
A. Windows NT Server ships with a limited version of the Network Monitor utility which allows you to monitor only traffic to and from the installed box. The full SMS version allows promiscuous monitoring of the network.
To install the basic NT version:
The SMS 1.2 version can be installed as part of a full SMS installation by selecting "Install Admin Tools" option and clicking Custom to add the network monitor. It can also be installed directly from the SMS\nmext directory on the SMS 1.2 CD-ROM:
SMS 2.0 version instructions will be added shortly.
Q. How do I perform a network trace using NetMon?
A. To start Network Monitor select "Network Monitor" from the "Network Analysis Tools" Start menu Programs folder. Once started you will be presented with the initial trace dialog which is split into 4 main windows.
 Single File Version_files/netmon.gif)
Initially the trace will be for all hosts to all hosts however you will probably want to refine this using a filter as follows:
You are now ready to start the search by selecting Start from the Capture menu (or click F10). Once you have collected the data you require stop the search by selecting Stop from the Capture menu (or click F11). An alternative is to select Stop + View data which will stop the trace and show the captured data.
The normal method to display captured data is to select "Display Captured Data" from the Capture menu or click F12. A new dialog will be shown will all frames sent between the selected hosts. For more detail about a frame just double click it. It will then give the full frame information and content.
 Single File Version_files/netmon2.gif)
Notice you can actually see the data that was sent and full IP and TCP headers can also be inspected. If you start another search it will ask if you want to save the current captured data. You can also manually save by selecting "Save As" from the File menu.
Q. Nothing shows up on my NETMON trace, why?
A. Netmon is capable of capturing data on all adapters including RAS adapters and by default it will trace the adapter with the lowest MAC address, which would be 000000000000 for a RAS device and thus the default.
To change the adapter used perform the following:
 Single File Version_files/netmon3.gif)
Restart your capture. You could check your cards MAC address (if you had several) using the IPCONFIG /ALL command.
A. In some situations you may want to monitor traffic for a certain machine but are unable to actually use that machine to perform the network monitor (maybe because of physical location).
The Network Monitor agent is installed on the machine whose traffic you wish to monitor and then you can "connect" to it from a machine running the Network Monitor application and capture its traffic.
The Network Monitor agent runs as a service and needs to be started on the machine whose traffic you wish to capture.
Q. How do I install the Network Monitor agent?
A. The Network Monitor agent is supplied with both Windows NT Workstation and Windows NT Server and is installed as follows:
Once the reboot has completed you need to configure the Network Monitor so it starts automatically
To start the Network Monitor Service from the command line use the command
C:\> net start nmagent
Q. How do I monitor traffic for an agent?
A. To monitor traffic from an agent perform the following:
 Single File Version_files/netmon4.gif)
If the connection fails ensure the Network Monitor Agent is running on the remote machine and that you have local Administrator rights on it.
You can now perform captures as per normal. To switch back to local just select Networks from the Capture menu and select one of the Local node options.
Q. How do I filter captured packets?
A. Once you have captured data it is possible to apply a filter to view only certain type of packets:
 Single File Version_files/netfilter.gif)
The data displayed will now be that which matches the specified criteria. Do disable the filter just select "Disable Filter" from the Filter menu.
A. IPv6 is the next verions of the Internet Protocol, version 6.0 hence IPv6.
Current computers use IP version 4.0 which despite being created in the mid-1970's has done very well however it has reached its limit and is about to run out of addresses and is not the most bandwidth friendly protocol so its time for an upgrade.
Below are the 4 main reasons that IP version 4.0 needs an upgrade:
Current IP addresses consist of 32 bits, represented as 4 bytes, dotted-quad format, e.g. 200.200.200.202. IP version 6 uses 128 bits for addresses!
IPv6 is defined in the following RFC's (Request for Comments)
Q. How will IPv6 addresses be written?
A. Since IPv6 address's are 128-bit and hence four times longer than an IPv4 address, addresses are expressed as:
X:X:X:X:X:X:X:X
where each X is a 4-digit hexadecimal integer (16 bits) and each digit is 4 bits and so can be between 0 and F (F is 15 in hexadecimal) and so examples of valid addresses would be
FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
1080:0:0:0:8:800:200C:417A
Notice in the second address you can leave off any leading zeros, but you must have at least one numeral in each part. For example :0800: can be written as :800:.
Obviously you may have a large sequence of zero's in the address and so it is possible to have a single gap by writing :: which will fill the gap with zero's, for example
1080:0:0:0:8:800:200C:417A
may be written as
1080::8:800:200C:417A
0:0:0:0:0:0:0:1 the loopback address (the same as 127.0.0.1 in IPv6) can be written as ::1.
A third format is available, when dealing with a mixed environment of IPv4 and IPv6 nodes is
x:x:x:x:x:x:d.d.d.d
where the 'x's are the hexadecimal values of the six high-order 16-bit pieces of the address, and the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation). Examples:
0:0:0:0:0:0:13.1.68.3
0:0:0:0:0:FFFF:129.144.52.38
or in compressed form:
::13.1.68.3
::FFFF:129.144.52.38
The subnet mask is now replaced by a number appended to the network address specifying the number of bits making up the network part (CIDR notation), e.g. ipv6-address/prefix-length:
12AB:0000:0000:CD30:0000:0000:0000:0000/60
12AB:0000:0000:CD30::/60
Means the first 60 bits make up the network part of the address.
When writing both a node address and a prefix of that node address (e.g., the node's subnet prefix), the two can combined as follows:
the node address 11AC:0:0:CA20:123:4567:89AB:CDEF
and its subnet
number 11AC:0:0:CA20::/60
can be abbreviated as 11AC:0:0:CA20:123:4567:89AB:CDEF/60
Q. What is the IPv6 header format?
A. Below is the specification for the header format of IPv6:
| ||||||
| Source Address | ||||||
| Destination Address |
Version - 4-bit Internet Protocol version number.
Traffic Class - 8-bit traffic class field
Flow Label - 20-bit flow label
Payload Length -16-bit unsigned integer. Length of the IPv6 payload, i.e., the rest of the packet following this IPv6 header, in octets. (Note that any present are considered part of the payload, i.e., included in the length count.)
Next Header - 8-bit selector. Identifies the type of header immediately following the IPv6 header. Uses the same values as the IPv4 Protocol field [RFC-1700 et seq.].
Hop Limit - 8-bit unsigned integer. Decremented by 1 by each node that forwards the packet. The packet is discarded if Hop Limit is decremented to zero.
Source Address - 128-bit address of the originator of the packet.
Destination Address - 128-bit address of the intended recipient of the packet (possibly not the ultimate recipient, if a Routing header is present).
Notice that the IPv6 header has far less fields than the IPv4 header and IPv6 introduces a number of extension headers as defined in RFC 2460.
Q. I am unable to install TCP/IP, why?
A. If you are trying to reinstall TCP/IP after previously uninstalling it the problem may be due to certain TCP/IP registry values not being removed correctly.
To manually remove perform the following:
An alternative which avoids having to change security is to start regedt32.exe under the System account by submitting it via the schedule service
C:\> net start schedule (only if not already
running)
C:\> at <time> /inter
regedt32.exe
C:\> net stop schedule (only
if you had to start it)
Once the computer has rebooted restart REGEDT32.EXE and ensure all of the following are deleted (these are the keys whose security you must set)
Connectivity Utilities:
SNMP Service:
TCP/IP Network Printing Support:
FTP Server Service:
Simple TCP/IP Services:
DHCP Server Service:
WINS Server Service:
Windows sockets:
It may also be necessary to remove the following keys:
Q. What switches can be used with PING?
A. PING is used to test TCP/IP connectivity with another host and gives information about the length of time test data takes to be sent to the host and a reply received.
Its most basic use is as follows:
C:\>ping <IP address or hostname>
Pinging 160.82.52.11 with 32 bytes of data:
Reply from 160.82.52.11: bytes=32 time=10ms TTL=252
Reply from
160.82.52.11: bytes=32 time<10ms TTL=252
Reply from 160.82.52.11:
bytes=32 time<10ms TTL=252
Reply from 160.82.52.11: bytes=32 time<10ms
TTL=252
From the above you can see it send 32 bytes to host 160.82.52.11 and each time a reply was received in 10ms or less, this shows a good connection.
PING does have a number of option parameters to accomplish different objectives.
ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout] destination-list
| -t | Ping the specifed host until interrupted. |
| -a | Resolve addresses to hostnames. |
| -n count | Number of echo requests to send. |
| -l size | Send buffer size. |
| -f | Set Don't Fragment flag in packet. |
| -i TTL | Time To Live. |
| -v TOS | Type Of Service. |
| -r count | Record route for count hops. |
| -s count | Timestamp for count hops. |
| -j host-list | Loose source route along host-list. |
| -k host-list | Strict source route along host-list. |
| -w timeout | Timeout in milliseconds to wait for each reply. |
In Windows 2000 you can press Ctrl-Break when running the -t option for a list of statisitics. Press Ctrl-C to actually stop the ping.
It can be useful to have a small batch file ping various hosts and terminal servers at regular intervals to ensure all are still present (although there are commercial software packages that do this). A simple command like:
C:\>ping -f -n 1 -l 1 148.32.43.23
Pinging 148.32.43.23 with 1 bytes of data:
Reply from 148.32.43.23: bytes=1 time<10ms TTL=128
pings a host once with one byte of data.
You should be aware that PING works by sending ICMP echo packets and some routers etc may filter these out meaning a PING will not work.
Q. How can I modify TCP retransmission timeout?
A. Service Pack 5 adds a new registry entry, InitialRtt, which allows the retransmission time to be modified. The range is 0 - 65535 milliseconds and can be set as follows:
This parameter controls the initial retransmission timeout used by TCP on each new connection. It applies to the connection request (SYN) and to the first data segment(s) sent on each connection.
Care should be used when adjusting this value. Setting it to large values will dramatically increase the amount of time that it takes for a TCP connection attempt to fail, if the target IP address does not exist.
For instance, the default value is 3,000, or 3 seconds. By default, a connection request is retried 2 times. The total time-out is (3+6+12) seconds, or 21 seconds.
If this registry value is set to 6,000 (6 seconds), the total timeout will be (6+12+24) seconds, or 42 seconds. During this time, an application can appear to stop responding (hang).
Q. How can I disable media-sense for TCP/IP?
A. Windows 2000 introduces media-sense which in a Network Interface Card can detect if it is connected to a network cable and if it is not connected it disables protocols on that adapter (although the loopback address 127.0.0.1 and the local hostname still works).
This may be very inconvenient especially on portables as you may have programs running which requires use of its normal IP address so you can disable this media-sense for TCP/IP only (not the other protocols)
Cheers to Thomas Lee for letting me know media-sense existed :-)
A. DHCP stands for Dynamic Host Configuration Protocol and is used to automatically configure a host during boot up on a TCP/IP network and also to change settings while the host is attached.
This means that you can store all the available IP addresses in a central database along with information such as the subnet mask, gateways, DNS servers etc.
The basics behind DHCP is the clients are configured to use DHCP instead of being given a static IP address. When the client boots up it sends out a BOOTP request for an IP address. A DHCP server then offers an IP address that has not been assigned from its database, which is then leased to the client for a pre-defined time period.
 Single File Version_files/dhcpexample.gif)
If the DHCP client is Windows 2000 and no offer is made and IP auto configuration has not been disabled the client will attempt to find and use an IP address not currently in use otherwise TCP/IP will be disabled.
Q. How do I install the DHCP Server Service?
A. The DHCP server service can only be install on a NT Server.
Under Windows 2000 to install perform the following:
Q. How do I configure DHCP Server Service?
A. The DHCP Server Service is configured using "DHCP Manager" that is installed after the installation of the DHCP Server Service.
Usually items such as DNS servers, WINS server etc will be configured on a global scale and this is also done using Server Manager
Q. How do I configure a client to use DHCP?
A. For NT workstation and Windows95 follow the instructions below:
For Windows 98:
Q. How can I compress my DHCP database?
A. NT Server ships with a utility called JETPACK.EXE which can be used to compact DHCP and WINS databases. To compact your DHCP database perform the following:
Note: While you stop the DHCP service, clients using DHCP to receive a TCP/IP address will not be able to start this protocol and may hang.
Jetpack actually compacts DHCP.MDB into TMP.MDB, then deletes DHCP.MDB and copies TMP.MDB to DHCP.MDB! Simple :-)
For more information, see Knowledge base article Q145881 at http://support.microsoft.com/support/kb/articles/q145/8/81.asp
Q. How can a DHCP client find its IP address?
A. Depending on the client:
Windows NT machine - type ipconfig from the command
prompt
Windows 95 machine - run winipcfg.exe
Q. How can I move a DHCP database from one server to another?
A. Perform the steps below on the server that currently hosts the DHCP Server service. Be warned that while doing this no DHCP clients will be able to start TCP/IP so this should be done outside working hours.
Optionally if you want to remove DHCP from the source machine totally delete the DHCP directory (%systemroot%\system32\dhcp) and then delete the DHCP Service (Start - Settings - Network - Services - Microsoft DHCP Server - Remove)
On the new DHCP server perform the following
Q. How do I create a DHCP Relay Agent?
A. If you have routers separating some of your DHCP clients from the DHCP server you may have problems if they are not RFC compliant. This can be solved by placing a DHCP relay agent on the local network area which is not actually a DHCP server which communicates on behalf of the DHCP Server. The DHCP Relay Agent must be a Windows NT Server computer.
Q. How can I stop the DHCP Relay Agent?
A. All you have to do is stop the DHCP Relay Agent service:
Q. How can I backup the DHCP database?
A. The DHCP database backs itself up automatically every 60 minutes to the %SystemRoot%\System32\Dhcp\Backup\Jet directory. This interval can be changed:
You could backup the %SystemRoot%\System32\Dhcp\Backup\Jet directory if you wish.
Q. How can I restore the DHCP database?
A. Perform one of the following:
Q. How do I reserve a specific address for a particular machine?
A. Before performing this you will need to know the hardware address of the machine and this can be found by entering the command
ipconfig /all
Look for the line
Physical Address. . . . . . : 00-60-97-A4-20-86
Now at the DHCP server perform the following
Q. What registry settings control the DHCP log in Windows 2000?
A. DHCP has always had auditing abilities for DHCP however these abilities have been expanded in 2000 to reduce problems CAUSED by the log files. These improvements will stop log files filling to take up whole partitions and cause system problems.
The following keys are all located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters
| Value Name | Type | Description |
| DhcpLogFilePath | REG_SZ | The partition and directory for the audit logs to be written to. Make sure you write the entire path |
| DhcpLogMinSpaceOnDisk | REG_DWORD | If free space falls below this number (in megabytes) audit logging is stopped |
| DhcpLogDiskSpaceCheckInterval | REG_DWORD | Number of times the audit log is written to before checking for free disk space |
| DhcpLogFileMaxSize | REG_DWORD | Maximum size in megabytes the logs can grow to. By default it is 7. |
Q. How do I authorize a DHCP server in Windows 2000?
A. Any user running Windows 2000 server could install the DHCP server service causing potential problems and so Windows 2000 adds the concept of authorizing the servers with the Active Directory before they can service client requests. If the server is not authorized in the Active Directory then the DHCP service will not be started.
To Authorize a server perform the following:
The red arrow  Single File Version_files/dhcpdis.gif){kind=small}
over the DHCP server should now change to a green one  Single File Version_files/dhcpenb.gif){kind=small}
if you select refresh (it may take a few minutes).
Q. How do I create a DHCP scope in Windows 2000?
A. A DHCP scope is a range of addresses that can be assigned to clients and can also optionally provide information about DNS servers, WINS etc.
DHCP scopes are configured using the DHCP MMC snap-in as follows:
 Single File Version_files/dhcpscope1.gif)
 Single File Version_files/dhcpscope2.gif)
 Single File Version_files/dhcpscopedns.gif)
The new scope will now be listed and the status as either Active or Inactive.
If you selected to not activate the scope it can be manually activated by
right clicking on the scope, select 'All Tasks' and select Activate. The
activation is immediate. Likewise you can deactivate by selecting deactivate
 Single File Version_files/activatescope.gif)
Useful links:
Q. How do I configure DHCP scope options in Windows 2000?
A. When you create a scope the more common options such as DNS and WINS servers can be configured but many more options are available.
 Single File Version_files/timeserv.gif)
The new option(s) will now show in the right hand window. You can change existing options by performing the above and selecting an item already configured and change the details in the Data entry area.
Q. How can I view DHCP address leases in Windows 2000?
A. When a client is offered and accepts an IP address a 'lease' is created for x amount of days. To view current leases perform the following:
It will give details of the IP address, client name and the lease expiration date. Expired leases are also shown for approximately one day but have a dimmed icon. This grace period protects a client lease in the event of the client and server being in different time zones, clocks not synced or simply offline.
Q. How do I change the DHCP address lease time in Windows 2000?
A. To modify the DHCP lease duration from the normal 8 days perform the following:
 Single File Version_files/dhcplease.gif)
Q. How do I install the DNS Service?
A. The DNS Service can only be installed on NT Server and is installed as follows:
Q. How do I configure a domain on the DNS Server?
A. A new application has been added to the Administrative Tools group, DNS Manager, to configure the domain follow the procedures below:
Q. How do I add a record to the DNS?
A. To add a record, for example TAZ with IP address 200.200.200.4 perform the following
Q. How do I configure a client to use the DNS?
A. For an NT machine (and Windows 95) perform the following:
To test, you can start a command prompt and enter
nslookup <host name>
e.g. nslookup taz
The IP address of Taz will be displayed. Also try the reverse translation by entering
nslookup <ipaddress>
e.g. nslookup
200.200.200.4
The name Taz will be displayed.
Q. How do I change the IP address of a DNS server?
A. The information below assumes you have already changed the IP address of the machine ( Start - Settings - Control Panel - Network - Protocols - TCP/IP - Properties) and have rebooted. The scenario below assumes the old IP address was 200.200.200.3 and the new is 200.200.200.8
Update all the clients to use the new DNS server IP address.
The above procedure is the most complete way, however it should still work if you only perform steps 2 and 3.
Q. How can I configure DNS to use a WINS server?
A. Is is possible to configure the DNS to use a WINS server to resolve the host name of a Fully Qualified Domain Name (FQDN).
Q. Where in the registry are the entries for the DNS servers located?
A. The entries for the DNS servers are stored in the registry in the location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters under the NameServer value, Each entry should be separated by a space. Using the Resource Kit utility REG.EXE the command to change would be as follows
reg update HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\NameServer="158.234.8.70 158.234.8.100" \\<machine name>
where 158.234.8.70 and 158.234.8.100 were the addresses of the DNS servers you wanted to configure. Note it sets the value, it does not append so ensure you enter in the existing DNS servers as well as the new ones.
This may be useful for granting users access to the internet by remotely updating their registry to know which DNS servers to use.
Q. I receive error message "No More Endpoints".
A. This can be caused by installing DNS on a machine that has previous settings contained in the %systemroot%\system32\dns directory. To correct perform the following.
Q. How do I configure DNS for an NT 5.0 domain? - NT 5.0 only
A. Windows NT 5.0 domains rely on DNS and require Dynamic DNS which is an update to the basic DNS specification and details can be found in RFC 2136 that can be viewed at ftp://ftp.isi.edu/in-notes/rfc2136.txt.
Another major update in DNS 5.0 is the addition of service (SRV) records and these have already been seen as a mechanism for publishing the ldap server, ldap.tcp.<domain> and it is through these records that domains can be looked up through the DNS service.
You could perform this on a separate NT 5.0 machine, the domain controller and the DNS server will probably not be the same machine, it just has to exist before upgrading the server to a domain controller. To install DNS 5.0 on the server perform the following:
You then need to configure the DNS service
Now the basic zone is configured the required entries for the domain need to be added
The final stage is to configure the zones to be dynamic update enabled which allows hosts to add records in the DNS server.
DNS is now configured for a domain and you can create the domain.
Q. How do I configure Active Directory integrated DNS? - NT 5.0 only
A. It is possible to configure DNS servers that are also domain controllers to store the contents of the DNS database in the Active Directory which will then be replicated to all domain controllers in the domain. The option to store the DNS database in the Active Directory is not available on DNS servers that are not domain controllers.
Q. Setting a secondary DNS server as primary results in errors.
A. If you have a secondary DNS server configured to duplicate all entries from another DNS server you may experience a problem if you try and set it as a primary DNS server, which results in the service not starting and an error to the effect of the data being wrong:
Event ID: 7023
The MS DNS Server service terminated with the following
error:
The data is invalid.
Event ID: 130
DNS Server zone zone name has invalid or corrupted
registry data.
Delete its registry data and recreate with DNSAdmin.
Event ID: 133 DNS
Server secondary zone zone name, had no master IP
addresses in registry.
Secondary zones require masters.
The DNS Manager forgets to set the correct value for the DNS Type in the registry (secondary is remaining), but it is erasing the address of the primary DNS, where the data came from. To correct this perform the following:
You should now be able to successfully start the DNS service
C:\> net start dns
The TYPE value can have one of two values,
0x1 specifies Primary zone
0x2 specifies secondary zone
A fix for this can be downloaded from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/%20hotfixes-postSP3/dns-fix
Q. How do I turn off Dynamic DNS? - Windows 2000 only
A. By default, the TCP/IP stack in NT 5.0 Beta 2 (and later builds) attempts to register it's Host (A) record with it's DNS server. This makes sense in an all NT (Windows 2000) environment. But if you are using a static, legacy DNS server, the DNS guys might not like all the 'errors' this shows up on their server since the DNS servers will not understand these "updates".
You will get errors such as:
To make the clients stop attempting to publish their DNS names/addresses to the DNS server perform the following:
If you have multiple adapters in the machine you may not want to disable for all so instead of setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate to 1, set as 0 and then move to the sub key Interfaces\<interface name> and create the DisableDynamicUpdate value there and set to 1.
If you needed to perform this on a large number of machines you should create a reg script or set from the login script.
Q. How do I configure a forwarder on DNS 5.0? - Windows 2000 only
A. If you create a DNS server on your network but are not the main DNS server, i.e. your company has a central main DNS server, you will want to forward queries your DNS server cannot service to that DNS server.
This is because only certain servers in your network will have access to DNS servers outside your network (due to firewalls etc) and thus your (departmental?) DNS server cannot access the DNS servers higher up in the DNS hierarchy. To configure a forward perform the following:
 Single File Version_files/dnsforward.gif)
If you are missing the forwarder tab see Q. I am missing the forwarder and Root Hints tabs in DNS 5.0
Q. I am missing the forwarder and Root Hints tabs in DNS 5.0. - Windows 2000 only
A. This is caused if your server thinks it is the root server in the domain, and will hence have a "." zone. To enable the forwarder you need to delete this zone from your server:
 Single File Version_files/dnsdotzone.gif)
Q. How do I enable DNS round robin resolution?
A. Recent Windows NT service packs introduced LocalNetPriority which tries to return Host resources that are local to the requestor instead of using round robin however round robin can be enabled as follows:
Q. DNS resolution of a valid domain fails on NT.
A. if you are running NT4 DNS with either SP4 or SP5 installed you may find a domain that resolves on Unix DNS servers server times out when you do an NSLOOKUP on NT.
This is a known bug and a Quick Fix Engineering patch for NT bug 267085 is available from Microsoft support or wait for SP6 to come out.Q. How can I force a Windows 2000 domain controller to re-register its DNS entries?
A. To re-register the domain controller DNS entries perform one of the following:
Q. I'm getting DNS zone transfer messages in the event log, is someone hacking me?
A. No, don't panic, it just means someone is listing the content of a zone and this is fine since you are making the information publicly available anyway. To do this list see 'Q. How do I perform a DNS zone transfer?'
If you want to stop people performing zone transfers start the Microsoft DNS Manager, select the Zone, go into the Properties for the zone and select the Notify tab. Check the "Only Allow Access for Secondaries included on the notify list".
A typical event log is shown below:
 Single File Version_files/dnstransfer.gif){kind=spacer}
Q. How do I perform a DNS zone transfer?
A. To list the content of a DNS zone perform the following commands (remember this does not actually remove any information from the host DNS server, it only lists it)
C:\>nslookup
Default Server:
adm1.srv.uk.deuba.com
Address: 10.142.10.2
> set
q=ns
Sets the query type to name servers
>
db.com
The name of the DNS zone you wish to
list
Server: adm1.srv.uk.deuba.com
Address:
10.142.10.2
db.com nameserver = ns1.eur.deuba.com
db.com nameserver =
ns2.eur.deuba.com
db.com nameserver = ns1.uk.deuba.com
db.com nameserver =
ns2.uk.deuba.com
ns1.eur.deuba.com internet
address = 10.70.136.140
ns2.eur.deuba.com internet address =
10.70.137.140
ns1.uk.deuba.com internet address =
10.141.39.181
ns2.uk.deuba.com internet address = 10.140.8.12
>
server ns1.eur.deuba.com Set the server to be one of those listed
Default
Server: ns1.eur.deuba.com
Address: 10.70.136.140
> ls -d
db.com
List out the
zone
[ns1.eur.deuba.com]
db.com. SOA ns1.eur.deuba.com
hostmaster.ose.eur.deub
a.com. (1999091500 3600 1800 604800 1800)
db.com.
NS ns1.uk.deuba.com
db.com. NS ns2.uk.deuba.com
db.com. NS
ns1.eur.deuba.com
db.com. NS ns2.eur.deuba.com
db.com. A
10.141.44.112
db.com. MX 10 bmr1-e1.srv.uk.deuba.com
testxyz CNAME
ns2.eur.deuba.com
atwork CNAME clust1v2.srv.uk.deuba.com
search.atwork
CNAME homepage.mev.eur.deuba.com
phone.atwork CNAME
nerys.x500.esb.eur.deuba.com
www2 A 38.163.212.70
www3 CNAME
nyc00pah11.na.deuba.com
infohost.herold A 193.150.167.33
pmg NS
ns1.eur.deuba.com
pmg NS ns2.eur.deuba.com
mgam CNAME
clust1v2.srv.uk.deuba.com
it.mgam CNAME clust1v2.srv.uk.deuba.com
iis.mgam
CNAME clust1v2.srv.uk.deuba.com
etsg.mgam CNAME
clust1v2.srv.uk.deuba.com
Thats it, you have now listed out all the records in the zone.
A. WINS stands for Windows Internet Name Service. WINS is a NetBIOS Name Server that registers your NetBIOS names and resolves into IP addresses.
If you're using NetBIOS over TCP/IP you will need to have WINS running so that each can find out the correct IP address of the other to communicate.
Need to browse over an interdomain network? WINS!
A. Once your machine is configured to point at a WINS server (and maybe a second backup WINS server);
A. WINS is a server service.
Go to Control
Panel->Network->Services and install the Windows Internet Name
Service.
If you have any non-WINS clients, add them in as static name->IP
mappings.
Configure a WINS Proxy Agent if needed.
Configure WINS support
on your DHCP server.
NT Workstation TCP/IP->Properties->WINS add the IP address of the WINS server (and your secondary if you have one).
Q. What is a WINS Proxy Agent?
A. If you have non-WINS machines on your subnet and want
them to be visible participants, you will want a Proxy Agent to be active within
this subnet.
A WINS Proxy Agent is a WINS client that allows non-WINS clients
to participate, by listening for broadcast name requests and then forwards them
to a WINS server. It then returns the result to the requesting client.
Use a Registry Editor (e.g. regedt32.exe) to open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters and set the EnableProxy parameter to 1.
Q. How do I configure WINS static entries for a non-WINS client?
A. Go into WINS Manager (under Admin
Tools)
Mappings->Static Mappings->Add Mappings enter the NAME and IP
ADDRESS of the machine in question. Under TYPE usually you'll just enter as
Unique. Now click ADD.
Q. How do I configure WINS to work with DHCP?
A. If the computer is a DHCP client, then at the DHCP server, go into DHCP Administrator (Admin Tools) and add two new SCOPE options:
Q. How can I compress my WINS database?
A. NT Server ships with a utility called JETPACK.EXE which can be used to compact DHCP and WINS databases. To compact your WINS database perform the following:
Note: While you stop the WINS service, clients using WINS to resolve addresses will fail unless another mechanism of name resolution is in place.
Jetpack actually compacts WINS.MDB into TMP.MDB, then deletes WINS.MDB and copies TMP.MDB to WINS.MDB.
For more information, see Knowledge base article Q145881 at http://support.microsoft.com/support/kb/articles/q145/8/81.asp
Q. WINS Automatic Backup does not run every 3 hours.
A. By default WINS backup will actually take place every 24 to 27 hours after the last backup completed.
To work around this perform the following:
Q. WINS Log files are created in incorrect locations.
A. The WINS service creates a number of log files, J50.log or J50.chk, in the %systemroot%\system32\WINS directory. This is normal.
If these files are being created in other directories then it may cause a problem and stop the WINS service from starting. The log files can be created in different directories from one of the following reasons:
If your system now has the log files in the wrong place and the WINS service will not start just copy the log files to the %systemroot%\system32\WINS directory and restart the service
C:\> net start wins
If the WINS service is running it will lock the file and you will not be able to delete them so you should perform the following:
Q. WINS server is not being queried for entries in LMHOSTS after Service Pack 4.
A. Before Service Pack 4 a resolution request was always passed to a WINS server and only if no entry was found the LMHOSTS file checked.
Under Service Pack 4 any entry in the LMHOSTS file that has the #PRE qualifier (preloaded) will be used and the WINS server not queried. Therefore if you have incorrect entries in your LMHOSTS file it will prevent the WINS server from being queried so you should therefore edit the file %systemroot%\system32\drivers\etc\lmhosts (e.g. d:\winnt\system32\drivers\etc\lmhosts) and remove the offending entries.
Q. The Outlook/Exchange client takes a long time to start.
A. Sometimes the protocol binding for Exchange can be wrong if more than one protocol is installed, for example if you have NetBEUI and TCP/IP installed, and you connect to the Exchange server via TCP/IP, you need to ensure TCP/IP is first in the binding order, otherwise Exchange will attempt to communicate via NetBEUI initially. To check/set perform the following:
Q. How can I stop Outlook dialing my Internet Account on Startup?
A. Perform the following:
A. The following instructions are to install Exchange 5.0
It is a good idea to have a large pagefile.sys when running Exchange, a good size would be the amount of memory plus 100.
Q. How do I enable the Exchange Active Server Pages?
A. This functionality is new in 5.0, and enables a user to view their exchange mailbox from an Internet browser, such as Internet Explorer or Netscape. Before the Exchange Active Server Pages extension can be installed, there are two pre-requisites
NT Server 4.0 ships with IIS 2.0, therefore assuming you have not upgraded your system since then you will need to perform the following
Once this has finished, you will be able to connect to your Exchange mailbox by entering the URL
http://<Exchange server>/exchange
You then need to enter you Exchange alias and then click the "click here" text.
Q. How do I use the Exchange Optimizer utility?
A. After you install Exchange you are prompted to run the Exchange Optimizer utility, however it can also be run afterwards:
Q. How can I convert mail system X to Exchange?
A. Exchange is supplied with a migration wizard which can convert the following mail systems to Exchange
The wizard is in the Microsoft Exchange folder and below is an example of converting a MsMail Postoffice
Q. How can I create shortcut on the desktop with the "to" field completed?
A. As you may be aware, if you enter the
command
exchng32 /n
This creates a blank new
message, however it is not possible to specify a qualifier containing
information to the content. A workaround to this is the following
If you now double click on the desktop message icon it will create a new message which you can edit and then send with information already filled in!
Q. NT Server hangs at shutdown if User Manager is running.
A. This is caused by an Exchange dll file which is used by User Manager, to fix this perform the following
Q. How can I send a mail message from the command line?
A. You need to use the MAPISEND.EXE utility that is supplied with the Exchange Resource kit. The resource kit can be downloaded from http://www.microsoft.com/msdownload/exchange/rkintel/rkintel.htm and you need to download the AdminNT part.
Once downloaded double click on the zip file and it will expand to a specified location. Copy the MAPISEND.EXE from the restored path (i386\admin\mapisend) to an area of your choice. The usage is simple as long as the exchange client is installed on the computer already (outlook is also OK).
mapisend -u "<profile>" -p <anything> -r
<recipient> -s "<subject>" -t <text file containing the
message>
e.g. mapisend -u "john savill" -p anything -r
john@savilltech.com -s "Test message" -t c:\message\mail4.txt
This is just an example usage, and you may not be sure what you profile name is so instead of using -u and -p, use just -i and this allows interactive login and will also allow you to create a profile which you can then use in future. The full list of switches are
| -u | Profile name (user mailbox) of sender |
| -p | Login password |
| -i | Interactive login (prompts for profile and password) |
| -r | Recipient(s) (multiples must be separated by ';'
and must not be ambiguous in default address book.) |
| -c | Specifies mail copy list (cc: list) |
| -s | Subject line |
| -m | Specifies contents of the mail message, this is ignored if -t is specified |
| -t | Specifies text file for contents of the mail message |
| -f | Path and file name(s) to attach to message |
| -v | Generates an 8 line summary of the sent message |
In all cases if the passing parameter is more than one word it should be enclosed in quotes.
Q. What files does Exchange use?
A. Below is a list of the more common files used by Exchange
| File | Directory | Use |
| Priv.pat Pub.pat | Mdbdata | Patch files, safe to delete if no backup is taking place and no startup recovery is in operation |
| Dir.pat | DsaData | Patch files, as above |
| Dlv.log Snd.log Dlvxxxxx.log Sndxxxxx.log | Mdbdata | These are created when Sending and Delivering diagnostics logging for either the private and public information stores are set. These can be deleted at any time. Dlv.log and Snd.log are the most recent logs created. |
| PUB.EDB PRIV.EDB | MDBdata | Information store |
| DIR.EDB | DSAdata | Directory information |
| EDB.LOG | Transaction Log | |
| EDB00nn.LOG | Previous Transaction Logs | |
| EDB.CHK | Check Point file | |
| RES1.LOG RES2.LOG | Emergency logs for when disk is full | |
| TEMP.EDB | In progress transaction |
Q. How can I change the location of my mail file in Outlook 98?
A. Your messages are stored in a .pst file, and by default this is kept in your personal profile space (%systemroot%/Profiles/<user name>/Application Data/Microsoft/Outlook). This is fine unless you use roaming files which mean you mail file is stored on a central server taking up space.
Fortunately moving you mail file is easy.
What this actually does is update one registry key, HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings\14780fd532f9d11181cc00600851c569\001e6700 and its value is the name and location of the .pst file.
Q. How can I reduce the size of my mail file?
A. When you delete files from your mail file the space is usually not cleared away and your mail file may actually grow! To reclaim the wasted space you can "compact" the mail database. The information below is for Outlook 98 but previous versions have similar functions.
If you find the mail file has not been substantially reduced in size it may be there is no redundant information or you may need to run the compaction a couple more times as sometimes the process does not work 100%.
Q. I have a bad message in my POP3 mail box , how can I remove it/read POP using TELNET?
A. It is possible to connect to a POP3 mailbox using Telnet so you should connect via telnet and delete the problem message.
This is obviously useful in a number of scerios and you could use it just to read you mail if you did not have access to a mail client.
Below is an example of the above in action.
 Single File Version_files/popread.gif)
Q. How can I send mail to a SMTP server using Telnet?
A. As with POP3, SMTP messages can also be sent using telnet by connecting to port 25 on the SMTP server, e.g.
C:\> telnet smtp.savilltech.com 25
Once connected you optionally announce to the server who you are (this is needed for some SMTP servers)
helo <domain>
e.g. helo savilltech.com
vrfy <user account>
e.g. vrfy john
Once you are verified you can commence to write an e-mail message. The first command is mail and you specify who it is from, e.g.
mail from:<billg@microsoft.com>
The address has to be in <>. Next you have to specify who will be receiving the message using rcpt, e.g.
rcpt to:<john@savilltech.com>
The from and to have been completed you can start the body of the message using the data command. You have to create the header information in the first lines of the message. Once you have completed the message enter a '.' on a blank link and the message will be sent. Below is an example creating a message.
 Single File Version_files/smtpsend.gif)
As you can see I entered a from, date, to and a subject and then entered the body of the text. Make sure you don't make a mistake as if you backspace this is enterpreted as a bad character and will be rejected. If a message is rejected a rejection will be send to the address specified in the "mail from:<...>" and for this reason you should only ever put your e-mail address. Although I have used a different address as a joke you should NEVER do this.
Below is how the message looks when received in Outlook 98:
 Single File Version_files/smtpview.gif)
The above shows how easy it is to send a message and make it look from a different address but if you examined the header you would easily see it was sent from a different mail server and rumble its a fake (and a very bad one)!
I shall be adding future entries describing how to STOP people sending mail from your server (as they probably can at the moment).
For full information on SMTP and the commands you can use see Request For Comments 821.
Q. Is there a list of known Exchange Directory and Information store problems?
A. An excellent collection has been compiled and is located at http://support.microsoft.com/support/exchange/content/whitepapers/dsis.asp
Q. How do I install Exchange Server 5.5?
A. These instructions are to install the first Exchange Server in the Enterprise
Before you install Exchange Server 5.5, two accounts need to be decided on. The first account is the account that you log on as when you perform the installation of Exchange as this account will be automatically granted the Exchange Administrator permission.
The second account needs to be created and this will be used as the service account for running the Exchange Server services. Any name can be used, the most obvious would be "Exchange Service". To create this account perform the following:
Under Windows 2000 this would be set using the Active Directory Users and Computers MMC snap-in, expand the domain, right click on Users and select New - Users. Enter Exchange Service, click Next and then select the options as in step 4 and click Finish. I found under Windows 2000 I had to make the Exchange Service account a member of the local Administrators group on the server Exchange is being installed on.
Also before installing make sure you have a complete backup of your system.
Now you can start the installation.
Once Installation is complete you should run the Microsoft Exchange Performance Optimizer (Start - Programs - Microsoft Exchange - Microsoft Exchange Optimizer). You will be given the option to run this automatically if installation is successful.
Q. How do I run the Exchange Optimizer?
A. Exchange ships with a utility that allows the program to gather information about the computer and make changes to the Exchange configuration to enhance performance. These performance enhancements are primarily gained by moving the files that make up Exchange to different physical disk drives.
 Single File Version_files/optimize.gif)
Q. What Service Packs are available for Exchange?
A. Below is a list of the service packs available:
Exchange 5.5
Service Pack 2 from ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.5/Sp2/Server/
Files to download:
| SP2_550A.EXE | Server update for Alpha |
| SP2_550I.EXE | Server update for Intel |
| SP2_55CA.EXE | Chat server update for Alpha |
| SP2_55CI.EXE | Chat server update for Intel |
| SP2_55DC.EXE | Documentation |
| SP2_55FO.EXE | HTML Form Converter |
| SP2_55SS.EXE | Server support files (cluster,KMS,etc) |
| SP2_55XA.EXE | Exchange connector installation(Alpha) |
| SP2_55XI.EXE | Exchange connector installation(Intel) |
| SP2S550A.EXE | Server symbols for Alpha |
| SP2S550I.EXE | Server symbols for Intel |
| SP2S55CA.EXE | Chat server symbols for Alpha |
| SP2S55CI.EXE | Chat server symbols for Intel |
| SP2_55RE.EXE | Readme and HTML file |
Service Pack 1 from ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.5/SP1/Server/
Files to download:
| SP1_550A.EXE | Server update for Alpha |
| SP1_550I.EXE | Server update for Intel |
| SP1_55CA.EXE | Chat server update for Alpha |
| SP1_55CI.EXE | Chat server update for Intel |
| SP1_55DC.EXE | Documentation |
| SP1_55FO.EXE | HTML Form Converter |
| SP1_55SS.EXE | Server support files (cluster,KMS,etc) |
| SP1_55XC.EXE | Exchange connector installation |
| SP1S550A.EXE | Server symbols for Alpha |
| SP1S550I.EXE | Server symbols for Intel |
| SP1S55CA.EXE | Chat server symbols for Alpha |
| SP1S55CI.EXE | Chat server symbols for Intel |
| SP1_55RE.EXE | Readme and HTML file |
Hotfixes post Service Pack 1
| PSP1STRI.EXE | Store Fix |
Exchange 5.0
Service Pack 1 from ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.0/Sp1/Server/
Files to download:
| SP1_500A.EXE | Server update for Alpha |
| SP1_500I.EXE | Server update for Inter |
| SP1S500A.EXE | Server symbols for Alpha |
| SP1S500I.EXE | Server symbols for Intel |
Service Pack 2 from ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.0/Sp2/Server/
Files to download:
| SP2_500A.EXE | Server update for Alpha |
| SP2_500I.EXE | Server update for Inter |
| SP2S500A.EXE | Server symbols for Alpha |
| SP2S500I.EXE | Server symbols for Intel |
Q. How can I retrieve mail from a POP3 mailbox and forward it to Exchange server?
A. If your ISP does not support ETRN, then you have to use a third party utility to retrieve the mail from a POP3 mailbox. One of these utilities is Mail essentials Small Business (http://www.gficomms.com/). For one mailbox this is a freeware utility.
A more complete listing of utilities can be found on http://www.slipstick.com/
Q. How do I upgrade from Exchange 5.0 to 5.5?
A. The Exchange 5.5 upgrade process actually performs a database upgrade before it actually copies any of the code of 5.5 to the server. This allows for a complete rollback in case the upgrade of the database fails. Below are the steps in performing the upgrade
Q. How do I uninstall Exchange?
A. To uninstall Exchange perform the following. Be aware you will lost all information.
Q. How do I install a duplicate Exchange server?
A. With the concepts of sites in Exchange, it is possible to install multiple Exchange services in a site which will replicate to one another. Duplicates servers in a site provide fault-tolerance and load balancing. To install a duplicate server in a site perform the following. Servers within a site don't have to be in the same domain but should be connected by a fast connection, 128KB is the normal definition of a fast link.
 Single File Version_files/exchsite.gif)
You now have a duplicate Exchange server in the specified site.
Q. How do I connect Exchange sites?
A. If you configure multiple sites by installing new servers and entering a different site name (but the same organizational name) you can connect the sites using Exchanges built-in site connector. To connect sites using the built-in connector they must be able to communicate via RPC calls and to test this see Q. How can I check if servers can communicate via RPC's?. Many routes actually filter out RPC's so it is important you perform this test.
To add a connector between sites perform the following:
The connection will now be visible under the Connections tab.
Q. Exchange Security Knowledge Base list.
A. Below is a list of useful Knowledge Base articles.
1) How to install Exchange 5.5 with support for V1 and V3 Certificates for SMIME and Public/ Private Key encryption (Signing and Sealing Mail Messages). This uses the CA version 1.0 (Certificate Authority) in IIS 4.0 that comes in the NT 4.0 Option Pack. This requires the Updated CA Server. See these KB's.
Q192044
Setting Up X509v3 Certs on Exch 5.5 SP1 KMS with Local CertSrv
Q184695
Readme Notes for Certificate Server Update
2) How to setup SSL/TLS between between Exchange Server 5.0 /5.5 and Internet Email Clients, POP3, IMAP4, NNTP, HTTP, SMTP.
Q175439 XFOR: Enabling SSL For Exchange Server
3) How to setup SSL/TLS between Exchange Server and other SMTP (non-exchange) host. This requires enabling SSL for the SMTP protocol first. See Q175439 for instructions, but select SMTP as the Protocol to be used in Key Manger.
Q174755 XFOR: Connecting IMS to IMS with SASL
4) When you use Microsoft Outlook Express to connect to Microsoft Exchange Server, version 5.0 with Service Pack 1 installed, the Information Store may stop responding (crash). Fixed in the Latest Service Pack.
Q166627 XCLN: Outlook Express Crashes Store When SSL Is Used
5) When trying to access a mailbox in Internet Explorer version 3.02 when the WWW Service for the Internet Information Server (IIS) computer is configured to use Windows (NTLM) authentication only, you may receive the following error message: The Login Request was Denied. Fix is to upgrade to IE 4.0 or use Registry Entry.
Q173307 XWEB: "The Login Request was Denied" Error Message
6) If you configure the Internet Mail Service on two Microsoft Exchange Server computers to use Secure Sockets Layer (SSL) without authentication, you may receive a non-delivery report (NDR) when you attempt to send mail from one server to another through the Internet Mail Service. The text of the NDR includes a 505 error and indicates that authentication is required for the message to be delivered. Fixed in the Latest Service Pack for 5.5.
Q181481 XFOR: Non-Delivery Report When Using SSL Without Authentication
7) On July 17, 1998 Microsoft released an updated version of Schannel.dll. This latest version provides the following benefits: Updates the SChannel.dll used by IIS and Exchange Server for Encryption. See article for Details.
Q148427
Generic SSL (PCT/TLS) Updates for IIS and MS Internet Products
Q181937
Latest SGC-Enabled Schannel.dll Breaks IIS 3.0 Key Manager [iis]
8) Microsoft Proxy Server is designed to work well with other servers like Microsoft Exchange Server. Most Windows Sockets server applications are able to use the server proxy feature while installed on or behind the Proxy Server. Certain additional advanced settings may be required, based on your particular internal server configuration.
Q181420
How to Configure Exchange or Other SMTP with Proxy Server
Q187652
Accessing Data Published Behind MS Proxy Server 2.0
Q178532
Configuring Exchange Internet Protocols with Proxy Server
Q177153
Additional Proxy Server 2.0 Configurations [proxysvr]
9) This article discusses the known TCP/IP ports (TCP and/or UDP) that are used by services within Microsoft Windows NT version 4.0 and Microsoft Exchange Server version 5.0 and 5.5.
Q150543 WinNT, Terminal Server, & Exchange Services Use TCP/IP Ports [crossnet]
10) Microsoft Exchange Server versions 5.0 and 5.5 support a variety of Internet-focused protocols, including POP3, HTTP, LDAP, and NNTP. This article explains the different authentication forms for each protocol.
Q175440 Protocol Authentication on Exchange Server [exchange]
Q. How do I configure Exchange Directory Replication?
A. Once you have connected sites by a connector, be it Exchange, X.400 or Dynamic RAS, no data will be replicated until you configure the directory replication. You must have defined connections between the sites before Directory Replication can be configured.
To configure Directory Replication perform the following:
The Directory Replicator between the sites is now configured and can be modified by double clicking on the replicator as part of the Directory Replication folder.
Q. How do I monitor an Exchange link?
A. It is possible to install link connectors which can be configured to perform a number of actions in the event of a link failure.
 Single File Version_files/exlnkmon.gif)
Q. How do I delete a server from an Exchange site?
A. If you have multiple servers in a site and a server no longer exists you can delete it from the Exchange Administrator program by performing the following:
The server will now be removed.
Q. How do I setup an Exchange forward?
A. A forward can be configured in a number of places. The first place is at the Exchange server:
People will now be able to send mail to this person and it will be forwarded accordingly.
You could also in Exchange Administrator setup a Custom Recipient (as above), then in the Delivery Options for your mailbox set an Alternate Recipient which points to the Custom Recipient that you just created. Select the "Deliver messages to both recipient and alternate recipient" checkbox. In the properties for the custom recipient you can select the option to hide it from the address list.
Other options that can be done at the client end include
Q. How do I configure a X.400 Exchange connector?
A. Aside from the native Exchange Connector, the X.400 connector is the most common Exchange connector, allowing Exchange to connector to non-Exchange systems. While X.400 suffers a 20% drop in performance in comparison to the native Exchange connector it is still impressive.
X.400 is a common standard and Exchanges implementation is based on the 1988 standard. X.400 operates on the MTA stack and has to be installed before installing a X.400 connector. MTA stacks are available for TCP/IP, X.25 and TP4. It is available for RAS as well but that stack does not support X.400. In this walkthrough we will look at implementing X.400 over TCP/IP.
Only Exchange Enterprise edition has the X.400 connector and not the standard edition (also Enterprise has the SNADS and OV/VM(PROFS) connectors which standard does not have). If you only have standard edition and require X.400 connector you will need to upgrade or purchase the X.400 connector as a separate product from Microsoft.
The first step is to install the MTA transport stack
If you find you don't have a number of MTA stacks check you installed the X.400 connector at installation time. Re-run setup and click Add/Remove. Select Exchange Server and click Change Options. Check the "X.400 Connector" box and click OK. Click Continue. You will now be able to install the TCP/IP MTA stack.
Now the MTA stack is installed you can install the actual X.400 connector and configure it accordingly.
You now have a functionality one-way X.400 link. You would now need to repeat the above for the opposite directory.
Q. How do I allow a user to administer Exchange?
A. When Exchange is installed the user who performs the installation is granted Exchange Administrator rights. To grant additional users the ability to administer Exchange perform the following:
The user (or group) will now have the granted rights to Exchange. You may want to create a group, e.g. Exchange Admins, grant this access in Exchange, then Add/Remove users to this group.
Q. How do I grant permission for people to create top level public folders?
A. By default all users can create top level folders however this can be changed if you would like to restrict this
 Single File Version_files/extoplvl.gif)
- Setting top level folder creation access
Alternatively you could have left is as All and modified the list of people who should not be able to create top-level folders.
If people are still logged in they will be able to continue to create top-level folders until they close Outlook/Exchange and restart it.
Q. How do I create public folders?
A. Public folders are administered/created using the 32-bit Exchange clients such as Exchange and Outlook.
To create a top-level public folder perform the following:
To create non-top level folders just select the folder that you wish to be the parent and select New - Folder from the File menu. You will then be able to name the sub-folder as with above.
Q. How do I connect my Exchange server to a SMTP server?
A. Exchange Server 5.5 ships with the Internet Mail Service which allows Newsgroup feeds and, among other things, connections to a SMTP mailbox.
You will need a connection method to the SMTP mailbox, for example a RAS dial-up connection to an ISP. If you are connecting via a firewall make sure the ports used by POP and SMTP and not disallows (ports 25, 110 and 995).
Before doing any of this you should ensure DNS is correctly configured for you local domain (or this may be done by the ISP) by adding a MX record for the Exchange server in DNS (this is not needed if you are connecting via a RAS dial-up connection and just connecting to a specific host).
In this example we will connect to a SMTP mailbox at a ISP.
To configure items such as the dial-up account username and password double click on "Internet Mail Service" under Configuration\Connections, select the Dial-up Connections tab and click Logon Information. From this tab you can also configure time-out and how ofter to dial out.
If you have problems try applying Service Pack 1 which I found fixes a number of problems.
Q. How do I connect my Exchange server to a NEWS feed?
A. Exchange Server 5.5 has the ability to accept a news feed and publish to the Public Folders area. It can also be configured to post back any articles posted by your networks user to the appropriate news server.
It will now connect for the first time and get an initial feed for all newsgroups selected.
 Single File Version_files/excnews.gif)
- Always download the Exchange Admin newsgroup :-), don't we
all?
Clients will now be able to view via the Folders List in Outlook, Public Folders - All Public Folders - Internet Newsgroups - microsoft .....
 Single File Version_files/outnewsread.gif)
You can change any details but double clicking on the appropriate Newsfeed entry under Connections. For example click Schedule allows you to specify how often to connect at certain times of the day/days of the week.
If you are connecting via dial-up you can change the time-out parameter as follows:
Q. What web sites have good Exchange information?
A. Below are a list of some of the best sites I have found
Good Downloads are:
Q. How do I download to Exchange from multiple POP3 mail boxes?
A. Exchange does not really support the downloading of mail from POP3 since you would be asking a Server to act like a client. A 3rd party piece of software called PULLMAIL which can be downloaded from http://www.swsoft.co.uk/pullmail can be used to download from a POP3 mailbox and deposit in an Exchange mailbox. Using the command procedure below it can be made to download from multiple POP3 mailboxes and depost in the correct mailbox.
Enter the following into file getmail.cmd and save.
|
@ECHO OFF REM getmail.cmd 20-Aug-1997 Luke Brennan SET POPUSERS=%SystemRoot%\POPUSERS.DAT REM RASPHONE -d OzEmail REM |
The next step is to create the file that GETMAIL.CMD will read in, POPUSERS.DAT. Below is an example. GETMAIL.CMD expects to find the file in the %systemroot% directory (e.g. d:\winnt) however you can change that by altering the "SET POPUSERS=.." line.
POPusers.dat
; space or comma delimited file
; 1. ISP pop server 2.
POP3 account 3. POP3 password 4. EXCHANGE username
;
savcom.demon.co.uk
rita pass savillr
cello.cchs.usyd.edu.au brennan ######
LDB
savill.pipex.co.uk johnsavill pass savillj
Q. How do I install the Key Management Server?
A. Key Management Server allows secure e-mail via both signed and encrypted messages. To install perform the following:
You will notice whether you choose to store the password a single file kmserver.pwd will be created with a single word in, for example:
SWOBRQSBQZPSPQC
The final step is to configure the Key Management service to start automatically at reboot time.
Q. How do I manage the Certificate Authority of Key Management Server?
A. This is managed through the Exchange Administrator program as follows but make sure that the Microsoft Key Management service is running (Start - Settings - Control Panel - Services)
To change your CA password perform the above then:
You can also add new KM administrators from the Administrators tab
Q. How do I enable advanced security for a user?
A. By default users do not have advanced security after GM server is installed. To enable for a user perform the following actions
To allow the key to be sent via e-mail to the user perform the following:
Now notify the recipient to read their mail or give them the password and they should perform the following:
 Single File Version_files/keyinst.gif)
- Hmmm, looks like a year 2000 problem!
Options for which security to use, signing or encryption can be set using the Security tab of the clients Options dialog or on an individual message basis by clicking the Options button.
Q. How do I automatically create an Exchange mailbox for all members of the domain?
A. Exchange can import users from a comma-separated-file (CSV) of the format:
Obj-Class,Common-Name,Display-Name,Home-Server,Comment
Mailbox,Administrator,,~SERVER,Built-in
account for administering the computer/domain
Mailbox,batman,Bruce
Wayne,~SERVER,
Mailbox,denise,denise van outen,~SERVER,
Mailbox,Exchange
Service,Exchange Service,~SERVER,
Mailbox,Guest,,~SERVER,Built-in account for
guest access to the computer/domain
Mailbox,IUSR_ODIN,Internet Guest
Account,~SERVER,Internet Server Anonymous Access
Mailbox,IWAM_ODIN,Web
Application Manager account,~SERVER,Internet Server Web Application Manager
identity Mailbox,krbtgt,,~SERVER,Key Distribution Center Service
Account
Mailbox,MTS_ODIN,MTS_ODIN,~SERVER,Transaction Server system package
administrator account
Exchange has the ability to generate this file from either a NT domain listing or a NetWare account list.
The file generated has ALL accounts in the domain (as can be seen in the example), for example Exchange service accounts, guest account, IIS accounts so you may want to edit the file generated and remove the lines for whom accounts should not be created.
Once the file has been edited to satisfaction perform the following:
 Single File Version_files/exdomimport.gif)
- Example Import from Domain file
Every member of your domain now has a mailbox on the Exchange server. In larger domains with multiple Exchange sites you may edit the file and import some people into one Exchange site and others into a different site depending on their geographical location.
Q. How do I avoid having to enter the Key Management password?
A. If you have the Key Management Server installed each time you start the KM service you have to either insert a disk with the password on or manually enter it depending on your configuration.
It is possible to configure the service to look on the hard disk although this is not recommended due to security reasons however on development systems this may be OK.
Next time the service is started it will look for the password file on the local harddisk and not prompt for a disk to be entered.
Q. I archived some .pst files to a CD-ROM but unable to load the files.
A. When Outlook opens a PST file it needs write access so you will be unable to load a file from a read-only media such as a CD-ROM drive.
To resolve simply copy the file to a writeable media and read accordingly.
Messages can be send to a .pst file by using Outlooks archive function. To open with Outlook 98 select File - Open - Personal Folders File.
If you store the PST files in a ZIP file on a CD they can be accessed (as when you access a ZIP file it is decompressed locally which would be writable).
Q. How can I limit Exchange mailbox size?
A. Exchange comes built in with the ability to limit and notify of quota violations.
To set the limits perform the following:
 Single File Version_files/excquota.gif)
Individual limits can be set for users by double clicking on them under the Recipients branch and selecting the "Limits" tab. Under "Information Store storage limits" sections unselect the "Use information store defaults" and set explicit values for the user. Useful for your own mailbox ;-)
Now the values for the warning have been configured you must tell the system how often to warn the mailbox owner.
If a client exceeds the limit they will be given warnings to the effect of
 Single File Version_files/quotabad.gif)
If the client does not have the helpful Office Assists enabled they will just get a normal dialog box.
A message from the "System Administrator" with the conditions of the mailbox quotas will also be sent:
Your mailbox has exceeded one or more size limits set by your
administrator.
Your mailbox size is 1518 KB.
Mailbox size limits:
You will receive a warning when your mailbox
reaches 900 KB.
You cannot send mail when your mailbox reaches 1100
KB.
You cannot send or receive mail when your mailbox reaches 1500
KB.
You may not be able to send or receive new mail until you reduce your mailbox size. To make more space available, delete any items that you are no longer using or move them to your personal folder file (.pst). Items in all of your mailbox folders including the Deleted Items and Sent Items folders count against your size limit. You must empty the Deleted Items folder after deleting items or the space will not be freed.
See client Help for more information.
Q. How can I limit message sizes in Exchange?
A. Maximum size limits can be set on the Message Transfer Agent (MTA) for inter server traffic by selecting the General tab of the MTA configuration dialog of the server. The message would then be returned to sender in the event of the message being to large however for the people on the same server this limit is not used.
Limits can also be set on a per user basis for all traffic:
 Single File Version_files/exlimit.gif)
- Setting the maximum outgoing size to 2MB
Q. How can I undelete mail in Outlook?
A. When you delete an item from the Outlook client (and its been removed from the Deleted Items folder) it is actually kept on the Exchange server for a set amount of time (Exchange Server 5.5 and above only), obviously this only applies if the mail is from an Exchange server, if you use Outlook to download from POP3, IMAP etc this does not work. Mail and can be recovered as follows:
 Single File Version_files/msgrecov.gif)
To change the number of days Exchange stores deleted items for perform the following:
 Single File Version_files/msgkeep.gif)
Q. What workflow software is available for Exchange server?
A. Workflow software is a tool to manage and automate business processes such as order processing, purchasing, support and sales.
Using Microsoft Exchange Server or an SMTP/POP3 server and third party workflow software, you can easily implement powerful workflow applications that will streamline and decrease the cost of a business process.
There are several third party workflow packages available for Exchange server. A few of them are
For a complete list please go to http://www.exchangesoftware.com/ or for more information on workflow, go to http://www.workflowsoftware.com/.
Q. How do you add an additional Global Address Book or another view to the global address book?
A. This would be useful so, for example, you could separate out vendors email addresses (internet mail) from your actual post office users.
This can not be done easily.
You would have to create Address Book Views. This would divide GAL any way you wanted based on criteria that you provide.
But you have to assign search rights to everyone and if you make one mistake, NO ONE will be able to see anything of Address lists
Here is the procedure for setting up Container Level Search Control using Address Book Views. This allows you to create virtual Exchange Server organizations within a single Exchange Server organization or site. This is useful if you have multiple companies or departments within one Exchange Server organization and you want to prevent these companies or departments from viewing the mailboxes of other companies or departments in the Global Address List.
To set up Container Level Search Control using Address Book Views, perform the following steps:
NOTE: Before changing the rights of the Exchange Service Account, make sure that at least one other Windows NT account or group has at least the Permissions Admin Role on the Organization object.
After you perform these steps, you should be able to log on to an Exchange Sever mailbox. Open the Address Book and choose "Show Names from the:" Global Address List. You should only see mailboxes and/or custom recipients from the Address Book View that your mailbox is associated with.
This will not work for any mailbox whose associated Windows NT account has permissions on objects that give them inherited rights to the Address Book Views. These mailboxes will still be able to view the complete Global Address List.
Q. How do I delete a bad Schedule + message?
A. When users free busy information that is not being published to the Schedule+ Free Busy public folder server correctly or free busy information shows free even though a user has appointments you may need to remove the "stuck" or corrupted messages in the Schedule+ Free Busy hidden public folder.
To resolve this use mdbvu32 to remove the corrupt message. Mdbvu32.exe is on the Exchange Server CD in the support/utils directory.
MDBVU32 STEPS
If the information is still not visible go back to step 1 on using mdbvu32 to look at the schedule+ free busy information again check to make sure that 2 messages don't exist. If they do follow steps to remove and complete the process again.
Q. How do I link Exchange 5.5 and the Windows 2000 Active Directory?
A. The latest beta of Windows 2000 ships with the Microsoft Active Directory Connector (ADC) which replicates a hierarchy of directory objects between the Exchange Server 5.5 directory and the Windows 2000 Active Directory.
But first a potential problem:
Protocol 389 is used for LDAP communication but if you are running Windows 2000 and Exchange 5.5 on the same computer then you may find Exchange has problems starting the LDAP directory service and thus stopping you creating the connection.
To get around this change the port the Exchange LDAP service uses by double clicking LDAP under <Org>\<Site>\Configuration\Protocols and change the protocol, e.g. to 1020. Restart the Exchange Directory service for the change to take effect.
Exchange 5.5 with Service Pack 3 allows you to change the port used by LDAP SSL.
Also if you install Exchange 5.5 on a 2000 domain controller you must make the Exchange Server account a member of the local Server Operators group.
Back to ADC :-)
The software is under the VALUADD\MGMT\ADC directory of the Windows 2000 CD. To install perform the following on the Windows 2000 domain controller:
A new icon 'Active Directory Connector Management' will have been added to the 'Administrative Tools' branch.
Now we need to setup a connection agreement between the Exchange Server and the Active Directory:
 Single File Version_files/adcconn.gif)
Now changes will be replicated between the Exchange and Windows 2000 directory services.
Q. What is the upgrade to large table option in Outlook?
A. Microsoft Outlook 98 has a feature, "Allow upgrade to large tables," for Personal Folder (.pst) files. This feature increases the limit on the number of folders per file and the number of messages per folder in a .pst file. The limit has been increased from approximately 16,000 folders per file and messages per folder to approximately 64,000. This upgrade is permanent and cannot be undone.
To enable the upgrade on the Internet Mail Only version of Outlook 98 perform the following:
To enable on the Corporate Workgroup version:
Q. How can I disable the Journal in Outlook?
A. The Journal function in Outlook can be used to track document changes and openings, mail actions, meetings and task management however it can take up a large amount of space if not archived regularly.
If you don't want the features of the Journal it can be disabled as follows:
 Single File Version_files/outlookjourn.gif)
No records will be written to the journal now.
If you want to delete all current Journal information select the Journal branch, right click on each entry type, for example Microsoft Word, and select Delete from the context menu.
Q. Internet Mail Server hangs on start-up, ID 7022, why?
A. A FAQ reader recently brought this to my attention who after changing RAS in the network applet to only dial out and rebooting the server the NT event viewer showed an error message saying that The Internet Mail Server hung on start up ID7022. This occurs even if you install Exchange server to NT4 where RAS incoming call handling is disabled. The RAS setting was changed and the event was still generated.
This was resolved by re-enabling the Incoming and outgoing dial access in RAS-> Network -> control applet. In Control panel -> Services selecting RAS Connection manager and setting it to start up as automatic and RAS Access Server and setting it to start up as automatic.
Q. How can I search my Exchange stores for virus infected messages?
A. After the problems with the recent Melissa virus, Microsoft have produced a utility which can search your Exchange store for messages which have been infected with a virus and clean them. This will not in any way prevent the virus from being introduced into the email system, you should ensure you are running anti-virus software to prevent the virus infecting your message stores.
The utility can be downloaded for Exchange 5.5 and 5.0 for both Intel and Alpha
Once downloaded the self extracting file produces two files, ISSCAN.EXE and the symbol file ISSCAN.DBG. Once you copy the files to the server running Exchange it is used as follows (you don't need to copy the .dbg file)
For Exchange 5.5
ISSCAN will create a report called either isscan.pri or isscan.pub, depending on whether you are scanning a private store or public store. This report will include the attachment's filename that is deleted, and the sender of a message that is deleted. You can then use this information to determine the users computers who may need extra attention.
This utility is very powerful and can be very constructive or destructive depending on how it is used. Please use with caution and consider every action twice before implementing. There is no undo so restoring a backup is the alternative if a problem occurs. It is recommended that you do not use this utility until a known good backup is secured.
Q. How do I create an Outlook vCard?
A. Microsoft Outlook supports the use of vCards, the Internet standard for creating and sharing virtual business cards. In Outlook, as well as other e-mail applications and personal information managers, you can save a contact as a vCard or save vCards sent in e-mail messages.
To create a vCard to be attached to all outgoing messages perform the following under Outlook 98 and Outlook 2000:
All outgoing mail will now have your signature and vCard attached.
Q. How can I configure Outlook to be the default mail client?
A. Outlook 98 and Outlook 2000 will prompt you when starting to set as the default mail client if they are not already configured as such however if you checked the "Don't ask me this again" box you cannot display this dialog.
To force Outlook 98 and 2000 to check type the following:
C:\> "c:\program files\microsoft office\office\outlook.exe" /checkclient
Click Yes to the
"Outlook is not currently your default manager for Mail and News.
Would
you like to register Outlook as the default manager?"
displayed message.
Clicking Yes updates the following registry entries which you can also manually update (and will need to for older Outlook clients such as Outlook 97)
Q. How do I install a digital signature in Outlook?
A. A Digital ID, also known as a digital certificate, is the electronic equivalent to a passport or membership card. It is a credential, issued by a trusted authority, that you can present electronically to prove your identity or your right to access information. There are a number of authorities who can grant these certificates, VeriSign is the Microsoft preferred certificate provider.
To request a digital certificate perform the following:
You can now configure Outlook via the Tools - Options - Security to attach a digital signature to every outgoing message or it can be manually added to messages individually. More information on this can be found at http://www.verisign.com/securemail/outlook98/outlook.html.
If you have multiple machines with Outlook you can install your digital certificate on them by exporting the digital certificate and then importing on the others as follows:
On the machine with the certificate installed perform the following:
On the other machines copy the digital ID file created and perform the following:
Q. How do I create a distribution list in Outlook 2000?
A. Outlook 2000 introduces the ability to create distribution list and populate with people from your contacts list. To create a distribution list perform the following:
The empty distribution list will now be shown. To add members perform the following:
Distribution lists can be identified as they are shown in bold.
Q. How can I add a disclaimer to each outgoing mail at server level?
A. You can't do this in Exchange server. You would have to use a third party application such as EMail Essentials for Exchange. To setup a disclaimer in Mail Essentials perform the following:
 Single File Version_files/disclaimerlarge.gif)
All outgoing mail will now include the disclaimer at the bottom.
Q. How I can I block mail with certain attachments or certain words at server level?
A. You can't do this in Exchange server. You would have to use a third party application such as EMail Essentials for Exchange or Mimesweeper.
To setup a the content checking feature in Mail Essentials;
 Single File Version_files/contentchecking.gif)
Administrators/supervisors can then check the mail and either approve or reject it.
Q. How can I automatically compress all outbound mail to save on bandwidth?
A. You would have to use a third party product to do this. Two of
these are
1. Mail essentials (http://www.gficomms.com/)
2. Max
compression (http://www.centralhouse.com/)
A. This can be corrected by allowing anonymous access to News as follows:
Q. Does the Exchange News server support mode stream?
A. No, Exchange 5.5 does NOT support MODE STREAM. The next major release (ie Platinum) will support MODE STREAM.
MODE STREAM is used by a peer to indicate to the server that it would like to suspend the lock step conversational nature of NNTP and send commands in streams. This command should be used before TAKETHIS and CHECK.
Q. How can I fax from Exchange server?
A. Exchange server does not include a fax connector, you have to buy a third party fax server. One of those connectors is FAXmaker for Exchange, which is available as a free 5 user version.
 Single File Version_files/exchangeadmin.gif)
There is also a complete list of Exchange fax connectors at http://www.ntfaxfaq.com/
Q. How can I limit the number of recipients for a message?
A. Using a new registry entry that was added as of 4.0 Service Pack 1 you can set the number of recipients for a message which is the sum of To:, cc: and bcc: (this includes personal distribution lists).
To implement perform the following:
The item could not be sent. The number of recipients on this message exceeds the upper limit configured by the administrator.
If a user attempts to send a message to more recipients than is designated by the Max Recipients on Submit parameter and the user DOES NOT have the new Emsmdb(32).dll, the following error message may be displayed when the user attempts to send the message:The item could not be sent. The client operation failed.
More information can be found in Knowledge Base article Q126497 at http://support.microsoft.com/support/kb/articles/q126/4/97.asp.
Q. My outlook .pst file is corrupt what can I do?
A. Windows 95, Outlook 98 and Outlook 2000 all ship with the 'Inbox Repair Tool' which can be used to scan and fix a corrupted .pst (post) file.
This utility is also installed with the Windows Messaging Service Setup on the Microsoft Windows 98 compact disc. You can find these programs in the folder <CD drive>:\tools\oldwin95\message\us\wms.exe.
A shortcut should be located in the Administrative branch of the programs menu but if it is missing or the shortcut does not work SCANPST.EXE should be located in:
If its not there try a search of the entire boot partition
C:\> dir/s scanpst.exe
Once located execute and you will be asked for the location of your .pst file and click start. If it finds errors it will fix them. I would advise to backup your .pst file first as sometimes it wipes out most of the content!
 Single File Version_files/scanpst.gif)
If you file was corrupt a folder "lost and found" will be created and you should create a new set of folders and drag items from the "lost and found" folder into their new/correct location. To create a new set of folders perform the following:
A. Internet Information Server (IIS) is a World Wide Web server, a Gopher server and an FTP server all rolled into one. IIS means that you can publish WWW pages and extend into the realm of ASP (Active Server Pages) whereby JAVA or VBscript (server side scripts) can generate the pages on the fly. IIS has fun things like application development environment (FrontPage), integrated full-text searching (Index Server), multimedia streaming (NetShow), and site management extensions.
Q. How do I install Internet Information Server?
A. IIS 2.0 is supplied with Windows NT Server 4.0. It can be installed at the time you installed NT 4.0 by checking the "Install Microsoft Internet Information Server" box, alternatively it can be installed at a later time by performing the following
Internet Information Server 3.0 is supplied on the Service Pack 2 CD-ROM and as part of Service Pack 3. It is supplied as an upgrade, so you must already have IIS 2.0 installed before applying the service pack.
Internet Information Server 4.0 is now supplied with Option Pack 4 and IIS 5.0 with Windows 2000!
Q. What is Internet Service Manager?
A. If you look under Programs->Microsoft Internet Server, you will find the Internet Service Manager. ISM is used to configure and monitor IIS. With ISM you can define user connections and user logon and authentication, the home directory location for each IIS service, logging and security.
A. It gives the ability to perform full-text searches and retrieve information from a Web browser. It can search HTML, text, and all Microsoft Office documents.
When started, it builds an index of the virtual roots and subdirectories on your Web server. You can select which directories and file types can be skipped.
The index is updated automatically whenever a file is added, deleted, or changed on the server.
Q. What are Active Server Pages?
A. ASP is server-side scripting. You can use ASP to create and run dynamic, interactive, Web applications. When your scripts run on the server, the SERVER does all the work involved in generating the HTML pages.
Q. How can I configure the Connection Limit?
A. This is configured using the Internet Service Manager and can be between 1 and 32,767
Q. How do I change the default file name?
A. The default file name is the file searched for if only a directory name is specified and can be changed by performing the following:
Q. How can I enable browsers to view the contents of directories on the server?
A. By default if you select a directory on a server and no default file name exists then an error is returned. It is possible to change this behavior to instead of an error a directory listing is displayed
You can only set this for the whole site, not on a per directory basis. If you want to set this on a directory basis enable the directory browsing and make sure the default file name exists in directories you do not want people to be able to browse.
Q. How can I configure the FTP welcome message?
A. Using the IIS admin utility a welcome, end and connect refused message can be displayed
Q. How do I configure a virtual server?
A. It is possible using Windows NT to bind multiple IP addresses to one network card and for each IP address it is possible to run a virtual domain server. The procedure below will add an IP address, add the new IP address as a domain and setup the new IIS virtual server.
To bind an additional IP address to your network card perform the following:
You now need to configure the DNS server to respond to the new name.com with the new IP address
Next update the IIS server to support the new domain
You will now be able to browse to this domain. Under Windows 2000 (IIS 5.0)
Q. How can I administer my IIS server using a web browser?
A. IIS comes with a built in HTML version of Internet Service Manager, with an address of <server name>/iisadmin/default.htm. It does have to be installed.
To check if its installed start the browser and move to the \iisadmin\default.htm and if you see the Internet Server Manager page but with no graphics, e.g.
To install perform the following:
If your default file name is not default.htm you may have a few navigation problems, if you do just enter default.htm after any directory name.
Once you connect using a browser to the iisadmin area you may have to enter a username and password depending on the browser you use, and you can then perform actions to administer the site.
Q. How can I configure FTP to use Directory Annotation?
A. Follow the procedure below:
You now need to create a file called ~ftpsvc~.ckm in each directory where you wish the annotation. The file is just a normal ASCII format file.
Q. Only the first line of the Directory Annotation is shown.
A. This is caused if you have no welcome message. Simply add a welcome message as described in Q. How can I configure the FTP welcome message?
Q. How can I configure the amount of IIS Cache?
A. By default InetInfo, the process responsible for WWW, FTP and Gopher uses a 3MB of cache for all of the services. This cache is used to store files in memory providing faster access than from disk. To change the amount of memory available for the cache perform the following:
If you wish to disable caching set the value to 0 however this could have a serious effect on performance.
Q. How do I create a virtual directory?
A. Before we describe how to create a virtual directory, it is first important to understand what a virtual directory is. For those who remember DOS, there was a command called join which allowed you to treat a different disk as a directory on the current drive. A Virtual directory is the same kind of thing, you can treat a directory or disk as a subdirectory of your web site.
For example your default web area may be c:\InetPub\wwwroot and this may be http://www.savilltech.com/ . If you had a subdirectory off of wwwroot called ntfaq, e.g. (c:\InetPub\wwwroot\ntfaq) you could access this as http://www.savilltech.com/ntfaq. What if I had run out of space on c: and wanted the FAQ to be on d:? You would create a virtual directory called ntfaq which would point to d:\pages\ntfaq and this procedure of creating a virtual directory is shown below.
Q. How to install FrontPage Extensions on Beta 2? - NT5 only
A. The FrontPage Extensions are not installed during the Beta 2 NT/IIS setup. To install the extensions, perform the following steps:
 Single File Version_files/nt5fpext.gif)
Contributed by Thomas Lee
Q. What fixes are available for IIS?
A. Microsoft have released the first NT Option Pack QFE (Quick Fix Engineering) Update but this actually only updates IIS 4.0 at this time.
The update includes every hotfix made to IIS from its release. This is a cumulative hotfix and you should only install this if you are experiencing specific problems with IIS. The new intent is about every month or so or when appropriate release a new fix pack. The value add here is not waiting for such a long period of time between service packs. Customers who are experiencing problems don't need to hunt down individual hotfixes any more they just download this update and get everything.
The uninstall is very clean, so if something goes wrong, remove the fix. Something new here is in letting customers know what DLL's are being replaced up front. Upon installation of the update, the file iis_hotfix.htm is dropped in the users \inetsrv directory. This file will contain all of the information about the fix and should make it very easy for PSS to determine what version of IIS the customer is using.
Download from : http://www.microsoft.com/ntserver/nts/downloads/archive/NTOPQFE/default.asp
Q. How do I specify more than one default document?
A. When you select a web site directory, e.g. http://www.ntfaq.com/games a default document is looked for, e.g. default.htm and this filename can be changed. With IIS 2.0 and 3.0 the default document is changed as follows:
With IIS 4.0 and IIS 5.0 (both via the MMC interface) the change is performed as follows:
 Single File Version_files/iisdefdc.gif)
Q. How can I move my IIS server to another machine?
A. In the %systemroot%\system32\inetsrv directory there is a program called "iissync". This program will transfer over all your IIS settings to the new computer, including certificates, virtual domains, and for the most part, everything you need. Just open a dos prompt, and run "iissync \\newcomputername" and wait a bit.
The IISSYNC utility is used to synchronize Internet Information Server (IIS) metabase and Transaction Server packages on one Node with IIS on a Microsoft Cluster Server on the other Node.
Q. Front Page Search Component always returns No Documents Found running IIS4 and FP 98exts, why?
A. If Index Server is installed on IIS4, Front Page will default to use that as it's search engine.
If no catalog has been built with Index Server for that web, the search component will return "No Documents Found". Either index the site using Index Server, or in the frontpg.ini file (found in %systemroot%, e.g. d:\winnt) add "NoIndexServer=1" which defaults Front Page to use it's built in search engine instead of Index Server.
Q. How to stop the NT4 Option Pack/Windows 2000 SMTP service from advertising 8bitmime?
A. Start a telnet session with the SMTP service (port 25) and enter "EHLO server-name". Note the presence of the keyword "8bitmime".
To disable the advertising of 8bitmime perform the following:
If you now telnet to the SMTP service you will notice the 8bitmime is no longer advertised.
To reverse the process, repeat steps 1 through 4, reenter the data in step 5, but this time, change the "-value:0" to "-value:1".
Q. How do I enable Index Server in Windows 2000?
A. Index Server is installed by default if you install IIS on Windows 2000. To enable perform the following:
That's all, you can now configure Index Server.
By default web sites are enabled for Index Server to change right click on the site in the Internet Services Manager MMC snap-in, select Properties, select the 'Home Directory' and check/uncheck 'Index this resource'.
Q. How do I create a new Index Server catalog?
A. Index Server stores its information in catalog's and you can create multiple catalogs to store different groups of information such as web sites, directories etc.
Once added you must configure the directories that need to be indexed:
Q. I receive an Index Server error 'Query Is Too Expensive', why?
A. If the content index is out of date, and you are executing queries that must be enumerated, you will get the above error message. To fix this problem wait until the index is up-to-date (it can be monitored through the Computer Management MMC snap-in in 2000) and perform the following steps:
Q. I receive error 'The catalog is corrupt' when performing an Index Server search, what can I do?
A. Index Server catalogs can be caused by unsafe computer shutdowns, system crashes, or applications that write to or lock the catalog files while Index Server is active.
Normally, Index Server attempts to fix any corruption automatically; however, sometimes it is necessary to manually fix the corruption.
To do manually fix the corruption, stop and restart the Content Index service, For Index 1.x, stop and restart the World Wide Web service, under Windows 2000 start the Computer Management MMC snap-in, expand 'Server Applications and Services', right click on 'Indexing Service' and stop then start. This normally causes Index Server to rebuild the catalog.
If this does not work, stop Index Server again, locate the Catalog.wci folder, and delete the contents of the folder. This manually deletes the catalog. When you restart Index Server, the catalog is re-created.
This can also occur when a file is unfilterable and the Filter Retries is set to a number greater than 4. When this happens, the information that the filter process sends to the Content Index Service (CISVS) causes the CISVS to report that the in-memory catalog information is corrupt, even though the data on the drive is fine.
To correct set retry value to 4 or less:
Q. How can I stop hidden files etc. being returned by Index Server queries?
A. It is not possible to exclude an unreadable root or other file that is physically located below a readable root. A workaround is to append to the user’s restriction. For example, FrontPage roots can be removed by setting the CiRestriction in the .Idq file to the following:
CiRestriction=(%UserRestriction%) &! #vpath *-vti_*.
Its also possible to exclude certain files and combine, for example:
CiRestriction=%if FreeText eq on% $contents "%CiRestriction%" &! #vpath *\_vti_*. &! #filename *.|(txt|,hhc|,hlp|,htx|,tmp|) %else% %CiRestriction% &! #vpath *\_vti_*. &! #filename *.|(txt|,hhc|,hlp|,htx|,tmp|) %endif%
This will exclude the FrontPage specific files and any .txt, .hhc, .hlp, .htx and .tmp files.
Q. How can I control the amount of resource used by the Index service? - Windows 2000
A. Left unchecked the Index service can grab most of the CPU time leaving a computer almost unusable. To configure the service to more reasonable levels perform the following:
 Single File Version_files/indexperf.gif)
Q. How can I stress test my IIS server?
A. Microsoft have a tool called 'Homer' (obviously watch the Simpsons to much!) which can be used to stress test all aspects of an IIS server.
"Microsoft Homer is a web stress tool that is designed to realistically simulate multiple browsers requesting pages from a web application. It was developed by web testers. We have made the tool as easy to use as possible by masking some of the complexities of web server testing. This makes the tool desirable for anyone interested in gathering performance data on their web site."
It can be downloaded from http://homer.rte.microsoft.com/ along with tutorials and more information. You can also download the Replay tool which is used to reproduce request traffic as closely as possible. It is a simulation tool that can work in conjunction with stress tools such as Microsoft Homer.
Q. How can I change the number of threads IIS uses?
A. IIS uses multiple threads to enable efficient scaling on single and multi-processor systems. By default 10 threads are used however this number can be changed but before changing you need to monitor the following items using Performance Monitor
If the IIS threads are busy nearly all the time AND the processor(s) are at maximum usage you need to consider distributing the load among other servers or adding more processors, increasing the number of threads will NOT help.
If the IIS threads are busy nearly all the time but the processor(s) are NOT at maximum usage increasing the number of threads may help.
To increase perform the following:
Q. How can I limit bandwidth/processor usage for IIS?
A. Its possible to limit IIS web sites (on a per site basis) usage of both bandwidth and processor. This is useful if a server hosts many sites and you want to ensure no one site can use up all the resources. Processor throttling is only available in IIS 5.0.
To enable perform the following:
 Single File Version_files/ismthrottle.gif)
A. A Proxy Server is a system that sits between the client applications (such as Internet Explorer) and the connection to the Internet (Server) and intercepts the requests to the server to see if it can action them itself, this improves performance by filtering requests that go out to the Internet.
The Proxy Server can cache files it downloads from the Internet for a client, using this method if someone else asks for the same page the Proxy Server can send back the version its holding in its cache rather than sending a request out on the Internet. Proxy servers can also act as a fire wall by filtering IP traffic by port or IP address.
Proxy Server 2.0 performs the above but also has extra functions such as Winsock proxy for use by Winsock based clients such as Windows 95 etc. to enable IP type access even if the local network protocol used is, for example, IPX. It does this by replacing the winsock on the client machines. It can also be used to hide your networks TCP/IP configuration by allowing you to have any TCP/IP addresses on your Intranet as only the Proxy Servers IP address is used on the Internet.
Proxy Server 2.0 also has the Sock's proxy service for non-winsock type clients such as UNIX based machines.
Q. How do I install Proxy Server 2.0?
A. Before you install Proxy Server 2.0 make sure your system meets the following pre-requisites
Once your system meets the criteria above you can start the installation:
Q. How do I install the client for the WinSock Service?
A. There are two methods, the easiest is to use the Web based installation method. Before you start this, make sure the IIS server has default.htm as one of the default document types
Alternatively you can run the setup manually by connecting to the Mspclnt share on the server and running the Setup.exe. The installation is as above.
Once the machine has rebooted, confirm the installation is OK by performing the following:
Q. How do I remove the client WinSock Service?
A. Just run the Uninstall program from the Microsoft Proxy Client group.
Q. How can I bypass the client Winsock?
A. There may be a scenario where the machine is taken to different locations (such as a portable taken home) and in this situation you do not want to use the WinSock Proxy client. Rather then uninstalling every time you take the machine home, you can disable it:
 Single File Version_files/proxcli.gif)
Once the computer has restarted it will no longer use the Proxy WinSock. To re-enable perform the above but check the "Enable WinSock Proxy Client".
Q. How do I configure an Internet Browser to use the Web Proxy service?
A. This procedure is basically the same for all browsers:
Internet Explorer 4.0
Netscape Navigator 4.0
Mosaic 3.0
You need to make sure all clients are allowed to use the proxy server:
Q. How do I manage the Proxy Server?
A. Proxy Server uses the Microsoft Internet Service Manager (ISM) as its management interface, so to manage your proxy server just start the ISM (Start - Programs - Microsoft Proxy Service - Internet Service Manager). In the example below we will examine which clients are currently using the Web Proxy service
 Single File Version_files/prism.gif)
You use the Internet Service Manager to stop/start/pause/continue the Proxy services. If you select a service, for example the Web Proxy Service, if it was running the Stop and Pause buttons would become active and you could then stop or pause the service and its State would change.
Double clicking on the services brings up their options. You can also hide certain types of services from the display, as shown in the diagram I have hidden FTP and Gopher services by unclicking their icons.
Q. How can I configure the Proxy server to automatically dial out to the ISP when needed?
A. This is configured via the Internet Service Manager, however before Proxy Server is configured we need to ensure the correct RAS services are running.
You need to make sure before you proceed that you have a phonebook entry for your ISP, if not you should add one before you proceed.
The WINS client has to be disabled for the Remote Access WAN Wrappers
You can now configure the Proxy Services to autodial
You should now stop and start all services that will use autodial.
Any client request that cannot be locally handled will now cause the Proxy server to dial out to the internet.
Q. How can I stop and start the Proxy services?
A. There are several options available to you. The easiest is to use the Internet Service Manager, just select the service and click the stop/start button.
You can also stop the services from the command line using
| net stop/start w3svc | for the Web Proxy service |
| net stop/start wspsrv | for the WinSock Proxy service |
| net stop/start spsvc | for the Socks Proxy service |
As for the Socks Proxy, it's a part of Web proxy service. It could be disabled by using registry editor:
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3Proxy\Parameters\SOCKS]
"SocksServiceEnabled"=dword:00000000
Above is a complete importable .reg file, which is self-explanatory. After merging it to registry, Socks Proxy will not start on the next start of Web Proxy.
Q. How can I use the Web based Proxy Server Administration software?
A. This can be downloaded from http://backoffice.microsoft.com/downtrial/moreinfo/proxyadmin.asp and on the Intel platform will download watx86r.exe to your machine. Before you download you really need IE4.0 to get the most from it.
To install follow the procedures below
To administer the Proxy server from a browser you would connect to http://<proxy server name>/PrxAdmin. You then click the large graphic and enter in an Admin username, password and domain.
You can then perform all the normal functions via the interface.
 Single File Version_files/prxweb.gif)
Q. Which port does WinSock use?
A. Proxy Server 2.0 uses UDP port 1745, Proxy Server 1.0 used 9321.
Q. How can I configure the RAS Autodisconnect?
A. You may have RAS Autodisconnect configured but it does not disconnect after the assigned time, the following may be to blame
To actually change the idle timeout perform the following:
Q. How do I ban the Dilbert Zone using Proxy Server? :-)
A. Proxy Server allows you to ban certain sites and IP addresses from being visible. To ban a site (such as the Dilbert Zone which gets you listed in the "Pointy Haired Boss Index") perform the following:
Clients trying to access a banned site will recive the error shown:
 Single File Version_files/bandilbert.gif)
I'd just like to say I love the dilbert zone, I read it everyday.
Q. How do I install Proxy Server 2.0 on Windows 2000?
A. Microsoft have released a Proxy Server installation add-on which has to be used to install Proxy Server 2.0 on Windows 2000/ NT 5.0 beta. The file is called msp2x86a.exe and can be downloaded from http://www.microsoft.com/proxy/default.asp.
To install perform the following:
If you are upgrading a Windows NT Server 4.0 system, on which Proxy Server 2.0 is already installed, to a Windows NT Server 5.0 system, then after installing Windows NT 5.0 Beta 2, do the following:
To uninstall Microsoft Proxy Server 2.0, use the Uninstall command on the Proxy menu. Running uninstall via Add/Remove Programs in Control Panel will fail because it searches for the installation files in the (now deleted) temporary location created by the wizard. Always backup your server before performing any actions described above.
Q. How can I create custom error messages for Proxy Server?
A. When a client receives a error from a proxy server (such as a page is not allowed) these error pages can be customised to display anything you require.
Simply place a page named as the error number (example ERROR 10060=10060.htm) in the directory C:\msp\ErrorHtmls and then Stop and Start Msproxy for it to load the new error message.
Q. Audio and Video are unavailable in NetMeeting via Proxy server, why?
A. This behavior can occur if you connect to the Internet through a proxy server using Microsoft Proxy Server version 2.0, and you have Microsoft Winsock version 2.0 installed on your computer.
To resolve this perform the following:
Also check if the ports for sending audio and video are enabled (usually ports 1503, 1720 and 1731).
Also port 389 is used for ILS (Internet Locator Server) by NetMeeting 2.0 and port 522 for ULS (User Location Server) used by NetMeeting 1.0.
To connect to a directory server, the directory server must be functioning properly. NetMeeting directory services require either port 389 or port 522. To verify that the directory server is functioning properly, use Telnet to connect over these ports.
In summary to enable NetMeeting access through a firewall:
Q. How can I use Chat behind a Proxy server?
A. If you have packet filtering enabled Internet Relay Chat (IRC) may pause for long periods of time or fail to connect. This is caused by the Identd (Identification Protocol) being filtered out. To resolve perform the following:
This will allow Identd traffic to pass through instead of being discarded by the proxy packet filter driver.
Microsoft Chat uses the standard chat port (#6667).
Q. How can I remove the Active Desktop?
A. You can turn off the Active Desktop without removing it by performing the following:
To actually remove Active Desktop completely while leaving the browser intact:
Q. How can I get past the "Active Desktop Recovery" page?
A. This can usually be fixed by deleting the desktop.htt file:
Q. What keyboard commands can I use with Internet Explorer 4.0?
A. Below is a list of common keyboard commands:
| Alt + Left Arrow (or backspace) | Go Back |
| Alt + Right Arrow | Go Forward |
| Tab | Move to next Hyperlink |
| Shift - Tab | Move to previous Hyperlink |
| Enter | Move to page referenced by Hyperlink |
| Down Arrow | Scroll down |
| Page Down | Scroll down in greater jump |
| End | Move to bottom of document |
| Up Arrow | Scroll up |
| Page Up | Scroll up in greater jump |
| Home | Move to top of document |
| F5 | Refresh |
| Ctrl - F5 | Refresh not from cache |
| Esc | Stop download |
| F11 | Full screen/normal toggle |
Q. How can I create a keyboard shortcut to a web site?
A. It is possible to create your own keyboard shortcuts with a Ctrl + Alt + <letter> combination as follows:
You can also use the above to create a keyboard shortcut to a desktop item by right clicking on the shortcut and choosing properties.
Q. How can I customize folders with web view enabled?
A. If you have installed the Windows Desktop Update and have the view as web page enabled ( view - as web page) you can customize the folder (view - customize this folder) and then select the type (background picture or a whole HTML file) or you can change the default which is stored in a hidden HTML file (%systemroot%\web\folder.htt). You can then edit this file and change accordingly.
There is a line in folder.htt "HERE'S A GOOD PLACE TO ADD A FEW LINES OF YOUR OWN" which you can add your own links which will then appear on all folders.
There are 4 other templates you can edit:
As I said these are hidden so you will either need to remove the hidden attribute (attrib <file> -h) or just enter the name specifically in the edit utility you use to change these files. A word of warning, make a backup of these files before you break them :-).
Q. How can I change the icons in the Quick Launch toolbar?
A. The icons on the quick launch taskbar (Internet Explorer, Outlook Express, Show Desktop and Channels by default) are all stored in %systemroot%/profiles/<user>/Application Data/Microsoft/Internet Explorer/Quick Launch and to remove/add just add and remove the files from this directory using Explorer.
You can copy any shortcut to this directory and the update will be done straight away, no need to logoff/reboot. As you can see below I have added a shortcut for Word and Frontpage just by copying the shortcut to the Quick Launch directory, easy.
 Single File Version_files/qcklanch.gif){kind=small}
An alternative method is to just drag a shortcut over the Quick Launch bar and it will add the shortcut for you.
All the files in this folder are shortcuts except for Show Desktop and View Channels. See the next FAQ for their contents.
Q. I have lost Show Desktop/View Channels from the Quick Launch bar, help!
A. As was discussed in the previous FAQ these icons are just files in the %systemroot%/profiles/<user>/Application Data/Microsoft/Internet Explorer/Quick Launch directory. To get the Show Desktop/View Channels icons back create the following files in the Quick Launch directory (or copy from another user)
For Show Desktop, create "Show Desktop.SCF" with the following
content:
[Shell]
Command=2
IconFile=explorer.exe,3
[Taskbar]
Command=ToggleDesktop
For View Channels, create "View Channels.SCF" with the following
content:
[Shell]
Command=3
IconFile=shdocvw.dll,-118
[IE]
Command=Channels
Q. How do I change the default Search Engine?
A. The URL for the Search Engine used with the Go - Search the Web is stored in the registry so this can easily be changed:
Now when you select search you will be taken to this URL. If you want to change back to the default enter http://www.msn.com/access/allinone.htm
Q. How do I remove the Internet Explorer icon from the desktop?
A. This can be done from the advanced options of Internet Explorer:
A. As you may be aware when you connect to a site the information you view is cached locally to speed up future visits to the site (the cache size can be set View - Internet Options - General - Temporary Internet files - Settings). Its actually possible to view the web using only the cache when not connected, obviously you can only view sites that are stored in the cache. To work off line:
You can then enter URL's and link as normal but will receive an error if you attempt to link to a site that is not cached. To stop working Offline just deselect "Work Offline"
Q. How can I reclaim wasted space by Microsoft's Internet E-mail readers?
A. Microsoft's Internet E-mail clients (both Internet Mail under IE3 and Outlook Express under IE4) waste a large amount of disk space due to the method used to store mail. The reason behind this is to improve performance, however if you do want to reclaim some of the lost space perform the following:
Also set-up Outlook to automatically delete the "Deleted Items" folder contents
Q. I cannot specify a download directory when I download a file.
A. When you download a file you are asked what to do, "Open this file from its current location" or "Save this file to disk". If you take the latter option you are asked for a storage location and you then click Save. Also on the selection screen is a "Always ask before opening this type of file", if you clear this check in future any downloads of this type will be downloaded to the Temporary Internet Files folder and opened by the program associated with the file type. To undo this perform the following:
Q. Internet Explorer opens .EXE files instead of Downloading them.
A. As in the previous FAQ if you unselect "Always ask before opening this type of file" for an executable it updates the registry so you are not asked however this can be fixed:
For files such as WAV, MOV and AVI (ActiveMovie files) you would modify the entry HKEY_CLASSES_ROOT\AMOVIE.ActiveMovieControl.2\EditFlags to be 00000000.
Q. How can I change the default start page?
A. When you first start Internet Explorer it loads a page, by default this is a Microsoft page (http://home.microsoft.com/) however this can be changed:
The above just updates registry entry "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page". You could create a registry script that updates a machines registry to set your page up as the clients Homepage. The REG script would have the following:
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start
Page"="http://www.ntfaq.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main]
"Default_Page_URL"="http://www.ntfaq.com/"
You would then setup a link on your page to the script and people would select "Open from current location". The official Microsoft image for this is
(if you want it right click on it and select "Save Picture As").
I have set the above up so it sets http://www.ntfaq.com as your start page but I would advise against it ;-) If you wanted no start page, e.g. blank, set the value to "about:blank".
If you use Netscape use the following to change your default homepage
It does not store the start page location in the registry, rather in a javascript file prefs.js, which is located in the Program Files\Netscape\Users\<Netscape Profile Name> directory. The line in the file is
user_pref("browser.startup.homepage", "http://www.ntfaq.com/");
however you should not edit this file.
Q. I have forgotten the content advisor password.
A. The password for the content advisor is stored in an encrypted form and decrypting it, while possible, is to complicated for our purposes so we will instead just "reset" the password as if it had never been set.
Q. Where can I download IE 5.0?
A. IE 5.0 beta can be downloaded from http://www.microsoft.com/windows/ie/default.htm
Internet Explorer 5.0 does not ship with the Active Desktop so if you want Active Desktop you will need to have installed IE 4.0 Service Pack 2 with Active Desktop and upgrade to IE 5.0.
Q. How do I clear Internet Explorers History?
A. Internet Explorer keeps a history of the sites you visit and can be viewed by clicking the History button on the toolbar. If you wish to clear this History perform the following
IE 4
IE 5
Same as above except Internet Options is under the Tools menu
The History files are actually stored under the directory %systemroot%\Profiles\<user name>\History\History however the permissions on the files are complex so deleting manually is not advised.
Q. How can I modify IE's toolbar background?
A. The picture behind the IE toolbar buttons can be set to any bitmap you wish. To do this perform the following:
Below is an example.
 Single File Version_files/iecustom.gif)
Q. How can I restore the IE animated logo?
A. Using the Internet Explorer Admin Kit it is possible to modify the small "E" logo in the top right hand corner of Internet Explorer (ISP's such as MSN do this). To restore to the default perform the following:
Q. Are there any Easter Eggs in Internet Explorer 5.0?
A. There are two Easter eggs I know of for IE 5.0.
 Single File Version_files/ie5eeg1.gif)
(Actually this Easter Egg also runs on IE4.01)
Number two:
To remove ie-ee just start the Languages dialog again, select ie-ee and click Remove.
Q. How can I stop users accessing local drives via Internet Explorer?
A. If you type "C:" (or any other drive) in the Microsoft Internet Explorer address box you will be shown the contents and if proper NTFS file permissions are not in place users will be able to delete, rename, read any files on the disk. This is usually a problem if you have a locked down environment where users do not normally have access to Explorer etc (such as an Internet Cafe).
To stop the ability to view local drives from Internet Explorer perform the following:
The NoRun setting disables viewing local files by typing a file address or URL (for example, "file://d:\") in the Address box, and also disables the Run command on the Start menu.
The NoDrives setting disables the selected drives. It is explained in 'Q. How can I hide drive x from users?'. Basically drive A is 1, B is 2, C is 4, D is 8 etc. and you add the values together. So to hide drive C and D, you would add 4 and 8 which is twelve or C in hexadecimal and set NoDrives to C (selecting Hex mode).
Additional restrictions can be applied to IE 4.01 Service Pack 2 and IE 5.0 which are described in 'Q. What addition restrictions are available in Internet Explorer IE4.01 SP2 and above?'
Q. What additional restrictions are available in Internet Explorer IE4.01 SP2 and above?
A. Additional restrictions can be applied to IE 4.01 Service Pack 2 and IE 5.0 which have an updated Shdocvw.dll.
The restrictions below should be added to HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions of type DWORD value. Set to 1 to be enable, 0 to disable.
| NoFileOpen | Disables Open command on File menu, CTRL+O, and CTRL+L. |
| NoFileNew | Disables CTRL+N NoBrowserSaveAs Disables Save and Save As on the File menu. |
| NoBrowserOptions | Disables Internet Options on the View menu (disables changing browser settings). |
| NoFavorites | No Favorites menu, adding to favorites, or organizing favorites. |
| NoSelectDownloadDir | Prevents user from being able to select download folder by not displaying the Save As dialog box when a file is downloaded. |
| NoBrowserContextMenu | Disables HTML context menu. |
| NoBrowserClose | Disable ALT+F4. |
| NoFindFiles | Disables the F3 key. |
| NoTheaterMode | Disables the F11 key. |
NoFindFiles and NoTheaterMode are created by default during the installation of Service Pack 2 but are of type BINARY due to limitations of .inf files. You can, if you wish, delete and recreate these as DWORD values.
To prevent users from customizing the IE5 Icons & toolbar edit the following HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions\NoToolbarOption).
Also under HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, add the value NoBandCustomize (REG_Dword) to stop changing buttons. Add the value NoToolbarCustomize (REG_DWORD) to remove the 'customize' option from the toolbar right click menu. Value 0=enabled 1=disabled.
Q. How can I configure proxy settings in Internet Explorer 5.0?
A. To configure LAN Proxy settings in Internet Explorer 5.0 perform the following:
If you select 'Automatically detect settings' essentially, the discovery cycle will typically involve one dhcp request or dns request. Further, a discovery cycle happens quite infrequently.
When you install IE5, the first time it runs, it will perform a discovery cycle only if you are on a LAN and not a dialup connection. (discovery is disabled by default for dialup)
If this initial discovery fails, then auto discovery is disabled until a user
re-enables it. If the discovery succeeds, then discovery is only performed when
the downloaded configuration file expires according to HTTP semantics. If no
expiry
information is supplied, then the default is discovery once every 7
days. Again, this is only if it initially succeeds.
The following registry entries can be directly updated instead:
Q. How can I install Internet Explorer 4.0 without adding the IE icon to the desktop?
A. Install using the following command to stop IE adding an icon on the desktop or from becoming the default browser (this will not work if you have installed the Windows Desktop Updated):
C:\> IE4SETUP.EXE /C:"ie4wzd" /S:""#e"" /X /R:N /Q:A /m:0"
Q. How do I use the Internet Explorer 5.0 repair tool?
A. The Internet Explorer Repair tool can be used to diagnose and possibly fix problems with Internet Explorer 5. This tool has the following features:
To start the repair tool perform the following:
If you don't have the option in the Add/Remove Software control panel applet it can be run from the command line:
C:\> rundll32 setupwbv.dll,IE5Maintenance "C:\Program Files\Internet Explorer\Setup\SETUP.EXE" /g "C:\WINDOWS\IE Uninstall Log.Txt"
Q. I have forgotten the content advisor password under Windows 9x/IE 5.0.
A. The password for the content advisor is stored in an encrypted form and decrypting it, while possible, is to complicated for our purposes so we will instead just "reset" the password as if it had never been set.
Q. The tab key does not select the right hand pane in a IE5 help search.
A. This is a known problem, press F6 to toggle between left and right panes instead. It works in msdn library as well.
Q. How do I turn off Internet Explorer AutoComplete?
A. Internet Explorer has the neat ability to auto complete a URL as you type it. This can however be annoying and you may want to turn this off. It can be accomplished by performing the following:
 Single File Version_files/autocompleteoff.gif)
You can also accomplish this by setting HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest to "no" (don't type the quotes) in the registry.
Q. How do I install NT Workstation 4.0?
A. The installation of NT is quite simple, and below is just a simple example of an installation of a Workstation using TCP/IP and NetBEUI connected to a Domain.
You now have NT Workstation installed :-).
Q. How do I install NT Server?
A. The installation of NT Server is the same as NT Workstation with a few exceptions
A. The best method is two create at least two partitions. The first around 200Mb and format to FAT, on this partition DOS will be installed. The reason 200Mb is suggested that this is enough space to later install Windows for Workgroups or Windows95 if needed. After installing DOS, install NT and install onto the second partition (and format FAT or NTFS). Once the installation is finished, on bootup of the machine you will have a choice of booting into DOS or NT. The advantage of having NT installed on a FAT partition is that if there is a problem then you can boot up in DOS mode and access the NT partition and possibly restore files, although that core NT startup files are located on the C partition anyway (boot.ini, ntdetect.com and ntldr).
Q. Installation hangs when detecting the hardware.
A. The program being called is NTDETECT.COM. The best course of action is to use the DEBUG version of NTDETECT.COM.
In the support area of the NT installation cd (/support) there is a file NTDETECT.CHK. Follow the instructions to use it:
Q. Is it possible to install NT without using boot disks or temp files?
A. On many new BIOS's it is possible to specify an IDE CD-ROM as a boot device and the latest versions of the NT installation media have the files needed to boot directly from the CD-ROM. If you BIOS does support the CD-ROM as a boot device just insert the CD and boot the computer.
If you have a SCSI CD-ROM Drive, it can be booted from the CD if the SCSI Bios (such as from Adaptec) support it.
If you cannot boot from the CD-ROM, you can either have it not using disks (winnt(32) /b) or not using temp files but not both.
On the Alpha platform, it is possible to boot from the retail or MSDN CD of NT 4.0 and install so no boot disks or temp files are used.
Q. Does NT have to be installed on the C drive?
A. No, NT can be installed on any drive, however it does place a few files on the active partition in order for NT to boot.
Q. There is a file ROLLBACK.EXE. What is it?
A. It is used by developers to wipe the Registry completely. Do NOT use it!
Q. I have NT installed, how do I install DOS?
A. Follow the steps below
The procedure above will only work if the C drive is FAT.
Q. How do I convert NT Workstation to NT Server?
A. There are various discussions about the changing of 2 registry keys that turns a Workstation into Server, which in turn change a number of other keys, however this is against license agreements and should not be attempted.
Workstation can be upgraded to a Server, but it cannot become a PDC or BDC, to do this a fresh installation of NT server would be needed. To convert follow steps below
If you have your NT Workstation upgraded with Service Packs, it is necessary to upgrade the server with the same service pack best performed by an unattended installation described in your FAQ. Otherwise you get a lot of unpredictable problems up to an core dump.
Q. I have bought a new disk, how do I move NT to this new disk?
A. There are various methods, depending on your setup and needs. The best method is to:
If the tape drive is not an option and the partition is NTFS you still have a number of options, you could setup the new disk as a mirror of your existing disk, then break the mirror and remove the old disk setting the new disk as the boot disk. You can also use the utility scopy that is supplied with the NT resource kit by fitting the new hard disk, creating an NTFS partition on it and then performing
scopy <source drive>: <target drive>: /o /a /s
To use the scopy command you must have Backup and Restore User Rights. Once the copy is complete shutdown NT, remove the old drive, and set the new drive to master (if IDE) or SCSI 0/6 (if SCSI) and boot of the NT installation disks, and again repair everything except "Check System Files". If you have time it can be worth creating a temporary NT installation on the drive before performing the copy, booting off of this minimal installation and perform the scopy from there as this means no files will be locked, and then you would only need to repair the boot sector.
Other methods include ghost copy from http://www.ghostsoft.com/ and DriveCopy from http://www.powerquest.com/ which copy and entire disk which should eliminate the need for performing a repair. I have used the ghostsoft utility and it works well.
Make sure if you are moving NT to a different type of disk, i.e. one that needs a different driver, you install the new driver before you perform the copy so that when NT boots off of the new disk it has the needed drivers.
Another option would be to use Mirroring (if you have Server). Install the new disk and make it a mirror of the boot/system partitions. Once it is up-to-date remove the old disk and use the new.
One final point if you are using FAT is that to clone a HDD by copying the SAM and Registry files (which are all 8.3 file names) in a DOS copy operation (thereby avoiding the share violation you would get in NT4) and to copy across all the other files, some with ling file names, under NT4.
Q. Can I upgrade from Windows95 to NT 4.0?
A. There is no upgrade path from Windows95 to NT4.0. The best option would be to have a dual boot if you have 150Mb of uncompressed space free. Just install NT4.0 into a DIFFERENT directory (if you install NT4.0 into the same directory as Windows95 it will corrupt the 95 registry) and when booting the machine you will have a choice of NT4.0 or Windows95.
Q. How do I remove NT from a FAT partition?
A. If you have NT installed on a FAT partition then you will need to remove the NT operating system files and the NT boot loader. To remove the files and the boot loader boot a MS-DOS disk with the deltree utility copied and perform the following:
Q. How do I remove NT from a NTFS partition?
A. The best way is to delete the partition. Start the computer from the NT installation disks. When the option to create/choose partitions select the NTFS partition NT is installed on and press D to delete the partition, and then L to confirm.
Q. How do I install the Iomega Parallel Disk Drive?
A. Follow the steps below
Notes:
When you start up your pc, make sure there is no ZIP disk in the
drive- otherwise NT will run checkdisk on the drive, which can take an
eternity.
If you do not have the ZIP drive attached when you boot up, you will get an error at bootup that a service did not start up.
Q. How do I install at tape drive on NT Server?
A. Follow instructions below
NT 4.0 will also detect and install certain tape drivers (such as 4mm DAT) which means there is no need for a reboot after the installation.
Q. How do I install the NEC 4x4 CD changer?
A. NEC does not currently have drivers for NT 4.0, so the CDROM must rely on Microsoft's generic drivers. I've been able to get all four slots to read data correctly without any special tweaking; however, there are some annoyances that still remain.
Create a shortcut that points to driveletter:\\ instead of using the run box and typing it in eases use of the drive.
Q. What are symbol files, and do I need them?
A. Symbol files are created when images are compiled and are used for debugging an image. They allow someone with the correct tools to view code as the software is running. You do not need symbol files unless you are a developer.
Q. How do I install NT and Linux?
A. Linux has a boot manager called LILO (which is a separate utility), and it will boot Linux on its native EXT2 partition, and any other DOS/WIN bootimages residing on a FAT16 partition. It doesn't really care whether it is dos/win95/NT, it will boot it. So as long as NT is installed on a FAT16 partition, there is no problem with LILO. Apparently the latest Linux kernel has FAT32 support, so that may also be an option as well. Actually Linux supports FAT16 and can mount the FAT16 partition under its filesystem and have all the DOS/WIN files visible if you want it to. An alternative to LILO is Grub which can be downloaded from http://www.uruk.org/~erich/grub .
There is something else called LOADIN, allowing linux to be installed as a MSDOS subdirectory in a DOS/WIN system. This allows Linux to be run as an application after you started DOS. This does not work with NT. This is as Linux needs to run in supervisor mode and not user mode. NT will not yield at all on this. Windows 95 is the same but you can set loadlin to run in Dos mode where it just sees Dos 7 and works fine.
Linux and NT will work even if Windows NT is on NTFS. You need to set in linux fdisk for the Linux drive to be flagged bootable, not NT. Then install lilo and select to boot the linux partition and NT (which will say OS/2 in lilo). This way you can use both NT and Linux and still have a NTFS partition. Lilo must reside on the Linux root sector and not the MBR.
Another method is as follows:
You can learn more about it from the Linux documentation project and the FAQ inside. It is mirrored in a large number of locations. This is one of the mirrors ftp://ftp.ox.ac.uk/pub/linux/LDP_WWW/linux.html.
More information can be found on multi-boot from http://www.windows-nt.com/multiboot/directboot.html.
Q. How do I install NT over the network?
A. If you do not currently have any operating system installed on your machine, then you need to create a bootable floppy disk that contains a driver for your network card and network protocol. A tool is provided called "Network Client Administrator" which automatically creates a bootable disk used to install Windows95 or Network Client. It is possible to use this tool to also create a disk that can be used to install NT with a bit of tweaking :-)
If you plan to produce a large number of install disks you can configure the Network Client Administrator to also create Workstation and Server network installation disks. To do this you need to have the client directory on a hard disk and create 2 subdirectories under it (\\server\client).
When creating the network disk you will now also have options for "Windows NT Workstation" and "Windows NT Server".
Q. Is it possible to use Disk Duplication to Distribute Windows NT?
A. It is OK to use disk duplication to install NT, but not a complete NT installation. You should follow the steps below:
The traditional problems with cloning were that the SID would be duplicated, however there are now several third party products that enable you to change the SID of a duplicated machine, you would then add the machine a new Computer Account on the PDC and change its name.
| NT Internals | http://www.sysinternals.com/ |
| ImageCast | http://www.netversant.com/ |
| DiskClone | http://www.qdeck.com/ |
| DriveCopy | http://www.powerquest.com/ |
| ImageBlast | http://www.keylabs.com/ |
| Ghost | http://www.ghostsoft.com/ |
Q. How do I perform an unattended installation?
A. It is possible to specify a text file that can be passed to the Windows NT installation program that contains answers to the questions the installation procedure asks. This file is usually called unattend.txt and is passed to the Windows NT installation program using the /u:unattend.txt qualifier. The answer file has to adhere to a strict format which can be very complex, however there is a utility on the NT Server CD called SETUPMGR.EXE (in the Support/Deptools/I386) that allows the information to be filled into dialog boxes and it will then create the unattend.txt (or any other name) for you. Below is an example of how to use the SETUPMGR.EXE file:
Microsoft have a document on automated installations at http://www.microsoft.com/NTWorkstation called "Deployment Guide to Windows NT Setup"
Other Resources:
Q. Is it possible to specify unique items during an unattended install?
A. The unattended installation file contains details for settings that will apply to all machines, however there are some settings that you may want to be different from machine to machine, such as user name, computer name, TCP/IP address etc. This can be accomplished by producing a text file in a certain format, with different sections for each computer. The UDF file is used by specifying the /UDF:ID[,<database file name>]. An example UDF file would be
[UniqueIds]
u1 = UserData,TCPIPParams
u2 =
UserData,TCPIPParams
[u1:UserData]
FullName = "John
Savill"
ComputerName = SavillComp
ProductID =
xxx-xxxxxx
[u1:TCPIPParams]
IPAddress =
200.200.153.45
[u2:UserData]
FullName = "Kevin Savill"
ComputerName =
KevinComp
ProductID = xxx-xxxxxx
[u2:TCPIPParams]
IPAddress =
200.200.153.46
The ID specified would be (in the case above) u1 or u2. If the above file was
saved as udf.txt to perform an unattended installation for
machine one you would use
winnt /b /s:z: /u:unattend.txt
/UDF:u1,udf.txt
which would set the installation as user John
Savill, computer name SavillComp and IP address 200.200.153.45. If a parameter
is specified in both the unattend answer file and the UDF the value in the UDF
will be used. (The /b means its a floppyless installation and the /s specifies
the source for the installation files and UDF etc. You would needed to have
created the connection to z: already (net use z: //savillcomp/dist))
The structure of the UDF uses a subset of the sections available in the unattended answer file.
Q. How do I automatically install applications as part of the unattended installation?
A. A utility is supplied on the NT distribution CD called SYSDIFF.EXE which is used to create a file containing files and registry changes needed for an application or set of applications to be installed. To use SYSDIFF just copy it from the CD to your hard disk
Alternativly there is a newer version available as a fix from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/utilities/Sysdiff-fix/, download sysdiffa.exe for Alpha, sysdiffi.exe for Intel.
The basics behind SYSDIFF is it creates a snapshot of the system before the application is installed, the application is installed and SYSDIFF is run again which compares the current system to the snapshot taken, and any changes to the registry and files are saved. An example usage need to include the following
Note: Using the /apply method the %systemroot% has to be the same on all machines, i.e. if the diff file was created on a machine with a %systemroot% of d:\winnt\ all machines must be installed to d:\winnt\ ([Unattended] TargetPath)
If this dump file gets to large look at the sysdiff /inf option instead which creates a directory for each application installed and is better for a large number of applications. See the SYSDIFF.HLP file for more information.
Q. Install detects the wrong video card and locks the installation.
A. When NT detects a video card it insists that you click the "Test" button. If the NT installation procedure incorrectly detects the hardware then it can cause the NT installation to hang and the only way to continue is to press the Reset button (e.g. the Number 9FX Reality card). To solve this problem when it detects the card just click the CANCEL button and it will leave the default VGA driver.
After the installation has finished manually install the new driver supplied with the graphics card, or download it from the makers web site.
Q. How do I upgrade from NT 3.51 to NT 4.0?
A. The scenario below is for upgrade an NT Workstation 3.51 machine to a NT Workstation 4.0 machine. It is the same to upgrade a NT Server 3.51 to a NT Server 4.0, except that if you upgrade a server you will also be given the option to install IIS (Internet Information Server).
The only problem with the upgrade is it does not remove old applications that were part of 3.51, such as cardfile.exe.
Q. When I use an unattended installation, how do I avoid the click "Yes" at the license agreement?
A. In the [unattended] section of your unattended answer file insert the line
OemSkipEula = yes
Q. I have NT installed, how do I install Windows95?
A. If you already have DOS installed, then boot to DOS and install Windows95. The instructions below are if you only have Windows NT installed.
For this procedure to work the system partition (c:) must be FAT.
Q. How do I remove Windows95/Dos from my NT system?
A. The procedure below should be used on systems with Windows95 and/or DOS installed, however be aware it is sometimes good idea to have a small DOS installation for use with hardware setup etc. Before you start this make sure you have an up-to date ERD (rdisk -s) and the 3 NT installation disk (winnt32 /ox) just in case :-)
Q. I can't create a NTFS partition over 4GB during installation.
A. During the text based portion of the NT installation, it is possible to create and format partitions. The maximum size for an NTFS partition is very large (16 exabytes), however the maximum size for a FAT partition under NT is 4GB (2GB under DOS). If you format a partition as NTFS during NT installation, it originally formats it as FAT and then converts it in the final stages of the NT installation, and this you are limited to a maximum partition size of 4GB during the NT installation.
To get round this problem there are several paths of action open to you
If you are performing an unattended installation it is possible to create a greater than 4GB partition using the ExtendOEMPartition flag in the unattended file. This key causes text-mode setup to extend the partition on which the temporary Windows NT sources are located into any available unpartitioned space that physically follows it on the disk. Under the [unattended] section include the lines:
FileSystem = convertNTFS
ExtendOemPartition = 1,
NoWait
The NoWait is only availble from Service Pack 1 and above.
Also if you are installing from a distribution kit you can copy the Service Pack 3 version of setupdd.sys and replace the version in i386 folder of the NT distribution set.
For more information see knowledge base articles:
Q. I cannot upgrade my 4.0 NT installation with the NT 4.0 upgrade CD.
A. Microsoft have confirmed this to be a problem with the software, and more information can be found in knowledge base article q154538 at http://support.microsoft.com/support/kb/articles/q154/5/38.asp .
A workaround is available, as the setup procedure checks the registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion for the version number, and only upgrades if the version is 3.1 ,3.5 or 3.51. You can therefore edit this entry and change the current version number
You should now be able to upgrade.
Q. How do I create the NT installation disks?
A. Follow the procedure below:
Q. How can I use a Network card that is not one of those shown with Network Client Administrator?
A. The Network Client Administrator tool located in the Administrative Tools section is a very useful tool, but lacks the seemingly obvious function of "Have disk" to use a NDIS 2.0 compatible driver supplied with the network card. You can get round this though with a minimum of hassle.
The Network Client Administrator disk is now configured to use your network card. A known problem is with Irmatrac/Microdyne token ring adapters, and will not work unless the net sub-directory on the disk is renamed to dev.
This solution is fine for one off disk creations, however you may want to have the network card displayed as an option by the Network Card Administrator program, to do this perform the following
Network Client Administrator will now list the new card as an option as a Network card.
A. The easiest way to do this is to use the net localgroup command, however before you can use the command you have to have connected to the PDC and start the netlogon service. The following commands can be used in the unattended installation using the CMDLINES.TXT file:
net use \\<machine name of the PDC> /user:<domain
name>\<username> <password>
net start netlogon
net
localgroup Administrators "<domain name>\<user>" /add
Q. I have problems running a program as part of the unattended installation?
A. You can use the /e switch during the unattended installation to specify a program to run, e.g.
winnt.exe /u:unattend.txt /s:w: /e:"w:\servpack\update -u -z"
The above would be used to install a service pack after the NT installation (-u for unattended, -z for no reboot), however you may get an error and in setuplog.txt the following error:
"Warning:
Setup was unable to invoke external
program
<drive>:\<directory>\<program> because of the
following error:
CreateProcess returned error 3."
This is because after the installation network drives are no longer mapped and w: no longer exists. Any source files need to be locally stored to be able to be run and then with the /e use a local drive letter.
Q. I have Windows NT installed, how do I install Windows 98?
A. As with the installation of Windows 95, the system partition (the active partition, c:) must be FAT and not NTFS as Windows 98 cannot read or write to an NTFS partition. Windows 98 places COMMAND.COM on the active partition (along with a blank autoexec.bat).
If you system partition is not FAT then you should back up your data, reformat the partition as FAT and restore the backup.
Windows 98 is normally NT boot menu friendly which means it will not replace the boot loader code of the disk and instead automatically adds an option to the boot menu (boot.ini) of the format
C:\="Microsoft Windows 98"
This means upon booting the machine Windows 98 or NT can be chosen.
To be on the safe side before installing Windows 98 create a new Emergency Repair Disk for NT using RDISK.EXE
Windows 98 cannot be installed from within Windows NT so if you have DOS also installed, boot from DOS (its boot menu item will be replaced after the Windows 98 installation with the Windows 98 name) and run the setup.exe on the Windows 98 installation disk.
If you do not have DOS installed you should boot off of a DOS boot disk with a driver for your CD-ROM and again run SETUP.EXE.
Once installation has started you will be able to choose the installation drive and directory (only FAT partitions will be allowed). If there are NTFS partitions on the system a warning will be given that the contents will not be viewable under Windows 98.
Once installation has completed no user action is needed and you may boot off of either installation.
If you find you DON'T have the NT boot menu and the machine boots straight into 98 perform the following:
Ensure once you have completed the Windows 98 installation you do NOT upgrade the active partition to FAT32. Windows NT 4.0 cannot read FAT32 and converting the active partition to FAT32 will render the NT boot menu unusable and unbootable.
Q. I have Windows 98 installed, how do I install NT?
A. The only requirement for installing Windows NT after Windows 98 is that the system partition (C:) is not FAT32 as Windows NT cannot read FAT32 (at least until version 5.0 of NT which has full FAT32 support).
If the active partition is FAT32 you will need to convert it back to FAT16 or see 'Q. I have Windows 98 installed on C: with FAT32, how do I install NT?'. There are a number of 3rd party applications that can do this, e.g. Partition It from QuarterDeck (http://www.quarterdeck.com). I have never used it but other people have recommended it.
To begin the installation of NT just boot into Windows 98 and run WINNT32.EXE from the Windows NT installation and proceed as normal (select install not upgrade). The Windows NT installation procedure will automatically detect the Windows 98 installation and add it to the NT boot menu.
Do NOT upgrade the system partition to NTFS using the CONVERT.EXE command as Windows 98 will no longer be able to boot.
Q. I have Windows NT 5.0 installed but when I try to install Windows NT 4.0 the installation fails.
A. Windows NT 5.0 has changed the boot loader and so trying to install Windows NT 4.0 afterwards Setup may continuously restart each time the computer is started without ever finishing.
Service Pack 4 provides an updated winnt32.exe that allows Windows NT 4.0 to be installed after NT 5.0 so you will need to perform the following:
Q. I want to install Windows 98 and NT, what file system should I use?
A. Windows 98 supports 2 file systems, FAT and FAT32. Windows NT 4.0 supports 2 main file systems FAT and NTFS. The only common file system is FAT which means the active partition, C:, must be FAT.
If you then partition the harddisk into one partition for the active partition, one for 98 (d:) and one for NT (e:) you could have FAT32 on D: and NTFS on E: but you should be aware that the 2 operating systems will not be able to see the partition of the other. If you ever want a partition that can be seen by both you will need FAT.
Windows NT 5.0 introduces support for FAT32 so in this case the active partition could be FAT32 and you would only need one separate partition for NT if you wanted NTFS.
There are tools that enable Windows 9x to read NTFS, e.g. NTFSDOS from http://www.sysinternals.com/ however these are mainly readonly and I may lead to corruption if not used correctly. Also bear in mind Windows NT 5.0 introduces NTFS 5.0 which these utilities will not be able to read.
Q. How do I manually install SCSI drivers before the autodetect of installation?
A. When you put the first Boot disk in to install NT. There is a brief moment when at the top of the screen in white lettering is "Setup is inspecting your Hardware....". Press the F6 key there. Once the NT Kernel is loaded it will ask you to select which drivers to install at the end of reading disk 2 but before selecting the installation type.
Q. During installation of Windows NT Server 5.0 the type of server cannot be set. - NT 5.0 only
A. Unlike earlier versions of Windows NT, the role of a server can be changed at any time in its life, e.g. from a member server to a domain controller, and from a domain controller back to a member server. This means that when initially installed, ALL servers are installed as stand-alone/member servers (even upgraded PDC/BDC's) which then have to be promoted to domain servers.
For information on promoting a server to a domain controller see Q. How do I promote a server to a domain controller?
Q. How do I delete the recycle bin as part of an unattended installation.
A. The recycle bin is just a registry entry so if we delete the registry entry it will remove the recycle bin.
Create the following in a file remreycl.inf
[Version]
Signature = "$Windows NT$"
Provider=%Provider%
[Strings]
Provider="SavillTech Ltd"
[DefaultInstall]
AddReg = AddReg
DelReg = DelReg
UpdateInis =
UpdateInis
[AddReg]
[DelReg]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
[UpdateInis]
You should then create a $OEM$ folder in your I386 installation directory and copy the file remreycl.reg into the directory.
If the file cmdlines.txt exists edit it otherwise create it (in the $OEM$ directory) and add the following:
[Commands]
"rundll32 setupapi,InstallHinfSection DefaultInstall 128
.\remreycl.inf"
Q. During an unattended installation I am prompted for an IP address if 0 is in the given address.
A. If you have an unattended install file with information such as
[TCPIPParameters]
DHCP=NO
IPAddress=200.200.0.200
Subnet=255.255.0.0
You will receive an error dialog during the installation:
"The IPAddress key has an invalid IP address. Please correct the problem after the property sheet is displayed"
If you then click OK the installation will continue.
The bug only applies if there is a 0 in the second or third octet, e.g. xxx.here.orhere.xxx.
Service Pack 2 or later corrected this problem and so to avoid the message replace the tcpcfg.dl_ on your distribution server (the i386 directory) with the tcpcfg.dll from the latest service pack.
Q. How do I map a network drive during an unattended installation?
A. This may be useful if you want to install software, such as a service pack, during installation.
Using the Cmdlines.txt file it is easy to map to a network share. Cmdlines.txt must be stored in the $OEM$ directory under your NT installation area, e.g. i386\$OEM$. A very basic unattend.txt would consist of
[Unattended]
OemPreinstall = yes
The map command should be under the [Commands] section of your cmdlines.txt file, e.g.
[Commands]
".\net use <drive letter>:
\\<server>\<share> /user:<domain>\<user>
[<password>] /persistent:no"
It is important to add the /user otherwise the system will attempt to use the System account which does not have an actual user account thus the command would fail. The /persistent:no is used as the connection should not be remade at each logon.
One option would be to enable the Guest account and give it access to the share which would mean you could connect at /user:<domain>\Guest which would allow a connection to be made to the share even if the domain controller cannot be contacted.
Q. How can I install Windows 2000 on a machine with less than 64MB of memory? - Windows 2000 only
A. By default you need 64MB of memory installed on the machine to install Windows 2000 Server, however this limitation can be got round.
Be aware that this will not work with upgrades/installs using winnt32.exe, only winnt.exe.
Q. How do I disable the Installation of Exchange during installation?
A. If you want to stop the installation of the Exchange client during installation of NT then perform the following:
Below is an example of the edited file
[BaseWinOptionsInfs]
accessor.inf
communic.inf
games.inf
imagevue.inf
mmopt.inf
;msmail.inf
multimed.inf
optional.inf
pinball.inf
wordpad.inf
Q. My evaluation period has expired on my NT installation, why?
A. You may have not used your an evaluation CD but if you used setup disks that were created with an evaluation CD then the NT installation will expire after 120 days.
You will get one hours notice with the following
 Single File Version_files/evalexp.gif)
and then one hour later a blue screen of death:
END_OF_NT_EVALUATION_PERIOD (0x98)
Your NT System is an evaluation unit
with an expiration date. The trial period is over.
KeBugCheckEx parameters:
You would then have to restart the computer and would be able to run it for another hour before it crashed again.
To fix this will you need to "upgrade" your installation using a full retail copy of NT, not the upgrade version as it will not "upgrade" NT 4.0 to 4.0. Before performing this upgrade you must ensure you have uninstalled Service Pack 2 or above. If Service Pack 3 or above was installed you must make sure that the following files are not replaced:
To ensure the three files above are not replaced copy them from the service pack to your NT installation directory (I386) to the hard disk and expand the files above to the directory.
Microsoft do not supply a utility to tell you if your installation will expire or not, however I have written a utility and for more info see Q. How can I tell if my NT installation is a 120 day evaluation or full?
Q. How do I install on a disk larger than 8GB?
A. The Microsoft supplied generic IDE driver (Atapi.sys) may not be fully compatible with drives larger that 8 GB. This issue only affects IDE-based drives 8 GB and larger however Service Pack 4 includes an updated ATAPI.SYS allowing access to disks greater than 8GB.
Windows 2000 will support (bootable) partitions larger than 8GB provided the booting controllers BIOS supports EXT INT-13 BIOS calls.
The system board BIOS must support and recognize drives larger than 8 GB before Windows NT can access the entire drive. You can verify this ability by entering into the BIOS or contacting your system board manufacturer. To use the SP4 ATAPI.EXE under NT 4.0 perform the following:
If you are using Microsoft Small Business Server 4.0 or 4.0a, follow these instructions:
Running ATAPI.EXE creates the files below:
The NT 4.0 SP4 atapi.sys file is neither necessary nor supported for Windows Terminal Server Edition. If you try to use it, you may get a message to the effect that you don't have the necessary component installed. As long as you stick to the 2GB/8GB install limits, this extension is not necessary.
Q. How can I stop the installation of My Briefcase during NT installation?
A. Its possible to stop the installation of the syncapp.exe which is responsible for the "My Briefcase" icon by editing two files.
If you wanted to enable the installation of My Briefcase again edit the files layout.inf and txtsetup.sif and remove the semi-colon in front of syncapp.exe.
Q. How can I control which accessories are installed during an unattended installation?
A. Its possible to configure applications to either be installed as
This can be done by editing the corresponding .inf file for the application. The list of .inf files are listed in syssetup.inf:
Many .inf files have multiple applications defined in it and are shown with [<application>]
A. Why am I talking about the MS-DOS SmartDrv utility? Well if you use the WINNT.EXE installation method for NT and do not use SMARTDRV the installation will take multitudes of times longer than if you do use it.
At the most basic you may create a DOS bootable disk (format a: /s from DOS) that just maps to a network drive and starts the installation. To take advantage of SMARTDRV copy onto the disk the files:
You should then edit (or create) the file AUTOEXEC.BAT and add the line
<path>smartdrv.exe /q
e.g. a:smartdrv.exe /q
Now edit (or again create) the file CONFIG.SYS and add the line
device=himem.sys
Himem.sys is needed by smartdrv and allows access to higher areas of memory.
This applies equally to locally installed copies of DOS however SMARTDRV.EXE is automatically installed but make sure you are using it by looking at autoexec.bat.
Also adding the line
BUFFERS=99
to CONFIG.SYS on the bootable disk can speed up operations.
Q. How can I upgrade a NFR NT installation to full Retail?
A. Unfortunately there is no upgrade mechanism, you have to perform a new installation and then reinstall your applications.
If you are replacing a domain controller install a fresh copy as a backup domain controller and then upgrade to domain controller. Below are some links that may help you.
Q. How can I stop IE 2.0 being installed as part of installation?
A. By default, Internet Explorer 2.0 is installed when you install Windows NT. To stop this perform the following:
The change should be as follows:
[Infs.Always]
; iexplore.inf,DefaultInstall
Q. How can I remove the Linux LILO Boot Manager?
A. Linux has its own boot manager which is stored in the Master Boot Record (MBR) which allows dual booting between Linux and other operating systems (such as NT).
To remove LILO from within Linux use the command below if LILO is installed on the MBR of the master drive on the primary IDE controller:
lilo -u /dev/hda
To remove from a SCSI drive use /dev/sdan where a is which drive in the chain (so a is the first) and n is which partition on the drive (starting with 1), n can be left off if there are not multiple partitions on the drive, e.g.
lilo -u /dev/sda
If Linux is no longer installed it can be removed by booting to DOS and typing the command
C:\> fdisk /mbr
You may want to backup the MBR first using the Resource Kit utility DISKSAVE.EXE.
Q. How can I recreate the Windows NT installation disks?
A. To recreate the installation disks perform the following:
If you want to create Windows 2000 start-up disks perform the following:
Q. I have Windows 98 installed on C: with FAT32, how do I install NT?
A. Windows 2000 can read FAT32 with no problems and so installing Windows 2000 on a machine whose active partition (C:) is FAT32 requires no special steps.
Windows NT cannot read FAT32 and so special steps are necessary:
 Single File Version_files/fat32inst.gif)
It would also be possible to take a copy of the Windows 98 boot sector by using DiskProbe (from the resource kit) and saving the first sector of the partition to a file.
Some people have reported problems and an alternate approach is possible as defined by Paul Franzes
"I installed WINNT4 first with NTFS.then I rebooted with a Win98 bootfloppy. Created a partition using FDISK. Made the win98 partition active. Rebooted ,formatted & installed windows98 in the fat32 partition. ran the debug & copied the file to a floppy. Then went again to FDISK and made the NTFS partition active. Booted to winnt & copied the file to c:\ and edited the boot.ini accordingly."
You may find that putting the Win98 partition at the END of the disk works better, because of Windows NT's 2GB boot code boundary.
Q. How can I stop the 'Welcome to Windows NT' screen during setup?
A. Normally when a user logs on for the first time a splash screen is displayed welcoming the new users. This can be disabled in a number of ways.
Method 1
The above just stops the installation of the welcome.exe image and so stopping it from executing. An alternative is to create a registry script that runs during installation which disables the Welcome dialog.
Method 2
Q. I receive an error message "The System is not fully installed", what can I do?
A. This is normally caused by using SYSPREP with a 3rd party network client and is caused by a registry entry being incorrectly updated.
To correct you will need to install a second copy of NT onto the system and perform the following:
Q. How do I add a Network Install tab to Windows NT 4.0?
A. Windows 2000 provides built in ability to publish applications to users, groups of users and domains however some of this functionality is still possible with Windows NT 4.0.
It's possible to add a Network Install tab to the 4.0 based clients with a list of installable applications as follows:
The clients need to be configured to look at the updated apps.inf file on the server by a registry update:
Starting the Add/Remove Programs control panel applet will now show a new Network Install tab.
 Single File Version_files/networkinstall.gif)
Obviously editing the registry on every client will be time consuming and so if you implement system policies you can include this as part of the policy using the following .adm file:
CLASS MACHINE
CATEGORY "Network Install"
POLICY
"Location of the Network install information"
KEYNAME
SOFTWARE\Microsoft\Windows\CurrentVersion
PART "Locations"
EDITTEXT
VALUENAME "AppInstallPath"
DEFAULT
\\SERVER\INFSHARE\APPS.INF
END PART
PART
"Create Network Install ability" TEXT END PART
END
POLICY
END CATEGORY ;
Q. How can I disable the 'Configure Server Wizard' in Windows 2000?
A. When a user logs onto a 2000 machine for the first time the Configure Server Wizard may start however it is possible to disable this by deselecting the 'Show this screen at startup' box however you may want for this dialog to NEVER be shown.
To disable for an existing installation for any new users perform the following:
If you want to disable at installation time perform the following:
Any installations installed from this distribution point will not display the configure server wizard.
Q. How do I install the Remote Installation Service?
A. Windows 2000 introduces the Remote Installation Service which is a DHCP-based remote boot technology used to install an OS on a client’s local hard disk from a remote source (CD or Sysprep image on a server share). A network boot can be initiated by either the system BIOS, a specific function key, or by a special remote boot floppy provided for existing non manageable (ROM-less) client computers.
You must have a DNS, a DHCP and a directory services server on the network before installing. Also RIS does not currently support either the Distributed or Encrypted File Systems.
To install on a server perform the following:
Once the reboot has finished you need to complete the installation as follows:
 Single File Version_files/infotext.gif)
 Single File Version_files/risinstall.gif)
If the server is not already DHCP authorized you will need to authorize it (even if its not a DHCP server), see 'Q. How do I authorize a DHCP server in Windows 2000?'.
The server is now ready to provide a network based installation for Windows 2000 professional using a standard Microsoft provided template file. This can be changed however. If you right click on the server and select Properties within Active Directory Users and Computers MMC snap-in you will see a new tab 'Remote Install' which is used to manage the service.
Extra information:
The reason the RemoteInstall path cannot be the boot or
system partition is that not only will this volume get accessed heavily by
remote clients but the SIS (Single Instance Store) service runs on this
volume. If the volume is utilized is the system/boot volume, the SIS
service could not run.
SIS reduces the amount of disk space
required on these volumes by removing duplicate files and placing the data in a
common directory. The duplicate files are then truncated into Reparse
points that refer to the common directory for the file data.
Q. How do I move the distribution point for Remote Installation Services?
A. To move the distribution point for the Remote Installation Service perform the following actions. The destination must still be NTFS and NOT the boot or system partition.
If you get an error from the client such as 'file not found', change HKEY_LOCAL_MACHINE\System\CCS\Services\Tftpd\paramters\Directory to point to the new directory (<new drive>:\RemoteInstall)
Installation images stored in locations other than \\<server name>\<share name>\RemoteInstall\Setup\<language>\Images and referenced through junction points are not acted upon by the Single Instance Storage (SIS) groveler agent and may use extra disk space.
Q. How do I create a bootable Remote Installation Service client disk?
A. A special utility is used to create a boot disk to allow clients without PXE (Pre-boot eXecution Environment) to boot and install using the Remote Installation Service (providing they have a support NIC).
To create the boot disk perform the following:
 Single File Version_files/rbfg.gif)
You can now use this disk to boot a machine. To check which adapters it supports click the 'Adapter List' button in the RBFG utility.
Q. What operating systems can I clone?
A. Below is a brief summary of each operating systems ability to be cloned:
Windows 95
Windows 95 was not designed to support disk-image copying and is not supported although copying on systems with similar hardware should work.
Windows 98
Windows 98 duplication is supported if the Microsoft Windows 98 Image Preparation Tool is used to prepare the master disk image.
Windows NT Workstation and Server 4.0
Microsoft supports cloning as a method of distribution in the following scenarios but NOT domain controllers:
Windows 2000 Workstation and Server
As with 4.0 but with the 2000 version of SYSPREP.EXE
Q. How can I configure the Remote Installation Service options?
A. To configure a RIS server perform the following:
Client options are configured using the domain/site/OU policy object and is this example we look at the domain GPO
 Single File Version_files/risclientset.gif)
Once you have made the changes force a reload of the policy
C:\> secedit /refreshpolicy user_policy
Q. How can I install using the Remote Installation Service disk?
A. To install using the RIS disk perform the following:
Client Installation
Wizard
Type a valid user name, password and domain name. You may use
the
Internet-style logon format (for example: Username@Company.com).
User
name: [savillj ]
Password: [pass]
Domain name:
[savilltech.com]
Q. How do I create a new Remote Installation Service image?
A. Its possible to create new images based on existing installations which has the advantage of having applications already installed and configured. To configure the new image perform the following:
 Single File Version_files/riprepwelcome.gif)
 Single File Version_files/risimagecomment.gif)
If you examine the RIS server you now have an extra client image.
Q. How do I create a bootable Windows 2000 installation CD-ROM?
A. Its possible to create a bootable CD-ROM from the basic I386 structure. This is useful since Microsoft are release many builds of Windows 2000 and creating a bootable CD may be useful. This will also work with the finished version of 2000 (but the CDROM_IS.5B3 name will change).
You will require version 3.7D of CDRWIN from http://www.goldenhawk.com/ and will need to load the necessary ASPI drivers. The free download version is fully functional but will only write at 1 speed.
Before starting the CD creation create a directory and copy into it the I386 structure of 2000 and the CDROM_IS.5B3 file from the Beta 3 CD-ROM. As of Release Candidate 2 the name is CDROM_IS.5. You can check which CSROM_IS file its expecting by looking at file i386\layout.inf, for example:
[Version]
signature="$Windows
NT$"
ClassGUID={00000000-0000-0000-0000-000000000000}
[SourceDisksNames]
_x
= %srvcd%,\cdrom_is.5b3,,""
_1 =
%srvcd%,\cdrom_is.5b3,,""
_2 =
%srvcd%,\cdrom_is.5b3,,""
_3 = %srvcd%,\cdrom_is.5b3,,""
_4 =
%srvcd%,\cdrom_is.5b3,,""
etc...
Now you have a directory on disk with the I386 structure and the CDROM_IS.5B3 file. I've created a copy of this file and the boot sector of the CD-ROM in file BOOTCD.ZIP which will allow you to skip steps 1 to 5 below.
 Single File Version_files/cdrwin.gif)
 Single File Version_files/extractcdbr.gif)
 Single File Version_files/cdrwrite.gif)
 Single File Version_files/ntboot1.gif)
 Single File Version_files/ntboot3.gif)
Once CD completion is complete you will have a file where you specified the ISO9660 Image File of around 400MB which may be deleted (its just the ISO image that was copied to the CD).
You will now be able to boot with the CD (providing the motherboard and bios support CD-ROM booting). I tested the above on build 2072 of Windows 2000.
Thanks to Joseph R. Worrall who come up with most of the above originally for Beta 2 and I've just updated it for build 2114 and the final version.
Q. Where is Setup Manager in Windows 2000?
A. Windows 2000's includes Setup Manager which can be used to create distribution scripts for various types of installation including:
The tool is shipped with the Resource Kit and is contained in the deploy.cab as setupmgr.exe and can be extracted using a utility such as WINZIP. It is self contained and does not require installation, you can just run the image which will then start a wizard which allows you to specify the information you require.
 Single File Version_files/setupmgr.gif)
Q. What is the Microsoft Installer Package format?
A. Windows 2000 introduces the concept of publishing applications using the Active Directory however to support this new ability the application has to be supplied with a new type of installation file, a .MSI file which is of the Microsoft Windows Installer Server package format..
These MSI files include information about registry entries, core files etc and a summary of the application details such as name, publisher. This knowledge of the registry entry and file usage means if when the application starts and it detects that a registry entry is missing or a core file gone it can automatically re-download information from the distribution server and fix itself.Once you have your .msi package you can publish via the Group Policy editor to domains, Organizational Units and Sites. Its also easy to upgrade and retire packages all via the .msi. Current applications that support Microsoft installer packages are Microsoft Office 2000 and the Windows 2000 Resource Kit (among others).
In future service packs will be shipped with MSI files allowing you to deploy them via group policies with very little effort.
This is best paired with the Remote Installation Service allowing RIS to install the operating system and group policies to install the applications and settings. Of course, you may still want to use SMS for some features; Windows 2000 has been designed to work with SMS 2.0 and not against.
Q. How do I create a MSI file from a legacy application?
A. The problem at the moment is that not many applications ship with MSI files and so deploying legacy applications via group policies is not possible. Windows 2000 ships with WinINSTALL LE which can be used in the same way as SYSDIFF. You take a snapshot of you system, install the application, take an after snapshot and a discover program runs extracting the different files and registry entries that have been made.
Its important to run WinINSTALL LE on a clean system, by this I mean don’t run it on an installation that has applications installed on as when you install an application it may check if certain runtime’s etc are installed and if so not bother to recopy over, this would mean your distribution package would be missing vital files if applications were already installed.
To install WinINSTALL LE perform the following, however its recommended NOT to install the application on the PC that's going to act as the package creation computer incase the program itself effects the installation of the applications:
A folder will be created under the Start menus Program folder 'Seagate Software'.
The first stage is to take a snapshot of the blank Windows 2000 Professional installation so any changes made by the application installation will be detected.
 Single File Version_files/winstall1.gif)
 Single File Version_files/winstall2.gif)
Once you have installed the application and made and configuration changes you need to create the "after" snapshot:
 Single File Version_files/winstall3.gif)
Before running any other package creations remove the application you installed or better yet, reinstall the machine (RIS is useful for this).
Its possible to fine-tune your created package using the 'Seagate Software Console' MMC snap-in. Select Open from the File menu and you can then change and view the files and registry components that will change be changed if installed. Select Save after any changes.
 Single File Version_files/winstall4.gif)
The Seagate console that allows you to edit the MSI files.
Once you have finished you must not only place the .MSI file to the distribution server but all files and subdirectories in the directory chosen for the MSI file.
Q. How can I publish an MSI file?
A. With Group Policies in Windows 2000 you can do far more than just restrict and set certain registry entries. You can set startup/shutdown/login/logoff scripts, redirect folders like My Documents and publish applications (and more). Its the last item that interests us and there are four main options:
When you assign an application to a user its icons are setup and the software installed on first usage, if you assign to a computer it will be installed the next time the computer starts up. If you publish an application the user has the option of installing the application via the Add/Remove Programs control panel applet.
Any deployed application cannot be uninstalled by the user. Published applications can be uninstalled as they are optional.
You can publish/assign applications to any group policy object which means you can assign applications on a per domain, per site or per Organizational Unit basis.
To assign an application to a GPO perform the following:
A. The basic idea behind Windows NT licensing is that you purchase NT Server and license which allows you to install the software on one machine, however you cannot use the software unless you have a client license. A client license is just a piece of paper, no codes, no passwords, just a piece of paper saying you can use one more client. A client license is around US$40, which means you have to buy the NT server software (around US$650) and then US$40 times the number of clients to the machine, plus the cost of the client software and licenses!
There are two methods of licensing, per seat and per server. Per seat licensing is where each network user has a license, and allows the user to access as many/all of the servers in the enterprise. This is the most popular and cost effective method if you have two or more NT servers.
The second method, per server, also known as concurrent licensing is where licenses are purchased and "installed" on the server. For example, if you purchased 50 client licenses and installed them on the server, up-to 50 connections at a time would be allowed. If you then purchased another server, you would need to buy another 50 client licenses for connections to that server.
From the above you can see that if you have more than 2 NT Servers you will want per seat, with the exception of a machine such as an Internet service server, which would have different people connecting to the site all the time, so you would need x client licenses, where x is the maximum number of people you expect to connect at any one time.
It is possible to perform a once only conversion of per server licenses to per seat licenses.
Q. How can I view what licenses I have installed/used?
A. NT Server has a utility called License Manager that enables you to inspect the licenses and their use:
Q. How do I install extra licenses?
A. This method is only for Per Server
For Per Seat
Q. How do I convert from Per Server to Per Seat?
A. This is legally a one way conversion process:
Q. How can I reset the License Information?
A. More information can be found in Knowledge Base article Q153140:
Q. How can I run the License Manager software on a NT Workstation?
A. The NT Workstation server tools do not include this software, however since Server and Workstation share much of the same code then you can just copy the following files from the %systemroot%/system32 directory on the server to the %systemroot%/system32 directory on the workstation
Q. How do I communicate with a Windows 95 client?
A. Enable the winpopup utility on all Windows 95 machines. The best way is to place winpopup in the Startup group under Program Files.
Other options include using Microsoft's System Management Server product and Hewlett Packards Desktop Administrator (DTA) (http://www.openview.hp.com/dta/).
Q. How can I administer my domain from a Windows95 client?
A. Install the server tools that are part of the Windows NT installation CD. Right click on the file <CD ROM>:\clients\srvtools\win95\srvtools.inf.
Other options are the Hyena product, http://www.adkins-resource.com/index.html, which I have not used but have been advised is very good.
Q. How do I force a 95 machine to logon to a domain?
A. Using the Policy editor, create a new profile, or edit your existing profile
Q. How do I enable Windows 9x machines to use Group policies?
A. Copy the file grouppol.dll from the windows9x installation CD to the system folder of each Windows 9x machine, e.g. c:\windows\system. You also need to apply the changes as supplied in the grouppol.reg file (in the same directory as grouppol.dll). This needs to be run by entering
C:\> regedit grouppol.reg
This adds the following entries (if you have problems check they exist)
- Registry key: HKEY_LOCAL_MACHINE\Network\Logon
Value name (STRING):
PolicyHandler
Value data: GROUPPOL.DLL, ProcessPolicies
- Registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
MSNP32\NetworkProvider
Value name (STRING): GroupFcn
Value data:
GROUPPOL.DLL, NTGetUserGroups
- Registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
NWNP32\NetworkProvider
Value name (STRING): GroupFcn
Value data:
GROUPPOL.DLL, NWGetUserGroups
This could be automated by adding the copy and the registry update to a logon script. A grouppol.inf is also supplied which enables you to install copletely by right clicking on it and selecting install.
All of the above is performed if you install the Windows 9x system policy editor on a machine.
Q. How do I enable Load Balancing on a Windows 95 machine?
A. Follow procedures below:
This will enable a Windows 95 machine to look for the script from the logon server.
Q. How can I stop a Windows 95 machine acting as a browse master or backup browser?
A. To stop a Windows 95 machine acting as a browse master perform the following:
Q. Some of the Windows 95/98 clients do not show up in Network Neighborhood.
A. This is usually caused by the machines not having "File and Print Sharing" installed
A. In the old Windows for Workgroups days the admincfg.exe utility was used to disable password caching and a similar functionality exists in Windows 95 and Windows 98.
Upon reboot clients will no longer have to enter a local password, just the domain.
When clients use the Password control panel applet the "Change Windows Password" button under "Windows password" will be grayed out and only "Other passwords can be set". Clients would then select "Microsoft Networking" as per normal
Q. How do I enable profiles on a Windows 9x machine?
A. By default all users of a Windows 9x machine share the same profile, however machines can be configured so that each logon name can have individual settings such as background, colours etc. To enable multiple profiles perform the following:
Once restarted when you logon for the first time as a user on the machine you will be given the option to retain options. Click Yes.
The profiles are stored in the C:\windows\profiles\<username> directory (or wherever windows is installed).
If you wanted to automate this process you could create a system policy using the Windows 9x policy editor
Q. How do I enable roaming profiles for Windows 9x machines?
A. Once you have enabled individual profiles on the Windows 9x machines a copy of the profile is automatically stored in the users home directory (which is normally on a network server) and will consist of a number of files and a user.dat which is the Windows 9x equivalent of ntuser.dat.
Therefore to enable roaming profiles for Windows 9x machines nothing needs doing except the following:
Q. Can Windows NT and Windows 9x share a roaming profile?
A. No. The main problem is that Windows 9x clients store the profile in the root of their home directory whereas Windows NT clients store the profile in the "profile path" location. Even if you made these the same it would still not work as there are differences in the registry structure and Windows NT stores the user portion of the registry in the file NTUSER.DAT, Windows 9x stores in USER.DAT.
Sorry!
Q. How do I install the Windows 9x Policy Editor?
A. To install the Windows 9x Policy Editor on a Windows 9x machine perform the following:
The System Policy Editor will now be available under Start - Programs - Accessories - System Tools - System Policy Editor.
To install the Windows 9x policy editor under an NT machine just copy the Netadmin\Poledit directory to a folder on the Windows NT machine, e.g. 98poledt and create a shortcut on your desktop or Start menu to poledit.exe. When you first run it, it will load the NT .adm files. Remove these using Options - Policy Template and then re-add those located in the 98poledt folder (normally common.adm and windows.adm). Be aware - Profiles created under NT, even with the Windows 9x version of the policy editor will not be read correctly from a Windows 9x machine so the config.pol file needed for Windows 9x machines should be created under a Windows 9x machine and then copied to the netlogon share of the domain controller.
Installing under NT is only useful for experimenting and it will not be able to load profiles created by a Windows 9x machine.
Q. How can I stop Windows 9x profiles being copied to the home directory?
A. By default if individual profiles are configured on a Windows 9x machine the profile is also copied to the users home directory (usually a network share) which means the user has the same desktop settings on any 9x machine. If you don't want this behaviour but still want individual settings perform the following on each machine:
Once the reboot is complete the users profile will no longer be copied to the network share.
Q. How do I implement local system policies on Windows 9x?
A. System policies are normally located at domain controllers however local system policies can be implemented as follows. First you will need the Windows 9x poledit.exe tool which is located in the
You should use the Add/Remove Programs tool in Control Panel to install System Policy Editor.
Once you have the utility you should proceed as follows:
It would be pertinent to remove Poledit after you've set the policy to avoid users changing it. You can even run poledit directly from the CD normally.
Q. I have lost my Windows 98 installation key, how can I find it?
A. The installation key is stored in the Windows 98 registry and can be checked as follows:
You can also get the key by opening the system properties dialog (Win-Break, Alt + Open My Computer). It appears under the "Registered To" details.
Q. How do I install the Windows 9x directory services client?
A. Windows 2000 ships with a Windows 9x directory services client which allows 95 and 98 to used some of the more advanced features of the Active Directory. To install perform the following:
You could install the client from a network share by copying the Dsclient.exe to a share on a server.
With the DS client installed you can perform full searches on the Active Directory, for example selecting Start - Find - Printers you can enter your location and it will find printers near you!
Q. A user has forgotten the local Windows 9x password, how can it be reset?
A. Unlike in a Windows domain, the local Windows 9x passwords are each stored in their own .pwl file in the base Windows directory (C:\windows).
To reset a password just delete the relevant .pwl file, e.g. johnsavi.pwl for John Savill.
Q. How do I enable remote registry editing for Windows 9x clients?
A. Though Windows NT Workstation has remote registry editing installed already, Windows 95 and Windows 98 do not. The installation process is similar on both operating systems, though the source of the necessary drivers differs with each version.
It is necessary to install a network service to enable remote registry editing. This service, REGSERV, is found in the following location:
Q. How do I install SQL Server 6.5?
A. SQL Server 6.5 can be installed on NT Server 3.51 or NT Workstation 3.51 or above however if you install on a Workstation you will be limited to the number of concurrent connections and should only really use as a development box.
Before installing the software you should create a SQL Executive account that will be used to run the various SQL services
 Single File Version_files/sqlexecact.gif)
- Example of the SQL Executive Account
Once the account has been created you can start the actual SQL 6.5 installation
You now have an SQL Server, now how do you use it? :-)
Q. How do I register a SQL Server with SQL Enterprise Manager?
A. Before you can control a SQL Server with the Enterprise Manager you first need to register it. If you are running for the first time perform the following:
 Single File Version_files/sqlreg.gif)
- Registering an SQL Server
The SQL Server will now be visible from the main control window.
If you have used SQL Enterprise Manager before and want to add a new server just right click on SQL 6.5 in Enterprise Manager and select "Register Server" from the context menu.
Q. How can stop and start the SQL services?
A. SQL has three services
The MSSQLServer service controls if the SQL Server is running and allows logons/transactions. The SQLExecutive service is used for alerts, scheduling and other management tasks.
MSDTC is the Distributed Transaction Coordinator and is used for consistency between server transactions and is beyond the scope of the FAQ.
These services can both be stopped/started from the Services control panel applet and you can also configure them to automatically start at bootup time by selecting one of them, clicking Startup and set to Automatic. Repeat for the other service.
To stop/start from the command line use
C:\> net stop MSSQLServer
C:\> net stop
SQLExecutive
C:\> net start MSSQLServer
C:\> net start
SQLExecutive
SQL actually comes with its own service manager (Start - Programs - Microsoft SQL Server 6.5 - SQL Service Manager) which enables you to start/start/pause (pause is not available for SQLExecutive) services on various SQL machines. It also shows the current state of the services in a traffic light, ahhhh :-)
 Single File Version_files/sqlservice.gif)
Q. How do I modify the sa password for SQL?
A. The sa account is the standard admin account for SQL and has full privileges. To change the password perform the following:
You may wish to enable Windows NT integration which means any member of the Administrator's group will be logged in as sa automatically:
Q. How do I visually edit/view data in a SQL database?
A. SQL 6.5 and earlier versions do not come with tools to directly view/edit the data in the SQL database visually. SQL 7.0 will include such a tool however in the meantime there are a number of options available.
Visual Interdev allows you to access the SQL data in a table form however I will describe a procedure using Access 97.
The first item is to create an ODBC link to the SQL database (unless it is the local server)
Now you have the connection you need to configure Access to use it
Q. I am getting a message 'dbprocess dead or not enabled' running my query.
A. Other messages:
I am getting a message 'dbprocess dead' or 'language exec' from SQL
Server.
I am seeing an 'Exception Access Violation' message in the SQL
errorlog.
I am getting *.DMP files in the <sql>\log
directory.
I am getting "symptom dump" messages.
Basically SQL is probably internally gpf'ing/AV'ing (same thing) - you should
see messages to this effect in the SQL errorlog. There are only three reasons
for this in order of ascending probability :-
1. A database corruption -
you can check for this with the dbcc checkdb, newalloc and checkcatalog
commands.
2. A hardware problem - usually duff memory.
3. A bug in
the SQL Server code (this is the most likely cause - database corruptions rarely
cause gpf's, and hardware errors normally show up in other ways). This is the
Microsoft C code that makes up SQLSERVR.EXE and dll's, NOT your TSQL code. If
you have SQL code that causes an AV it is Microsoft's bug, not yours. There is
nothing anyone outside of MS support can do to help you.
Assuming it's
not a database corruption, then follow the following diagnostic process
:-
1. Check the Microsoft Kb on Technet (if you don't have Technet then
order it now!). Also check the on-line website at www.microsoft.com/support
which is more up to date than Technet. Search on kbbug AND AV AND SQL to find
all documented AV bugs - note AV's are a generic symptom of lots of bugs. Many
articles contain workarounds but it is usually difficult to match up the stack
traces to see if it is relevant to your situation.
2. Are you on the
latest version of SQL Server and the latest service pack? MS fix a lot of AV
errors in every service pack, so it is definitely worth getting current. If
you're not on the latest service pack then that is the first thing MS are going
to ask you to do if you contact them anyway. If you can't apply it to the
production system immediately then apply the latest SP on a test system and see
if it fixes the problem.
3. Check the SQL errorlog and save away all the
messages - especially anything telling you what SQL was being executed at the
time.
4. Check the \<sql>\LOG directory for SQLxxxx.DMP files that
may have been created. These contain information on what SQL Server was doing at
the time, module stack traces etc. Save these away for MS support as necessary.
(Though there is a PRINTDMP.EXE utility supplied the output of this is still of
no use to anyone unless they have the SQLServer C source code)
5. Can you
re-create the problem at will? If the SQL being run is not shown in the
errorlog, then find out what the user/developer was doing at the time. Use SQL
Trace to capture the actual SQL code being run if you can. If you can't recreate
it, it's still worth reporting as long as you have the errorlog(s) and dump
file(s).
6. If you can re-create the problem, then see if you can create
a reproduction script to show the problem. This needs to be capable of running
on a brand-new install of SQL Server on a new database. Therefore it needs to
contain all tables, user defined data types, triggers, views etc. needed to show
the problem. If it needs data then try and keep this to a minimum. (If the
script/data is reasonably short then post to one of the
newsgroups and
one of MVP's can report it to MS for you).
7. Can you work around the
problem by re-writing the SQL? Even with a reproduction script MS are unlikely
to turn a fix around quickly - unless you are a multi-million dollar customer.
And even then you wouldn't just be applying one small fix, it would be a latest
build with lots of other fixes too - it won't have been regression tested, so it
could cause more damage than it fixed anyway.
8. If SQL terminates from
the Access Violation and there is no dump file produced then a possible cause of
the problem is the use of SQL Trace. There is a bug in this (fixed in 6.5 SP5
and above) that can terminate the SQL Server being monitored. Another cause of
this is heavy deadlocking - also fixed in SP5a.
9. Report the problem to
MS PSS. PLEASE do this even if you can workaround it. Unless MS get these bug
reports then they can't fix them. (With a repro script an MVP will do it for
you). Your call fee WILL be re-imbursed as all calls about bugs are free.
(However, on the "normal" support-line the person answering the phone can't know
it's a bug, so they'll need your credit card details anyway). For PSS contacts
see http://support.microsoft.com/support/supportnet/default.asp
MS will
need you to supply :-
SQL Errorlog(s)
NT event log(s) - if any NT
errors were occuring at the time
TSQL code running at the time
Details of
hardware, version of NT, servicepacks etc. WINMSDP output is good for
this.
With SQL 7 there is a new utility that will garner most of this
information for you automatically. It is called sqldiag -
sqldiag
-U<login> -P<password> -O<output filename>
Q. How can I add/amend/delete columns?
A. Under SQL 7.0 all the above are easily done with standard ANSI
"ALTER TABLE" ddl commands. Or they can be done via the gui or supplied
stored-procedures.
With SQL 6.5 and below it is only possible to ADD a
nullable column - or an IDENTITY column which seems to work even if it's not
NULLable. For *any* other change a new table must be created, the data copied
across, and the tables renamed around.
Certain 3rd party tools provide a
gui interface to do this, that makes it look transparent, however they are
really doing all the work described above, so if you make the change to a large
table it will take a long time to do the work.
Examples of tools are
:-
Microsoft's Visual Database Tools (part of Visual Interdev Enterprise
Edition)
SQL Programmer from www.sfi-software.com
XCase -
www.xcase.com
Desktop DBA - www.platinum.com
Speed
Ferret
Note that there have been reports of MS VDT losing data if you
amend columns on a table and SQL does not have enough free-space to complete the
task.
Q. I am getting a blue screen / completely hung machine / server restart on my SQL Server/client.
A. All the above can ONLY be caused by a hardware problem or with part
of NT running in Kernel Mode. e.g. bits of NT, scsi drivers, network drivers,
video drivers etc.
99.999% of the SQL Server code runs in user mode, just
like any normal program. Therefore it is no more capable of causing a
blue-screen than something like "Word" is. It can only "cause" the problem in as
much as it stresses the hardware/memory/pci bus/disk subsystem and is exposing a
bug in an NT driver. e.g. Drivers must typically lock all their memory so that
it doesn't get swapped to the pagefile - SQL Server may "cause" un-locked driver
pages to be swapped out due to it's memory needs. When the driver then goes to
access the page - boom, blue screen!
The 0.001% of the code that does run
in kernel mode is the SQLPERxx.DLL module (xx = 60 or 70) - due to the way that
NT performance monitor works, this code works under the winlogon process rather
than sqlserver.exe, and is in kernel mode. To see if this is an issue, rename
the sqlperxx.dll and restart SQL. It won't find the dll and therefore won't load
it - SQL performance counters will be disabled.
If you are getting one of
these problems then it needs to be investigated like any other NT blue-screen
problem. i.e. check the driver/program in control at the time, use dumpexam to
look at the dump, apply a newer servicepack, upgrade all system drivers, contact
MS PSS for WINNT support.
You may also wish to download and run SQLHDTST
(for 6.5) or SQL70IOSTRESS (for 7.0). These stress the hardware in the same way
as SQL Server and could be used to show hardware/compatibility/driver
problems.
Q. Where are the cascade update/delete functions in SQL Server?
A. There aren't any I'm afraid. These were initially thought to be going into SQL 7 but won't be there now. They will be in a "future" SQL release.
You need to implement your own cascade functionality with triggers. See Q142480 (http://support.microsoft.com/support/kb/articles/q142/4/80.asp)in the MS Knolwdge Base for more information on this and the ways to work with foreign keys which cause problems due to the way that triggers work/fire.
Contributed by Neil Pike
Q. How can I issue a SQL command that uses a variable for the tablename, columns etc?
A. Look up the EXEC command information in the SQL built in help. Basically it is used to run a defined procedure.
A short example that selects a column from a table :-
USE pubs
go
DECLARE @str varchar(255)
DECLARE @columnname varchar(30)
SELECT @columnname='au_lname'
SELECT @str = 'SELECT ' + @columnname + ' FROM authors'
EXEC (@str)
-------------------------------
Another example from the books-online. This example shows how EXECUTE handles dynamically built strings with variables. This example creates a cursor (tables_cursor) to hold a list of all user-defined tables (type = 'U').
DECLARE tables_cursor CURSOR
FOR
SELECT name FROM sysobjects WHERE
type = 'U'
OPEN tables_cursor
DECLARE @tablename varchar(30)
FETCH NEXT FROM
tables_cursor INTO @tablename
WHILE (@@fetch_status -1)
BEGIN
/*
A
@@fetch_status of -2 means that the row has been deleted.
No need to test for
this as the result of this loop is to
drop all user-defined
tables.
*/
EXEC ("DROP TABLE " @tablename)
FETCH NEXT FROM
tables_cursor INTO @tablename
END
PRINT "All user-defined tables have been
dropped from the database."
DEALLOCATE tables_cursor
Contributed by Neil Pike
Q. Why does my transaction-log fill up when I use fast-bcp?
A. Fast BCP and select into do not log record updates. However they DO log extent allocations. They need to do this so that if the process is terminated unexpectedly (maybe the power goes out), SQL can recover the space.
Therefore with large bcp's/select into's - when a lot of extents need allocating - the log can still fill. In which case it needs to be made larger.
Q. Why can't I backup/restore my SQL Server database to the network?
A. The reason is that the MSSQLSERVER service is running under a
separate set of NT credentials. It doesn't matter who YOU are logged on as
(after all SQL runs quite happily when no-one is logged on to the console
doesn't it). Therefore your logon account and any mapped drives are irrelevant.
It is SQL Server doing the backup, not you. This is the same for backups done
via SQL Executive/SQL Agent - they just pass the TSQL to SQL Server to run, so
it's still MSSQLSERVER doing the backup/restore.
For this reason the
backup gui does not show you mapped drives or allow a UNC path to be typed in.
You have to use raw TSQL commands to do the backup.
The default set of NT
credentials used by MSSQLSERVER is the Localsystem account. You can check what
userid that MSSQLSERVER is running under by looking at control panel/services
highlighting MSSQLSERVER and choosing the start-up option.
The
Localsystem account has no access to shares on the network as it isn't an
authenticated network account.
So, if you want to backup to a
network share you have two choices :-
1. Change the account the
MSSQLSERVER service runs under to a user account with the relevant network
rights.
or
2. Amend the following registry value on the TARGET
server and add the sharename you want to dump to - the share does not then
authenticate who is coming in and so a Localsystem account will work. The server
service on the target server must be re-started before the change takes effect.
Note that this effectively removes security on that share, so you need to be
careful about what is in the
share.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\NullSessionShares
Whichever
method you use, you MUST also use a UNC name to reference the file required and
not a drive letter.
e.g. (6.5) DUMP DATABASE pubs to
DISK='\\server01\share\backupdir\backup.dmp'
(7.0) BACKUP DATABASE pubs to
DISK='\\server01\share\backupdir\backup.dmp'
Q. Can I do a SQL backup to a tape drive on another server?
A. No, not with built-in SQL tools. SQL will only dump to local tape devices. If you could find an NT driver that would make a remote tape drive look local then this would work as SQL just uses standard i/o calls. I don't know of such a driver at the moment.
You can always dump the SQL database to disk locally (or across the network with some provisos) and then back that up to tape.
Finally, you CAN do what you want with a 3rd party backup tool that has a SQL agent. Examples are BEI Ultrabac, Cheyenne Arcserve, Seagate BackupExec, Legato Networker and IBM ADSM - I'm sure there are others. These put SQL dumps (via a standard named-pipe interface) onto a standard dump tape, potentially as part of a complete server backup and not just SQL. Obviously if the named-pipe connection is made across the network then the dump will usually be a lot slower than doing it locally.
Contributed by Neil Pike
Q. I have a query that seems to lock other users out of the system.
A. This can happen especially when using tempdb. In situations like this the usual problem is with locks. Check with sp_lock or sp_lock2 what the offending query is doing.
One common occurrence that people fell foul of was introduced in SQL 6.5 when MS decided to let table creation be allowed in transactions by making it an ATOMIC transaction. A by product of this is that when a SELECT INTO is done it locks out system tables in the database concerned and prevents other users from accessing them. With a long-running select into this can cause real problems.
MS recognised this and as long as you have service pack 1 applied you can set traceflag -T5302 to remove this behaviour. Check out Q153441 (http://support.microsoft.com/support/kb/articles/q153/4/41.asp) for more info.
Contributed by Neil Pike
A. All service-packs come with problems, however in most cases they fix a lot more problems than they cause. 99% of bugs you may find in SP4 will be present in the gold release and all subsequent service packs - they are un-fixed/unknown bugs that are present in every release.
SP4, as SQL service packs go, is a very stable one. For a list of bugs fixed in SP4, download it and check the fixlist.txt file.
There are a couple of known problems with SP4 that don't occur with other service packs.
Contributed by Neil Pike
Q. How do I transfer data from another DBMS/format to SQL Server?
A. There are a variety of methods/tools :-
1. For MS-Access you
can try the free Access upsizing wizards available from MS's website - check out
the softlib area under www.microsoft.com/support. These will convert from
versions of Access to SQL 4.x, 6.x and 7.x.
Try
http://www.microsoft.com/accessdev/prodinfo/aut97dat.htm
and
http://support.microsoft.com/support/downloads/dp2864.asp?FR=0
for
more info.
2. If you can unload the data from the foreign dbms into
flat-file format - e.g. tab separated, comma-separated, fixed-format etc. then
you can use the SQL BCP.EXE tool. This is a command-line program and is fully
doc'd in the books-online. It is the fastest way of getting data into/out of SQL
Server, but it only works via flat-files. The unload and load processes have to
happen in series - meaning longer run times.
3. If you have an ODBC
driver for the other format then there are several 3rd party tools you can use
that offer transfer/migration functionality and are gui-based, but can also be
automated and run from the command-line. These tools can be used to copy to/from
ANY ODBC data sources - they don't have to be SQL Server at one end. Examples of
these sorts of tools are :-
www.datajunction.com (Data
Junction)
www.sqlmover.com (SQL Mover)
www.platinum.com
(InfoPump)
4. If you have SQL 7.0 then this comes with a tool called DTS
that works in a similar manner to the above. It works with any Odbc or OLE-DB
accessible data source. Again it doesn't have to be SQL 7.0 at one end. However
if you weren't using it to migrate to/from SQL 7.0 you would have to check
whether there were any licensing implications.
5. Specifically for the
AS/400 there are a couple of tools that have been around for some time -
offering real-time replication as well as transfer.
www.datamirror.com
(Data Mirror). DataMirror will bi-directionally replicate between AS/400, SQL
Server, Oracle, Sybase and DB/2.
www.execusoftsystems.com
(Symbiator)
For generic ODBC/OLE-DB access to the AS/400 also
see
www.hit.com/hitweb/daccess/dchome.htm
Whatever you use you
still need a driver to connect to the AS/400 that works - here is one that is
reported to work ok with SQL 6.5 and 7.0.
IBM's Client Access ODBC driver
v3.1.3 SP48155
6. Oracle has a Migration Workbench utility for free
download. Search
www.oracle.com for "Migration Workbench".
Q. Why can't I get at a network file when I run a program from xp_cmdshell?
A. The reason is that the MSSQLSERVER service is running under a separate set of NT credentials. It doesn't matter who YOU are logged on as (after all SQL runs quite happily when no-one is logged on to the console doesn't it). Therefore your logon account and any mapped drives are irrelevant. It is SQL Server running the program (e.g. bcp) not you.
The default set of NT credentials used by MSSQLSERVER is the Localsystem account. You can check what userid that MSSQLSERVER is running under by looking at control panel/services highlighting MSSQLSERVER and choosing the start-up option.
The Localsystem account has no access to shares on the network as it isn't an authenticated network account.
So, if you want a program running under xp_cmdshell to access a network resource you have two choices :-
1, Change the account the MSSQLSERVER service runs under to a user account with the relevant network rights.
or
2, Amend the following registry value on the TARGET server and add the sharename you want to access - the share does not then authenticate who is coming in and so a Localsystem account will work. The server service on the target server must be re-started before the change takes effect. Note that this effectively removes security on that share, so you need to be careful about what is in the share. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\NullSessionShares
Whichever method you use, you MUST use a UNC name to reference the resources
required and not a drive letter.
e.g. xp_cmdshell 'dir \\server01\share'
Contributed by Neil Pike
Q. Is MS SQL Server Y2K compliant?
A. That depends on what you mean by "compliant". If you mean the base SQL kernel functionality works as you would expect then yes, as long as you are using "proper" datetime formats then all versions of SQL Server perform correctly - if you are holding dates in char/numeric format, then it totally depends on how you are processing them, it is not an MS SQL Server issue.
SQL Server does date-windowing for two digit dates. If you specify only the last two digits of the year, values less than 50 are interpreted as 20yy, and values greater than or equal to 50 are interpreted as 19yy. For example, if you specify 3, the result is 2003. If you specify 82, the result is 1982. You must type the century when the day is omitted or when you need a century other than the default. (In SQL 7.0 you can modify the cut-off date for the windowing function).
However, if you mean the whole of the MS SQL Server product set including all the gui tools, then there are a few non-showstopper problems that have been found. These are all documented at www.microsoft.com/y2k along with MS's stance and technical info on Y2K issues for all their products. The SQL 6.5 Y2K fix titles are also copied at the bottom of this note.
These problems have been found, fixed and tested in SQL 6.5 and are in Service Pack 5 - which is downloadable from support.microsoft.com.
SQL 7.0 is Y2K compliant at release.
SQL 1.x, 4.x and 6.0 are NOT being tested or certified by MS. They are unlikely to have other problems than those found in the 6.5 product though, so if you can live with those (and most people can), then they should be ok. Vendor's certification should only be one part of Y2K testing anyway - the most important part is that YOU test your clients, servers, apps, databases, networks etc. in a real-world test.
Vendor's certification should only be one part of Y2K testing anyway - the most important part is that YOU test your clients, servers, apps, databases, networks etc. in your production environment.
------------------
SQL 6.5 Y2K bug numbers and titles
17458 Year 2000 Problem with Expiredate
17937 Y2000, ExpireDate is not set
correctly when year of 2000 used in DUMP DATABASE
17947 RETAINDAYS: expired
dump media can not be overwritten if current year is >=2000
17948 Dump db
with RETAINDAYS during Y2000-9, EXPIREDATE will be set to NULL
17997 Y2000:
dump device dumped with expiredate set to >=2000 can be override with
init
17661 Task Manager UI: one time task date\time spin box doesn't pick up
2/29/2000
18153 Web Assistant: Cannot use Year as 00 on Scheduling
18170
Invalid Y2K dates are accepted with no error by sp_addtask
18180 Invalid Y2K
dates are accepted with no error by sp_purgehistory and sp_ updatealert
Contributed by Neil Pike
Q. How can I change the owner of an object?
A. With SQL 7.0 there is a stored-procedure to do this, however under SQL 6.5 and earlier there is no supported method to do this.
It can be achieved by directly addressing and updating the system table concerned though.
(The last step is necessary as portions of system tables are kept in memory by SQL Server, and the only way to force these to update is to recycle SQL Server)
Contributed by Neil Pike
Q. I've just changed NT domain for my SQL Server/clients and am unable to connect.
A. This isn't a SQL issue, it's an NT one. If you are using a net-lib
that requires NT authentication - e.g. with 6.5 and below named-pipes or
multiprotocol - then you MUST be able to authenticate to the copy of NT running
SQL Server. With 7.0 all net-libs require NT authentication.
You can test
whether you can do this by doing a "NET VIEW \\servername" from a command prompt
on the client. If you get an access denied message, or get prompted for a
password, then you aren't being authenticated.
If this happens then you
need to setup a trust between the domains. Or, you could use a net-lib that does
not need authentication - e.g. tcp-ip sockets.
If you can't have a trust
(and really this IS the best method) then you can override the NT details by
doing a "net use \\<server>\ipc$ /user:<serverdomain>\<userid>
<password>" with an account that is in the domain. But this is a manual
process and prone to fail when the password changes.
Q. Are there any "easter eggs" in SQL Server?
A. Yes,
SQL 6.5 Enterprise Manager.
SQL 6.5 ISQL/W
Contributed by Neil Pike
Q. How do I encrypt fields in SQL Server?
A. Taking the fields first - there is no supported, documented way of
doing this, and because you can't write user-defined functions yet then your
choices are :-
1. Write your own extended-stored-procedure (XP) to do it.
However this can't be applied as a function, so it is messy - you need to call
the XP per column and then issue an update with the value it returns.
2.
Do it in the application, back at the VB, C etc. level. This is what most people
do and is the recommended method.
3. You can use the ODBC Encrypt
function, but I don't think you can decrypt it. e.g. insert into x values
({Encrypt N'Hello'}).
4. ** This option only here for completeness
**
There are undocumented pwdencrypt() and pwdcompare() functions - they are
for MS internal use and their function is likely to change/break in future -
people who ignored advice and used them in 6.x applications have found that the
passwords generated do not work in SQL 7.
As many people now know about these
functions they are mentioned here for completeness, but if you use these
functions you will not receive support from Microsoft and will be completely on
your own when you got problems with a new SP/version.
5. Wait and see if
SQL 7.5/8.0 implements UDF's.
6. Use a DBMS that does support UDF's
like DB/2, Oracle....
Note that any field you use a function on you won't
be able to index effectively as indices are ignored when a function is applied
to a key in a where clause.
============
On to whole objects. SQL
has a built-in function to encrypt stored-procedures - however the algorithms
for 6.5 and 7.0 have been broken and so de-cryption is now possible if you know
how. There is no encryption facility for tables/data.
Finally, the whole
database. There is no SQL wide encryption function that would prevent users from
hex-editing your devices and gleaning data from it. It is possible to use NT
file-system level encryption as SQL won't know it is there. However, you have to
put a password to "unlock" the file(s) somewhere if you want to automate the
process of starting SQL after NT re-boots. Windows 2000 comes with file level
encryption with the new EFS (encrypted file system) which can be used with SQL
Server.
You need to ask yourself if you need encryption - unless the
person(s) you are worried about have physical or NT network access to the SQL
devices then the only way to them is via a SQL logon which can be
secured.
If the reason you want to prevent access is that the raw
data/schema is being hosted by a 3rd party/customer and you want to protect your
intellectual property rights, then currently all you can do is :-
Make
all access to data via stored-procedures. Put all logic you want to hide in
these.
Give users access to these sp's, but NOT to any underlying
tables/views.
Then delete the syscomments entries for the sp's - this leaves
the compiled version in sysprocedures.
If you have to give someone sa
rights to maintain the database then they will still be able to get to the
schema/data, but at least they won't be able to see the stored-procedure code.
Q. What tools are available to produce entity relationship diagrams for SQL Server?
A. There are several on the market, including (in no particular order)
Also there are some tools built-in to MS products. Note that these just do diagrams, whereas the 3rd party tools above have a wide-range of project lifecycle, reverse engineering etc. abilities.
Contributed by Neil Pike
Q. Where is the SQL Server FAQ?
A. Contrary to appearance this message isn't strictly speaking a faq
entry - just something I have done to save some time answering common questions
on the newsgroups. There isn't one all encompassing FAQ like there is for some
non-MS newsgroups, but there are several places for good info :-
The
Microsoft "official" faq is at http://support.microsoft.com/support/sql/content/faq/default.asp.
Plenty more SQL articles, bug reports etc. can be found by searching the MS
Knowledgebase at www.microsoft.com/support. An off-line copy of the
knowledgebase as well as hundreds of articles, white-papers, resource-kits,
service packs etc. can be found on the Technet CD. If you don't subscribe to
Technet then do so NOW as it is the single most important source of knowledge
for support staff responsible for Microsoft technologies.
Collections of
un-official "faq" information can be found at :-
http://go.compuserve.com/sqlserver
(library 1 - sqlfaq.zip - anyone can download)
http://www.swynk.com/faq/sql/sqlserverfaq.asp
http://www.ntfaq.com/sql.html
Q. Which SQL net-lib is the fastest?
A. On normal LAN and fast WAN links you are unlikely to see a real-world difference in responses times between any of the net-libs - this is due to the fact that network response/number of packets is not significant in these environments compared to application/database/server responses.
However, on slow network connections - anything from 64Kbit/sec and below can be considered slow - then you will see a performance improvement if you use the tcp-ip sockets net-lib.
Contributed by Neil Pike
Q. I'm having trouble installing SQL Server.
A. Try the following check-list of things that could go wrong. Notes
apply to all versions/types of SQL Server unless otherwise specified.
1.
On an NT box make sure you have administrator level permissions on the machine
in question, as SQL needs to create registry entries, services
etc.
2. Make sure that the Server and Workstation services are
running. If the server service is not running you may see an error "Error 2114
occurred while attempting to perform operation 'NetServergetInfo'". Look in the
NT event log to ascertain the chain of events that has caused the services not
to start.
3. Make sure the machine is of the required spec to run the
version of SQL you are installing. I.e. if it is SQL EE then make sure you have
NT EE. For SQL 7 you need a 100% PENTIUM compatible chip or an Alpha - older
Cyrix/IBM chips that do not support the full pentium instruction set will not
work. More info in another faq entry.
4. If you have tried to install SQL
before then manually clean-up all the files/registry entries as follows
:-
Remove the <sql> directory and everything under it
Remove the
<sql> dir from the path (use control panel/system for this)
Remove the
SQL registry entries using regedt32/regedit. These are :-
(All
versions)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSSQLServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer
(6.0
and
above.)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSDTC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SQLExecutive
(7.0
and
above)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SQLServerAgent
HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft
SQL Server 7
HKEY_LOCAL_MACHINE\Software\Microsoft\MSSQLServ65
If you
have lost permission to any of the registry keys then log on as administrator
and take ownership of them starting at the highest relevant level. Use regedt32
and check the box to take ownership of all subkeys as well.
5. If SQL is
complaining about not enough space being there, then this could be due to a
known bug when there is between <n> times 4,295,917 KB and <n> times
4,367,417 KB. To get around this either create temporary files to use space up,
or start the SQL setup program as follows. Spacing is
important.
<sqldir>\i386\setup /t SpaceChecking = Off
6. SQL
Server is dependent on network functionality - even for the set-up routines.
Specifically it needs to use named-pipe/mailslot functionality (on NT machines -
see number 6 for Win9x). These usually require a network card to be present. If
you don't have a network card then go to control panel/networks, choose add
adapter and then add the Microsoft loopback adapter - which is just a dummy
driver, no hardware involved. This needs to have working network protocol(s)
bound to it. Let whichever protocols you have use default parameters, EXCEPT for
tcp-ip. If you are using this then do NOT specify dhcp assigned address, use
192.168.1.1 as the IP address and 255.255.255.0 as the subnet mask. This is a
standard RFC1918 non-routed IP address so shouldn't clash with any dial-up
address you may be given by an ISP. If you are using the IPX/SPX protocol,
accept the default frame type of 802.3.
If the server service does not
start after installing the loopback adapter and you get the message "The server
service terminated with the following error: Not enough server storage is
available to process this command" in the event log, then you need to re-install
your *NT* service pack to synchronise your NT networking files.
One
way of testing that the named-pipes functionality works is to run the makepipe
and readpipe utilities that come with SQL Server. Run makepipe in one command
window. Then run readpipe in another. If these work (i.e. the readpipe connects
to makepipe and closes it down) then it is a good indication that networking
functionality is ok.
7. If you're installing SQL 7 on Windows 9x then you
have to install Microsoft Client for Networks via the Network applet in Control
Panel (note, this isn't the "Microsoft Family" network that will get installed
by default). It must also be your primary network logon. Make sure this has a
working protocol on it as per number 5. Once SQL 7 is installed then it doesn't
need to be your Primary Network Logon, but it still needs to be
installed.
8. Because a named-pipe, used by the set-up routine, is
effectively a file as far as the operating system is concerned, real-time Virus
scanners can cause problems. Most of these have been fixed so they don't
interfere with SQL's named-pipes, but make sure you're running the latest
version of whichever virus package you use. But if in doubt, then disable the
virus software for the duration of the install.
9. Other software
packages/services can also interfere with SQL's install on NT systems -
typically they interfere with named-pipes/mailslot connectivity by intercepting
requests. Setup will terminate with an error like 'unable to write to
mailslot.....'. Shut-down any/all of these for the duration of the install.
Packages that are known to interfere with SQL's setup routines include
:-
IIS - Internet Information Server - the web parts, not FTP
PWS -
Personal Web Server
Exchange Server
SNA
Server
Oracle
DBWeb
Backup software e.g. Arcserve/Backup
Exec
Systems Management - e.g. UniCentre, Compaq Insight Manager
Microsoft
SMTP
Microsoft NNTP
Disk Keeper
Protected Storage (part of Internet
Explorer)
SNMP Service(s)
10. If the dial-up networking
icon/window appears and tries to make a network connection, then stop and
disable the "Remote Access Autodial Manager" service via control panel/services.
This is an NT issue rather than a SQL one, but disabling auto-dial is the
easiest way around it. (The autodial.txt faq entry has more info).
11. If
you are upgrading make sure that the default database for the "sa" login is
master.
12. If the error is to do with SQL Performance Monitor counters -
SQLCTRxx.DLL - then try removing the SNMP service and all 3rd party
network/server monitoring tools. e.g. HP NetServer Agents, Compaq Insight
Manager
13. If you are getting a gpf or registry error installing on NT
then this could be a known issue with SNMP caused when SNMP managers that come
with some server management tools (especially with HP servers) register a lot of
SNMP extensions. Specifically when
HKLM\System\CCS\Services\SNMP\Paramaters\ExtensionAgents got to around 1K or
more.
Either remove the SNMP service before installing SQL Server, or try
the following workaround.
- Stop snmp service
- Save the contents (all
the values) of the mentioned subkey (use regedt32
for these operations)
-
Delete all values except the one with the 'largest' name (the names
are
composed of digits)
- Install SQL Server
- Check the
'extensionagents' subkey. Setup will have added a value entry
for SQL Server,
save the value name and value somewhere so you can manually
add it again
later.
- Restore all 'extensionagents' values previously saved in step 2
-
Add the sqlserver entry in case it got nuked in the previous step
- Re-start
snmp
14. If the problem is to do with ODBC files not installing due to
them being "in use" - typically a SQL 7 problem - then check that nothing has
the ODBC files open. This could be other SQL utilities, Exchange, IIS, SNMP
Service, Compaq Insight Manager, Backup Exec and many other services. Download
NTHANDLE/X from www.sysinternals.com (free) if you can't figure out what has the
file(s) open - check view dll's, then go into the search function and look for
odbc*.dll. It could also be that the ODBC files on your hard-drive have been
marked as read-only. Check with ATTRIB.EXE or explorer to see if this is the
case.
15. If the error is "Critical Error, could not open the file named
D:\MSSQL\BINN\SQLCTRxx.DLL" then first try just retrying as the way performance
monitor works it could just have a temporary lock on the file. If that doesn't
work then use NTHANDLE/X as per number 13.
16. If it hangs on "Setup is
now installing the initial SQL Server configuration" screen, then it could be a
timing problem caused by a VERY fast hard disk subsystem. Check the instmsb.out
file in the <sql>\install directory and look for the following
messages.
98/01/28 12:28:31.43 spid11 Database 'msdb' cannot be opened -
it is currently being created. Wait and try query again.
98/01/28
12:28:31.43 spid11 Unable to proceed with the recovery of dbid <5> because
of previous errors. Continuing with the next database.
If this is the
error then copy the SQL Server installation files to the local hard disk drive.
Edit the Instmsdb.sql file. Add a WAITFOR DELAY '0:00:01' statement to the very
beginning of the script.
17. If the .OUT files indicate that ISQL cannot
connect to the SQL Server to run scripts then you can try the following (note
this isn't supported, and the author has only used it to fix servicepack
installs so far, but it *may* work for full installs as well). After making the
change run "setup /t Local = Yes"
Make a backup of the setup.inf first,
then find the following line
set !ServerName =
$(!ComputerName)
Now add the following 3 lines after it
ifstr(i)
$(!Local) == "Yes"
set !ServerName = "."
endif
18. If it still
can't connect to the server during install then this could be a timing problem
due to you choosing a non-default codepage/sort-order. Try installing using the
default settings. If this works then re-run the setup program after install and
re-build master to the settings you want.
19. For SQL 7 check the
cnfgsvr.out file in <sql>\install. If you get "An error occurred while
attempting to start the service (5)" then this error means that the service has
got an access denied. Check that the account you have asked SQL Server/SQL Agent
to start under has the "logon as a service" permission.
20. Make sure for
upgrades that SQL Server has a name. Run sp_helpserver and check what name srvid
of 0 has. If it is not there then run sp_addserver '<servername>',
'LOCAL'
21. If you're getting a 109 error starting SQL Executive then
this is a permissions problem with the NT account you've supplied not having
permissions to the relevant service or registry keys -
HKLM\SOFTWARE\MICROSOFT\MSSQLSERVER. The easiest thing to do is install both
MSSQLSERVER and SQLEXECUTIVE with the localsystem account and then go back and
change it later.
22. With SQL 7.0 if you get application errors after
"Setup is registering ActiveX components..." message then it is a problem with
SQL putting an older version of a DLL in on machines with Visual Studio
installed.
Search the hard drive for the ATL.DLL file, it will probably
be in C:\WINDOWS\SYSTEM. Rename it to ATL.OLD and run the install of SQL 7.0
again. Once the install is complete, go back and rename SQL's version of ATL.DLL
to ATL.SQL, and rename ATL.OLD back to ATL.DLL.
REASON:
Visual Studio
installed ATL.DLL as a 68 KB file, dated 6/17/98, version
3.00.8168, product
version 6.00.8168.
SQL Server 7.0 Desktop Edition installs a 21 KB file,
dated 1/24/97, version
2.00.7024, product version 5.00.000.
23. If
you're upgrading from MSDE to full SQL Server and the MSDE came from the Office
2000 developer edition then you may get an error "You cannot install a version
which is older (7.00.623) than the version on your machine (7.00.677).
Un-install the older version.". This is due to an incorrect version number being
put in the registry. To fix this problem and allow setup to work amend
"HKEY_LOCAL_MACHINE/Software/Microsoft/MSSQLServer/MSSQLServer/CurrentVersion"
to have a value of 7.00.623. For more details see Q234915
24. One or more
of the preceding 23 fixes should get the setup routine run through. If it still
isn't installing then check the *.OUT files in the <sql>\install directory
for clues as to what is going on. Look for the one with the newest
date/time.
25. If the setup seems to run ok, but then SQL won't start
then try the following.
From the <sql>\binn directory run the
following, making sure that the spacing and case is correct
setup /t
RegistryRebuild = On
The setup routine will now run and ask you all the
normal questions. Answer these as if you were performing the install again (same
paths etc.) and it will just update all the registry entries/icons etc. It will
leave the databases alone.
26. Once installed, if you have trouble
registering your SQL Server by name in SQL EM, then just register it with a name
of just a period. i.e. "." without the quotes. This again bypasses the network
layer and ensures that a local named-pipe is used.
Q. I am missing the whole of MSDB, or just some tables - how do I create them?
A. In the <sql>\INSTALL directory are the scripts that SQL runs itself to create the MSDB database and it's tables. If you need to re-create it, then make sure the devices are already there and then run :-
via ISQL/W or ISQL.
Contributed by Neil Pike
Q. Why do my device sizes appear as negative values in SQL EM?
A. You may also find that because of this error it will not let you make any changes.
This is caused by a known bug in Enterprise Manager when there is greater than 2Gb of free space on a disk. It was fixed in 6.5 SP3 and above. If you are running SQL EM from a client then you will need to apply SP3 to that as well.
Contributed by Neil Pike
Q. How do I do row-level locking on SQL Server?
A. Only SQL 7.0 has full built-in row-level locking.
SQL 6.5 has limited row-level locking that only occurs for inserts to the end of the last page of a table, if "sp_tableoption 'table_name', 'Insert row lock', true" is set. See the books-online for 6.5 for more information.
SQL 6.0 and previous have no row-level locking capabilities.
You can however effectively do row level locking with version 6.5 and earlier as long as each row takes up a whole page - thus locking 1 page is the same as 1 row. You can do this by padding a row with CHAR NOT NULL fields until the row length is forced to be greater than 1024 bytes. (Rows cannot span pages so this forces one row per page).
However, you should note that although the rows on this last data page are being row-level locked, any non-clustered index pages involved are not. These can be a source of contention and even deadlock - when two logically distinct transactions need to lock one or more index pages, and pessimistically in different orders.
Contributed by Neil Pike
Q. How many bytes can I fit on a page in SQL Server and why?
A. Rows can never cross page boundaries - page size in 6.5 and earlier
is 2K, in SQL 7.0 it is 8K.
For 6.5 and earlier :-
Each 2048 byte
page has a 32 byte header leaving 2016 bytes for data. You can have 2 rows of
1008 bytes or 10 rows of 201 bytes. The row size also includes a few bytes of
overhead in addition to the data itself; there is more overhead if there are
variable length columns.
One row cannot be 2016 bytes - this is because
when you insert/update/delete a row, the entire row must be written to the
transaction log in a log record. Log pages also have 2016 available bytes per
page, and need 50 bytes for transaction log specific information, so this gives
a maximum size for a single row of 1962 bytes.
For SQL 7.0 :-
Each
8192 byte page has a 32 byte header leaving 8060 bytes for
data.
For all versions :-
You CAN define a table with a
rowsize greater than this as long as it contains variable/NULL columns. However,
if you try at any point to insert/update a row that has data that actually
exceeds this limit then the operation will fail.
There are no workarounds
for this. You will have to split the table into multiple tables if you need more
data than a row can take.
For more details on page layouts see "Inside
SQL Server 6.5" by Ron Soukup or "Inside SQL Server 7.0" by Kalen Delaney. Both
highly recommended. Both by MS Press.
Q. I am getting a gpf/registry error installing SQL Server - what is happening?
A. This could well be a known issue with SNMP caused when SNMP managers that come with some server management tools (especially with HP servers) register a lot of SNMP extensions. Specifically when HKLM\System\CCS\Services\SNMP\Paramaters\ExtensionAgents got to around 1K or more.
Either remove the SNMP service before installing SQL Server, or try the following workaround.
Contributed by Neil Pike
Q. How do I change the sort-order or character set for a SQL Server database?
A. Basically you can't. You have to get these parameters correct when you install SQL. You will have to :-
Contributed by Neil Pike
Q. What SQL servicepack am I running?
A. Do a "select @@version" and check the build number against the
following table. Or look at the top of the latest SQL errorlog file. Or do a
file properties on the sqlservr.exe file. All should return the same
value.
If it isn't listed here, then it is a "hot-fix" build that MS PSS
has given you to fix a specific problem. Hot-fix releases are NOT regression
tested, so they should only be applied to production systems to fix a known
problem and under the advice of MS PSS.
Service Packs can be downloaded
via http://support.microsoft.com or
ftp.microsoft.com/bussys/sql.
Hot-fixes (password protected) are on
ftp.microsoft.com/bussys/sql/transfer
Note that you can't apply 6.5 SP4
to either SBS or EE versions of SQL Server. SP5 and above are compliant with all
these releases - i.e. can be applied to any model of SQL Server (Workstation,
Server, EE, SBS etc.)
7.00.517 SQL Server 7.0 Beta 3
7.00.583 SQL
Server 7.0 RC1
7.00.623 SQL Server 7.0 "gold" release
7.00.689 SQL Server
7.0 SP1 Beta
7.00.699 SQL Server 7.0 SP1
7.0.1073 SQL 7 Olap "gold"
release
7.0.1245 SQL 7 Olap SP1
6.50.201 SQL Server 6.5 "gold"
release.
6.50.213 SQL Server 6.5 with Service Pack 1
6.50.240 SQL Server
6.5 with Service Pack 2
6.50.252 SQL Server 6.5 with "bad" Service Pack 3 -
SP3 was pulled and re-issued. Do not use this version.
6.50.258 SQL Server
6.5 with Service Pack 3
6.50.259 SQL Server 6.5 on SBS only
6.50.281 SQL
Server 6.5 with Service Pack 4
6.50.297 SQL Server 6.5 included in Site
Server 3
6.50.339 SQL Server 6.5 "Y2K" Hot-fix
6.50.415 SQL Server 6.5
with Service Pack 5 - SP5 was re-issued as SP5a. Do not use this
version.
6.50.416 SQL Server 6.5 with Service Pack 5a
6.00.121 SQL
Server 6.0 "gold" release.
6.00.124 SQL Server 6.0 with Service Pack
1
6.00.139 SQL Server 6.0 with Service Pack 2
6.00.151 SQL Server 6.0 with
Service Pack 3
Q. My SQL Server database has been marked "suspect" - what can I do?
A. In addition to these ideas, also check out www.microsoft.com/support for the MS Knowledgebase. Specifically Q165918.
Firstly look in sql\LOG and look at all recent errorlog(s). There WILL be an indication here as to why the database has been marked suspect. You need to fix whatever the problem is first (i.e. missing file, permissions problem, hardware error etc.)
Then, when the problem has been fixed and you're either sure that the data is going to be ok, or you have no backup anyway, so you've nothing to lose, then change the database status to normal and restart SQL Server. To change the database status, and to get more information on recovery, look up the sp_resetstatus sp in the Books Online.
If you don't have access to sp_resetstatus information, then the short version of this is :-
UPDATE master..sysdatabases SET status=status ^ 256 WHERE name=dbname
If the database still goes back into suspect mode, and you can't fix the original problem, and you have no recent backup, then you can get information out of the database by putting it into emergency mode. If you do this, extract the data/objects out with bcp/transfer manager and then rebuild the database. Note that the data may be corrupt or transactionally inconsistent.
Issue the following command to put the database into emergency mode (you'll need to allow updates first)
For SQL 6.5 and below
UPDATE master..sysdatabases SET status=-32768 WHERE name='dbname'
For SQL 7.0
UPDATE master..sysdatabases SET status=32768 WHERE name='dbname'
Q. How do I remove the tempdb database from master?
A. Do the following.
Contributed by Neil Pike
Q. What are the changes/differences between vX and vY of SQL Server?
A. Changes in functionality are typically documented in incremental steps from the previous release. The following sources are available :-
There is currently no Kb article for SQL 6.5 to SQL 7.0, so just look in the Books Online.
There are also occasionally changes introduced in service packs. These changes are documented in the readme.txt for the servicepack, which is cumulative. So SP4's readme contains all changes from SP1, 2 and 3 as well.
Contributed by Neil Pike
Q. How can I speed up SQL Server applications running over slow links?
A. First we need to define what a "slow" link is. Typically this is anything from 64Kbit/sec and down. On links of this speed the size of a resultset and the number of network packets that are exchanged can make a significant difference to overall response times.
First, either do a network trace, or use SQL Trace to see what exactly is being transferred during a typical client session. Then try the following :-
Q. How can I fix a corruption in a system table?
A. If the problem can be fixed with an index re-create, then there is a system stored-procedure to do this.
sp_fixindex
<db_name>,<system_table_name>,<index-id>
e.g.
sp_fixindex pubs,sysindexes,2
You can also issue the relevant dbcc command directly if sp_fixindex refuses to attempt the fix - e.g. for a non-clustered index on sysobjects
DBCC DBREPAIR(dbid, REPAIRINDEX, sysobjects, 2)
It is not possible to rebuild the clustered index on sysindexes or sysobjects.
If the above do not work, then the only choice is to create a new database and then use the transfer tools in SQL EM to copy the good data and objects across.
Q. Why can't I connect Enterprise Manager to my local copy of SQL Server?
A. This is down to the way that SQL interfaces with the NT networking code. The easiest way around this is to register the local server with a name of "." or "(local)" - ignore the double quotes in either case. Both of these names should force SQL to use a local-named pipe to connect which should work no matter what the default SQL connection parameters are set to.
Q. What is the limit on the number of tables in a query in SQL Server?
A. With SQL 6.5 and earlier the limit is 16 - regardless of which "version" of SQL you are running - e.g. EE. With SQL 7.0 the limit is 256. These figures are hard-coded into the SQL kernel and are arbitrarily chosen by the MS developers - but with good reason. The more tables there are, the longer it takes to optimise a query properly. There has to be a trade-off between the speed of running a query and the speed of optimising it.
It *is* possible to up the limit of 16 in SQL 6.5 by setting traceflag -T105. This is an undocumented and unsupported trace flag, so MS may not support you with any problems on a system that is running this. However, it was allegedly put into the product to allow some of the more complex Peoplesoft queries to run, and so it must have had some testing/QA done on it.
Normally, if a query needs more than 16 tables then you have a very bad query and/or database design. The best practice would be to break the query down into smaller parts and use temporary tables to hold interim resultsets. This will also make the query more understandable and may even speed it up as the optimiser has more of a chance to choose correct access plans and indices.
A. If you find objects are being dropped from the source this is a known bug that is caused when the server you are connecting to has a period in the name. Typically this is because you are referring to it by tcp-ip address.
What happens is that SQL sees the period and does a local named-pipe connect - which it should do if the name consists of just a period, but not when it contains a period - this means that SQL connects to the local machine as the target. As most people have checked the "drop objects first" box it then proceeds to drop all the objects concerned from what it thinks is the target machine - which is unfortunately the local (source) machine.
To prevent this problem do not refer to your SQL Server's by IP address. Either :-
Q. What registry entries does SQL Server use?
A. SQL Server uses the following registry keys. (If you delete all these then the SQL setup routine shouldn't spot the old version)
All versions
6.0 and above.
7.0 and above
Q. How can I view the SQL Server log?
A. Most of the information in the SQL log (syslogs) is not accessible via standard SQL commands. The ways of accessing this information are :-
1, You can get transaction id and operation type only (no data) through a select * from syslogs. Or use the following code (courtesy of Tibor Karaszi) to make it a bit more readable.
SELECT
xactid AS TRAN_ID,
CASE op
WHEN 0 THEN 'BEGINXACT Start
Transaction'
WHEN 1 THEN 'Not Used'
WHEN 2 THEN 'Not Used'
WHEN 3 THEN
'Not Used'
WHEN 4 THEN 'INSERT Insert Row'
WHEN 5 THEN 'DELETE Delete
Row'
WHEN 6 THEN 'INSIND Deferred Update step 2 insert record'
WHEN 7 THEN
'IINSERT NC Index Insert'
WHEN 8 THEN 'IDELETE NC Index Delete'
WHEN 9
THEN 'MODIFY Modify Row'
WHEN 10 THEN 'NOOP'
WHEN 11 THEN 'INOOP Deferred
Update step 1 insert record'
WHEN 12 THEN 'DNOOP Deferred Update step 1
delete record'
WHEN 13 THEN 'ALLOC Allocation'
WHEN 14 THEN 'DBNEXTID
Extent allocation'
WHEN 15 THEN 'EXTENT Extent allocation'
WHEN 16 THEN
'SPLIT Page split'
WHEN 17 THEN 'CHECKPOINT'
WHEN 18 THEN 'SAVEXACT
Savepoint'
WHEN 19 THEN 'CMD'
WHEN 20 THEN 'DEXTENT Deallocate
extent'
WHEN 21 THEN 'DEALLOC Deallocate page'
WHEN 22 THEN 'DROPEXTS
Delete all extents on alloc pg'
WHEN 23 THEN 'AEXTENT Alloc extent - mark all
pgs used'
WHEN 24 THEN 'SALLOC Alloc new page for split'
WHEN 25 THEN 'Not
Used'
WHEN 26 THEN 'Not Used'
WHEN 27 THEN 'SORT Sort allocations'
WHEN
28 THEN 'SODEALLOC Related to sort allocations'
WHEN 29 THEN 'ALTDB Alter
database record'
WHEN 30 THEN 'ENDXACT End Transaction'
WHEN 31 THEN
'SORTTS Related to sort allocations'
WHEN 32 THEN 'TEXT Log record of direct
TEXT insert'
WHEN 33 THEN 'INOOPTEXT Log record for deferred TEXT
insert'
WHEN 34 THEN 'DNOOPTEXT Log record for deferred TEXT delete'
WHEN
35 THEN 'INSINDTEXT Indirrect insert log record'
WHEN 36 THEN 'TEXTDELETE
Delete text log record'
WHEN 37 THEN 'SORTEDSPLIT Used for sorted
splits'
WHEN 38 THEN 'CHGINDSTAT Incremental sysindexes stat changes'
WHEN
39 THEN 'CHGINDPG Direct change to sysindexes'
WHEN 40 THEN 'TXTPTR Info log
row WHEN retrieving TEXTPTR'
WHEN 41 THEN 'TEXTINFO Info log for
WRITETEXT/UPDATETEXT'
WHEN 42 THEN 'RESETIDENT Used WHEN a truncate table
resets an identity value'
WHEN 43 THEN 'UNDO Compensating log record for
Insert Only Row Locking (IORL)'
WHEN 44 THEN 'INSERT_IORL Insert with Row
Locking record'
WHEN 45 THEN 'INSIND_IORL INSIND with IORL'
WHEN 46 THEN
'IINSERT_IORL IINDEX with IORL'
WHEN 47 THEN 'SPLIT_IORL Page split with
IORL'
WHEN 48 THEN 'SALLOC_IORL Alloc new page for split with IORL'
WHEN
49 THEN 'ALLOC_IORL Allocation with IORL'
WHEN 50 THEN 'PREALLOCLOG
Pre-allocate log space for CLRs'
ELSE 'Unknown Type' END AS
LOG_RECORD
FROM syslogs
2. dbcc log command. Not well documented, but some details below. Note that as with most undocumented dbcc commands you need to do a dbcc traceon(3604) first to see the output.
2. 3rd party. Logview from http://www.dbsg.com/.
3. 3rd party. Image Analyzer from http://www.platinum.com/. This product also allows extracting data and SQL statements from the log.
(All these are currently for 6.5 or earlier)
---------------------------------------
dbcc log [ (@dbid, @objid, @pagenum, @rownum, @nrecords, @type [, @printopt]) ]
dbcc log (5, 0, 0, 0, -1, 0, 1) // Show the last begin transaction record in the log
Parameters:
@dbid Database ID
@objid Object ID
A negative value indicates that @pagenum & @rownum represent a row in the
log to use as a starting pointin the scan of the log.
A value of zero
indicates that log records for changes to @pagenum will be included in the
commands output.
A positive value followed by a non-zero value for @pagenum
indicates that @pagenum and @rownum represent a transaction ID. Log reccords for
that transaction will be included in the output.
A positive value followed by
zero values for @pagenum and @rownum indicates an object ID. Log records for
changes to that object will be included in the output.
@pagenum page number
@rownum row number in the log
Together with @pagenum, this is either a starting point in a scan of the log
or a transaction id.
@nrecords number of records to examine. If positive, the
first
@type
@printopt
Q. How can I upgrade the 120-day evaluation version to the full SQL version?
A. For SQL 6.5 :-
1. One method would be to backup the
databases, un-install SQL, re-install SQL and then load the databases
again.
2. A faster method is :-
(a) Backup your databases first
(just in case)
(b) Copy over all the .dll's and .exe's from the full
version, over the top of the evaluation version.
(c) Then from the
<sql>\binn directory run the following, making sure the case is
correct
setup /t RegistryRebuild = On
(d) The setup routine will
now run and ask you all the normal questions. Answer these as you did for the
120-day eval version (putting in the same paths etc.) and it will just update
all the registry entries/icons etc. It will leave the databases
alone.
For SQL 7.0 :-
(a) Detach your user databases
(sp_detach_db)
(b) Create a script file for all logins
(c) Backup all user
database files - *.mdf/*.ndf/*.ldf
(d) Un-install SQL Server eval
(e)
Install retail copy of SQL Server
(f) Run script to create logins
(g) If
user databases were deleted by un-install then restore from backup
(h) Attach
user databases (sp_attach_db)
Q. I'm not seeing anything in the current activity screen in SQL EM.
A. This is usually caused by the "select into/bulkcopy" database attribute for tempdb being unchecked.
Set the option on again using SQL EM or sp_dboption and that should fix it.
A. SQL Server doesn't have a handy SPOOL command like Oracle does, but there are a number of ways of doing what you want.
Q. My SQL Server database is showing as "recovering".
A. Every time SQL Server starts up it recovers all databases so that all transactions are either committed or rolled-back. This recovery process normally only takes a few seconds/minutes, but it the server was terminated in the middle of a long running update, then the recovery can take at least as long as the update had taken so far - sometimes longer due to contention on the log device.
Give it plenty of time to recover, but at the same time check the current and previous errorlog files, and NT errorlogs, for any indications of what has happened. If you've hit a hardware problem or SQL bug, then there WILL be errors there to give an indication on what happened.
Check the physical disk activity lights on the server, and also check the sysprocesses activity to see if the recovery task is using cpu and/or disk i/o. Only on very rare occasions will SQL Server not recover the database correctly.
If a database will not recover and you do NOT have a backup then you can use the following trace flags to bypass recovery. If you use these then the database/data may not be in a consistent state, but if you have no other choice then use them and then immediately transfer out (using bcp or transfer tools) all the objects you require.
If all else fails, or you are unsure what to do, then don't hesitate to place a call with Microsoft Product Support Services (PSS). They are there 24x7x365 to deal with problems like this and the charge is nominal compared to the loss of your data!
Q. I am getting a SQL Server error message "login failed".
A. This is a pretty common one. The login failed message is unfortunately a generic message that should really say "unable to make connection" as it often isn't a logon validation problem. Try the following :-
Contributed by Neil Pike
Q. Can I run SQL Server on the same machine as Oracle, Exchange etc.?
A. The basic answer is yes as long as there are sufficient resources
for all services and you don't mind putting several eggs in one
basket.
There are no known compatibility problems with running SQL
alongside any other MS or 3rd party products, DBMS or otherwise.
The same
holds true for the domain controller question - if you have a very large domain
with lots of trusts and authentication requests then co-hosting SQL on it
probably isn't a good idea. You WILL see articles from MS saying that putting
SQL Server on a DC is a no-no, but these articles date from when an NT machine
was a 486/33 with 16Mb of ram, not the 4x450Mhz Zeon 4Gb ram monsters you can
get now.
So give it a try and monitor the resources with NT Performance
Monitor. Check cpu usage and waits, disk usage and waits, network usage and
waits. The most important counter to check is memory pages/sec which will tell
you if the memory is overcommitted and actually causing physical paging to disk.
You may want to decrease the amount of memory (SQL 6.5 and below - SQL 7.0
autoconfigures) that SQL Server has to allow the other processes to get enough
so that paging doesn't occur.
Q. Why do my SQL Server identity values get out of synch causing gaps/duplicates etc.?
A. Why? Because of inherent problems with the way they were implemented. For performance reasons the current identity value isn't updated and committed in the system tables every time a row is inserted. This would lead to unacceptably bad performance, especially with SQL 6.x's page-level locking architecture - it could even lead to deadlocks. Therefore the value is stored in memory and only committed to disk when a clean shutdown of SQL occurs.
So, if SQL doesn't shut down cleanly, or there is some memory problem caused by an exception violation then the value will not be correct next time SQL starts. There are also some other bugs that would cause the value not to be updated, but MS fixed most of these with 6.5 SP3.
The only thing you can do about it is to put dbcc checkident(<tablename>) statements in a startup stored-procedure (details of this in the BOL) so that the values get fixed every time SQL starts - obviously for very large tables this may take a few minutes.
MS's own code/stored-procedures are not immune to this. One very common case is where you get duplicate key messages on sysbackuphistory (in MSDB) when you do a database dump. This is because the table uses an identity column.
(MS promise this situation will not occur with SQL 7.x as they have re-worked how the identity columns function internally)
Contributed by Neil Pike
Q. How can I restrict access to my SQL Server so that it only allows certain machines to connect?
A. SQL Server has no built-in tools/facilities to do this. It also does not have the facility to run a stored-procedure on connection that could be written/used to do this. Therefore you have the following choices :-
Q. How can I restrict access to my SQL Server so that it only allows certain programs to connect?
If you are still on 6.5 or below then you can try one of the below - but they are all kludges :-
Q. How does SQL Server clear up orphaned connections?
A. It doesn't. It never terminates a connection unless it is told to by a user, a KILL command is issued, or the operating system tells it that the network connection it is using has been disconnected.
How long the operating system takes to kill a network connection, or whether it is done at all, depends on the net-lib and network protocol used. For parameters on keep-alive frames and session time-outs for the relevant network protocol the best guide is the NT Server resource kit, which describes how NT's various networ layers work.
Typically, named-pipe connections over netbeui will be timed out quite quickly, followed by named-pipes over IP. If you're using tcp-ip sockets then these sessions aren't timed-out at all by default.
Q. Why does the SQL Server Database Maintenance Wizard warn about databases greater than 400Mb?
A. The DMW sets up an "aggressive" set of dbcc and other healthchecks. On "large" databases this sort of housekeeping can take a long time, so you might not want to do everything every night. In this situation you might want to set up your own maintenance tasks, perhaps only running checkdb once per week, and newalloc every night, with index rebuilds once a month or so.
MS's choice of "large" is 400Mb - probably a bit low given the speed of current cpu's/disks etc. The answer is, if you're happy with the time it takes to run the DMW generated tasks, then stick with it, regardless of your database size.
Q. Why does my SQL Server log show that it's still full? - I have truncated it.
A. The reason for this is that all the tools that interrogate log space - e.g. dbcc sqlperf, sp_spaceused and SQL EM all just look at the system catalog information in sysindexes - the dpages column. In SQL 6.5 and earlier this information is NOT kept up to date, so it is constantly wrong. The reason it is not kept updated is that it would cause a performance bottleneck.
The easiest way to correct the information is :-
dbcc
checktable(syslogs)
go
checkpoint
go
The information will then be correct until the next update/delete/insert transaction is issued.
If your log REALLY is full - i.e. you're getting a 1105 error on syslogs, then try a "dump transaction dbname with no_log". If this still doesn't fix it, then one of the following is occuring.
See Q110139 and Q184499 for more information on syslogs filling up and how to resolve them.
Q. How do I connect to SQL Server from a non-microsoft machine?
A. Microsoft don't supply their own drivers for non-Windows based
clients any longer, so you have to use a 3rd-party product. Your choices (in no
particular order) are :-
1. You can try acquiring/licensing/using a
Sybase Open CT-Lib/Db-lib client if one exists for your operating system. Sybase
supply drivers for many non-MS operating systems. The downside is that Sybase's
and MS's usage of the base TDS protocol has been diverging ever since the 4.x
versions of SQL Server they both released. Since then 6.0, 6.5 and especially
7.0 of MS's code, and versions 10, 11 and above of Sybase's code mean that
Sybase's CT-Lib's may or may not work for you. You may need to get an old
version from Sybase (maybe an original 4.x db-lib) and it may not support all
the functionality you need. It certainly won't be supported. There are several
reports of working connections to 6.5 servers failing when they were upgraded to
7.0.
2. You could reverse engineer the undocumented TDS protocol
yourself. This could and does change between versions of SQL Server, so only
attempt this if you want an on-going maintenance challenge. Several people have
done such reverse engineering for the portions of TDS they needed and have
reported it's not that difficult. Once such is the FreeTDS project that is
reverse engineering the TDS specification and is currently implementing CTLIB,
DBLIB, and JDBC interfaces for TDS. ODBC and Perl DBD drivers are planned. The
FreeTDS JDBC driver is a type 4 driver and should work on any JVM. The CTLIB and
DBLIB interfaces are known to compile under AIX, Linux, and FreeBSD without any
problems. More info from http://sunsite.unc.edu/freetds/ . The mailing list
archive can be viewed at
http://franklin.oit.unc.edu/cgi-bin/lyris.pl?enter=freetds. Source-code can be
downloaded from ftp://freetds.internetcds.com/pub/freetds_dbd/
3. If you
access SQL Server from Perl, then there are :-
a. SybPerl (Note that
SybPerl is designed for Sybase really so you may have the same compatibility
problems as with CT-Lib)
b. An MSSQL port of SybPerl available from
www.algonet.se/~sommar/mssql
c. ODBC using the ODBC extension
http://www.roth.net/odbc/
d. If the version of Perl has COM extensions then
you can use ADO
e. Search www.perl.com for any other code available on the
standard CPAN sites.
4. If you can use Java then a JDBC driver may be an
option.
http://weblogic.beasys.com/ . (type 2, 3
or 4. SQL 6.5 and 7.0)
http://www.inetsoftware.de/
http://www.openlinksw.com/
http://beta.easysoft.com/ . JDBC/ODBC
bridge (www.easysoft.com)
http://ourworld.compuserve.com/homepages/Ken_North/jdbcvend.htm
ftp://freetds.internetcds.com/pub/freetds_jdbc
. Type 4 open-source driver that is designed to work with SQLServer and
Sybase
http://Java.sum.com/products/jdbc
5.
If you are connecting via REXX then try www.angelfire.com/wa/djawa
6.
The recommended option is that you acquire an ODBC/OLE-DB driver from a driver
vendor that will offer on-going support. However, many ODBC vendors have either
moved from pure client drivers to "3-tier" driver systems which many people
don't want, or they have moved from ODBC into OLE-DB. Therefore you may have
trouble finding just what you want. (Success and failure stories welcome - but
be persistent with whichever vendors you talk to - they may not be actively
advertising what you want, but that doesn't mean they don't still have old but
working copies of it buried in a cupboard somewhere).
Vendors to try are
(in no particular order) :-
OpenLink http://www.openlinksw.com/
Merant
(were Intersolv http://www.merant.com/datadirect/products/odbc/Connect/overview.asp
Visigenic
http://www.visigenic.com/
Easysoft
http://www.easysoft.com/ (ODBC-ODBC
Bridge)
Applix corp.
7. Macintosh Info. You can download a Visigenic
ODBC version 2.1.2 driver for the Macintosh from www.snap.de (they produce a
DAL/ODBC DBMS called PrimeBase). It appears that the MS provided driver with
Office for the Mac no longer works with SQL 7.0. It works fine with SQL 6.5 and
below.
There are 32-bit 680x0 ODBC drivers on the Visual FoxPro for Power
Macintosh CD version 3.0. The 32-bit drivers (v2.11 from Visigenic, v6.0b3 of
the SQL Server driver). These work with 16-bit FoxPro 2.6a as well. One issue is
that on MacOS 8.5.1, you get Type 1, Type 3 or Type 10 errors when you quit the
FoxPro 2.6, BUT if you compile a 680x0 executable it works ok.
8. For
OpenVMS try www.trifox.com. They provide Perl, Java, JDBC, C, COBOL, C++, etc
access from OpenVMS to MS SQL server as well as 10 other DBMSs on various
platforms.
9. For other pointers to ODBC/JDBC/OLEDB vendor's :-
http://ourworld.compuserve.com/homepages/Ken_North/odbcvend.htm
http://ourworld.compuserve.com/homepages/Ken_North/jdbcvend.htm
http://ourworld.compuserve.com/homepages/Ken_North/oledbven.htm
http://www.unixodbc.org/
Q. How can I completely uninstall SQL Server?
A. If the standard un-install utility doesn't do the trick for some reason :-
Remove the <sql> directory and everything under it
Remove the
<sql> dir from the path (use control panel/system for this)
Remove the
SQL registry entries using regedt32/regedit. These are :-
(All versions)
(6.0 and above.)
(7.0 and above)
If you have lost permission to any of the registry keys then log on as administrator and take ownership of them starting at the highest relevant level. Use regedt32 and check the box to take ownership of all subkeys as well.
Q. What does dbcc traceon(208) mean in SQL Server?
A. This traceflag is set by some applications as they rely on SQL 6.0's quoted identifier behaviour for object names. For differences introduced with 6.5 to this behaviour look at the "What's New" section in the 6.5 books-online.
A. First read the manual - SQL provides a very good, searchable, books-online.
After that go to www.microsoft.com/support and check out the following SQL Mail knowledgebase articles :-
Any other problems then do a search for "SQLMAIL" and you'll find other more specific articles.
Q. I've got a problem/query with the beta of SQL Server 7.0. Where can I get help?
A. All questions on SQL 7.0 should be directed to the beta newsgroups, not the public ones. The address and userid/password for the beta newsgroups is in the readme.txt on your beta cd.
Q. Why do I have problems revoking permissions on some tables with SQL Server?
A. This is a known bug in SQL Server with tables that have 8n-1 columns. I.e. 7, 15, 22 etc.
To workaround it remove all entries from sysprotects and then re-grant permissions as necessary.
use <dbname>
go
exec sp_configure 'allow
updates',1
go
reconfigure with override
go
delete sysprotects where
id=object_id('<tblname>')
go
exec sp_configure 'allow
updates',0
go
reconfigure with override
go
Q. What hardware/software can I run SQL Server on?
A. That depends on whether you mean SQL Server "server" - i.e. the
database itself, or SQL Server client tools to setup/maintain the database. The
below table lists the requirements for both.
To just access SQL Server
itself as a client then the only requirement is to be able to run a
db-lib/odbc/ole-db driver. These are available for just about any platform - for
non-MS platforms you would need to get 3rd party drivers.
General notes
on table :-
Where no hardware is mentioned then any hardware that runs
the relevant version of the NT operating system will also run SQL
Server.
Unless otherwise specified SQL will run on any type of NT -
workstation, server, EE, etc. - though there may be licensing implications that
you should check first. With SQL 7.0 MS are checking licensing restrictions in
the SQL setup program for the first time - e.g. you are unable to install the
Server edition onto NT workstation.
References to NT 5.0 are now replaced
with Win2000.
If you run SQL Server on NT workstation then you are
restricted by the maximum number of incoming connections that NT allows. If you
run SQL Server on a connection-limited or evaluation copy of NT then SQL Server
will suffer the same restrictions.
Systems Software requirements
table
-----------------------------------
SQL 1.1 Server OS/2
1.30
SQL 1.1 Client Tools Dos, OS2, Win3x, Win9x, NT
SQL 4.20 Server
OS/2 1.30, NT 3.1/3.5/3.51
SQL 4.20 Client Tools Dos/OS2/Win3x/Win9x/NT
3.1/3.5/3.51
SQL 4.21a Server NT 3.5/3.51
SQL 4.21a Client Tools
Dos/OS2/Win3x/Win9x/NT 3.1/3.5/3.51
SQL 6.0 Server NT 3.51
SQL 6.0
Client Tools Win9x/NT 3.51
SQL 6.5 Server NT 3.51/4.0/Win2000 (2)
SQL
6.5 Client Tools Win9x/NT 3.51/4.0/Win2000
SQL 7.0 Server "Desktop"
Win9x/NT 4.0/Win2000 (1) (3)
SQL 7.0 Server "Server" NT 4.0 Server/Win2000
Advanced Server (1) (3)
SQL 7.0 Server "Enterprise" NT 4.0 EE/Win2000
DataCentre Server (1) (3)
SQL 7.0 Client Tools Win9x/NT 4.0/Win2000
(4)
(1) SQL 7.0 requires a Dec Alpha or 100% Intel PENTIUM compatible. It
will not run on 486 machines or some AMD/Cyrix/IBM processors - it needs to
support CMPXCHG8B (Compare and Exchange 8 bytes) and RDTSC (Read Time-Stamp
counter) instructions. SQL 7.0 WILL run on Pentiums slower than 166Mhz, but MS
do not "officially" support it. However, they are unlikely to refuse to take
your fault call and fix the problem, unless it is directly performance
related.
The following quote is from Cyrix - "Recently an issue with SQL
Server 7.0 has been discoverd with the non-MMX Media GX and the 6x86 processors.
A fix for this issue can be obtained from Cyrix technical support at:
tech_support@cyrix.com"
(2) DUMP/LOAD DATABASE fails with SQL 6.5 under
Win2000 unless you have applied at least 6.5 SP5
(3) SQL 7.0 requires NT4
SP4+ or Win2000 Beta2+. It also requires IE 4.01 SP1+.
(4) SQL 7.0 tools
require IE 4.01 SP1+.
Q. Why is a SQL Server restore (LOAD DATABASE) so much slower than a dump database?
A. The answer to this is that SQL initialises all pages during a load. So if you have 50Mb of data in a 5Gb database, the dump only processes the used 50Mb. But when the load occurs it loads the 50Mb of data - which takes roughly the same time as the dump - and then initialises the rest of the 4.95Gb of free space. This initialisation is done page by page and goes as fast as the disk subsystem will allow.
Q. What are the *.DMP files that appear in the SQL Server log directory?
A. These are a sign that SQL Server has had a "handled access violation" - a gpf.
The dump files contain information on what SQL Server was doing at the time, module stack traces etc. Though there is a PRINTDMP.EXE utility supplied the output of this is still of no use to anyone unless they have the SQLServer C source code.
Save the dumps away, together with errorlog info, what SQL was running at the time etc. and contact MS PSS for support in resolving the problem. (Assuming you've already applied the latest service pack and dbcc'd your databases to make sure there are no problems there)
Q. Can I do an NT defrag on a SQL Server .DAT device/file?
A. Yes you can as long as you stop SQL first - NT needs exclusive access to a file in order to defragment it. As long as there are no bugs in the defrag program and the system doesn't crash in the middle of a defrag then there shouldn't be any problems.
Will it help? Usually not much as SQL devices don't tend to change in size once they are created, so unless a disk was badly fragmented when the device was created so that NT could not allocate contiguous space for it all then it won't be fragmented. It does nothing for SQL fragmentation of data/index pages it only defragments the actual device.
If you create your SQL devices on a freshly formatted drive then you won't get any fragmentation.
Q. Can I compress a SQL Server .DAT device/file?
A. Yes you can as long as you stop SQL first - NT needs exclusive
access to a file in order to compress it. In theory everything should be fine as
SQL isn't interested in what is happening down at the filesystem
level.
However, in practice, this is not recommended for the following
reasons :-
1. It is not recommended/supported by MS. It can prevent the
ability to recover due to SQL not really knowing how much disk space there
is.
2. Performance - especially if you compress an empty database/device
and then start filling it up - there is then a lot of overhead in NTFS expanding
the file as previously it had compressed very well due to the large number of
binary zeroes used to pad empty pages.
3. Many people have reported
problems (especially with SQL7) when doing disk intensive updates like index
creation.
4. With a compressed drive the NT writes are always done in a
"lazy" asynchronous manner. For an application like SQL that MUST know when an
i/o has completed to the disk and not to some unprotected memory area this is
unacceptable.
As for compressing data inside a table, SQL Server has no
functionality to do this. You could do it yourself using code at the client end,
or with an extended-stored procedure, but that's it.
Q. Why can't I install SP4 for SQL Server to my Win95 machine like the readme says I can?
A. This is because when MS released SP4 they got the setup.inf file wrong and it wouldn't install to Win95 clients. They subsequently fixed it and re-released the service pack but it doesn't seem to have synched round to all the places on the web-site where it is stored.
Get SP4 from ftp.microsoft.com/bussys/sql and it should work ok.
Q. I'm getting an error 1117 in SQL Server. Can I rebuild the extents somehow?
A. It is recommended that you select/bcp out all the relevant data and then recreate the objects concerned. However, if you want to attempt a rebuild of the extents then make a backup first, and then try the following after putting the database into single-user mode first :-
dbcc rebuildextents (@db_id, @object_id, @index_id)
Parameters:
@db_id Id of the database
@object_id Id of the object to be
rebuild
@index_id Id of the index to be rebuild
Alternatively you could just rename the object and leave it in the database with a dummy name - you won't be able to drop the object.
Q. Why can't I get at a network file when I run a program with xp_cmdshell from SQL Server?
A. The reason is that the MSSQLSERVER service is running under a separate set of NT credentials. It doesn't matter who YOU are logged on as (after all SQL runs quite happily when no-one is logged on to the console doesn't it). Therefore your logon account and any mapped drives are irrelevant. It is SQL Server running the program (e.g. bcp) not you.
The default set of NT credentials used by MSSQLSERVER is the Localsystem account. You can check what userid that MSSQLSERVER is running under by looking at control panel/services highlighting MSSQLSERVER and choosing the start-up option.
The Localsystem account has no access to shares on the network as it isn't an authenticated network account.
So, if you want a program running under xp_cmdshell to access a network resource you have two choices :-
Whichever method you use, you MUST use a UNC name to reference the resources required and not a drive letter.
e.g. xp_cmdshell 'dir \\server01\share'
Q. I am having problems with SQL Server running bcp from xp_cmdshell.
A. First make sure that you have the rights to run xp_cmdshell - do an xp_cmdshell 'dir' and check you get a resultset of filenames back.
Then be aware that the MSSQLSERVER service is running under a separate set of NT credentials. It doesn't matter who YOU are logged on as (after all SQL runs quite happily when no-one is logged on to the console doesn't it). Therefore your logon account and any mapped drives are irrelevant. It is SQL Server running the bcp, not you, so as far as drive letters go it can only see the local ones - local meaning on the server, do not be confused into thinking that if you are issuing the query from a workstation that the query is referencing your workstation's local drives.
The default set of NT credentials used by MSSQLSERVER is the Localsystem account. You can check what userid that MSSQLSERVER is running under by looking at control panel/services highlighting MSSQLSERVER and choosing the start-up option.
The Localsystem account has no access to shares on the network as it isn't an authenticated network account.
So, if you want bcp running under xp_cmdshell to access a network resource you have two choices :-
Whichever method you use, you MUST use a UNC name to reference the resources required and not a drive letter.
i.e. xp_cmdshell 'bcp servername..tablename out \\server01\share\bcp.fil .............'
Q. How do I store/retrieve text and image data in SQL Server?
A. To store/retrieve this sort of data within TSQL scripts you have to
use the WRITETEXT and READTEXT commands rather than standard INSERT/SELECT
statements. These are documented, with examples, in the books-online but are
basically a real pain to use. There are more manageable commands available from
within the relevant programming languages - e.g. RDO and ADO from VB/C can use
GetChunk and AppendChunk commands - but you still have to manage the image/text
chunks/blocks of data at a time. About the only upside of storing this sort of
data within SQL Server is that it can be kept transactionally consistent with
the other data. For sample code see Q194975 - "Sample Functions Demonstrating
GetChunk and AppendChunk".
For native ODBC access use the SQLPutData and
SQLGetData commands.
If you just want to insert/retrieve an entire
image/text then look at the TEXTCOPY program (textcopy /? for parameters) in the
<sql>\BINN directory. It is a command-line program along the lines of
BCP.
If transactional consistency doesn't matter, or can be achieved
programmatically, then it is easier to store the data outside the database as an
ordinary file. Within the database just hold a UNC pointer to where the file is
held. This usually makes it much easier to display/edit the data as the name can
simply be passed to whatever tool is doing the manipulation.
Q. How can I amend the system tables in SQL Server?
A. First, it should be said that unless you are using code that MS
have published then any direct updates to the system tables are not supported -
so if you're not sure either don't do it, or take a backup first.
With
the exception of "materialised" tables like syslocks and sysprocesses you can
pretty much use standard SQL commands to update the system
tables.
As far as triggers go, you can define triggers on system
tables, however SQL Server updates most system tables internally via it's own
api's - only some get done via standard TSQL. Only updates done via standard
TSQL result in a trigger firing, however there is no list of what tables this
does work with, and it certainly wouldn't be supported if you did use
it.
To update system tables first you have to set the "allow updates"
flag as follows :-
sp_configure 'allow updates',1
go
reconfigure
with override
go
Then go can make updates - make sure you always do
this within a transaction so that if you affect more rows than you meant to then
it can be rolled back. Afterwards reset the 'allow updates'
flag.
sp_configure 'allow updates',1
go
reconfigure with
override
go
There are also a few occasions where MS have put in
"extra" protection to stop users mucking about. One example is sysindexes where
you must specify the name, id and indid in the where clause otherwise the update
will fail.
Q. I am having problems installing a SQL Service pack.
A. Try the following checklist :-
1. Make sure you have
administrator level permissions on the machine in question, as SQL needs to
create registry entries, services etc.
2. SQL Server is dependent on
network functionality - even for the set-up routines. Specifically it needs to
use named-pipe/mailslot functionality. These usually require a network card to
be present. If you don't have a network card then go to control panel/networks,
choose add adapter and then add the Microsoft loopback adapter - which is just a
dummy driver, no hardware involved. This needs to have working network
protocol(s) bound to it. Let whichever protocols you have use default
parameters, EXCEPT for tcp-ip. If you are using this then do NOT specify dhcp
assigned address, use 192.168.1.1 as the IP address and 255.255.255.0 as the
subnet mask. This is a standard RFC1918 non-routed IP address so shouldn't clash
with any dial-up address you may be given by an ISP.
3. Make sure that
there are no quotes in the path on the machine you are setting up. Also check
that the full directory path you are installing from does not include any
spaces. Either of these will cause part of the setup to fail (usually the
cfgchar.exe bit). Also check the registry entry
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Setup] ends in a "\" and add
one if it doesn't.
4. Because a named-pipe, used by the set-up routine,
is effectively a file as far as the operating system is concerned, real-time
Virus scanners can cause problems. Most of these have been fixed so they don't
interfere with SQL's named-pipes, but make sure you're running the latest
version of whichever virus package you use. But if in doubt, then disable the
virus software for the duration of the install.
5. Other software
packages can also interfere with SQL's install - typically they interfere with
named-pipes/mailslot connectivity and setup will terminate with an error like
'unable to write to mailslot.....'. Shut-down any of these for the duration of
the install. Packages that are known to interfere with SQL's setup routines
include :-
IIS - Internet Information Server - the web parts, not
FTP
PWS - Personal Web Server
Exchange Server
6. If the dial-up
networking icon/window appears and tries to make a network connection, then stop
and disable the "Remote Access Autodial Manager" service via control
panel/services. This is an NT issue rather than a SQL one, but disabling
auto-dial is the easiest way around it.
7. Make sure that named-pipes is
enabled and is the default net-lib on the server. Make sure that SQL is
listening on .\pipe\sql\query which is the default.
8. If your "sa"
password had a space in it then change the password so it doesn't have a space
before installing the SP.
9. Make sure that SQL Server has a name. Run
sp_helpserver and check what name srvid of 0 has. If it is not there then run
sp_addserver '<servername>', 'LOCAL'
10. Check whether the value at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Setup\SQLPath has a '\' at the
end. If you have used a long directory name you may need to add this
yourself.
11. (6.5 and below). Make sure you haven't deleted the probe
account from the master database. If you have :-
use master
go
exec
sp_addlogin probe, NULL, master
exec sp_adduser probe
go
Then run
<sql>\install\Procsyst.sql to grant relevant permissions back to the
userid.
12. If it still isn't installing then check the *.OUT files in
the <sql>\install directory for clues as to what is going on.
13.
If the .OUT files indicate that ISQL cannot connect to the SQL Server to run
scripts then you can try the following unsupported hack (it worked for me on SP4
and SP5) by modifying the servicepack's setup.inf. After modifying the setup
script run "setup /t Local = Yes"
Make a backup of the setup.inf first,
then find the following line
set !ServerName =
$(!ComputerName)
Now add the following 3 lines after it
ifstr(i)
$(!Local) == "Yes"
set !ServerName = "."
endif
14. If the error is
"Critical Error, could not open the file named D:\MSSQL\BINN\SQLCTR60.DLL" then
look for a service that has this file open. Easiest way to see which one is to
get NTHANDLEX from www.sysinternals.com (free).
Q. How can I move a SQL Server device from one disk to another, or rename it?
A. There are two ways with SQL 6.5 :-
1. Use device mirroring.
Mirror the device to the "new" location and then break the mirror and delete the
old device. This method does not need SQL downtime and can be done via the gui
or via TSQL.
2. Use the sp_movedevice sp that is documented in the
Books-Online - just cut and paste this into an ISQLW session and run it to
create the sp (it doesn't exist by default). After making the change stop SQL
Server, physically move the device, then restart it. Therefore this method
requires downtime, but it is faster as using OS level commands is faster than
SQL mirroring.
All that sp_movedevice does is update the phyname in the
sysdevices table.
Note that the above method works for all USER
databases. If you want to move master this way, then note that the phyname
parameter in sysdevices is only for documentation - you might as well change it
anyway to keep things in line. The actual method SQL uses for locating the
master device is by looking in the registry
:-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\Parameters\SQLArg0
So
it is the value in this key that needs amending.
For SQL 7.0 you can use
:-
sp_detach_db ...
<move devices physically>
sp_attach_db
...
For details on the stored-proc parameters see the SQL Books
online.
Q. How can I recover a SQL Server database when all I have left is the .DAT device?
A. For SQL 6.5 and below use the DISK REINIT and REFIT commands. These
are documented in the Books-Online.
For SQL 7.0 use the sp_attach_db sp -
also documented in the books online.
A. For SQL 6.5 and below - from the <sql>\binn directory run the following, making sure the case is correct
setup /t RegistryRebuild=On
The setup routine will now run and ask you all the normal questions. Answer these as if you were performing the install again (same paths etc.) and it will just update all the registry entries/icons etc. It will leave the databases alone.
For SQL 7.0 use the regrebld.exe command - regrebld.exe /? will give you the options as will the documentation.
Q. How can I install SQL Server client tools in unattended mode?
A. The MS provided setup.inf file with 6.5 and below doesn't allow for this (haven't checked out 7.0 yet), so your choices are :-
Q. How can I access data across two separate databases in SQL Server?
A. With SQL 6.5 and below this is easy as long as the databases are on the same server. Then just use the fully qualified names of the tables concerned :-
select * from <dbname><ownername>.<tablename>
select
* from db1..tab1, db2..tab1 where ...........................
If the databases are on separate servers then 6.5 and below offer remote stored procedures (look them up in the docs) but that is your only server-side choice, there is no way to directly access the tables involved. If you need direct access then you will need to make two separate client connections to each server and process the data at the client end. Something like the JET engine can be used to make this easier and make the two servers look like one.
With SQL 7.0 you can access tables across servers with a single client connection because the fully qualified object name now allows the servername to be passed, so you can do
select * from server1.db1..tab1, server2.db1..tab1 where ...........................
Q. How can I transfer SQL Server data between an Intel box and an Alpha?
A. With 6.5 and below you cannot use the DUMP and LOAD DATABASE commands - it does not do the necessary byte re-ordering to make this work. Therefore you must use bcp, the transfer tools supplied in SQL EM or write your own ODBC/DMO based applet.
With SQL 7.0 the byte re-ordering is done for you and so dumps and loads across architectures are supported.
Q. I can't run SQL Server Enterprise Manager.
A. This is a problem with the class not being resgistered in the registry properly. Use the regsvr32 utility to re-register it :-
regsvr32 <sql>\binn\sqlole65.dll
Replacing <sql> with the full drive/dir that SQL is installed into.
Q. I've put tempdb in ram and now I can't restart my SQL Server.
A. This is because the memory allocated by SQL Server does NOT include
tempdb in ram. There must be enough memory for SQL, tempdb AND NT otherwise SQL
will fail to start. To recover from this :-
1. Stop SQL Server and SQL
Executive. Also make sure that SQL Enterprise Manager isn't running.
2. Go to
the <sql>\binn directory and type "sqlservr -c -f" - this will start SQL
in single-user mode with a minimum config.
3. Ignore the text messages in
this window - but wait for them to finish appearing (shouldn't take more than
10-20 seconds)
4. SQL Server is now started.
5. Go to another window and
start ISQL/W and connect locally with the sa userid.
6. In ISQL/W issue the
following commands :-
sp_configure tempdb,
0
go
reconfigure
go
7. Now go back to the window SQL is running
in and type "shutdown" and enter
8. SQL Server should shut down. If it
doesn't then hit <ctrl-c> to shut it down.
9. Now you should be able to
start SQL normally and connect. You will need to re-size tempdb as it will have
gone back to the original 2Mb in master.
If you get an error 615 running
the sp_configure command then drop the tempdb device first :- "sp_dropdevice
tempdb" - and then start again.
Q. How do I transfer data between SQL Server databases / across servers?
A. There are a variety of methods :-
1. The fastest method for
whole databases is to use the DUMP DATABASE and LOAD DATABASE commands. You need
to make sure that the databases are the same size and made up of the same
segment fragments in the same order. If you do an sp_help_revdatabase on both
this will allow you to check the required DDL for this. You can DUMP and LOAD
from a local tape device and transport the tape if you do not have a network
connection. (With SQL 7.0 the commands are BACKUP DATABASE and RESTORE
DATABASE)
2. If you only want tables/data you can use the SQL BCP.EXE
tool. This is a command-line program and is fully doc'd in the books-online. It
works on one table at a time and allows you to create a flat file on
disk.
3. For stored-procedures/views etc. there is an old command-line
based tool called DEFNCOPY.EXE that works like BCP. It isn't used much these
days unless you still have SQL Server on OS/2 - though it still works on NT at
least up until 6.5.
4. SQL Enterprise Manager comes with a built-in gui
transfer function, and SQL 7 comes with a separate, equivalent tool based on
DTS. This allows transfer of all objects between two databases/servers but
requires a network connection between the two.
5. The transfer tool
supplied with SQL EM is exposed via the DMO interface and can be called using
the SQLOLE calls from TSQL or your own VB program for automation purposes. See
Q152801 for an example of how to do this.
6. 3rd-party DBMS management
tools no doubt offer similar/better transfer/scripting tools to the above.
Q. What packages are available to do source control on SQL Server SP's, DDL etc.?
A. Microsoft have integrated their Repository into SQL 7 so there will probably be some function there with new versions of Visual SourceSafe, but assuming VSS doesn't meet your needs, then 3rd party dbms tools do offer these features :-
Q. Where can I get the ANSI92 SQL information from.
A. This is information is only available from ANSI themselves and as far as I know is only available on paper (to discourage piracy). They charge for the information - they have to have some form of income stream after all.
More information can be had from their web-site http://www.ansi.org/
Q. How do I connect to SQL Server through a firewall?
A. Basically you have to open up the ports that SQL Server uses. If you've done this and it still doesn't work then look at the firewall logs to see what packets it is dropping or do a network trace either side of the firewall to see what packets are not getting through. (You may want to disable/allow all through the firewall during testing to see what extra packets are allowed through).
Which ports to open depends on the net-lib you are using :-
Q. I'm getting a sort failed 1501 message on SQL Server - what's going on?
A. This is usually caused by a time-out when creating an index - if you see "state 12" after the 1501 then it definitely is. This hard-coded timeout was upped with SQL 6.5 SP3 and is rarely seen now (though it does still sometimes occur). It is normally caused by a slow or congested disk subsystem - either get some faster disks/controllers or make sure that no other processes are contending on the same disks at the time of the query that causes the error.
If the above doesn't fit, then you can try upping the "sort pages" parameter in sp_configure. This may keep more of the sort in memory and reduce the iterations it goes through and thus prevent the error.
Other than that all you can do is contact MS PSS with the error message, including state number, and let them delve through the code to see what piece of code the state message you're getting is in. (The state codes are unique)
Q. I'm getting a 1112 error on SQL Server - what's going on?
A. This message will only occur with SQL 4.x and is fixed in all subsequent versions. The ONLY permanent fix is to upgrade to SQL 6.0 or above.
The error occurs if SQL has crashed during the allocation of an extent - this sometimes leaves a "being allocated" bit set in the extent. When SQL comes to need that extent to expand a table then you get the error because SQL thinks the bit should never me set and some form of corruption has occurred.
Because SQL always allocates extents in the same order, once you get the error you will carry on getting it unless you drop some objects and free up extents nearer the start of the database that it can allocate ok. This only puts off the time till the next 1112.
To "fix" the error you can get and run a file called 1112.EXE from MS PSS or ftp.microsoft.com/bussys/sql/transfer. This contains details of what to do to run it - note the database needs to be in single-user mode at the time. All it does is whiz through the extent map and reset any bits that show as "being allocated".
Note this "fix" only fixes that particular occurence of the problem. The problem will come back, so move to a supported version of SQL that has a permanent fix for this problem.
A. This is a fairly common error :-
Q. What are good SQL Server books? And other sources of reference.
A. SQL Books Online is a good source, as is Technet with 100's of
techie articles/whitepapers on SQL as well as the Knowledgebase. The SQL 7.0
books-online can be downloaded at
http://support.microsoft.com/download/support/mslfiles/sqlbol.exe
An
un-official "faq" is held at :-
http://go.compuserve.com/sqlserver
(download sqlfaq.zip from library 1)
http://www.sql-server.co.uk/
http://www.swynk.com/faq/sql/sqlserverfaq.asp
http://www.ntfaq.com/sql.html
The
most up to date copy (apart from the one on my hard-drive) is the one in the
Compuserve library - you don't need to be a compuserve member to download it.
The other sites all take the info and put it into their own
format.
On-line resources :-
SQL Server Mailing List and other
resources at www.swynk.com
SQL Server newsgroups :
microsoft.public.sqlserver.* and comp.dcom.databases.ms-sqlserver
GO MSSQL on
Compuserve for SQL
forums
www.sql-server.co.uk
www.mssqlserver.com
www.sqlwire.com
Magazines
:-
SQL Server Professional, Pinnacle publications,
www.pinpub.com
SQL Server Magazine, www.sqlmag.com
NT Magazine has
monthly articles on SQL plus the odd one-off
Books (a few good ones, but
this doesn't mean anything not listed isn't good! Many of these go through
various revisions, so check you're getting the latest and greatest version)
:-
Microsoft SQL Server 6.5/7.0 Programming Unleashed : Sams/various :
Good for programming/TSQL
Microsoft SQL Server 6.5/7.0 Unleashed :
Sams/various : Good for DBA's, admin, performance, general stuff.
SQL for
Smarties : Morgan-K/Joe Celko : Advanced SQL programming techniques, tricks and
tips. Not SQL Server specific but highly recommended.
Hitchhikers Guide
to VB and SQL Server : MSPress/Bill Vaughn : ISBN: 1572318481 : If you're coding
VB to access SQL and you're not sure whether (or how) to use db-lib, odbc, ado,
rdo, ole-db, rds, rdo, dmo (I think that's all of them) then this is the
bible.
BackOffice Resource Kit Part II : MSPress : Good stuff on SQL 6.5
connectivity and some internals, plus some nice utilities and
whitepapers.
BackOffice 4.5 Resource Kit : MSPress : As above but for SQL
7.
Teach yourself Microsoft SQL Server 7.0 in 21 days : Sams/Richard
Waymire : ISBN 0-672-31290-5 : The best of the early released books on SQL
7.
Inside Microsoft SQL Server 6.5 : MSPress/Ron Soukup : SQL Server
Internals, how it works, why the history. Plenty of good undocumented
stuff.
Inside Microsoft SQL Server 7.0 : MSPress/Kalen Delaney : ISBN:
0735605173 : The bible for SQL 7 internals.
Q. Where can I get SQL Server hot-fixes from?
A. Hot-fixes are builds of SQL Server just like service-packs. However they are not fully packaged or given the same level of testing as a servicepack. They should only be applied to resolve a particular problem.
To get them, the official answer is that you must contact Microsoft Product Support Services by phone. You can get contact details from http://support.microsoft.com/support/supportnet/default.asp. The call screener answering the phone will charge your account/credit card for the call - in the US this is $195 I believe. Then when the engineer you are put through to determines the call is about an MS bug they will refund it. They will tell you where to get the hot-fix, or will send it to you.
Unofficially, you can pick up hotfixes from ftp.microsoft.com/bussys/sql/transfer as long as you know the build number and pkzip password you need. The files are called SQLbbbm.EXE where bbb is the build number and m is the machine type. So SQL324I.EXE is build 324 for Intel. The files are pkzip password protected.
Wherever you get one from be aware that hot-fixes are typically NOT regression tested and can cause a lot more damage than they can fix. You are strongly urged to discuss using any hot-fix with an MS PSS representative before applying it.
Q. How can I create a user-defined function in SQL Server?
A. Basically you can't - these were supposed to have been in SQL 7.0
but they won't now be added till an unspecified future release. There are a
couple of options that will get part of the way there :-
1. You can write
your own stored-proc or extended-stored-procedure (XP). However, you can only
pass an SP/XP a set of parameters so to "apply" it to a set of rows you would
have to cursor round the rows yourself and call the SP/XP 'n' times. An example
below
Create StoredProcedure SPAdd
(@num1 int, @num2 int, @Result int
OUTPUT)
AS
Select @Result = @num1 + @num2
Return
go
Declare
@Total int
exec SPAdd @num1 = 5, @num2 = 6, @Result = @Total
Select
@Total
2. As long as you can write the function in a simple 1 line TSQL
statement then you can simulate the function with a case statement - look up
CASE in the books online for more information.
select finalvalue =
CASE
WHEN <exp>
THEN <exp>
WHEN <exp>
THEN
<exp>
ELSE <exp>
END
Q. How can I pass an array of values to a SQL Server stored-procedure?
A. Basically you can't - SQL Server has no array type - ANSI SQL 92 does not specify array support.
You could simulate an array by passing one or more varchar(255) fields with comma-separated values and then use a WHILE loop with PATINDEX and SUBSTR to extract the values.
The more usual way to do this would be to populate a temporary table with the values you need and then use the contents of that table from within the stored-procedure. Example of this below
create procedure mytest @MyParmTempTable varchar(30)
as
begin
--
@MyParmTempTable contains my parameter list...
-- For simplicity use dynamic sql to copy into a normal temp table...
create table #MyInternalList (
list_item varchar( 2 ) not
null
)
set nocount on
insert #MyInternalList
exec ( "select * from " + @MyParmTempTable
)
set nocount off
-- It is now easier to join..
select *
from sysobjects
where
type in ( select list_item from #MyInternalList )
end
go
To call..
create table #MyList (
list_item varchar( 2 ) not null
)
insert
#MyList values ( 'S' )
insert #MyList values ( 'U' )
insert #MyList values
( 'P' )
exec mytest "#MyList"
Q. How can I delete duplicate rows from a SQL Server table?
A. This is documented in the MS Kb - Q139444. Search from http://support.microsoft.com/support or go direct with the following URL.
http://support.microsoft.com/support/kb/articles/q139/4/44.asp
Q. My SQL Server errorlog is filling up with entries. How can I switch or truncate it?
A. There is no way to truncate the errorlog or switch it either, short of stop/starting the MSSQLSERVER service.
If the errorlog is filling up your disk then your choices are :-
Q. Which sort-order should I choose for my SQL Server for the fastest performance?
A. Binary sort order is 15% faster than others for key comparisons. However this is only one small part of the processing that SQL needs to do and with the increase in processor speed since SQL Server was first released this is now less and less of an issue.
If you use binary (or another case-insensitive sort-order) then you may need to resort to queries with where clauses like "where UPPER(columnname)=UPPER(searchargument)". This prevents the query optimizer from selecting an index and forces a table-scan - with disastrous performance consequences.
Therefore it is recommended that you only choose binary for other reasons - not performance.
Q. Why is my application locking up in SQL Server?
A. If you check the locks and are seeing syscolumns being blocked this is due to a documented change in SQL 6.5 because tables created by using SELECT INTO hold to the ACID (atomicity, consistency, isolation, durability) transaction properties. This also means that system resources, such as pages, extents, and locks, are held for the duration of the SELECT INTO statement. With larger system objects, this leads to the condition where many internal tasks can be blocked by other users performing SELECT INTO statements. For example, on high-activity servers, many users running the SQL Enterprise Manager tool to monitor system processes can block on each other, which leads to a condition where the SEM application appears to stop responding. (This happens on tempdb which is the biggest problem with this new feature for most users)
You can revert to the old 6.0 and below behaviour where these locks are not held by applying at least ServicePack 1 and then setting traceflag 5302 on startup.
It is recommended that you amend your application to not use select into, or if you do, create the table using "SELECT ... INTO .... WHERE 1=0" to create the table and then use standard inserts to populate the table.
Q. Where can I get the SQL Server Programmers Toolkit?
A. For SQL 6.5 :- http://support.microsoft.com/download/support/mslfiles/PTK_I386.EXE
This
contains everything you need for db-lib, odbc, dmo, ods, xp etc. type
programming against SQL Server.
For SQL 7 look on the CD under \devtools
Q. I'm getting an error 80004005 message connecting to SQL Server - what's going on?
A. This is an ODBC/ADO error message and is a generic one - basically something has gone wrong. After the error number is a description giving specific information on what is going on. To debug this info look at Q183060 in the MS Knowledgebase. www.microsoft.com/support.
A. Yes, it is safe. There is a stored procedure to clear up the sysbackuphistory and sysbackupdetail tables available with SQL 6.5 - sp_sysbackuphistory_limiter.
Q. I'm having problems getting more than x connections from a 16-bit client to SQL Server.
A. This is due to the fact that 16-bit clients, whether they use ODBC or db-lib, use a 64K buffer for all their control blocks, network buffers etc. You have to keep everything within this one area - there are no workarounds for this.
The main thing that uses up the memory is the space used for "network" buffers - actually these are buffers for the TDS packets, as the actual network buffers may be bigger/smaller and the TDS packets may have to be fragmented by the network driver to get them on the network - but that is transparent to SQL.
The "network packet size" (TDS) can be specified by the client connection. If it is not then it uses the setting on the server that is set by sp_configure.
If you need more connections then the easiest thing to do is reduce the "network packet size" via sp_configure/client connection until you get enough. The lower it is set the more round-trips that SQL client to server has to take, which potentially can degrade performance.
Q. How can I restrict the number of rows returned to my query in SQL Server?
A. With SQL 6.5 and below use the "set rowcount <n>" option.
This option is still available with SQL 7.0, but this supports the TOP() function as well which will optimise better so use this instead. "select TOP(n) from .........."
Q. I can't use a tape-drive with SQL Server, but it works ok with NT Backup. Why?
A. SQL 6.5 and below have compatibility problems with certain tape
drives - usually because the tape driver advertises a block-size that is too big
for SQL to handle. With SQL 7.0 this problem goes away because SQL uses the NT
backup code/format and so any tape drive that works with NT backup should work
with SQL.
You can diagnose the problem on SQL 6.5 and earlier using a
tapetest.exe tool - these are available from MS PSS and have also been uploaded
to www.swynk.com/sql in their library area. They are gui based and the usage is
obvious.
You can try upgrading the firmware on your tape unit - this
sometimes helps. But usually it is the driver that needs
changing.
Check the vendors website - e.g. www.quantum.com has
updated DLT drivers
Try applying the latest NT service pack (many drivers
come with these). Specifically there is a bug with SQL 6.5 SP5a where it needs
to driver from NT 4.0 SP4 or above for 4mm dat drives to work properly
(otherwise it gets an error 87).
If you have licenses for a 3rd party
backup utility that dumps in Microsoft standard format then try a driver from
here instead of the NT supplied one. I find that BEI Ultrabac drivers work well
with SQL Server (www.ultrabac.com). Earlier versions of Seagate Backup Exec
didn't, but newer ones do.
The last one leads to another work-around - if
you use a 3rd party backup tool and it's SQL agent then the tape unit will work,
as SQL is then dumping to a named-pipe and the actual backup tool is then
talking to the tape device.
Q. SQL Mail keeps hanging - meaning I have to restart SQL Server to clear it.
A. This is a mapi problem, not a SQL one, but having SQL Server acting
as a MAPI client makes it nearly impossible to track down and fix. SQL 6.5 SP5a
has a fix in to reduce these problems. I have seen at least one report of SQL
7.0 having the same problem - so it doesn't look like this handles it a whole
lot better.
You can try a different mail client and see if the mapi dll's
that installs work better - some people have found that Outlook 98 works well,
others report that only very early versions of Exchange client work ok. Whatever
the case it is likely that bugs exist in all versions of the mapi client and are
exposed on fast or SMP machines due to race conditions - thus causing
hangs.
The recommended workaround would be to not use SQL Mail at all.
You can use a SENDMAIL.EXE command - either the one in the Exchange resource kit
for MAPI, or an SMTP one for an internet gateway. This can then be called in two
ways :-
1. If you want mail to go synchronously then call SENDMAIL via
xp_cmdshell. This then won't return control to your SQL task until the mail has
been sent.
2. If asynchronous sending of mail is ok, or you are worried
about the mail process hanging individual threads then write out the mail
message information to a flat file. Then have a looping batch process outside of
SQL looking for emails and sending them when it sees them. This process could
update SQL tables to say they are sent if that is needed.
I prefer the
second approach.
Q. How can I convert a string to "proper" case in SQL Server?
A. If, for instance, you need to translate "andrew" to "Andrew" SQL Server has no built-in function for this and neither does it support user-defined functions.Therefore your two choices are :-
An XP is faster and lets you have the full range of C programming tools and techniques, however it is possible to implement a simple example in TSQL - posted below. It only handles simple cases, and won't do stuff like D'Arcy properly - if you want full function stuff you are recommended to write your own generic C routine and then call it from an XP.
create procedure sp_proper
@in varchar(255)
output
as
BEGIN
declare @in_pos tinyint,
@inter
varchar(255),
@inter_pos tinyint
select @in_pos=0,
@in=lower(@in)
select @inter=@in
select
@inter_pos=patindex('%[0-9A-Za-z]%', @inter)
while @inter_pos >
0
begin
select @in_pos=@in_pos + @inter_pos
select @in=stuff(@in,
@in_pos, 1, upper(substring(@in, @in_pos, 1))),
@inter=substring(@inter,
@inter_pos + 1, datalength(@inter) - @inter_pos)
select
@inter_pos=patindex('%[^0-9A-Za-z]%', @inter)
if @inter_pos >
0
begin
select @in_pos=@in_pos + @inter_pos
select
@inter=substring(@inter, @inter_pos + 1, datalength(@inter) -
@inter_pos)
select @inter_pos=patindex('%[0-9A-Za-z]%',
@inter)
end
end
END
go
Q. Where can I get Embedded SQL for SQL Server?
A. http://support.microsoft.com/download/support/mslfiles/ESQLC.EXE
Note that this only supports SQL 6.5 and earlier. It will work against SQL 7.0 but you won't have access to any SQL 7.0 only features.
Q. Does SQL Server support Unicode?
A. With SQL Server 7.0 and above full UCS-2 Unicode support is there. There is no Unicode support in 6.5 and earlier (you had to use dbcs).
UCS-2 is the official Unicode two-byte definition for all characters. Some DBMS manufacturers have only implemented a space-conserving, pseudo-form of Unicode, UTF-8, which has mixed one-byte and two-byte encodings.
Q. Where can I download SQL Server utilities, service packs etc.?
A. Go to http://support.microsoft.com/. Choose drivers/downloads. Choose Back-Office. Choose SQL Server.
You will find the latest servicepacks, utilities (SQLHDTST), Programmers Toolkit (PTK), ESQL/C etc. there.
Alternatively there is an ftp location at fp.microsoft.com/bussys/sql
Q. How can I disble the dial-up remote network prompt with the SQL Server GUI tools?
A. In Windows NT :-
1. In control panel/services, choose Remote
Access Autodial Manager.
2. Click on startup and choose
disable.
In Windows 9x :-
1. In Dial-Up Networking, click
the Connections menu, and then click Settings.
2. Click Don’t prompt to
use Dial-Up Networking.
You may also get problems with Internet Explorer
causing the dial-up (usually with SQL 7). In which case (for any OS)
-
1. In Control Panel, double-click Internet, and then click the
Connection tab.
2. In the Connection box, select Connect to the Internet
using a local area network.
3. Set a local page to be the IE default
page so it doesn't try and open www.microsoft.com (or whatever)
automatically.
The last problem only occurs with IE versions less than
5.0
Q. Error message : Failed to obtain TransactionDispenserInterface: XACT_E_TMNOTAVAILABLE.
A. This error message is put in the SQL errorlog at startup if the MSDTC service isn't running/configured. Unless you are using DTC this is perfectly normal.
More details on DTC can be found in the SQL Server Books Online. (BOL)
Q. Should I amend the SQL Server "Backup Buffer Size"?
A. Under most circumstances no, and even then you would need to test in your own environment to see whether it made any difference in your particular disk/tape subsystem. There are too many variables of disk speed, raid controller buffers, tape speed, tape blocksize etc. to say whether increasing this area of memory that SQL uses will make any difference.
Example figures are below taken from a large system doing a dump to 3 striped DLT 7000 drives from a very fast disk subsystem with 40 spindles and varying the "backup buffer size" parameter. The figures don't change that much, but in general lower numbers of buffers were better.
Q. What is SQLHDTST.EXE for SQL Server and where do I get it?
A. SQLHDTST.EXE is on your Technet CD and can also be downloaded from http://support.microsoft.com/download/support/mslfiles/SQLHDTST.EXE
This utility simulates SQL Server and stresses your disk and/or network connections. It should be run over an extended period (maybe a weekend) and will highlight any nasty intermittent hardware errors that may be causing corruptions, SQL hangs, crashes etc.
If it reports any errors then you have faulty hardware - which could be cpu, memory, disks, scsi controllers etc. If you can't track down the problem using hardware vendor tools then I would recommend swapping out the entire unit.
Q. How can I install the 32-bit SQL Server client for NT or Windows 9x?
A. Under 6.5 and earlier, run setup from the \I386 directory as if you
were installing the whole of SQL Server on the client. Then just check "Install
client utilities only" when asked. This will just install the client utilities,
net-libs etc.
For SQL 7.0 do the same thing - just choose client stuff
only. If you install from a "server" CD then Win9x and NT workstation clients
will only be able to install the client stuff anyway.
This includes all
the tools like SQL Enterprise Manager (which runs fine on Win9x).
If all
you want are odbc etc. type drivers and no utilities then the latest version of
these is in SQLREDIS.EXE which ships with SP1 for SQL 7.0. This can be run to
just install the necessary dll's etc. and no utilities.
Q. I am getting a message GetOverLappedResult() from a SQL Server query.
A. Two things may be happening - either SQL Server is internally gpf'ing/AV'ing (same thing) - you should see messages to this effect in the SQL errorlog. Or there is a net-lib bug with overlapped/fragmented packets.
For either problem you can try applying the latest SP to the server.
For net-lib bugs you will need to apply to the client as well. Also the version of ADO/ODBC can help cause the problem as well, so try upgrading. The latest versions of these drivers can be had via www.microsoft.com/data.
If you're getting access violation messages, then see the FAQ entry on access violations in the FAQ. If not read-on for net-lib problems.
If you are getting a problem with TDS packet fragmentation (TDS is SQL's application level protocol) then try a different net-lib - e.g. tcp-ip instead of named-pipes or vice-versa. If still no-go then you'll need to call MS PSS.
Even if a different net-lib fixed the problem, then please still report the problem to MS PSS. Unless MS get these bug reports then they can't fix them. (With a repro script an MVP will do it for you). Your call fee WILL be re-imbursed as all calls about bugs are free. (However, on the "normal" support-line the person answering the phone can't know it's a bug, so they'll need your credit card details anyway).
MS will need you to supply :-
With SQL 7 there is a new utility that will garner most of this information
for you automatically. It is called sqldiag -
C:\> sqldiag
-U<login> -P<password> -O<output filename>
A. Basically SQL Server is trying to wrote out "dirty" data to disk via the lazy writer thread that the CHECKPOINT process kicks off. It has been unable to find a free slot - which is basically a memory buffer. The number of slots is set via the sp_configure "max lazywrite io" parameter and dictates the number of concurrent i/o's that this process is allowed to have.
The reason why it couldn't find a slot is either :-
In any event the message is not usually a problem - SQL will wait until it can continue with the lazy write i/o's for as long as necessary.
(Under SQL 7 lazywrite io is dynamically tuned).
Q. I have a corrupt SQL Server table that I can't drop. What can I do?
A. DBCC checkdb and newalloc the database in question and look up any other error messages that occur - then you can see the extent of the problem.
The reason SQL won't let you drop a table in this situation is because the allocation pages/extent chain appears to be damaged or cross-linked in some way. So SQL Server thinks that there is actually data from other tables in pages/extents belonging to the problem object. If it let you drop the table it might remove data from another table by mistake.
Your choices are :-
Q. Why can't I BCP a Unix file into SQL Server? I get UNEXPECTED EOF messages.
A. This is because UNIX files use just a linefeed (LF, 0x0A) as a record terminator. NT used a carriage return plus linefeed (CR+LF, 0x0D0A). The BCP \N character resolves to CR+LF.
You have to reformat the file using a tool like AWK/SED/PERL to convert the reformat the 0x0D character to 0x0D0A
Q. What can't I do with SQL Enterprise Manager under Win9x?
A. Windows 9x does not support Windows NT service control APIs. Therefore you cannot start, stop or inquire on the status of the SQL Server service.
Apart from that everything should work, but many people have reported Win9x crashes when running SQL utilities - this is due to bugs in the network stack/drivers being used. Upgrading to the latest fixes for Win9x may help with this.
Q. I am getting a message "Protocol error in TDS Datastream" from a SQL Server query.
A. Three things may be happening :-
For all problems you can try applying the latest SP to the server. You should also search the knowledgebase at http://support.microsoft.com
For net-lib bugs you will need to apply to the client as well. Also the version of ADO/ODBC can help cause the problem as well, so try upgrading. The latest versions of these drivers can be downloaded from www.microsoft.com/data.
If you're getting access violation messages, then see the FAQ entry on access violations in the FAQ.
If it is being caused by a complex query, then try re-writing the query - breaking it up into smaller chunks. If this is not possible, see if the problem occurs when you run the query via ISQL/W instead of via the application.
If you are getting a problem with TDS packet fragmentation (TDS is SQL's application level protocol) then try a different net-lib - e.g. tcp-ip instead of named-pipes or vice-versa. If still no-go then you'll need to call MS PSS.
Even if a different net-lib fixed the problem, then please still report the problem to MS PSS. Unless MS get these bug reports then they can't fix them. (With a repro script an MVP will do it for you). Your call fee WILL be re-imbursed as all calls about bugs are free. (However, on the "normal" support-line the person answering the phone can't know it's a bug, so they'll need your credit card details anyway).
MS will need you to supply :-
With SQL 7 there is a new utility that will garner most of this information
for you automatically. It is called
sqldiag - sqldiag -U<login>
-P<password> -O<output filename>
Q. Why is SQL Server slower than Access/FoxPro/DBase etc.
A. Twofold :-
Q. Can I turn SQL Server logging off?
A. The short answer is no. It is an integral part of the SQL system and cannot be turned off.
Certain operations are "non-logged" like fast-BCP and select into. This means they do not log record updates. However they DO log extent allocations. They need to do this so that if the process is terminated unexpectedly (maybe the power goes out), SQL can recover the space. This greatly reduced logging can result in better performance - but as it makes the database non-recoverable from transaction-logs should be used with caution.
Q. What tools are available to debug stored-procedures under SQL Server?
A. By no means an exhaustive list - product/vendor/www where known.
Microsoft's Visual Basic and Visual C Enterprise Edition contain built-in stored-procedure debugging code.
Also
Q. Why do I get an error "Error: 702, Severity: 20, State: 1" running a SQL Server query?
A. The full error for this continues "Memory request for 2928 bytes exceeds the size of single page of 2044 bytes."
This is a SQL bug and cannot be fixed other than by rewriting the query in a different way - there is no way to expand SQL's page size.
Some reasons for this bug are already documented in http://support.microsoft.com/ - just search on 702 and SQL. If your problem does not match any of these and you have already applied the latest service pack then either post a reproduction script for an MVP to report for you or call the problem in to MS PSS yourself.
Q. What do the bufwait and writelog errors in SQL Server mean?
A. The following errors can occur :-
writelog: timeout, dbid 6, ...........
bufwait: timeout, BUF_IO .....
As long as SQL Server carries on, and no other errors are being reported, then there is nothing to worry about. They are merely showing that the disk subsystem is unable to keep up with the level of i/o that SQL Server is asking it to do. SQL just waits and retries these requests.
To up the amount of time that SQL waits before issuing this message and retrying amend the "resource timeout" parameter via sp_configure.
You MAY need to decrease your max async io or max lazywrite io if these errors are continuous. Or invest in a faster disk subsystem. Or spread your devices across more of your existing spindles.
See article Q167711 in the MS Knowledgebase/Technet for more info
Q. What do the bufwait and writelog errors in SQL Server mean?
A. The following errors can occur :-
writelog: timeout, dbid 6, ...........
bufwait: timeout, BUF_IO .....
As long as SQL Server carries on, and no other errors are being reported, then there is nothing to worry about. They are merely showing that the disk subsystem is unable to keep up with the level of i/o that SQL Server is asking it to do. SQL just waits and retries these requests.
You MAY need to decrease your max async io or max lazywrite io if these errors are continuous. Or invest in a faster disk subsystem. Or spread your devices across more of your existing spindles.
See article Q167711 in the MS Knowledgebase/Technet for more info
Q. What is a "SQL Server MVP" and how do I become one?
A. An MVP is a Microsoft Valued Professional. These are people
recognized by Microsoft as providing a "lot" of help on their internet
newsgroups for fellow users. You can't pass and exam or pay to become one. There
are MVP's that cover most of the Microsoft product and development range - SQL
Server is just one of many areas. MVP status is renewed yearly (or not as the
case may be).
MVP's are not paid by MS, and are, by and large, not MS
groupies or yes men/women. They do get some "freebies" but if you worked these
out as cash value to an hourly rate this is a few pennies/cents per
hour.
MVP's can report bugs/problems direct to MS for you, but can only
do so if the problem is reproducible.
The SQL Server MVP's (as of
1999.07.01) are (hopefully I haven't forgotten anyway) :-
Itzik
Ben-Gan
Kalen Delaney
Trevor Dwyer
Russel Fields
Roy
Harvey
Gianluca Hotz
Brian Moran
Bob Pfeiff
Neil Pike
Steve
Robinson
Tony Rogerson
Wayne Snyder
Ron Talmage
To become an MVP
you need to be "noticed" as being a regular, accurate.. blah blah.. contributor
to the newsgroups/forums over an extended period of time. There is no fixed
amount of postings, length of time etc. You can then be put forward to MS
(usually by one of the existing MVP's) as a nominee.
More info on the MVP
program can be found at :-
http://support.microsoft.com/support/supportnet/supportpartners/mvps/brochuregeneral.asp
Q. I'm getting an access denied or CreateFile message when connecting to SQL Server.
A. The message may be one of the following
---------
Msg No 10004 Severity 9 State 0
Unable to connect: SQL Server
is unavailable or does not exist. Access denied
Microsoft OLE DB Provider for ODBC Drivers error
'80004005'
[Microsoft][ODBC SQL Server
Driver][dbnmpntw]ConnectionOpen(CreateFile())
MSG 10004, Severity 9.( sqlserver not available). OS 1326
---------
This isn't a SQL issue, it's an NT one. If you are using a net-lib that
requires NT authentication - e.g. named-pipes or multiprotocol with 6.5 or below
and any net-lib with 7.0 - then you MUST be able to authenticate to the copy of
NT running SQL Server.
You can test whether you can do this by
doing a "NET VIEW \\servername" from a command prompt on the client. If you get
an access denied message, or get prompted for a password, then you aren't being
authenticated.
If this happens then you need to setup a trust between the
domains. Or, you could use a net-lib that does not need authentication - e.g.
tcp-ip sockets.
If you can't have a trust (and really this IS the best
method) then you can override the NT details by doing a "net use
\\<server>\ipc$ /user:<serverdomain>\<userid>
<password>" with an account that is in the domain. But this is a manual
process and prone to fail when the password changes.
Q. How can I automate the scripting of a database/objects in SQL Server?
A. You can do this using the SQL-DMO objects that SQL supports. These can be called via the SQL OLE interface. There is a help file for the SQL DMO objects included with SQL Server and there is an icon for it in your SQL group.
For an example of using the SQL OLE interface see Q152801 in the MS Kb. Alternatively you can code your own VB app to call the DMO routines yourself.
Q. Why is the date I get via select getdate() wrong in SQL Server?
A. The usual reason for this is an old bug that caused the date in SQL Server to wrap around after a month or so of continuous running. This was caused by the variable that the date was being held in overflowing.
The bugs were fixed in one of the 6.5 servicepacks - probably SP2. Apply the latest servicepack and it should be fixed.
Q. Where is the pointer to master stored in SQL Server? How can I move the master database?
A. It is kept in the SQLArg0 value in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\Parameters.
The value has a form like "-dD:\MSSQL\DATA\MASTER.DAT"
To move master just shutdown SQL Server, move the device using explorer/move, amend this registry parameter and then restart.
Q. Why do I see page faults/sec above 0 when I have a dedicated SQL Server machine?
A. This is because "page faults" are NOT the same as paging to disk. A page fault occurs every time SQL accesses a page in memory that is outside it's "working set". Due to the way that the SQL performance monitor counters work, this area of memory is held outside of the SQL working set, so access/updates to these counters actually CAUSE page faults.
However most page faults are still to areas that are still held in memory and so do not result in expensive/slow reads/writes to the pagefile on disk. There is some CPU overhead caused by the NT Virtual Memory Manager (VMM) becoming involved and context switches, but these don't affect performance unless you are getting hundreds/thousands of page faults/sec.
The counter you should monitor is pages/sec which is the actual i/o caused to the pagefile, and is what you should be worried about.
For more information on performance/monitoring issues there is no better reference than the NT Server Resource Kit that has a volume dedicated to these topics.
Q. How do I configure a connection to use tcp-ip sockets with SQL Server?
A. Run the SQL Client Configuration program on the client in question and follow these steps :-
That should do it
Q. How can I do a crosstab function using standard TSQL in SQL Server?
A. It's obviously easier to use a product that has this sort of functionality built-in - e.g. Excel, but it is possible to do it in standard SQL, though there the query has to be hard-coded to the number of columns/values required.
Take the following table
Product_Code Criteria_Code Value
------------ -------------
-----
100011
1
A
100011
2
B
100011
3
C
100011
4
D
100012
1
E
100012
2
B
100012
3
F
100012
4
D
Which you want to view as follows
Product_Code Criteria_1 Criteria_2 Criteria_3 Criteria_4
------------
---------- ---------- ---------- ----------
100011
A
B
C
D
100012
E
B
F
D
If you don't have a CASE statement (e.g. pre SQL 6.0) then use the following :-
SELECT
Product_Code,
Criteria_1=MAX(substring(Value, 1,
datalength(Value) * (1 -
abs(sign(Criteria_Code -
1))))),
Criteria_2=MAX(substring(Value, 1,
datalength(Value) * (1 -
abs(sign(Criteria_Code -
2))))),
Criteria_3=MAX(substring(Value, 1,
datalength(Value) * (1 -
abs(sign(Criteria_Code -
3))))),
Criteria_4=MAX(substring(Value, 1,
datalength(Value) * (1 -
abs(sign(Criteria_Code - 4)))))
FROM
<tbl>
GROUP BY Product_Code
If you do have the CASE statement available then use :-
SELECT
Product_Code,
Criteria_1=MAX(substring(Value, 1,
datalength(Value) * (CASE
Criteria_Code WHEN 1 THEN 1 ELSE 0
END))),
Criteria_2=MAX(substring(Value, 1,
datalength(Value) * (CASE
Criteria_Code WHEN 1 THEN 2 ELSE 0
END))),
Criteria_3=MAX(substring(Value, 1,
datalength(Value) * (CASE
Criteria_Code WHEN 1 THEN 3 ELSE 0
END))),
Criteria_4=MAX(substring(Value, 1,
datalength(Value) * (CASE
Criteria_Code WHEN 1 THEN 4 ELSE 0 END)))
FROM
<tbl>
GROUP BY Product_Code
Q. How can I run an external (non-SQL) program/dll etc. from within a TSQL SQL Server script?
A. There are a choice of ways :-
Q. What specification hardware do I need to run SQL Server for good performance?
A. (1) How long is a piece of string? (2) It depends.
These are the two most accurate answers that can be given, as complete information is needed on size of database, complexity, triggers, indices, DRI, number of users, transactions per minute, update ratio, row length, key sizes etc. before even a rough estimate can be provided. Plus hardware performance in terms of cpu power and disk performance is always increasing at phenomenal rates.
However, as some general pointers :-
Memory is the most important resource until you get to 95% cache-hit ratio. It then doesn't matter too much how much extra memory you add. Start with 128Mb ram (because ram is cheap), but make sure you have spare simm/dimm slots for expansion.
Next come disks and the disk subsystem - especially for updates. Battery-backed write-back cache is good - the more the better. The more raid controllers you have the better - not because they are generally a bottleneck, but because you can then have multiple sets of read and write-back cache assigned. Dedicating a controller just to the transaction log is good because this then gets some dedicated write-back cache.
Processors usually come last - SQL rarely gets processor bound except on the biggest systems, but if you have the money then get 2 or more. The most benefit comes from the 2nd with the law of diminishing returns kicks in after that. SQL scales well to 4 processors, and scales reasonably well to 8 (depending on the hardware implementation), but after that......... Remember that with 6.5 and below a single query will only ever use a single processor, whereas in SQL 7 it will parellise queries if it thinks that will make it run faster.
Don't forget network cards and network design. You won't get 500 concurrent users through a single 10Mbit Ethernet ISA card. If you have a significant workload in terms of users or large result sets then make sure you have multiple network cards - PCI bus master variety. Have the cards on different rings/segments if your users are devolved that way - otherwise attach the card(s) direct to a switch for full-duplex throughput and consider the use of either software or hardware card aggregation (like Raid for disks, but for cards). Some cards have this facility built-in to the hardware, but there are 3rd party software drivers that will make it work for any card.
Q. How can I stop a SQL Server process?
A. Do a select * from sysprocesses and identify the spid in question.
Then do a "KILL <spidno>"
This will mark the spid as "dead". Note
that it may take a while for the process to end as it has to rollback all the
updates that it has been doing. Also kill only marks the process as dead - the
process itself needs to check for this, and if it is stuck in a loop as the
result of a bug or whateverthen it won't terminate. Also certain processes like
dump and dbcc commands have significant code paths where the kill command is not
checked for and so these can take some time to terminate.
Also, if the
process is in an extended-stored procedure, or is waiting on network
traffic/remote stored-procedure it will not check whether it has been terminated
until these actions have been completed.
See Q171224 for more info -
including details on the waittype that can tell you what a process is waiting
on.
If the process won't die for one of the above reasons then your only
choice is to stop the sqlservr.exe process itself and re-start.
A. If you get the error "The ODBC catalog stored procedures installed on server xxx are version x.xx.xxx, version yy.yyy.yyyy or later is required to ensure proper operation." then this is caused when the ODBC client code is upgraded and the server stored procedures are not. You can usually find a file called "INSTCAT.SQL" in your <nt>\system32 directory. Or you can download the latest drivers including this file from www.microsoft.com/data - they are part of the MDAC "product" which includes all odbc/rdo/ado/ole-db etc. database access drivers.
Run the INSTCAT.SQL file against the relevant SQL Server(s) using ISQL/ISQLW or any other query tool.
Q. I've forgotten the sa password for SQL Server - what can I do?
A. The easiest way around this is to logon to the actual SQL Server NT machine itself as administrator. Then connect to SQL Server using any of the tools and specify "." as the server name and ask for a trusted connection. You should then has sa rights and be able to reset the password.
Otherwise you can try and find a dba's machine who already has the server registered to SQL EM with sa and use that copy of SQL EM to connect.
Q. Why does my SQL Server code sometimes respond slower than normal when I haven't changed anything?
A. This could be for a variety of reasons :-
Q. Should I apply SP5? Will it cause more problems than it fixes?
A. SP5 was released on 24th December 1998. It was re-issued as SP5a on
26th January to fix a problem with 603's on loading dumps. Make sure you apply
SP5a (build 416) and not SP5 (build 415). If you are already on SP5 (415) then
the only files you need to update are sqlservr.exe (and .dbg) and opends60.dll
(and .dbg).
SP5a has undergone more testing and beta releases than any
other service-pack because it offers Y2K compliance. However, it contains a LOT
of fixes and therefore new or regressed bugs are inevitable. Known regressions
are listed at the bottom of the article.
Due to the number of fixes it
has gone through a lot more build numbers than previous releases have - though
in this case about 50 of the builds should be ignored as MS jumped a load due to
internal source release issues. The fixlist is pointed to at the bottom of this
message.
For any new release/servicepack you are advised to apply and
test on test systems first, and if at all possible do a stress-test so that any
problems with blocking/locks are found before rolling out to a production
system.
All service-packs come with problems, however in most cases they
fix a lot more problems than they cause. 99% of bugs you may find in SP5a will
be present in the gold release and all previous service packs as well - they
simply aren't fixed in SP5a.
Should you apply it? As it gives Y2K
compliance then the answer is probably yes. But see the list of known
regressions below and also check the Microsoft Kb -
http://support.microsoft.com. Search on SQL AND KBBUG AND SP5. If you don't want
to apply SP5a because of one of these bugs then either wait for SP6 (date
unknown) or contact MS PSS about availability/stability of hot-fixes. (There are
FAQ articles on MSPSS and HOTFIXES)
SP5a is available via the downloads
option from http://support.microsoft.com. Also ftp direct
from
ftp://ftp.microsoft.com/bussys/sql/public/fixes/usa/SQL65/Sp5/
Service
Pack 5a - Known
Bugs/Regressions
----------------------------------------
These are
problems that occur in SP5a but do not occur in SP4 or below.
1. Error
4409 when selecting on a view. Hot-fix build 422 available.
create table
MyTable
(
X int NOT NULL,
ORDER_NUM numeric(15,4) NOT
NULL
)
go
create view MyView as
select t1.ORDER_NUM from MyTable
t1
union
select t1.ORDER_NUM from MyTable t1
go
select *
from
MyTable T1 INNER JOIN MyView T2 ON T1.ORDER_NUM = T2.ORDER_NUM
go
2.
605 errors in tempdb. Script below to repro. No fix at the moment.
create
view VIEW_CRASH_TEST as
select NUMBER = 1
UNION
select NUMBER =
CONVERT(numeric(19, 4), 0.0)
go
select NUMBER
from
VIEW_CRASH_TEST
where NUMBER <> 0.0
3. SP5(a) treats all columns
in an inserted row as updated for the purposes of checking in a trigger. See
Q216700
for more info. Fixed in hot-fix build 422.
4. You may get
access violations caused by high stress tempdb deadlocking and attention
signals. Errors 603 and 803 are symptomatic. It is fixed in build 437. See
Q231323 for more info.
5. Under certain conditions dynamic cursors may go
into an infinite loop with SP5a. Putting SP5 or below back on the machine
without changing the data fixes the problem. Fixed post SP5a - doesn't occur in
build 440 for example. Or make the cursor INSENSITIVE which fixes it.
6.
User doesn't have permission to call sp_b directly but calls it via sp_a. This
used to work fine, but with SP5a if a user calls sp_b directly and rightly fails
they then get access denied to sp_a on all subsequent calls. Fixed in build
446.
7. If you're using a 4mm DAT tape device you may experience errors
unless you have the 4mmdat.sys from NT 4.0 SP4 or above applied. SP5 makes a
call to a function in the driver that isn't there in earlier versions.
8.
When getdate() is used in a cursor with WHERE CURRENT OF you will get "Jan 1
1900" as a date. This is fixed in a post-SP5 build - it works ok on build
452.
Service Pack 5a - Possible
Issues
---------------------------------
These are issues that haven't
been confirmed :-
1. User Comment : "I upgraded from SP4 to SP5(a) over
the weekend and and am running into fatal blocking problems all over the place
in an app/database that's been running for years..."
Reply : MS have
applied several fixes in SP5(a) where table locks have been taken/kept where
they weren't needed. These have been removed which should improve
concurrency/throughput. However, on systems that don't use best practices to
reduce locking problems, the extra page level contention could cause extra
blocking/deadlocks.
2. Reports of index corruptions.
3. Incorrect
results from count(*) as opposed to select * in view with multiple
unions.
4. Stored procedures returning incorrect results in low memory
situations.
Microsoft SQL Server 6.5 Service Pack 5a
Fixlist
------------------------------------------------
See Q197174
for the official fix-list.
One that isn't documented in this release is
the fact that SP5 offers Win2000 compliance - previous versions of SQL Server
had problems with DUMP and LOAD DATABASE commands under NT5/Win2000
beta's.
Another is that ADO had problems resulting in "invalid token"
errors due to it's use of an undocumented browsetable command. This has now been
fixed.
Q. Do I really need 166Mhz Pentium processors to run SQL Server 7.0?
A. No. But you DO need a 100% PENTIUM compatible chip - which rules
out some Cyrix and IBM processors. The only way around this is for the chip
vendor to offer a micro-code upgrade. (Some non-Intel chips say they are
pentiums, but in fact only implement the 486 chip-set).
The following
quote is from Cyrix - "Recently an issue with SQL Server 7.0 has been discoverd
with the non-MMX Media GX and the 6x86 processors. A fix for this issue can be
obtained from Cyrix technical support at: tech_support@cyrix.com"
The
actual speed of the processor doesn't matter as long as it runs the full pentium
instruction set - it needs to support CMPXCHG8B (Compare and Exchange 8 bytes)
and RDTSC (Read Time-Stamp counter) instructions. Microsoft have made this a
requirement because it is the minimum spec machine that they have
developed/tested with - which is ok if you get most of your equipment
donated/loaned/replaced by hardware companies free of charge, but this isn't the
case with most businesses!
As long as the server previously ran SQL 6.5
(and is 100% PENTIUM compatible) you should find that it will run SQL 7.0 and
will offer significant performance improvements, so don't upgrade hardware for
the sake of it.
The following quote is from Microsoft Product Support
Services :-
"When using SQL Server v7.0, Microsoft recommends a processor
speed of 166Mhz or higher for server machines. Our extensive testing of the
product has been done on machines of this calibre and we believe customers will
get a better price performance with the product when used in this configuration.
Microsoft will support SQL Server v7.0 when run on server machines with slower
processors. However customers should recognise that if our findings are that
major problems can be eliminated by using faster processors we will continue to
recommend, and in some cases may require, compliance with
this
suggestion."
The reason for this caveat is that some of the
decisions the optimiser makes on a 166Mhz pentium may not make so much sense on
a 60Mhz pentium - i.e. the extra cpu time a 60Mhz part neeed may mean that a
non-optimal plan had been chosen.
Q. Does SQL Server run under Win2000/NT5?
A. SQL 7 works fine under Win2000. For SQL 6.5 you need to upgrade to SP5 otherwise DUMP and LOAD DATABASE commands will fail.
Q. How do I change the name of SQL Server?
A. If you change the NT name of a server and want to change SQL Server to match it then do :-
sp_dropserver <oldname>
go
sp_addserver <newname>,
local
In addition, if you use the IPX/SPX netlib for SQL Server connectivity you must also run the SQL Setup, choose the option to change the network support, and fix the server name in there too.
Q. Why has my tempdb in SQL Server filled up?
A. First make sure that you have actually expanded tempdb - as it
defaults to 2Mb on the master device only. Create new device(s) for it and
expand it onto these devices. Do NOT expand it on master.
How big is
tempdb? Remember that for joins/sorts SQL Server may need a significant amount
of space depending on the size of the input tables.
After that do a
"select type, name from tempdb..sysobjects" to see what is in tempdb - this
should give you clue(s) as to what is generating the objects in question and why
they are not being deleted.
A prime cause of this is ODBC which has the
option per DSN of generating temporary stored-procedures for all the queries per
user connection. Most of the time you are better off disabling this option which
you can do via the ODBC applet in the control panel.
Q. Mail messages are stuck in my outbox with SQL Mail.
A. If the messages don't get sent until you login as the user locally and open the inbox manually this is a mapi problem, not a SQL one - specifically with the mapi32.dll file. The one that comes with NT 4.0 as part of the base messaging system does not work properly with services. The updated mapi32.dll file from NT 4.0 SP3 is supposed to fix the problem. Other people have reported that replacing it with the mapi32.dll that comes with Outlook 97/98 or a recent Exchange client fixes the problem too.
A. Full error message is - "Msg 2503, Level 16, State 1 Table Corrupt: Page linkage is not consistent; check the following pages: current page#=xxx; page# pointing to this page=yyyy; previous page#=zzzz"
Make sure that is a "real" 2503 by running the dbcc in single-user mode as they can be spuriously reported if updates are occuring at the time of the dbcc.
At this point if you have a good backup and will not lose any data, then now is the time to use it. If you don't have a good backup then look at your backup procedures! To try and resolve the problem read on :-
Use DBCC PAGE (doc'd in the Books Online) to determine whether the page is a data or index page. If it is an index you are in luck and you may be able to drop and recreate the index.
If it is not an index page or this does not work then you will need to transfer all the data/objects into a new database. For the problem table(s) this may not work as the page chain is broken, so you will probably need to manually select out data in ranges based on keys above and below the broken point.
Once you have transferred all the objects across drop the old database and rename the new one.
If you don't want to transfer all the data across then you can just do the broken table. When this is done, rename the broken table by directly updating it's name in sysobjects. Then create a new table with the old name. Make sure no other errors are in the database first. Make sure you also re-create any views/stored-procedures that reference the table so that they start pointing to the new one.
If the above is not possible due to the size of the database or other reasons then your only alternative is to pay for Microsoft PSS support who may be able to patch the pointers in the tables/pages directly for you. However this sort of fix is not guaranteed and is done (if at all) on a best efforts basis totally at your risk.
Q. I am getting an error 2521 on my SQL Server - what can I do?
A. Full error is "Msg 2521, Level 16, State 1, Server xxx, Table Corrupt: Page is linked but not allocated; check the following pages and table: alloc page#=<xxx> extent id=6676856 logical page#=6676856 object id in extent=8 (object name=syslogs) index id in extent=0 Make sure that is a "real" 2521 by running the dbcc in single-user mode as they can be spuriously reported if updates are occuring at the time of the dbcc.
Make sure there are no other errors in the dbcc either.
At this point if you have a good backup and will not lose any data, then now is the time to use it. If you don't have a good backup then look at your backup procedures! To try and resolve the problem read on :-
Use DBCC PAGE (doc'd in the Books Online) to determine whether the page is a data or index page. If it is an index you are in luck and you may be able to drop and recreate the index.
If it is not an index page or this does not work then you will need to transfer all the data/objects into a new database. It must be a different database as otherwise the pages your table is using but aren't allocated may be allocated for the new table and cause more problems. If the transfer fails then manually select out data in ranges based on keys above and below the broken point.
Then drop the old table, recreate it and transfer the data back in.
If the above is not possible due to the size of the database or other reasons then your only alternative is to pay for Microsoft PSS support who may be able to patch the pointers in the tables/pages directly for you. However this sort of fix is not guaranteed and is done (if at all) on a best efforts basis totally at your risk.
Q. I am getting an error 605 on SQL Server - what can I do?
A. This problem is caused by a cross-link in the page chains of two or more tables, causing them to point to each other's data. Make sure that is a "real" 605 by running the dbcc in single-user mode as they can be spuriously reported if updates are occuring at the time of the dbcc.
At this point if you have a good backup and will not lose any data, then now is the time to use it. If you don't have a good backup then look at your backup procedures! To try and resolve the problem read on :-
Use DBCC PAGE (doc'd in the Books Online) to determine whether the page is a data or index page. If it is an index you are in luck and you may be able to drop and recreate the index.
If it is not an index page or this does not work then you will need to transfer all the data/objects into a new database. For the problem table(s) this may not work as the page chain is broken, so you will probably need to manually select out data in ranges based on keys above and below the broken point(s).
Once you have transferred all the objects across drop the old database and rename the new one.
If you don't want to transfer all the data across then you can just do the broken tables. When this is done, rename the broken tables by directly updating their name in sysobjects. Then create new tables with the old names. Make sure no other errors are in the database first. Make sure you also re-create any views/stored-procedures that reference the tables so that they start pointing to the new ones.
If the above is not possible due to the size of the database or other reasons then your only alternative is to pay for Microsoft PSS support who may be able to patch the pointers in the tables/pages directly for you. However this sort of fix is not guaranteed and is done (if at all) on a best efforts basis totally at your risk.
Q. I get an error #610 - Maximum number of databases that may be accessed by a transaction is x.
A. There is also a very similar error 925.
Assuming the query
doesn't really access more than <x> databases then this is a SQL bug
caused by a complex query that has confused the SQL parser/optimiser.
It
could also be that you're using more than 16 temporary tables - this message
isn't very meaningful in this case. Do a showplan and see whether this might be
the case.
Look for any known reasons for this bug at
http://support.microsoft.com - just search on 610/925 and SQL and kbbug. If your
problem does not match any of these and you have already applied the latest
service pack then either post a reproduction script for an MVP to report for you
or call the problem in to MS PSS yourself.
Q. I'm getting a "bad token" error message from SQL Server - what causes this?
A. The full errors for this problem are "Bad token from SQL Server" and "Datastream processing out of sync".
They are caused by the NO_BROWSETABLE undocumented option. As it is undocumented the error almost always occurs using ADO as it uses it without the programmer knowing about it.
It is caused when NO_BROWSETABLE is set and a SELECT operation includes one or more columns in an ORDER BY clause that are not in the SELECT list.
The problem is fixed in SP5 for SQL 6.5. It does not occur in SQL 7.0.
A script to show the problem from ISQL/W follows :-
SET NO_BROWSETABLE OFF
go
CREATE PROCEDURE my_sp AS
CREATE TABLE
#t(a int)
INSERT #t VALUES(3)
SELECT * FROM #t
go
EXEC my_sp -- Goes
OK.
go
SET NO_BROWSETABLE ON
go
EXEC my_sp -- Goes OK
too.
go
EXEC my_sp WITH RECOMPILE -- Now, you're dead.
go
Q. Why do I get slow or no connections to SQL Server using IPX from my Win3x and Win9x clients?
A. If the connections work fine from NT then this is because of a network feature called "direct hosting". To resolve the problem either use another protocol completely or turn off the feature. On the NT Server this can be done by disabling the NWLink IPX/SPX binding in Windows NT Server service. After this is done, enable NWLink with NetBIOS on the client computer.
Alternatively you can turn it off at the client end. For Windows 3x machines this can be done by editing the system.ini file and amending/adding the following entry.
[network]
DirectHost=off
For Windows 95 use regedit.exe to navigate to the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP
Add a string value named DirectHost and set the string value to 0 (zero). Also, ensure that NetBIOS support is enabled for NWLink, if NWLink is the only transport protocol loaded on the client computer running Windows 95.
Q. I'm getting the following error with SQL 7 regarding DTS inability to transform data.
A. In the very small-print on the license agreement it says you can't do distributed operations (dist. query, replication, DTS) between SQL Server Desktop and Standard/Enterprise version if the Standard/Enterprise version is installed in "per server" mode.
Switch the SQL Server to "per-seat" mode" via the licensing applet in control panel.
Q. With SQL Server should I get more processors or faster processors?
A. With SQL 6.5 and below a single query will only ever use a single processor, whereas in SQL 7 it will parellise queries if it thinks that will make it run faster.
Usually processor isn't the bottleneck on SQL systems - it is usually the disk subsystem. But as a rule of thumb if you have few users/processes then go for faster processors, and if you have lots of users then go for more processors.
Q. How can I get ISQL.EXE to return a DOS errorlevel for me to test?
A. Use the RAISERROR command with the following criteria :-
i.e.
isql -E -Q"RAISERROR ('set errorlevel 11',11,127)" -b if errorlevel 11 goto failed
Q. Does SQL Server have any built-in functions to work with julian dates?
A. No, you have to code your own sp. Here is some sample code - originally from Roy Harvey.
A. Both these net-libs do indeed run over tcp-ip, so there are three
reasons why ip sockets may work and named-pipes doesn't :-
1. Trusted
connection. Tcp-ip sockets net-lib with SQL 6.5 and below does not require NT
authentication whereas the other two do. For trusted connections you must be
connecting from an NT domain/userid that the SQL Server machine can authenticate
via it's domain controller - usually this means a trust is needed if different
NT domains are used for client and server.
To prove whether this works or
not you can do a NET VIEW \\servername from the client. If this returns "invalid
logon", "no domain controller exists" or "access denied" then the appropriate
trust/credentials are not in place.
2. Name resolution. You have probably
done a PING <servername> and it has returned ok. This is fine for tcp-ip
sockets as the name resolution methods are the same for PING as for sockets.
However, for named-pipes a different set of name-resolution methods is used (see
NT Resource Kit/Technet for full details). Try a NET VIEW \\servername from the
client to see if this connects ok - if it gets "error 53" then name resolution
is probably the problem.
3. Firewall sockets. Each of the net-libs use
different tcp-ip port numbers, so if there is a firewall involved maybe the
correct ports are not being opened :-
For tcp-ip sockets the default port
for SQL Server is 1433.
For multi-protocol (rpc) the ports are normally
variable, but you can fix them. See Q164667 in the MS knowledgebase for
details.
For named-pipes over ip 137/138/139 are used. As these are the
same ones used for file/print it is not recommended you allow these through the
firewall.
Q. Should I apply NT 4.0 SP4 to my SQL Server system?
A. NT Service Packs do not have any shared code that affects the SQL Server kernel, so application of NT service packs should be independent of SQL Server and should be applied based on the stability or otherwise of your NT system - plus it's exposure to security exploits, denial-of-service etc. And there are a LOT of these fixed in SP4.
Always check with your hardware vendor and any suppliers of 3rd party device drivers, systems management, virus checkers etc. that they support SP4 and application of the SP won't stop the server from booting! If you have some identical/similar hardware on less critical or test systems, then apply the SP to these first.
However, SQL Server does tend to stress the hardware/memory/pci bus/disk subsystem and could therefore expose a bug/compatibilty problem between the NT kernel and the hardware or 3rd party hardware device drivers. Therefore it is technically possible for it to expose a bug in an NT driver that doesn't otherwise show itself.
** The following errors have been reported by multiple people to MS since they applied SP4. MS are investigating. The errors indicate a problem between the NT supplied scsi drivers and the 3rd party supplied ones/raid drivers etc. **
Q. Are there any resources or tools to aid in an Oracle PL/SQL to SQL Server TSQL conversion.
A. A few :-
Q. What is a reproduction (repro) script that I need to produce for a SQL Server bug?
A. In order for Microsoft to resolve a bug they need to re-create it
on their systems. The best way to do this is to provide them with a repro
script. They don't have access to your database, so the script needs to be able
to show the problem when run on a brand-new install of SQL Server on a new
database.
Therefore it needs to contain all tables, user defined
data types, triggers, views etc. needed to show the problem. If it needs data
then keep this to a minimum - use INSERT INTO <tbl> VALUES (.....) type
statements if possible. If not a small (zipped) amount of BCP data is
ok.
If the script/data is reasonably short then post to one of the
newsgroups and one of MVP's can report it to MS for you.
If it isn't
short or a repro script is not practical due to the amount of information/data
needed then you will need to raise a bug with MS PSS directly. (See MSPSS faq
entry for details)
Q. Do SQL Service Packs have to be applied in order or can I just apply the latest one?
A. You can just apply the latest one.
Q. Is there an Access upsizing wizard to SQL Server 7.0?
A. No - one will probably be available with Access/Office 2000. Until then you will have to use the Access 97 to SQL 6.5 upsizing wizard to a SQL 6.5 system. And then upgrade the 6.5 system to 7.0.
A. The reason for this is that by default system objects are not viewable.
To fix this, right click on the server name in Enterprise Manager and select "Edit SQL Server Registration Properties". Check the box to "show system databases and objects"
Q. What versions of SQL 7 are there and what are the differences?
A. There are 6 versions/types of SQL 7, all built on the same
code-base, so they are all SQL 7, and the same servicepacks can be applied to
all of them.
1. Enterprise Edition. Only runs on NT EE. Supports > 4
processors. Supports 2 node symmetrical clustering. Supports > 2Gb memory.
Supports partitioned OLAP cubes - i.e. OLAP cubes running on multiple
servers.
2. Standard Edition. Only runs on NT Server or higher. Supports
up to 4 processors. Supports non-partitioned OLAP cubes. (This is the version
that comes with BackOffice 4.5)
3. Desktop Edition. Can run on any NT or
Windows 9x. Some feature and performance limitations - e.g. not all
optimisations (like parallelism), only single threaded recovery, not as much use
of async io (Windows 9x doesn't support at all), db's only opened when needed.
Performance has generally been throttled back to make it unsuitable for a
multiple client environment - if you try and use more than 5-6 concurrent users
you will find performance tapers off. N.B. You can't buy the desktop edition on
it's own. You have to buy the standard/enterprise edition - the installs for
which allow a desktop install to be done. The desktop version just needs a CAL
per copy as a license.
4. Small Business Edition (Part of SBS 4.5). Same
as Standard Edition except limited to 100 users and 10Gb per databases. This
version can be updated to the Standard Edition if needed.
5. MSDE. This
is a run-time engine, delivered as part of Office 2000, and can act as a back
end to Access 2000 instead of Jet - although Jet will still be supported. Has
some admin tools, though not the full SQL EM MMC environment. e.g. does not
include DTS design tools though you can run pre-developed DTS packages against
it. Footprint in disk space is 35Mb, working set is 6-7mb at startup, 2-5mb for
processing. Limited to 2Gb per database. MSDE is freely distributable as long as
the application you package it with was developed using a licensed copy of the
MS Office 2000 Developer Edition. Note MSDE is packaged as v1.0 but it's still
really SQL 7.0. Performance is similarly throttled back like with desktop
edition.
6. Developer Edition. This is the connection-limited version
that comes with Visual Studio/MSDN specifically for use as a development tool -
Visual Studio contains all the client SQL debugging tools as
well.
To detect which one you are running you need to parse the
output from "SELECT @@VERSION" - which will have in it strings as
below.
MSDE on ..............
Desktop Edition on
.................
Standard Edition on .................
Enterprise Edition
on ................
e.g. IF (CHARINDEX('MSDE', @@version) > 0 ) ....
<<< You have MSDE
Q. When SQL Executive starts I get the error id 109.
A. The full error is "This version of SQLExecutive requires SQL Server version 6.5 or later".
Usually this is because the NT account that the SQL Executive service is running under does not have permissions to read the HKLM\SOFTWARE\MICROSOFT\MSSQLSERVER registry key.
Q. What tools are available to stress/benchmark SQL Server?
A. There are a couple of unsupported "as-is" Microsoft products
:-
1. SQL Load Simulator. (MS supplied multi-threaded ODBC utility).
backoffice.microsoft.com/downtrial/moreinfo/sqldrk.asp
2. TPC-B. (MS
Supplied). ftp.microsoft.com/bussys/sql/unsup-ed/benchmarkkit/bench.zip
3.
SQLHDTST.EXE. Back Office Resource Kit. I/O utility simulating SQL 6.5.
4.
SQL 7 IO Stress. www.microsoft.com/sql. New utility just for stressing i/o
subsystems - SQL 7.0 style.
Also 3rd party programs :-
1.
Mercury. www.merc-int.com
2. Blue Curve. www.bluecurve.com
3. SQA
4.
Benchmark Factory. www.benchmarkfactory.com
Q. Why can't I stop/start SQL from SQL Enterprise Manager?
A. There are several reasons for this :-
Q. Should I use tempdb in ram?
A. The short answer is no. In almost all cases you are better off just letting SQL have the extra memory for caching.
Support for tempdb in ram has been removed in SQL 7.
As an alternative, there is nothing stopping you using an NT level ramdrive - several exist - and put tempdb on that.
Q. Does SQL 7 support tempdb in ram?
A. No, this support has been removed.
There is nothing stopping you using an NT level ramdrive - several exist - and put tempdb on that. However in almost all cases you are better off just letting SQL have the extra memory for caching.
Q. I am getting an error 4409 selecting on a view ever since I applied SP5 to SQL 6.5.
A. This is a bug introduced with SP5. You should contact MS PSS for a hot-fix - build 422 and greater contains this fix.
Q. I am getting an error 603 on database recovery in a SQL 6.0 system.
A. This happens only on SQL 6.0 SP3. There is no fix, but the workaround is :-
Q. Why do I get an error "SQL Server Assertion : File:<xxx.c> Line=yyy Failed Assertion='zzz'?
A. Typically this is because you are running a debug (checked) version of sqlservr.exe where the debug statements in the C code are left in place. These are normally only provided by MS PSS to help track down specific bugs.
If you get one of these errors then you need to raise it as a paid fault call with MS PSS via your normal support channel.
A. You can't. Without searching the entire file SQL has no way of knowing how much space each backup takes. To delete one part it would have to read the current backup file and write out all the un-expired dumps to a new file and then delete/rename. And only then could it write the new one to the end. All this would take far too long and too much disk space.
The expiry date is JUST there to prevent accidental overwrites and nothing else.
If you want to keep a rolling number of dumps then write them out with different names each day using the DISK=option of the dump command. Then have a regular task check these dumps and delete old ones.
Q. Should I set "boost priority" to 1 or "SMP" to -1 on SQL Server?
A. No (unless the following doesn't bother you).
Although these can offer a small performance improvement in lap/tpcc environments (which is why MS put them in the product), you run the risk of the SQL process hogging too much cpu time at the expense of NT/networking/drivers. If this happens your other SQL connections will hang or disconnect as NT won't be able to service the network packets needed to keep the sessions running.
If you do have an environment where all SQL code is known in advance, there are no ad-hoc queries, and no heavy queries, then you may get a small improvement by turning them on. But the risks aren't worth the gains in 99% of situations.
Q. What are all the dbcc commands for SQL Server?
A. All the documented ones are in the books online, or in publicly accessible knowledgebase articles. The rest are undocumented because they are either irrelevant to people outside MS, or their use is dangerous and is to be discouraged.
The undocumented dbcc commands vary from release to release and there are sure to be a lot more new ones in SQL 7.0 as well as ones that have been removed.
However as people always want to know, here is a predominantly Sybase based list that will mostly work with SQL 6.5 and below - however there are no guarantees. Which will work against SQL 7.0 is even more of a lottery.
Feel free to use any of these against a test system, but don't expect any help if you use any of them that are not documented officially elsewhere.
Q. How can I see how many objects are actually open in SQL Server?
A. On SQL 6.5 you can use the dbcc des command. This will list entries per open object.
dbcc traceon(3604)
go
dbcc des
go
Q. How can I get the hardware spec of a SQL Server remotely?
A. xp_msver will return most of the information you need.
Q. How can I tell what columns in my SQL Server database are identity columns?
A. The following scripts work on SQL 6.5.
To show all identity columns :-
select o.name, c.name from <dbname>..syscolumns c,
<dbname>..sysobjects o
where c.id=o.id and (c.status &
128)=128
To tell the identity seed : select ident_seed('<tblname>')
To tell the identity increment : select ident_incr('<tblname>')
Q. I get an errot trying to load a trace file into the SQL 7 Profiler/Index Tuning Wizard.
A. If the error is "Error analysing workload (60)" this means that it failed to find/load the file. Check that the filename is correct and you have permissions to read the file. There is also a bug in builds 623 (RTM) and earlier that the filename cannot have spaces in it.
Q. How do I install the SQL Server Internet Connector Software?
A. You don't. This isn't software, just a piece of paper licensing you to use SQL Server in this manner. Just up the number of SQL Server connections via sp_configure and licenses via control panel/licenses yourself.
Q. Can I use a Worm/MO/CD-Rom jukebox with SQL Server?
A. Yes and no.
1. SQL can only access "disks" - so first the jukebox must be made to look just like a disk or set of disks, complete with drive letters etc. There are a variety of products available to do this from Ascend, Kofax, OTG and Ixos to name a few. (I've mainly used Disk Extender from http://www.otgsoftware.com/).
2. SQL needs immediate access to the data and jukeboxes/software typically don't offer this - they normally cache files to a real disk first. This all takes time - seconds to minutes or more for large files. Having SQL's i/o engine backed up waiting for i/o from a very slow device (compared to disks) is a very bad idea.
I would recommend that instead of WORM/jukeboxes etc. you just buy another large raid unit with the largest disks you can find and create databases on this raid unit and then mark them as read-only with SQL Server.
A. Because you didn't expand the sp5 file with the /d option. It will then create the i386/mdac folder with the mdac exe file in it. When run from this sub-directory it will invoke the right setup program.
Q. How can I replace/change/delete characters in a SQL Server column?
A. SQL has a reasonably full set of string manipulation tools - all doc'd in the BOL. Some are detailed below.
Q. Does SQL Server support row numbers like Oracle does?
A. No - row numbering is contrary to relational sets (which is what rdbms's running SQL are all about). It is not an ANSI standard. MS have not implemented anything like it.
If you need to use row numbers you should look at your application and see if it is really appropriate to a SQL database.
A. You are using ODBC/OLE-DB or a higher level method based on these. These procedures are used to provide cursor functionality. They should not be directly called by your own TSQL.
A. Yes it does, but db-lib is functionally stabilised at the 6.5
level. Therefore if a db-lib client on whatever platform worked against a 6.5
database it should work against the same database migrated to SQL
7.0.
None of the SQL 7.0 features like unicode, character columns greater
than 255 characters etc. are in db-lib though. So if you utilise any SQL 7.0
features then these can only be accessed by ODBC 3.7 or OLE-DB
clients.
Similarly for 16-bit clients. These are supported, but only with
the 6.5 levels of ODBC/db-lib code. 16-bit ODBC cannot access new SQL 7.0
features either.
The 16-bit client code is not supplied with 7.0 -
you will have to get it from the 6.5 cd. This includes DOS drivers.
Q. Why do I get a 6.5 group in my SQL 7.0 MMC list of servers?
A. This is there for you to manage your 6.5 servers and for if you switch back to a co-resident copy of 6.5. If you have no more 6.5 servers and want to delete the entry then delete the following registry key :-
HKEY_CURRENT_USER\Software\Microsoft\MSSQLServer\SQLEW\Registered Servers\SQL 6.5
Q. Can I run SQL 6.5 and SQL 7.0 on the same machine?
A. You can have both installed at the same time and switch between them, but there is no way for both to be running at the same time.
Q. How can I check whether SQL 6.5 or SQl 7.0 is installed without connecting to SQL and logging on?
A. You could check :-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion
However, in the case of a clustered server it may not be there. In which case you could check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSSQLServer\Performance\Library
The value of this will either be sqlctr60.dll or sqlctr70.dll and the location won't change.
Q. I'm running a stored-proc from VB. Why does it return control before the SP has finished?
A. Either because the SP is returning multiple resultsets or it has been invoked asynchronously.
Put "set nocount on" at the start of the SP to stop counts of rows being returned - assuming you don't need them. Also check the call parameters you are making from db-lib/ODBC/ADO/etc. Make sure it is a synchronous call and not an asynchronous one.
Q. Can I install SQL on a Terminal Server machine?
A. Several points here :-
1. MS don't "recommend" it for
resource reasons. Same as "not" installing SQL on a PDC.
2. SQL 6.5 has
not been tested, but should work.
3. SQL 7.0 is supported on NTTE as long
as you install SP1 for SQL 7.
Q. How can I report a SQL Server bug to Microsoft?
A. There are several ways, but the >>ONLY<< way you can be sure of an engineer looking at it and providing you with a workaround/fix is to report it to Microsoft's PSS (Product Support Services) team. These are people who support all MS's products, write fixes, take the calls, sort out workarounds etc. They work 24x7x365. The only way to contact them to place an initial call is by phone (unless you have a premier support contract in which case there are web based methods). For details of your nearest PSS support centre go to.
http://support.microsoft.com/support/supportnet/default.asp
All calls are chargeable either to your credit card or an existing account. Your call fee WILL be re-imbursed if the problem turns out to be an MS bug, or a feature that hasn't been publicly documented. The person answering the phone cannot know it's a bug, so they have to take details of your credit card before passing you on to a technician. When the call is closed the technician decides whether to mark the call as "free" in which case you get a refund automatically.
If you don't want to pay for a call then you can use email/web response to ntbugs@microsoft.com or http://support.microsoft.com/. However you will almost certainly get no feedback so there is no way of knowing what has happened to your bug report.
Can't I report it to a Microsoft newsgroup? Yes, but Microsoft employees do not officially monitor these forums. It is possible that they will notice a bug report, they may even look into it - it's not even unheard of them to contact the user unbidden. However these are all the exception rather than the rule. The newsgroups are there for peer to peer support and are not an official bug reporting channel.
If you can provide a reproduction script on the newsgroups then one of the MVP's (we are NOT MS Employees!) can pass this to PSS for you. It has a much greater chance of being looked at that way, but it is not a guarantee. If you do post a repro script then there is a good chance that someone will be able to find you a work-around though.
Whatever method you use, in order for Microsoft to resolve a bug they need to re-create it on their systems. The best way to do this is to provide them with a repro script - this needs to show the problem when run on a brand-new install of SQL Server on a new database. Therefore it needs to contain all tables, user defined data types, triggers, views etc. needed to show the problem. If it needs data then try and keep this to a minimum.
Q. Why do I get the SQL Server error "Msg 8412 - Schemas differ" when doing a LOAD TABLE?
A. If both tables have been defined identically the most common reason for this is when the exact error is "Msg 8412, Level 16, State 3" - with the state of 3 being the give-away. This problem occurs if both of the following conditions are true:
This is usually caused by the tool being used to re-create the table setting a different default for the ANSI_PADDING value. See Q170639 for more info.
Q. Why do I get an error message when I try to run SQL 7 EM - "MMC - Snap-in failed to initialize"?
A. It could be that one or more dll's has not been registered. Try :-
C:\> regsvr32 <sqldir>\BINN\dtsui.dll
C:\>
regsvr32 <sqldir>\BINN\sqldmo.dll
C:\> regsvr32
<sqldir>\BINN\sqlns.dll
C:\> regsvr32
<sqldir>\BINN\sqllex.dll
Q. Why is the week number returned by SQL Server wrong?
A. For example,
select datepart(wk,'19990323')
returns 13 when it should be 12.
This is because SQL Server starts counting weeks from Jan 1. Week 1=Jan 1.
The ISO standard is that week 1 is the first week with 4 days in it.
MS have been asked to provide a new option to return the ISO week - which may turn up in a SQL 7 service pack.
Q. How can I un-install a SQL Server servicepack and go back to the original version?
A. Check the readme.txt that came with the sp. Some come with un-install instructions - in which case follow them.
If there are no instructions then just replace the updated .exe's and .dll's with the previous ones.
Q. How can I transfer database diagrams from one SQL 7 server to another?
A. Assuming you have identical databases and the dtproperties table exists on the target db then use :-
insert
into
<targetdb>..dtproperties
select
object_id,
value, lvalue,
version
from
<sourcedb>..dtproperties
Q. Why is SQL Server 7 slower than 6.5 at running some of my sp's?
A. Chances are this is due to the use of temporary tables in the SP
:-
In SQL 7.0, a stored proc will be recompiled whenever a table is
encountered that did not exist at the time the stored proc was created. So, if
you scatter the creation and use of temp tables throughout a stored proc, the
stored procedure will undergo multiple recompilations. However, if you place all
your temporary table creates at the beginning before any other TSQL then there
will only need to be one recompilation when the first temp table is referenced.
Make sure you create the relevant indices on the temp tables at the start as
well. The reason for this is to get better optimization for the later queries in
the SP. With 6.5 and below, the optimizer didn't know what indices were
available on the temp tables and so had to guess at the start of the sp. These
guesses would often lead to inappropriate access plans.
For more info on
the above see http://msdn.microsoft.com/library/techart/sqlqa.htm
There
is also a bug you may be running into. If the following conditions are true you
may be getting excessive re-compilations :-
sp is in master
db being
referenced is in 65 compatibility mode
concat_null_yield_null is being set
(usually because you are using ODBC)
Q. How can I modify the SQL 7 unattended install script?
A. Check out the following link for info http://technet.microsoft.com/cdonline/content/complete/boes/bo/SQL/Technote/sql7set
Q. Is there an Access upsizing wizard to SQL Server 7.0?
A. Yes, there is now one available at http://www.microsoft.com/AccessDev/ProdInfo/AUT97dat.htm
Q. Do I really need a 166Mhz Pentium processor to run SQL Server 7.0?
A. No. But you DO need a 100% Intel pentium compatible chip - which rules out some Cyrix and IBM processors. Microsoft have used an intel pentium instruction that some of these non-Intel processors do not support. There is NO way around this.
The actual speed of the processor doesn't matter as long as it runs the full pentium instruction set - it needs to support CMPXCHG8B (Compare and Exchange 8 bytes) and RDTSC (Read Time-Stamp counter) instructions. Microsoft have made this a requirement because it is the minimum spec machine that they have developed/tested with - which is ok if you get most of your equipment donated/loaned/replaced by hardware companies free of charge, but this isn't the case with most businesses!
As long as the server previously ran SQL 6.5 (and is 100% intel compatible) you should find that it will run SQL 7.0 and will offer significant performance improvements, so don't upgrade hardware for the sake of it.
The following quote is from Microsoft Product Support Services :-
"When using SQL Server v7.0, Microsoft recommends a processor speed of 166Mhz or higher for server machines. Our extensive testing of the product has been done on machines of this calibre and we believe customers will get a better price performance with the product when used in this configuration. Microsoft will support SQL Server v7.0 when run on server machines with slower processors. However customers should recognise that if our findings are that major problems can be eliminated by using faster processors we will continue to recommend, and in some cases may require, compliance with this suggestion."
The reason for this caveat is that some of the decisions the optimiser makes on a 166Mhz pentium may not make so much sense on a 60Mhz pentium - i.e. the extra cpu time a 60Mhz part neeed may mean that a non-optimal plan had been chosen.
Q. Do I really need a 166Mhz Pentium processor to run SQL Server 7.0?
A. No. But you DO need a 100% Intel pentium compatible chip - which rules out some Cyrix and IBM processors. Microsoft have used an intel pentium instruction that some of these non-Intel processors do not support. There is NO way around this.
The actual speed of the processor doesn't matter as long as it runs the full pentium instruction set - it needs to support CMPXCHG8B (Compare and Exchange 8 bytes) and RDTSC (Read Time-Stamp counter) instructions. Microsoft have made this a requirement because it is the minimum spec machine that they have developed/tested with - which is ok if you get most of your equipment donated/loaned/replaced by hardware companies free of charge, but this isn't the case with most businesses!
As long as the server previously ran SQL 6.5 (and is 100% intel compatible) you should find that it will run SQL 7.0 and will offer significant performance improvements, so don't upgrade hardware for the sake of it.
The following quote is from Microsoft Product Support Services :-
"When using SQL Server v7.0, Microsoft recommends a processor speed of 166Mhz or higher for server machines. Our extensive testing of the product has been done on machines of this calibre and we believe customers will get a better price performance with the product when used in this configuration. Microsoft will support SQL Server v7.0 when run on server machines with slower processors. However customers should recognise that if our findings are that major problems can be eliminated by using faster processors we will continue to recommend, and in some cases may require, compliance with this suggestion."
The reason for this caveat is that some of the decisions the optimiser makes on a 166Mhz pentium may not make so much sense on a 60Mhz pentium - i.e. the extra cpu time a 60Mhz part neeed may mean that a non-optimal plan had been chosen.
A. This is a known problem, i.e. bug. You have to rewrite
sp_processmail (courtesy of Wayne Snyder). MS haven't fixed it yet - maybe in
SP2....
The problem is actually with xp_sendmail which returns an error
(@set_user datatype is incorrect)..
MS changed the @set_user, and @dbuse
params in sp_processmail to sysname, and did *NOT* go back and change
xp_sendmail...
The temp fix is to change sp_processmail as
followscreate procedure sp__processmail --- 1996/06/19
17:30
@subject varchar(255)=NULL,
@filetype
varchar(3)='txt',
@separator varchar(3)='tab',
@set_user
varchar(30)='guest', --Change this back from sysname to varchar
@dbuse
varchar(30)='master' --Change this back from sysname to
varchar
as
........./* rest of procedure */
Q. How can I pad an integer value in SQL Server with zeroes?
A. By converting to a string and padding that way. e.g. an example from pubs to pad a value :-
select right(replicate('0',10)+ convert(varchar(10),ytd_sales),10) from titles
Q. Where can I get a JDBC driver for SQL Server?
A. MS don't supply one. You can get 3rd party ones. Places to try are
:-
1. WebLogic : http://weblogic.beasys.com. (type 2, 3 or 4. SQL 6.5 and
7.0)
2. http:\\www.inetsoftware.de
3. www.openlinksw.com
4.
http://beta.easysoft.com. JDBC/ODBC bridge (www.easysoft.com)
5.
http://ourworld.compuserve.com/homepages/Ken_North/jdbcvend.htm
6.
ftp://freetds.internetcds.com/pub/freetds_jdbc. Type 4 open-source driver that
is designed to work with SQLServer and Sybase
7.
Java.sum.com/products/jdbc
Q. Why is SQL Server better/worse than Oracle?
A. This is as much a "religious" debate as a technical one. Both
products are good (as are others such as DB/2, Informix, Sybase...). My advice
would be to stick with whatever you have the technical skills/experience with,
and don't change for the sake of it. SQL Server, Oracle and DB/2 will all be
around for a long time - and most of the other dbms's should be too.
But
for those who have to have a pro and con list, here is one to get you started
(though no doubt some/all of the points would be contested). It assumes SQL 7
and Oracle 8.
Pro's of SQL Server
-------------------
On
the *same* hardware running NT - SQL Server has the best tpcc numbers.
(www.tpc.org). Oracle has higher tpcc numbers but only on non-NT platforms - and
the cost per tpcc is higher.
Mobile/client version of product is exactly
the same as the server one (with Oracle it isn't)
SQL 7 is generally
accepted as easier to install, use and manage
SQL Server is cheaper to
buy than Oracle (though this is such a small part of lifetime support costs it
really shouldn't be a consideration)
Extra facilities "in the box" - e.g.
OLAP, English Query, DTS
Pro's of
Oracle
---------------
Scales higher than SQL 7 - whether your system
needs to scale that high is a question you need to ask yourself (if you need
ultimate performance you should be looking at DB/2 on a cluster of IBM 10-way
mainframes). SQL 7 should be fine for 1 Terabyte of data and 2500 users. (These
are conservative figures and are more to do with NT's scalability than
SQL's).
Clusters better than SQL
More powerful 3GL language than
SQL - PLSQL vs TSQL
Runs on non-NT platforms - e.g. Unix,
MVS.
Been around longer.
More fine-tuning to the config can be
done via start-up parameters.
Q. A query produces this error in SQL 7 'Internal Query Processor Error'.
The full error is "Internal Query Processor Error: The query processor could not produce a query plan."
This means that the query processor/optimiser is "confused". With SQL 6.5 these sorts of queries would typically produce access violations. In SQL 7.0 the problem is handled a bit better.
However, it is a bug. Sometimes queries will work ok on SMP systems but not on single-processor systems.
In order for Microsoft to resolve a bug they need to re-create it on their systems. The best way to do this is to provide them with a repro script - this needs to show the problem when run on a brand-new install of SQL Server on a new database. Therefore it needs to contain all tables, user defined data types, triggers, views etc. needed to show the problem. If it needs data then try and keep this to a minimum.
If the script/data is reasonably short then post to one of the newsgroups and one of MVP's can report it to MS for you.
Q. Any known issues with IE5 and SQL Server 7.0?
A. Yes. See below.
Microsoft SQL Server 7.0 running on a
Windows 95 or Windows 98 computer with
Microsoft Internet Explorer 5.0
installed.
Problem description:
Installation of Internet Explorer
version 5.0 on a SQL Server 7.0 Windows 95
or Windows 98 computer may cause
wizards and property sheets (tabbed
dialog boxes) that display an edit
control to generate exception errors.
Generally, this problem is reported on
the Windows 95 or 98 computer as a
general protection fault.
This problem
only affects the user of the client wizard tool. It has no
effect on the
server.
The problem is fixed in SQL 7 SP1 which is now available.
Q. How can I programmatically get the next free device number (vdevno) in SQL 6.5 and below?
A. CREATE PROCEDURE sp_ms_NextDeviceNumber AS
/*
RETURNS THE NEXT AVAILABLE SEQUENTIAL DEVICE NUMBER
Created by
Mike Schellenberger
*/
/* Get a list of used device numbers > 0 and put in a temporary table
*/
SELECT
dev_num=CONVERT(tinyint, SUBSTRING(CONVERT(binary(4),
d.low),v.low, 1))
INTO #TmpDevHoldTable
FROM master..sysdevices d,
master.dbo.spt_values v
WHERE v.type='E'
AND v.number=3
AND
convert(tinyint, substring(convert(binary(4), d.low),v.low, 1)) > 0
ORDER
BY dev_num
/* Now lets find the first available device from the temporary table */
SET ROWCOUNT 1 /* This gets only the first one available */
SELECT Next_Available_Device_#=t1.dev_num + 1
FROM #TmpDevHoldTable
t1
WHERE NOT EXISTS /* When current dev number + 1 does not exist
*/
(SELECT t2.dev_num /* we are here and have our 1 row */
FROM
#TmpDevHoldTable t2
WHERE t1.dev_num + 1=t2.dev_num)
SET ROWCOUNT 0
DROP TABLE #TmpDevHoldTable
GO
Q. How can I get random numbers from SQL Server? Using rand() I always get the same sequence.
A. This is because you need to start the rand function off with a random number. Use something like :-
SELECT RAND( (DATEPART(mm, GETDATE()) * 100000 )
+ (DATEPART(ss,
GETDATE()) * 1000 )
+ DATEPART(ms, GETDATE()) )
Q. What is the precedence of the SET commands, database options, session options etc. in SQL Server?
A. This information comes courtesy of Gert Drapers (MS).
Setting are defined on 3 levels:
Considerations When Using the SET Statements
Q. Why am I seeing entries in sysindexes (or sp_helpindex) for indexes I have not created?
A. sysindexes contains rows per object as follows :-
. Every
table has a row with an indid value of either 0 (heap) or 1 (if it has a
clustered index).
. Every nc index has a row with indid >
1.
. If text/image columns are used then these use
rows.
.(SQL 7 only). There are rows for keeping track of non-index
statistics on columns that SQL decides to capture statistics on even though
there is no physical index on the column. Their names are
_WA_Sys_<column>_<number>. These "indexes" cannot be dropped with a
drop index command. They are there for the SQL optimiser to best choose query
plans but if you want to drop them they can be with the drop statistics
command.
. (SQL 7 only). When the index tuning wizard runs it creates
"hypothetical" indexes with names like
hind_<type>_<column>_<number>. These are removed when you
create a "real" index on those columns using the script that the wizard produces
for you.
Q. I'm getting #deleted entries in resultsets from ODBC since installing SQL 7, why?
A. Several possibilities -
1. Could be a bug with
numeric/decimal fields that only occurs with ODBC driver 3.70.0623. Upgrade to
3.70.0690 which comes with SQL 7 SP1 and/or MDAC 2.1 SP2.
2. PSS ID
Number: Q128809
Article last modified on
01-06-1998
2.0
WINDOWS
======================================================================
---------------------------------------------------------------------
The
information in this article applies to:
- Microsoft Access version 2.0,
7.0,
97
---------------------------------------------------------------------
SYMPTOMS
========
When
you retrieve, insert, or update records in an attached ODBC table,
each field
in a record contains the "#Deleted" error message. When you
retrieve, insert,
or update records using code, you receive the error
message "Record is
deleted."
CAUSE
=====
The Microsoft Jet database engine is
designed around a keyset-driven model.
This means that data is retrieved,
inserted, and updated based on key
values (in the case of an attached ODBC
table, the unique index of a
table).
After Microsoft Access performs
an insert or an update of an attached ODBC
table, it uses a Where criteria to
select the record again to verify the
insert or update. The Where criteria is
based on the unique index.
Although numerous factors can cause the select not
to return any records,
most often the cause is that the key value Microsoft
Access has cached is
not the same as the actual key value on the ODBC table.
Other possible
causes are as follows:
- Having an update or insert
trigger on the table, modifying the key
value.
- Basing the unique
index on a float value.
- Using a fixed-length text field that may be
padded on the server with
the correct amount of spaces.
- Having an
attached ODBC table containing Null values in any of the
fields making up the
unique index.
These factors do not directly cause the "#Deleted" error
message. Instead,
they cause Microsoft Access to go to the next step in
maintaining the key
values, which is to select the record again, this time
with the criteria
based on all the other fields in the record. If this step
returns more than
one record, Microsoft Access returns the "#Deleted" message
because it does
not have a reliable key value to work with. If you close and
re-open the
table or choose Show All Records from the Records menu, the
"#Deleted"
errors are removed.
Microsoft Access uses a similar process
to retrieve records from an
attached ODBC table. First, it retrieves the key
values and then the rest
of the fields that match the key values. If
Microsoft Access is not able to
find that value again when it tries to find
the rest of the record, it
assumes that the record is
deleted.
RESOLUTION
==========
The following are some
strategies that you can use to avoid this behavior:
- Avoid entering
records that are exactly the same except for the unique
index.
- Avoid
an update that triggers updates of both the unique index and
another
field.
- Do not use a Float field as a unique index or as part of a
unique index
because of the inherent rounding problems of this data
type.
- Do all the updates and inserts by using SQL pass-through queries
so
that you know exactly what is sent to the ODBC data source.
-
Retrieve records with an SQL pass-through query. An SQL pass-through
query is
not updateable, and therefore does not cause "#Delete" errors.
- Avoid
storing Null values within any field making up the unique index of
your
attached ODBC table.
MORE INFORMATION
================
Steps to
Reproduce Behavior
---------------------------
1. Open the sample
database Northwind.mdb (or NWIND.MDB. in Microsoft
Access 2.0)
2. Use
the Upsizing Tools to upsize the Shippers table.
NOTE: This table
contains an AutoNumber field (or Counter field in
Microsoft Access 2.0) that
is translated on SQL Server by the Upsizing
Tools into a trigger that
emulates a counter.
3. Open the attached Shippers table and enter a new
record. Make sure
that the record you enter has the same data in the Company
Name field
as the previous record.
4. Press TAB to move to a new
record. Note that the "#Deleted" error fills
the record you
entered.
5. Close and re-open the table. Note that the record is
correct.
Q. How can I use SQL 7's HDQ facilities to get at NT domain or Exchange information?
A. This information is supposed to get ADSI working from SQL Server,
however your mileage may vary (please provide any feedback on
updating/correcting the information here).
In order to get an ADSI linked
server to SQL Server 7.0, you will need to
install the following
pre-requisites. ADSI 2.0 doesn't work with MDAC 2.1
(installed w/ SQL
Server 7.0)
For more information on the issues of ADSI 2.0 and MDAC
2.1,
see:
http://support.microsoft.com/support/kb/articles/q216/7/09.asp
You
will have to install ADSI 2.5 on the SQL
Server.
Requirements:
=============
1. You must install SQL
Server 7.0. For more information about SQL Server,
visit
http://www.microsoft.com/sql
2. You must install ADSI 2.5 Runtime
(http://www.microsoft.com/adsi)
-or-
(ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/fixes/usa/siteserver3
/
sp2/x86/adsi/ads.exe)
on the machine SQL Server is installed.
3. You must install Active
Directory, (http://www.microsoft.com/windows).
You can also
use
-or-
3. Exchange Server
(http://www.microsoft.com/exchange)
Step by Step
Instructions
======================
In to add a linked server, do the
following:
1. Run the Query Analyzer
2. Logon the the SQL
Server machine.
3. Execute the following
line.
/***********************************************************/
sp_addlinkedserver
'ADSI', 'Active Directory Services 2.5',
'ADSDSOObject',
'adsdatasource'
go
/***********************************************************/
This
tells SQL Server to associate word 'ADSI' with ADSI OLE DB provider
-
'ADSDSOObject'
Following is an example scenario of common
operations:
======================================================
/***********************************************************/
SELECT
* FROM
OpenQuery(
ADSI,'<LDAP://DC=Microsoft,DC=com>;(&(objectCategory=Person)(objectClass=use
r));name,
adspath;subtree')
/***********************************************************/
Note:
you should change the DC=.., DC=.. accordingly. This query asks for
all
users in the 'Microsoft.com' domain.
You may also use the ADSI SQL
Dialect, for
example:
/***********************************************************/
SELECT
* FROM OpenQuery( ADSI, 'SELECT name, adsPath
FROM
''LDAP://DC=Microsoft,DC=com'' WHERE objectCategory = ''Person''
AND
objectClass=
''user''')
/***********************************************************/
Creating,
Executing a View
==========================
You may create a view for
data obtained from Active Directory. Note that
only the view definition
is stored in SQL Server, not the actual result
set. Hence, you may get
a different result when you execute a view later.
To create a view, type
and
execute:
/***********************************************************/
CREATE
VIEW viewADUsers AS
SELECT * FROM
OpenQuery(
ADSI,'<LDAP://DC=Microsoft,DC=com>;(&(objectCategory=Person)(objectClass=use
r));name,
adspath;subtree')
/***********************************************************/
To
execute a view,
type
/***********************************************************/
SELECT
* from
viewADUsers
/***********************************************************/
Heteregenous
Join between SQL Server and Active Directory
Create a SQL table, a
employee performance review
table
/***********************************************************/
CREATE
TABLE EMP_REVIEW
(
userName varChar(40),
reviewDate datetime,
rating
decimal
)
/***********************************************************/
Insert
few
records
/***********************************************************/
INSERT
EMP_REVIEW VALUES('Administrator', '2/15/1998', 4.5 )
INSERT EMP_REVIEW
VALUES('Administrator', '7/15/1998', 4.0
)
/***********************************************************/
Note:
You can insert other user names.
Now join the
two
/***********************************************************/
SELECT
ADsPath, userName, ReviewDate, Rating
FROM EMP_REVIEW,
viewADUsers
WHERE userName =
Name
/***********************************************************/
Now,
you can even create another view for this
join,
/***********************************************************/
CREATE
VIEW reviewReport
SELECT ADsPath, userName, ReviewDate, Rating
FROM
EMP_REVIEW, viewADUsers
WHERE userName = Name
Advanced
Operations
/***********************************************************/
You
may log-on as different user when connecting to the Active
Directory.
To specify the alternate
credential.
Example:
/***********************************************************/
sp_addlinkedsrvlogin
ADSI, false,
'MICROSOFT\Administrator',
'CN=Administrator,CN=Users,DC=Microsoft,DC=com',
'passwordHere'
/***********************************************************/
This
line tells Distributed Query that if someone logs on in SQL Server
as
'Microsoft\Administrator', the Distributed Query will pass
the
'CN=Administrator,CN=Users, DC=Microsoft, DC=com' and
'passwordHere' to
ADSI as the credentials.
To stop connecting as
an alternate credential,
type:
/***********************************************************/
sp_droplinkedsrvlogin
ADSI,'MICROSOFT\Administrator'
/***********************************************************/
The
following links may also be
helpfull:
=========================================
http://msdn.microsoft.com/developer/news/feature/120197/Exchange/adsi.htm
http://msdn.microsoft.com/library/sdkdoc/adsi/ds2cli_9x9u.htm#_ds_formal_gra
mmar_for_the_sql_queries
http://msdn.microsoft.com/library/sdkdoc/adsi/ds2intro_0ckz.htm
Q. How can I tell if my code is ANSI-92 compliant?
A. The following is from the Books-Online. What isn't documented is
that you need to put quotes around any value other than off.
SET
FIPS_FLAGGER (T-SQL)
Specifies checking for compliance with the FIPS 127-2
standard, which is based
on the SQL-92 standard.
Syntax
SET
FIPS_FLAGGER level
Arguments
level
Is the level of compliance
against the FIPS 127-2 standard for which all
database operations are
checked. If a database operation conflicts with the
level of SQL-92
standards chosen, Microsoft® SQL Server™ generates a warning.
level
must be one of these values.
Value
Description
ENTRY Standards checking for SQL-92 entry-level
compliance
FULL Standards checking for SQL-92 full
compliance
INTERMEDIATE Standards checking for SQL-92
intermediate-level compliance
OFF No standards
checking
Remarks
The setting of SET FIPS_FLAGGER is set at parse
time and not at execute or run
time. Setting at parse time means that
if the SET statement is present in the
batch or stored procedure, it
takes effect, regardless of whether code
execution actually reaches
that point; and the SET statement takes effect
before any statements
are executed. For example, even if the SET statement is
in an IF...ELSE
statement block that is never reached during execution, the
SET
statement still takes effect because the IF...ELSE statement block
is parsed.
If SET FIPS_FLAGGER is set in a stored procedure, the value of
SET FIPS_FLAGGER
is restored after control is returned from the stored
procedure. Therefore, a
SET FIPS_FLAGGER statement specified in dynamic
SQL does not have any effect on
any statements following the dynamic
SQL statement.
Permissions
SET FIPS_FLAGGER permissions default
to all users
Q. How can I automate the scripting/transfer of a database/objects in SQL Server?
A. You can do this using the SQL-DMO objects that SQL supports. These
can be called via the SQL OLE interface. There is a help file for the SQL DMO
objects included with SQL Server and there is an icon for it in your SQL
group.
For an example of using the SQL OLE interface see Q152801 in the
MS Kb. Alternatively you can code your own VB app to call the DMO routines
yourself.
A. A small oversight on MS's part - which will be fixed in the next
major (not service-pack) release of SQL.
Under 6.5 you would do BACKUP
LOG <dbname> TO <device> WITH NO_TRUNCATE.
Under SQL 7 this
gets you an error
Server: Msg 3446, Level 16, State 1
Primary file not
available for database <xx>
This is because the metadata that tells
SQL where the files are for the database are in the primary file - in SQL 6.5
this info was held in system tables in master.
A workaround for this is
:-
1. Use only ONE file in the primary file group (the primary file), and
place this file on the same drive (mirrored) as your log files. This gives it
the same protection as the log.
2. Add another file group, with one or
more files for data - obviously this goes on different disks to the log. Mark
this second file group as the default (Alter database)
3. Then, when your
data file is lost , backup no_truncate will work because the primary file with
the metadata in (but no user data) is still available.
Q. What does the SQL Server error message "sort: bob write not complete after xx seconds." mean?
A. Bob is the Big Output Buffer. It is used for writing out
intermediate tables created during a sort. Because it is doing heavy sequential
writes it can stress the disk subsystem.
As long as SQL Server carries
on, and no other errors are being reported, then there is nothing to worry
about. They are merely showing that the disk subsystem is unable to keep up with
the level of i/o that SQL Server is asking it to do. SQL just waits and retries
these requests.
To up the amount of time that SQL waits before issuing
this message and retrying amend the "resource timeout" parameter via
sp_configure.
You MAY need to decrease your max async io or max lazywrite
io if these errors are continuous. Or invest in a faster disk subsystem. Or
spread your devices across more of your existing spindles.
Also make sure
that non-SQL processes are not causing disk contention.
Q. How can I run a DTS package from within SQL Server - e.g. a stored-procedure?
A. You can either :-
1. Run from xp_cmdshell "dtsrun
dtsfile"
or
2. Use sp_OA sp's. Example of this is below
(courtesy of Bill Hodghead)
if exists (select * from sysobjects where id
= object_id(N'[dbo].[sp_displayoaerrorinfo]') and OBJECTPROPERTY(id,
N'IsProcedure') = 1)
drop procedure
[dbo].[sp_displayoaerrorinfo]
GO
if exists (select * from sysobjects
where id = object_id(N'[dbo].[sp_displaypkgerrors]') and OBJECTPROPERTY(id,
N'IsProcedure') = 1)
drop procedure
[dbo].[sp_displaypkgerrors]
GO
if exists (select * from sysobjects
where id = object_id(N'[dbo].[sp_executepackage]') and OBJECTPROPERTY(id,
N'IsProcedure') = 1)
drop procedure
[dbo].[sp_executepackage]
GO
create proc
sp_displayoaerrorinfo
@object as int
as
Declare @hr
int
DECLARE @output varchar(255)
DECLARE @source varchar(255)
DECLARE
@description varchar(255)
PRINT 'OLE Automation Error
Information'
EXEC @hr = sp_OAGetErrorInfo @object, @source OUT,
@description OUT
IF @hr = 0
BEGIN
SELECT @output = ' Source: ' +
@source
PRINT @output
SELECT @output = ' Description: ' +
@description
PRINT @output
END
ELSE
BEGIN
PRINT '
sp_OAGetErrorInfo failed.'
RETURN
END
GO
create proc
sp_displaypkgerrors
@pkg as int
as
declare @numsteps
int
declare @steps int
declare @step int
declare @stepresult
int
declare @pkgresult int
declare @hr int
select @pkgresult =
0
EXEC @hr = sp_OAGetProperty @pkg, 'Steps', @steps OUTPUT
IF @hr
<> 0
BEGIN
print 'Unable to get steps'
EXEC sp_displayoaerrorinfo
@pkg --, @hr
RETURN
END
EXEC @hr = sp_OAGetProperty @steps,
'Count', @numsteps OUTPUT
IF @hr <> 0
BEGIN
print 'Unable to get
number of steps'
EXEC sp_displayoaerrorinfo @steps --,
@hr
RETURN
END
while @numsteps > 0
Begin
EXEC
@hr = sp_OAGetProperty @steps, 'Item', @step OUTPUT, @numsteps
IF @hr
<> 0
BEGIN
print 'Unable to get step'
EXEC sp_displayoaerrorinfo
@steps --, @hr
RETURN
END
EXEC @hr = sp_OAGetProperty @step,
'ExecutionResult', @stepresult OUTPUT
IF @hr <> 0
BEGIN
print
'Unable to get ExecutionResult'
EXEC sp_displayoaerrorinfo @step --,
@hr
RETURN
END
select @numsteps = @numsteps - 1
select
@pkgresult = @pkgresult + @stepresult
end
if @pkgresult >
0
print 'Package had ' + cast(@pkgresult as varchar) + ' failed
step(s)'
else
print 'Packge Succeeded'
GO
create
proc sp_executepackage
@packagename varchar(255), --package name, gets most
recent version
@userpwd varchar(255) = Null, --login pwd
@intsecurity bit
= 0, --use non-zero to indicate integrated security
@pkgPwd varchar(255) = ''
--package password
as
declare @hr int
declare @object
int
--create a package object
EXEC @hr = sp_OACreate
'DTS.Package', @object OUTPUT
if @hr <> 0
Begin
EXEC
sp_displayoaerrorinfo @object --, @hr
RETURN
end
--load the
package (ADD integrated security support)
declare @svr varchar(15)
declare
@login varchar(15)
select @login = SUSER_NAME()
select @svr =
HOST_NAME()
declare @flag int
select @flag = 0
if @intsecurity =
0
if @userpwd = Null
EXEC @hr = sp_OAMethod @object,
'LoadFromSqlServer',NULL, @ServerName=@svr, @ServerUserName=@login,
@PackageName=@packagename, @Flags=@flag, @PackagePassword = @pkgPwd
--
ServerName As String, [ServerUserName As String], [ServerPassword As String],
[Flags As DTSSQLServerStorageFlags = DTSSQLStgFlag_Default], [PackagePassword As
String], [PackageGuid As String], [PackageVersionGuid As String], [PackageName
As String], [pVarPersistStgOfHost])
else
EXEC @hr = sp_OAMethod @object,
'LoadFromSqlServer',NULL, @ServerName=@svr, @ServerUserName=@login,
@PackageName=@packagename, @Flags=@flag, @PackagePassword = @pkgPwd,
@ServerPassword = @userpwd
else
begin
select @flag = 256
EXEC @hr =
sp_OAMethod @object, 'LoadFromSqlServer',NULL, @ServerName=@svr,
@PackageName=@packagename, @Flags=@flag, @PackagePassword =
@pkgPwd
end
IF @hr <> 0
BEGIN
print 'LoadFromSQLServer
failed'
EXEC sp_displayoaerrorinfo @object --,
@hr
RETURN
END
--execute it
EXEC @hr = sp_OAMethod @object,
'Execute'
IF @hr <> 0
BEGIN
print 'Execute failed'
EXEC
sp_displayoaerrorinfo @object --, @hr
RETURN
END
--return the step
errors as a recordset
exec sp_displaypkgerrors @object
-- unitialize
the package
EXEC @hr = sp_OAMethod @object, 'UnInitialize'
IF @hr <>
0
BEGIN
print 'UnInitialize failed'
EXEC sp_displayoaerrorinfo @object
--, @hr
RETURN
END
-- release the package object
EXEC @hr =
sp_OADestroy @object
if @hr <> 0
Begin
EXEC sp_displayoaerrorinfo
@object --, @hr
RETURN
end
GO
Q. Where can I get Embedded SQL for SQL Server?
A. http://support.microsoft.com/download/support/mslfiles/ESQLC.EXE
Note
that this only supports SQL 6.5 and earlier. It will work against SQL 7.0 but
you won't have access to any SQL 7.0 only features - this is due to it using the
db-lib interface.
Q. How can I get file information using SQL Server?
A. Using the undocumented xp_getfiledetails procedure :-
create
table #info (
alt_name varchar(255) null,
size_in_bytes int
null,
creation_date int null,
creation_time int
null,
last_written_date int null,
last_written_time int
null,
last_accessed_date int null,
last_accessed_time int
null,
attributes int null
)
insert #info exec
master..xp_getfiledetails 'C:\Directory\File.nam'
Q. My SQL Server database has been marked "loading" - what can I do?
A. As long as it really isn't loading then you can drop the database with sp_dbremove.
Q. How can I connect to SQL Server from a Macintosh?
A. You can download a Visigenic ODBC version 2.1.2 driver for the Macintosh from www.snap.de (they produce a DAL/ODBC DBMS called PrimeBase). It appears that the MS provided driver with Office for the Mac no longer works with SQL 7.0. It works fine with SQL 6.5 and below.
Q. I am getting problems with ODBC apps since upgrading to SQL 6.5 SP5a or installing SQL 7.
A. MS introduced a lot of compatibility problems (especially with Jet)
with the versions of MDAC released with SQL 6.5 SP5a and SQL 7.0.
There
is a new GA release of MDAC 2.1 (contains ODBC) on www.microsoft.com/data. This should
resolve the problems.
Q. How do I configure multi-protocol net-lib to force encryption of packets in SQL Server?
A. To set up encryption for a specific user
1. Create an
account on the machine running SQL Server that matches the
account (same
username and password) on the client machine.
2. Turn on encryption for the
Multi-Protocol netlib. This can be done for a
specific client or through the
server for all clients. For more information,
see "Configuring Clients" in
the Microsoft SQL Server Administrator's
Companion.
To set up
encryption for all users
On the machine running SQL Server
1. In the
Administrative Tools program group, in the User Manager utility,
from the
User menu choose New User.
The New User dialog box appears.
2. In the
dialog box, establish a user account with username as token1 and
as password
token2.
3. Enable the multiprotocol encryption option by following
instructions
described in "Configuring Clients" in the Microsoft SQL
Server
Administrator's Companion.
4. Start SQL Server.
On the
machine running the client application
1. In the Microsoft SQL Server 6.5
program group, double-click the SQL
Client Configuration Utility.
The SQL
Server Client Configuration Utility dialog box appears.
2. Click the Advanced
tab.
3. For the machine on which you set up the user account, specify a
logical
name in the Server box for SQL Server.
4. In the DLL Name list
box, select Multi-Protocol.
5. In the Connection String box, type the
following:
ncacn_ip_tcp: servername, token1,
token2
where
servername
Specifies the DNS name for the server
machine.
token1
Specifies the username of the user account on the server
machine.
token2
Specifies the password for the user account on the server
machine.
The username and password will be used by the client to establish
an
encrypted connection to SQL Server. Note that this user account is a
valid
Windows NT account and must be subject to Standard Security.
The
user account established on the server machine is not a SQL Server
account.
The client application must specify a valid SQL Server username and
password
to successfully connect to SQL Server.
If the connection is unsuccessful
because of an invalid username or
password, the Multi-Protocol netlib will
return error 5 (access denied).
You can also force using the Multi
Protocol Net Lib from the client by
putting a network=dbmsrpcn; in your
connect string.
Q. How can I ORDER BY different fields based on a variable in SQL Server?
A. There are two ways :-
1. Build up the whole select statement
including the order by into a string and then use the EXEC (@str) command where
@str contains the SQL to be run.
2. If all the fields are of the same
datatype then you can use the CASE statement.
declare @var int
select
@var=1
select * from tbl
order by CASE
WHEN @var=1 THEN field1
WHEN
@var=2 THEN field2
WHEN @var=3 THEN field3
ELSE field4
END
Q. Can I upgrade SQL 4.x to 7.0 directly?
A. No :-
1. Upgrade to NT 3.51 if you're not already at that
level.
2. Upgrade to SQL 6.5
3. Install 6.5 Service pack 3 or above
4.
Upgrade to NT 4.0
5. Install NT 4.0 service pack 4 or above
6. Install IE
4.0 SP1 or above
7. Upgrade to SQL 7
8. Install SQL 7 Service Pack
1
Easy, if a little manual.
A. You can do it with DMO. Here is some sample code supplied bt Gert
Drapers.
Option Explicit
Dim mSQLServer As SQLDMO.SQLServer
Dim
WithEvents mBackupEvents As SQLDMO.Backup
Private Sub
cmdBackupWithEvents_Click()
Dim mDatabase As SQLDMO.Database
Dim mBackup
As New SQLDMO.Backup
Set mBackupEvents = mBackup
For Each mDatabase In
mSQLServer.Databases
If (mDatabase.Name <> "model" And mDatabase.Name
<> "tempdb") Then
mBackup.Database = mDatabase.Name
mBackup.Files =
"c:\dump\" & mDatabase.Name & Format(Date,
"yyyy-mm-dd") &
".bak"
mBackup.SQLBackup mSQLServer
End If
Next
Set
mBackupEvents = Nothing
Set mBackup = Nothing
End Sub
Private
Sub cmdConnect_Click()
Set mSQLServer = New SQLDMO.SQLServer
Call
mSQLServer.Connect("(local)", "sa", "")
Msg "Connected " & Now()
End
Sub
Private Sub cmdDisconnect_Click()
If (Not mSQLServer Is Nothing)
Then
mSQLServer.DisConnect
Set mSQLServer = Nothing
End If
Msg
"Disconnected " & Now()
End Sub
Private Sub
mBackupEvents_Complete(ByVal Message As String)
txtOut = txtOut & Message
& vbCrLf
End Sub
Private Sub mBackupEvents_NextMedia(ByVal Message
As String)
txtOut = txtOut & Message & vbCrLf
End
Sub
Private Sub mBackupEvents_PercentComplete(ByVal Message As String,
ByVal
Percent As Long)
txtOut = txtOut & Message & "Percent "
& Percent & vbCrLf
End Sub
Q. Where does the list of SQL Server's come from in registration/dialog boxes?
A. When SQL Server starts up it "registers" itself with the network
via xp_sqlregister when it starts up. The list of workstations/servers/etc is
held in a browser list which is normally maintained by the domain
controllers.
A client needing a list of resources - in this case SQL
Servers - issues NetEnumXXXX commands to get the list back - this is provided by
whichever server running as a browser master has the info. For more details on
browsing see the NT resource kits.
Some restrictions :-
1. The
client side Win32 named pipe Net-Library (DBNMPNTW.DLL) does
not
support server enumeration on Windows 9x-based computers. This
means you won't see a list from a Win9x client.
2. There is no support
for server enumeration with the Multi-Protocol
Net-Library. Any server
just running multi-protocol will not be visible.
Q. Can I add comments to SQL Server's schema like I can with Access?
A. No - SQL Server as of v7.0 and below does not support this. You can, of course, store comments in a user table if you wish. If this table were created in the model database then it would be created automatically for all new databases.
Q. How can I pass an array of values to a SQL Server stored-procedure?
A. Basically you can't - SQL Server has no array type - ANSI SQL 92
does not specify array support. But there are various ways around it.
1.
You could simulate an array by passing one or more varchar(255) fields with
comma-separated values and then use a WHILE loop with PATINDEX and SUBSTR to
extract the values.
2. The more usual way to do this would be to populate
a temporary table with the values you need and then use the contents of that
table from within the stored-procedure. Example of this below
create
procedure mytest @MyParmTempTable varchar(30)
as
begin
--
@MyParmTempTable contains my parameter list...
-- For simplicity use
dynamic sql to copy into a normal temp table...
create table
#MyInternalList (
list_item varchar( 2 ) not null
)
set nocount
on
insert #MyInternalList
exec ( "select * from " + @MyParmTempTable
)
set nocount off
-- It is now easier to join..
select
*
from sysobjects
where type in ( select list_item from #MyInternalList
)
end
go
To call..
create table #MyList (
list_item
varchar( 2 ) not null
)
insert #MyList values ( 'S' )
insert #MyList
values ( 'U' )
insert #MyList values ( 'P' )
exec mytest
"#MyList"
3. If all you wanted to do was use the array/list as input to
an IN clause in a WHERE statement you could use :-
REATE PROCEDURE
sp_MyProcedure (@MyCommaDelimitedString
Varchar(255))
AS
BEGIN
EXEC
('SELECT * FROM MYTABLE WHERE MYFIELD IN (' + @MyCommaDelimitedString +
')')
END
GO
Q. How does SQL Server clear up orphaned connections?
A. It doesn't. It never terminates a connection unless it is told to
by a user, a KILL command is issued, or the operating system tells it that the
network connection it is using has been disconnected.
How long the
operating system takes to kill a network connection, or whether it is done at
all, depends on the net-lib and network protocol used. For parameters on
keep-alive frames and session time-outs for the relevant network protocol the
best guide is the NT Server resource kit, which describes how NT's various
network layers work. See Q137983
for some details pertinent to SQL
Server.
Typically, named-pipe connections over netbeui will be timed out
quite quickly, followed by named-pipes over IP. If you're using tcp-ip sockets
then these sessions aren't timed-out at all by default.
Q. How do I configure the debugger in Visual Studio to work with SQL 7?
A. Check out http://msdn.microsoft.com/library/techart/msdn_storedproceduredebugtech.htm.
Q. How can I connect from Delphi to SQL 7?
A. You need to at least be on BDE 5.01. This knows about SQL 7.0
systems tables etc. However it is still db-lib based and therefore does not
support Unicode, Varchars greater than 255 bytes and any other SQL 7.0 only
feature.
Inprise (Borland) will be bringing out an ADO alternative in the
future - check their website for details.
Download of current BDE: http://www.borland.com/devsupport/bde/
BDE
info: http://www.borland.com/bde/
BDE
Q&A: http://www.borland.com/devsupport/bde/qanda/
Delphi
info: http://www.borland.com/delphi/
SQLLinks
info: http://www.borland.com/sqllinks/
For
a non-Inprise solutions check out http://www.kylecordes.com/bag/index.html
A. This is because you have it installed on an evaluation copy of NT - SQL Server also checks the licensed state of the operating system. You will need to re-install NT.
Q. Why do I get a "variable is not declared" inside my EXEC statement?
A. This is because a variable is local to a batch of SQL - normally
batches are split up with GO statements. However an EXEC is a separate batch and
so it cannot see any local variables already created.
You must put the
variable declarations you need inside the EXEC statement.
Q. What is the equivalent of the IIF command in SQL Server?
A. In MS Access you would use :-
Select
iif(field>10,"large", "small") as Size from Table
With SQL Server, use
the CASE command
SELECT Size =
CASE field
WHEN field > 10 THEN "large"
ELSE "small"
from Table
Q. What does the red zig-zag line next to a server name in SQL Enterprise Manager mean?
A. It just means that you are connected to the SQL Server on that machine.
Q. Why do I get the error 'An unknown full-text failure (80004005)'?
A. The NT account that the MSSQLSERVER service runs under needs admin privileges on the server in order to access to the registry to create full-text catalogs. Make the account a member of local administrators and it should work fine.
Q. Why does the tcp-ip net-lib not appear as an option in SQL Setup?
A. Two possible reasons :-
Q. How much longer will MS support SQL 6.5 for?
A. As a rule of thumb :-
MS provide support for at least the
current and previous version of a product (service-packs don't count). So with
6.5 and 7.0 out MS will support 6.5 until the next version of SQL comes out.
Whether this new version is called SQL 7.1, 7.5, 8.0, 2000 etc. is up to the
marketeers and is irrelevant for this discussion. Until this time MS will be
actively fixing the code and issuing servicepacks and hotfixes.
After
that MS continue to provide support for as long as they feel the customer base
warrants it. This is weighed up against the fact that MS support doesn't make
the company any money and they do want to encourage users to upgrade (because
that does make them money). For 6.5 I would expect this to be a fairly long
period given the installed-base of 6.5. During this time the likelihood of
servicepacks decreases but for major problems or major customers you will at
least get hot-fixes written.
Once this period finishes MS finishes
"active" support. The source-code is still available but no more fixes are
written. MS will still take a support call and help out with a problem - be it
performance, corruption etc. They will help you fix the problem or provide
workarounds, but they will not write fixes. If a bug is found they will test it
against the latest version code and fix it in that if necessary, but your only
option to get the fix would be to upgrade.
Q. How can I tell whether a table is a system (Microsoft) table in SQL 7?
A. select * from sysobjects where objectproperty(id, 'IsMSShipped') = 1
Q. Where can I get SQL 7.0 SP1?
A. SQL 7 SP1 is now released and available at :-
ftp://ftp.microsoft.com/bussys/sql/public/fixes/usa/SQL70/Sp1
A. First check that you haven't given locks a fixed number rather than
letting it automatically expand (the default) - check sp_configure.
If
dynamic allocation is set, then this does work - it does dynamically allocate
them as long as there is ENOUGH MEMORY to allocate them from. The error should
really say that SQL has no more memory to allocate the locks from.
If you
have artificially limited the amount of memory SQL Server can get then consider
putting it back to an unlimited maximum and let it handle it itself. If it is
already automatic then you will need to reduce the memory requirements of the
queries/workload concerned or add more memory to the server.
Q. How do I configure the client query time-out for SQL Server?
A. If you are using a utility then this is normally under file/options
or tool/options from the menu. Set it to the value you require - 0 means
infinite (no) timeout.
If you want to do it in C/VB code then this
depends on the data access method. Look in the BOL for more details, but with
raw ODBC you would use :-
etcode = SQLSetConnectAttr(m_hdbc,
SQL_ATTR_CONNECTION_TIMEOUT,
(SQLPOINTER)dwSeconds, SQL_IS_UINTEGER);
Q. How can I migrate from Access to SQL Server?
A. To start with use the free Access upsizing wizard on MS's website.
It works from Access 97 to SQL 6.5 or 7.0.
http://www.microsoft.com/AccessDev/ProdInfo/AUT97dat.htm
There
are also some 3rd party-products :-
www.missioncriticalsw.com
A. This message can safely be ignored. It just says that the SQL lazy
writer has found a page in an inappropriate state - this can happen, typically
on SMP machines. It doesn't indicate there is a problem.
The message is
suppressed in later versions of SQL Server.
Q. Can I replicate/connect/whatever to SQL Server over the Internet?
A. The Internet is nothing more or less than a large tcp-ip wan
(wide-area network). And a wide-area network works the same as a lan (local-area
network) just slower. So yes, anything you can do with SQL Server on the network
in your office you can do over the internet, assuming you HAVE CONNECTIVITY to
the internet. All issues are networking related not SQL related. The servers at
either end must be able to connect to the internet either directly or via RAS.
In the case of RAS you can use RASDIAL.EXE to automate connections as
necessary.
Issues are :-
1. Internet is tcp-ip only, so you must
run tcp-ip on your clients and the server(s)
2. Physical connectivity. Do you
have a routed/dial-up connection to the internet? Are these routes being passed
transparently into your internal network? You need to be able to PING <remote
ip address> and PING <remote servername> from your local server and
vice-versa.
3. Security. You should really use a firewall for any internet
connection. Is this configured to allow your SQL traffic through? See
firewall.txt in the FAQ for more info.
4. Name-resolution. You can either
address the server(s) by IP address directly, or you will need to enter them
into your local hosts file or DNS/WINS server.
Q. How can I get ISQL.EXE to return a DOS errorlevel for me to test?
A. Use the RAISERROR command with the following criteria :-
1.
Run ISQL with the -b option
2. Set the message severity to greater than
10
3. Set the message state to 127
i.e.
isql -E -Q"RAISERROR
('set errorlevel 11',11,127)" -b
if errorlevel 11 goto failed
Note
that also you need to be running the SQL 6.5 SP5a version of ISQL.EXE. MS broke
the returning of error information under certain circumstances and didn't make
the fix public until this release.
Q. What programming languages can I write an extended stored-procedure in?
A. The official MS answer is that you can only write them in C.
Certainly VB doesn't work.
Also Delphi 4 and 5 will work.
Q. Does SQL Server 7.0 support XML?
A. No, the next major release (not servicepack) of SQL Server should have XML support.
A. Microsoft don't publish any information on the TDS protocol
unfortunately, so your choices are :-
1. Network trace and parse/reverse
engineer the packets yourself. To help with this the Network Monitor 2.0 tool
that comes with SMS 2.0 has a TDS parser with it, so this formats packets in the
trace for you.
2. Several people have done such reverse engineering for
the portions of TDS they needed and have reported it's not that difficult. Once
such is the FreeTDS project that is reverse engineering the TDS specification
and is currently implementing CTLIB, DBLIB, and JDBC interfaces for TDS. ODBC
and Perl DBD drivers are planned. The FreeTDS JDBC driver is a type 4 driver and
should work on any JVM. The CTLIB and DBLIB interfaces are known to compile
under AIX, Linux, and FreeBSD without any problems. More info from http://sunsite.unc.edu/freetds/. The
mailing list archive can be viewed at http://franklin.oit.unc.edu/cgi-bin/lyris.pl?enter=freetds.
Source-code can be downloaded from ftp://freetds.internetcds.com/pub/freetds_dbd/
Q. Why can't I use a GO in a stored-procedure?
A. GO is not a T-SQL command. It is a batch delimiter but it is parsed
and processed by the front end query tool - e.g. ISQL, OSQL, ISQL/W
etc.
When the front-end sees a go it sends the previous batch of SQL to
SQL Server for processing. SQL Server never sees the go command and wouldn't
understand it if it did.
Q. Can SQL Server backup to a tape unit on another server?
A. No - SQL doesn't support remote tapes. It can only enumerate and
use devices that are local as far as NT is concerned (if an NT level driver was
able to make a remote tape look local then SQL would use it).
Some 3rd
party backup tools that work with SQL Server agents offer this sort of
functionality.
Examples are :-
Q. How can I restore a single table in SQL 7?
A. You can't directly - LOAD TABLE is no longer supported. You will
have to restore the database dump to a different server/database and then
extract out the table in question using DTS/BCP.
You CAN restore a single
file with SQL 7 though so if you place a table in a file on it's own then you'll
be able to restore it. For SAP systems with 1000's of tables the admin of having
separate files would be a nightmare though!
Q. How can I calculate someone's age in SQL Server?
A.
select CASE
WHEN dateadd(year, datediff (year, d1, d2), d1) >
d2
THEN datediff (year, d1, d2) - 1
ELSE datediff (year, d1, d2)
END as
Age
Q. Where can I get the ANSI92 SQL information from.
A. This is information is only available from ANSI themselves and
as far as I know is only available on paper (to discourage piracy). They charge
for the information - they have to have some form of income stream after
all.
More information can be had from their web-site
www.ansi.org
Or try
http://www.cssinfo.com/cgi-bin/detail?product_id=40071
Or you can
get an overview for FIPS from
http://www.itl.nist.gov/fipspubs/fip127-2.htm
Q. Why do I get arithmetic overflows and 'string truncated' errors with SQL 7? I didn't with 6.5.
A. Look up the SET ANSI_WARNINGS ON/OFF command/option in the
Books Online. To meet ANSI standards the default for this is on.
When it
is on any numeric summarisation function with a NULL will get an error. Also
trying to fit 23 characters in a 20 byte field will get the error.
Either
fix the code concerned (the best option) or turn the warnings off.
Q. Why do I get an "UNEXPECTED EOF" message in BCP?
A. Basically because the file layout does not match that which
you've told BCP.
Use a hex-editor to open the file and check the layout.
Look especially for missing carriage-returns and line-feeds. e.g. UNIX files use
just a linefeed (LF, 0x0A) as a record terminator. NT used a carriage return
plus linefeed (CR+LF, 0x0D0A).
Q. Should I use char or varchar? What are the advantages?
A. There's no "right" answer to the above as it depends on your
data and the access profile.
If your field is fixed length or is almost
fixed - i.e. it is either 8 or 9 characters then stick to char.
If the
field is heavily updated and this causes the row-size to change then you're
probably better off with varchar.
If your data is VERY variable in length
or may often be blank then the advantage from using varchar is that smaller
overall rowlengths give more rows per page and therefore faster performance when
retrieving/scanning multiple consecutive rows.
Many people still
think that updating varchars causes a deferred update rather than in-place and
for this reason don't advise their use for updateable columns. This has not been
true since SQL 4.x. With 6.0 and above as long as the updated column will still
fit on the same page then the update is done directly and therefore the
performance overhead is not massive. Note that there are different sorts of
direct updates listed below in order of speed.
a) Direct update. Fixed
columns only, less than half of row bits changed, 5 columns max.
b)
Update-in-Place. Fixed or varchar, before and after row must be the same size,
less that half the row bits changed.
c) On-page delete/insert. Any number
of changes, but row must fit on same page.
If these don't apply then a
full delete/insert must occur.
Q. How can I clear SQL Server's procedure cache?
A. With SQL 6.5 and below you can't. You have to stop/start SQL
Server.
For SQL 7.0 DBCC DROPCLEANBUFFERS
Q. What registry entries does SQL Server's client use?
A. For all 32-bit clients the following are used. For 16-bit
Windows clients WIN.INI is
used.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client\ConnectTo
DSQUERY
: REG_SZ : default protocol - defaults to named-pipes
Individual entries
can then be overridden :-
FREDNP : REG_SZ :
DBNMPNTW,\\SERVER\pipe\sql\query
FREDIP : REG_SZ :
DBMSSOCN,10.1.1.1
etc.
Q. Why do I get NULL when adding/concatenating a NULL value with SQL 7? I didn't with 6.5.
A. Look up the SET concat_null_yields_null ON/OFF command/option
in the Books Online. To meet ANSI standards the default for this is
on.
When it is on SELECT 'abc' + NULL will be NULL. With it off you will
get 'abc'
N.B. Even if you set this off at the database level be warned
that it could be turned on again at the application level either through the
ODBC DSN setting or the application configuration - e.g. Query Analyser turns
this on by default and you have to turn it off via the file/configure menu
otherwise it will override your database setting!
Q. How can I remove unwanted carriage-returns and line-feeds from a SQL table?
A. Here is a script courtesy of fellow MVP, Bob Pfeiff. Note, it
will only get rid of one CRLF per column, so you may want to stick the update in
loop and keep doing it until you get a zero rowcount.
--example on pubs
database in SQL 7
--insert a row with a carriage return and line feed in
it
insert authors (au_id, au_lname, au_fname, phone, contract)
values
( '111-34-3420', char(10) + char(13), 'john', '222 333-8899', 1)
--find
the row with the cr/lf in
it
select
*
from
authors
where
au_lname = char(10) +
char(13)
--update the column with the cr/lf with an empty
string
update
authors
set
au_lname = stuff(au_lname,
patindex(char(10)+ char(13), au_lname), 2,
'')
where
patindex(char(10) + char(13), au_lname) >
0
--look for the row with the cr/lf in it (should be
gone)
select
*
from
authors
where
au_lname = char(10) +
char(13)
Q. Is there a DATE function for SQL Server? I don't want to hold the time.
A. No, just datetime, but you can strip out the time (reset it to
00:00) using :-
select convert(datetime,convert(char(10),getdate(),101))
Q. How can I run a DTS package from within SQL Server - e.g. a stored-procedure?
A. A choice :-
1. Run from xp_cmdshell "dtsrun
dtsfile"
2. You could probably get at the DTS package via DMO. No example
of this.
3. Use sp_OA sp's. Example of this is below (courtesy of Bill
Hodghead)
if exists (select * from sysobjects where id =
object_id(N'[dbo].[sp_displayoaerrorinfo]') and OBJECTPROPERTY(id,
N'IsProcedure') = 1)
drop procedure
[dbo].[sp_displayoaerrorinfo]
GO
if exists (select * from sysobjects
where id = object_id(N'[dbo].[sp_displaypkgerrors]') and OBJECTPROPERTY(id,
N'IsProcedure') = 1)
drop procedure
[dbo].[sp_displaypkgerrors]
GO
if exists (select * from sysobjects
where id = object_id(N'[dbo].[sp_executepackage]') and OBJECTPROPERTY(id,
N'IsProcedure') = 1)
drop procedure
[dbo].[sp_executepackage]
GO
create proc
sp_displayoaerrorinfo
@object as int
as
Declare @hr
int
DECLARE @output varchar(255)
DECLARE @source varchar(255)
DECLARE
@description varchar(255)
PRINT 'OLE Automation Error
Information'
EXEC @hr = sp_OAGetErrorInfo @object, @source OUT,
@description OUT
IF @hr = 0
BEGIN
SELECT @output = ' Source: ' +
@source
PRINT @output
SELECT @output = ' Description: ' +
@description
PRINT @output
END
ELSE
BEGIN
PRINT '
sp_OAGetErrorInfo failed.'
RETURN
END
GO
create proc
sp_displaypkgerrors
@pkg as int
as
declare @numsteps
int
declare @steps int
declare @step int
declare @stepresult
int
declare @pkgresult int
declare @hr int
select @pkgresult =
0
EXEC @hr = sp_OAGetProperty @pkg, 'Steps', @steps OUTPUT
IF @hr
<> 0
BEGIN
print 'Unable to get steps'
EXEC sp_displayoaerrorinfo
@pkg --, @hr
RETURN
END
EXEC @hr = sp_OAGetProperty @steps,
'Count', @numsteps OUTPUT
IF @hr <> 0
BEGIN
print 'Unable to get
number of steps'
EXEC sp_displayoaerrorinfo @steps --,
@hr
RETURN
END
while @numsteps > 0
Begin
EXEC
@hr = sp_OAGetProperty @steps, 'Item', @step OUTPUT, @numsteps
IF @hr
<> 0
BEGIN
print 'Unable to get step'
EXEC sp_displayoaerrorinfo
@steps --, @hr
RETURN
END
EXEC @hr = sp_OAGetProperty @step,
'ExecutionResult', @stepresult OUTPUT
IF @hr <> 0
BEGIN
print
'Unable to get ExecutionResult'
EXEC sp_displayoaerrorinfo @step --,
@hr
RETURN
END
select @numsteps = @numsteps - 1
select
@pkgresult = @pkgresult + @stepresult
end
if @pkgresult >
0
print 'Package had ' + cast(@pkgresult as varchar) + ' failed
step(s)'
else
print 'Packge Succeeded'
GO
create
proc sp_executepackage
@packagename varchar(255), --package name, gets most
recent version
@userpwd varchar(255) = Null, --login pwd
@intsecurity bit
= 0, --use non-zero to indicate integrated security
@pkgPwd varchar(255) = ''
--package password
as
declare @hr int
declare @object
int
--create a package object
EXEC @hr = sp_OACreate
'DTS.Package', @object OUTPUT
if @hr <> 0
Begin
EXEC
sp_displayoaerrorinfo @object --, @hr
RETURN
end
--load the
package (ADD integrated security support)
declare @svr varchar(15)
declare
@login varchar(15)
select @login = SUSER_NAME()
select @svr =
HOST_NAME()
declare @flag int
select @flag = 0
if @intsecurity =
0
if @userpwd = Null
EXEC @hr = sp_OAMethod @object,
'LoadFromSqlServer',NULL, @ServerName=@svr, @ServerUserName=@login,
@PackageName=@packagename, @Flags=@flag, @PackagePassword = @pkgPwd
--
ServerName As String, [ServerUserName As String], [ServerPassword As String],
[Flags As DTSSQLServerStorageFlags = DTSSQLStgFlag_Default], [PackagePassword As
String], [PackageGuid As String], [PackageVersionGuid As String], [PackageName
As String], [pVarPersistStgOfHost])
else
EXEC @hr = sp_OAMethod @object,
'LoadFromSqlServer',NULL, @ServerName=@svr, @ServerUserName=@login,
@PackageName=@packagename, @Flags=@flag, @PackagePassword = @pkgPwd,
@ServerPassword = @userpwd
else
begin
select @flag = 256
EXEC @hr =
sp_OAMethod @object, 'LoadFromSqlServer',NULL, @ServerName=@svr,
@PackageName=@packagename, @Flags=@flag, @PackagePassword =
@pkgPwd
end
IF @hr <> 0
BEGIN
print 'LoadFromSQLServer
failed'
EXEC sp_displayoaerrorinfo @object --,
@hr
RETURN
END
--execute it
EXEC @hr = sp_OAMethod @object,
'Execute'
IF @hr <> 0
BEGIN
print 'Execute failed'
EXEC
sp_displayoaerrorinfo @object --, @hr
RETURN
END
--return the step
errors as a recordset
exec sp_displaypkgerrors @object
-- unitialize
the package
EXEC @hr = sp_OAMethod @object, 'UnInitialize'
IF @hr <>
0
BEGIN
print 'UnInitialize failed'
EXEC sp_displayoaerrorinfo @object
--, @hr
RETURN
END
-- release the package object
EXEC @hr =
sp_OADestroy @object
if @hr <> 0
Begin
EXEC sp_displayoaerrorinfo
@object --, @hr
RETURN
end
GO
Q. Are there any examples of heterogeneous data queries from SQL 7 to other sources?
A. Here are a variety of examples for several different
datasources. Note that you will have to change filenames, drives, regions etc.
as necessary for your environment :-
1. Selecting from an Excel
spreadsheet using OpenRowSet. Here, c:\ramsql7.xls is a spreadsheet (note we
haven't specified the extension). sheet1 is a sheet within the spreadsheet -
note the trailing $.
SELECT * FROM OpenRowSet
('MSDASQL',
'Driver=Microsoft Excel Driver (*.xls);DBQ=c:\ramsql7', 'SELECT * FROM
[sheet1$]')
as a
2. Selecting from an Access linked server
database via Jet. The Access database is at c:\msd\invent97.mdb
print
'add Jet 4.0 Invent'
-- Clear up old entry
if exists(select * from
sysservers where srvname = N'INV')
exec sp_dropserver N'INV',
N'droplogins'
go
-- create linked server
exec sp_addlinkedserver
@server = N'INV', @srvproduct = '', @provider =
N'Microsoft.Jet.OLEDB.4.0',
@datasrc = N'c:\msd\invent97.mdb'
go
-- setup default admin login for
Access
exec sp_addlinkedsrvlogin @rmtsrvname = N'INV', @useself =
N'FALSE',
@locallogin = NULL, @rmtuser = N'admin', @rmtpassword =
N''
go
-- Lists all tables in the linked server
exec sp_tables_ex
N'INV'
go
-- Now select from a table in the Access db called
INVENT
select * from INV...INVENT
go
3. DB/2 accessed via
Star SQL Driver with SNA 4.0.
print 'add DB2 LinkedServer'
if
exists(select * from sysservers where srvname = N'DB2')
exec sp_dropserver
N'DB2', N'droplogins'
exec sp_addlinkedserver @server = 'DB2', @provider
= 'MSDASQL', @srvproduct
= 'StarSQL 32',
@location = 'DBT1', @datasrc =
'DB2IBM'
exec sp_addlinkedsrvlogin @rmtsrvname = 'DB2', @locallogin = 'sa',
@useself
= 'false',
@rmtuser = 'HDRUSER' ,@rmtpassword =
'SQL7'
go
-- test to see is catalog is accesible
sp_tables_ex
N'DB2'
-- create view to see if select works
create view V007MUNI as
select * from DB2..T1ADM007.V007MUNI
go
select * from
V007MUNI
go
4. DBASE IV
print 'add DBase IV LinkedServer'
if
exists(select * from sysservers where srvname = N'DBFs')
exec sp_dropserver
N'DBFs', N'droplogins'
EXEC sp_addlinkedserver
'DBFs',
'Jet
4.0',
'Microsoft.Jet.OLEDB.4.0',
'F:\DBFs',
NULL,
'dBase
IV'
GO
exec sp_addlinkedsrvlogin
@rmtsrvname = 'DBFs',
@useself
= false,
@locallogin = NULL,
@rmtuser = NULL,
@rmtpassword =
NULL
go
SELECT * FROM DBFs...test
go
5. Visual FoxPro. Using
a FoxPro DBC file to group the DBF files. ODBC DSN pre-defined called FOX using
the Microsoft Visual FoxPro Driver 6.01.8440.01
-- FOX using Visual
FoxPro Database file .DBC
print 'add FOXSERVER'
if exists(select * from
sysservers where srvname = N'FOXSERVER')
exec sp_dropserver N'FOXSERVER',
N'droplogins'
exec sp_addlinkedserver
@server=N'FOXSERVER',
@srvproduct ='',
@provider =
N'MSDASQL',
@datasrc=N'FOX'
exec sp_addlinkedsrvlogin
@rmtsrvname=N'FOXSERVER',
@useself = N'FALSE',
@locallogin =
NULL,
@rmtuser = N'',
@rmtpassword =N''
exec sp_tables_ex
N'FOXSERVER'
select * from
[FOXSERVER].[D:\SQL\FOX\TESTDATA.DBC]..[customer]
6. FoxPro using plain
DBF files in a directory. Using an ODBC system DSN (Called DBF) using the
Microsoft Visual FoxPro Driver 6.01.8440.01
-- DBF using plain .DBF
files
print 'add DBFSERVER'
if exists(select * from sysservers where
srvname = N'DBFSERVER')
exec sp_dropserver N'DBFSERVER',
N'droplogins'
exec sp_addlinkedserver
@server=N'DBFSERVER',
@srvproduct ='',
@provider =
N'MSDASQL',
@datasrc=N'DBF'
exec sp_addlinkedsrvlogin
@rmtsrvname=N'DBFSERVER',
@useself = N'FALSE',
@locallogin =
NULL,
@rmtuser = N'',
@rmtpassword =N''
exec sp_tables_ex
N'DBFSERVER'
select * from [DBFSERVER].[D:\SQL\DBF]..[country]
7.
FoxPro using installable Jet 3.51 ISAM drivers.
print 'add FOXDBC using
Jet 3.51'
if exists(select * from sysservers where srvname =
N'FOXDBC')
exec sp_dropserver N'FOXDBC', N'droplogins'
exec
sp_addlinkedserver 'FOXDBC', 'Jet 3.51',
'Microsoft.Jet.OLEDB.3.51',
'c:\sql\fox', NULL, 'FoxPro 3.0'
exec
sp_addlinkedsrvlogin @rmtsrvname = N'FOXDBC', @useself =
N'FALSE',
@locallogin = NULL, @rmtuser = NULL, @rmtpassword = NULL
exec
sp_helplinkedsrvlogin N'FOXDBC'
exec sp_tables_ex N'FOXDBC'
A. You are trying to install SQL 7 Enterprise Edition on an
ordinary copy of NT Server. You can only install SQL 7 EE on NT EE.
This
may be due to you getting a mis-labelled set of MSDN disks.
Q. Can I load a SQL 6.5 dump or device file into SQL 7?
A. No and no.
If you have a SQL 6.5 dump file then you
will have to load it into a SQL 6.5 server first.
If you have a device
file then you will have to install SQL 6.5 and then DISK REINIT and REFIT
(details in the books online) it into SQL 6.5.
The ONLY ways to transfer
SQL 6.x databases into SQL 7.0 are :-
1. Use the Upgrade Wizard. This is
the best option. It requires a running SQL 6.5 system to extract from.
2.
Use the DTS object copy tools in SQL 7.0 to copy objects from SQL 6.5. Note this
doesn't copy defaults/constraints etc.
3. Script the SQL 6.5 database
using SQL EM scripting. Re-create it using the script on SQL 7.0. Use BCP to
copy the data.
Q. How do I know which version of MDAC I am running?
A. Check the following table :-
MDAC
version Msdadc.dll
Oledb32.dll
------------------- --------------- ---------------
MDAC
1.5c 1.50.3506.0
N/A
MDAC
2.0 2.0.3002.4
2.0.1706.0
MDAC 2.0 SP1 2.0.3002.23
2.0.1706.0
MDAC 2.0 SP2 2.0.3002.23
2.0.1706.0
MDAC 2.1.0.3513.2 (SQL 7 / 6.5 SP5a) 2.10.3513.0
2.10.3513.0
MDAC 2.1.1.3711.6 (Internet Explorer 5) 2.10.3711.2
2.10.3711.2
MDAC 2.1.1.3711.11 (GA) 2.10.3711.2 2.10.3711.9
Q. Does SQL Server have memory leaks? How can I tell?
A. Generally speaking SQL Server doesn't have much of a problem
with memory leaks and it is almost always other programs/drivers that cause the
problem. For specifics on known SQL Server issues see later. Try applying the
latest service pack if you haven't already.
Remember that SQL Server will
grab memory up to the amount you have specified via sp_configure. This is in 2K
pages (for SQL 6.5). This amount does not include any amount for tempdb in ram
(6.5 and below only).
To see what is memory leaking run performance
monitor and select the processes object. Choose all running processes (make sure
everything you normally run is going at the time) and for these choose the paged
pool, non-paged pool and virtual bytes objects. Put these on a chart or log with
a long interval period. Monitor these objects over time to see what always
increases. If SQL Server continues increasing above the maximum memory it should
have allocated then it may be responsible for a memory
leak.
-----------------------------------
Known memory leak issues
:-
1. If you are running the Novell network client v4.5 or above on the
server then you may experience a memory leak. Go back to version 4.11 to
resolve. (I don't know whether this is an MS bug or a Novell one).
2. SQL
7.0 RTM had a couple of leaks. These are resolved in SP1.
Q. Can I install SQL 7 and MSDE on the same machine?
A. No. MSDE *is* SQL Server. So you can't have both on the same machine. For info on the types of SQL Server see the sql7versions.txt member in the faq.
A. This is due to an incorrect version number being put in the
registry by the version of MSDE that came with the Office 2000 developer
edition.
To fix this problem and allow setup to work amend
"HKEY_LOCAL_MACHINE/Software/Microsoft/MSSQLServer/MSSQLServer/CurrentVersion"
to have a value of 7.00.623.
For more details see Q234915
Q. Can I create SQL Server databases on network drives?
A. First ask yourself what your reason is for doing this? Your
performance will be degraded and you will be more prone to database corruption
due to network glitches (which are far more common than scsi/fibre bus
glitches). Putting i/o's across a network (even a fast, switched, network) is
typically orders of magnitude slower than via scsi/fibre and the latency is a
lot longer. If you don't have a dedicated switched connection then you may get
slowdowns caused by contention with other traffic.
SQL Server currently
has no concept of sharing a database that is held on a.n.other server. Only one
server can access the database file at any one time - the exception being that
multiple SQL Servers could probably open a read-only database on a shared-drive.
Therefore there is no advantage to having it on a "network drive" - it can only
be backed-up/accessed from the server running SQL Server anyway.
If the
reason for wanting SQL databases on a network drive is to keep all your storage
central, then you can't achieve this anyway as you can't boot NT from a network
drive, so you would still need disks in local servers for NT, pagefiles etc. And
these should be protected via hardware raid as the loss of an NT disk will
prevent users getting at your databases just as much as the loss of a disk
containing the database itself.
Now saying that it IS possible to store
databases on network drives as long as SQL is fooled into thinking they are in
fact local drives. Under 6.5 you must map a drive letter to a network share -
UNC paths will not work. With SQL 7.0 UNC paths will work as long as you use
trace flag 1807.
There is more information on this in Q196904. This
describes the support being allowed in SQL 7.0 for use against Network Appliance
networked raid units only. Note that these will suffer the same performance
penalties as if you were accessing a network share on an NT box, as effectively
that is what they are. These boxes run a proprietary operating system on an
embedded Alpha chip that talks the SMB protocol required to handle NT-style
network file-io. They connect to the LAN via a standard Ethernet
interface.
If you want centralised storage a better method is to use a
shared-scsi/fibre disk array - these can be attached to servers via scsi or
fibre connectors and can achieve distances of up to 20Km using optical
extenders. These arrays can support up to 64 or so separate servers and are sold
by Digital (Compaq) Storageworks and EMC amongst others. Although it is a
"single raid unit", each server sees a physically separate set of "disks" - the
partitioning logic in the raid array can allow different servers to use the same
physical disks but they are logically partitioned and the different servers
cannot see this and see their storage as dedicated. There is no sharing of data
at the partition/file/database level.
Another method is to use a SAN -
storage area network. These are fibre or copper based "networks" of storage
and/or backup devices. The "network" is dedicated for data access. Each attached
device is usually fibre-channel based, or is scsi with an appropriate connector.
Each device may be able to be partitioned into sets of available resources
(disk/tape), but each resource can currently only be allocated to a single
server attached to the "network". Servers attach to a SAN with a SAN "nic" card.
As SAN technology matures it may be possible to share resources between multiple
servers, but this needs changes to the NT kernel as well as the SAN/fibre
drivers.
Q. Should I apply NT 4.0 SP5 to my SQL Server system?
A. NT Service Packs do not have any shared code that affects the
SQL Server kernel, so application of NT service packs should be independent of
SQL Server and should be applied based on the stability or otherwise of your NT
system - plus it's exposure to security exploits, denial-of-service etc. And
there are a LOT of these fixed in NT4 SP5.
Always check with your
hardware vendor and any suppliers of 3rd party device drivers, systems
management, virus checkers etc. that they support SP5 and application of the SP
won't stop the server from booting! In particular there are issues with Adaptec
and Compaq Array controllers that arose starting with SP4 (For Compaq Smart IIP
controllers make sure your firmware as at least version 3.08). If you have some
identical/similar hardware on less critical or test systems, then apply the SP
to these first. For Compaq servers as a whole you need to be on at least SSD
2.11.
However, SQL Server does tend to stress the hardware/memory/pci
bus/disk subsystem and could therefore expose a bug/compatibilty problem between
the NT kernel and the hardware or 3rd party hardware device drivers. Therefore
it is technically possible for it to expose a bug in an NT driver that doesn't
otherwise show itself.
Q. I can't see the SQL performance counters in PerfMon. What could be wrong?
A. It could be a variety of things.
1. Sometimes
rebuilding the registry for 6.5 and below fixes the problem. From the
<sql>\binn directory run the following, making sure the case is
correct
setup /t RegistryRebuild = On
The setup routine will now
run and ask you all the normal questions. Answer these as if you were performing
the install again (same paths etc.) and it will just update all the registry
entries/icons etc. It will leave the databases alone.
2. For SQL 7 try
unloading and reloading the counters
unlodctr.exe
MSSQLServer
lodctr.exe <sql>\BINN\sqlctr.ini
3. For 6.5 machines
running on NT 4.0 it could be a permissions problem.
To work around this
problem, use Regedit.exe to grant READ access to the
following key of the
target
machine:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer
Grant
this to those wanting SQL counter access. As when granting any NT
access
permission, you can grant based on an individual user or a group.
4. PSS
ID Number: Q137899
Article last modified on 04-15-1997
6.0
4.21a
WINDOWS
======================================================================
----------------------------------------------------------------------
The
information in this article applies to:
- Microsoft Windows NT Server
versions 3.5 and 3.51
- Microsoft SQL Server, versions 4.21a &
6.0
----------------------------------------------------------------------
Bug#:
11370 (6.00)
SYMPTOMS
========
If Performance Monitor fails one
or more of the following symptoms occur:
- SQL Counters are not located
in the Object list.
- If you are auditing logins, the following type of
error is logged:
Login failed - User. \ Reason: Not defined as a valid
user
of a trusted SQL Server connection.
CAUSE
=====
The use
of Performance Monitor can fail when:
- Viewing SQL Counters from a
remote client.
OR
- The Probe password is not
NULL.
OR
- SQL Server is listening on an alternate
pipe.
WORKAROUND
==========
Set up SQL Server to use standard
security because you cannot force or
"unforce" a trusted connection. Make
sure SQL Server is listening on the
default pipe and the Probe password is
NULL.
If you need to continue the integrated connection, simply add an
advanced
connection to the SQL Server computer, pointing back to itself. That
is,
use the SQL Server Client Configuration Utility to create an
advanced
entry that is the same name as the SQL Server computer itself, using
named
pipes and connecting to '\\.\pipe\sql\query'.
Q. How do I connect to SQL Server from PERL?
A. There is a choice :-
a. SybPerl (Note that SybPerl is
designed for Sybase really so you may have the same compatibility problems as
with CT-Lib)
b. An MSSQL port of SybPerl available from www.algonet.se/~sommar/mssql
c.
ODBC using the ODBC extension http://www.roth.net/odbc/
d. If the
version of Perl has COM extensions then you can use ADO
e. Search http://www.perl.com/ for any other code
available on the standard CPAN sites.
Q. Where does SQL server store the permissions on tables?
A. For SQL 6.5 and below this is held in
<dbname>..sysprotects.
For 7.0 and above
<dbname>..syspermissions.
Q. Why can't I use RCMD.EXE via xp_cmdshell from SQL Server?
A. For any access to "network resources" you need to run SQL
Server under a user account and not the default LocalSystem account. You can
check what userid that MSSQLSERVER is running under by looking at control
panel/services highlighting MSSQLSERVER and choosing the start-up option. This
should be changed as necessary.
Without this change you will get an
"error 5 - Access denied".
However, RCMD.EXE doesn't seem to work even
with this change. This is due to the way that RCMD in the NT resource kit is
coded - it is probably expecting there to be a keyboard/mouse defined in the
user context, which there isn't.
So the short answer is that unless you
use a version of rcmd.exe without this restriction then it won't work.
Q. I have a corrupt log file - can I rebuild it?
A. Yes you can, but any un-committed transactions will be lost.
This command is unsupported and undocumented so should be used with caution. It
works on SQL 6.5 - whether it works on 7.0 is unknown.dbcc
rebuildlog (@dbname, 1, 0)
Q. How can I recover data from a SQL table that is corrupt with a bad page/pointer?
A. Assuming only one page is bad, then it isn't too bad. If there
are lots then this process must be amended to do random selects above the low
key to find the next good page each time.
1) Do a SELECT key FROM table,
and note the last key value (low key) returned when it fails.
2) Do a SELECT
key FROM table ORDER BY key DESC, and note the last key (high key) again.
3)
Create a "dummy" table with the same structure
4) Insert rows into the
"dummy" table with key values less than or equal to the low key.
5) Insert
rows into the "dummy" table with key values greater than or equal to the high
key.
Q. How can I clear a table and reset the identity back to 0?
A. If there are no foreign keys on the table then a simple
TRUNCATE TABLE <tbl> will do the trick.
If there are foreign keys
then first delete all rows - DELETE <tbl>
Then reset the identity
:-
Under 7.0 - DBCC CHECKIDENT(<tbl>,RESEED,0)
Under 6.5 -
DBCC CHECKIDENT(<tbl>)
A. You may also see :- "spid % Getrow: rowoffset entry %(%) out
of range (pg% obj%, db %)"
This is when SQL Server accesses a row on a
page it checks the page header to see where on the page the row is. When this
message appears, the page header looks corrupt. SQL Server will transparently
retry the read a number of times - if the page is in cache already it will
re-read from disk.
If the page header looks ok on retry then SQL
will carry on - otherwise you will get other SQL messages indicating a permanent
corruption.
Causes :-
1. Using NOLOCK on select statements. This
could cause you to access a page whilst it is being updated/split and this error
would occur. On retry the page should be fine.
2. Buffer corruption.
Something has stomped over the page in memory - on re-read from disk it looks
fine.
3. Duff server memory chip(s). You'll normally see lots of other
abnormal behaviour in this situation.
4. Actual corrupt page. Let's hope
you have a backup.
Q. How can I restrict the number of rows returned to my query in SQL Server?
A. With SQL 6.5 and below use the "set rowcount <n>"
option.
e.g. SET ROWCOUNT 10
SELECT * FROM
<tbl>
This option is still available with SQL 7.0, but this
supports the TOP function as well which will optimise better so use this
instead. Note that the database concerned MUST be in SQL 7.0 compatibility mode
- run sp_dbcmptlevel <dbname> to check whether it is or not.
e.g.
select TOP(10) from <tbl>
Q. Why can't I shrink my database any smaller than xxx Mb?
A. The probable reason for this is that you're still on 6.5 and
below. With this setup you can only shrink a database back to the last portion
of log. So if you defined a database as 400Mb data, 100Mb log you can never
shrink it.
If you defined it as 400Mb data, 100Mb log and then
expanded by 500Mb data you could then shrink down any/all of this last 500Mb
assuming it wasn't being used.
A. It is used to turn on or off TSQL debugging. There is no user interface for it and no documentation.
Q. Should I upgrade to SQL 7.0? What are the known bugs?
A. Apologies for the length of this FAQ article, but there is a
lot of stuff to cover.
General Stuff
-------------
SQL 7.0
generally has a much more stable and better performing kernel than SQL 6.5 SP5.
For every bug you find with the basic kernel of SQL 7.0 there will be 20 known
bugs with SQL 6.5 SP5, and an order of magnitude more of unknown ones. However
saying that there are going to be a small percentage of queries that will run
slower or fail under SQL 7 than under 6.5. As these are reported they will be
improved/fixed in future service-packs, but the re-writes to make 98% of queries
run faster is going to have a detrimental effect somewhere. Some specific points
are noted later.
SQL 7.0 shouldn't be treated as a version 1 release -
even though most of the code has been re-written, it has had far more testing
(both internal and external to MS) than any previous version of SQL Server -
though as always, if in doubt, wait for a service pack or two to come out and
check the SQL newsgroups/mail lists to see the problems that early adopters are
experiencing (if any). Note that SP1 is released.
A concerted effort was
made to test and fix all reported bugs with 6.5 on the 7.0 code-base. In
addition an automated testing tool (RAGS) that generated and validated hundreds
of complex SQL queries every minute was written and run against SQL 7.0. (See
http://research.microsoft.com/users/DSlutz/ for details).
Most of the
original bugs/issues were with the new features such as text indexing, DTS gui
and the MMC tools - many of these are cleared up in SP1. SP1 itself underwent a
significant beta test.
Where you do get errors with the kernel these
could well be to do with SQL 7's more strict checking of SQL/ANSI rules. Though
many of these are picked up and even simulated (yes MS deliberately reproduced
broken code in some instances) under the 6.5 compatibility mode, you may find
extra things "break" when you go to full SQL 7.0 mode. (see sp_dbcmptlevel in
the docs). You need to go to SQL 7.0 mode for new syntax and stuff so it is
recommended that you do this as soon as possible.
For any new release you
are advised to apply and test on non-production systems first, and if at all
possible do a stress-test so that any problems that only occur under stress are
found before rolling out to a production system.
Some known bugs/issues
with SQL 7 are discussed below - for the official current list search the MS
knowledgebase for sql70 and kbbug.
The rest of this article is entitled
"SQL 7.0 - the Good, the Bad and the Ugly". Stuff that isn't in the
documentation - or doesn't jump out at you from the docs. Also things to think
about and check out before/during a SQL 7
migration.
Install
-------
1. Some things to check before a
SQL 7 upgrade :-
All db's are checkdb'd, newalloc'd and
checkcatalog'ed
No db's are in suspect or loading status
Free space in
master for new 6.5 system procs - 5Mb or so should do
At least 10Mb
tempdb
At least 6.0 SP3 or 6.5 SP3 is required on the source
system
Syscomments source is available for all sp's, triggers
etc.
Good
----
1. Speed. Speed is overall much better than with
6.5 - there are exceptions, noted in the bad/ugly sections where known. As an
example, the speed of a large batch processing suite was improved by 300% by
going to SQL 7 from 6.5 - a 200% increase was achieved just by migrating with no
changes and the extra improvements were made by optimiser fixes in SP1, plus
changing bcp to BULK INSERT, parallel index creates and some re-writes of
queries that were manually optimised in the past for SQL 6.5. The batch run
consists of about 30 separate jobs each with 5-10 steps, consisting of bcp in of
data, index creation, lots of select into's on criteria, lots of group
by's/aggregation etc. Time taken has reduced from 10 hours to 3hrs 20 with no
change in hardware/memory etc.
2. The optimiser in SQL 7.0 is far more
powerful than in 6.5, utilising many more types of join, multiple indexes etc.
It is worth looking at old SQL that may have been split into multiple steps in
SQL 6.5 or earlier because the optimiser couldn't handle things like > 4 way
joins or multiple aggregations. This SQL could be re-written back into one large
query for better performance. The downside to all these optimiser improvements
is that it can take significantly longer to work out the best query plan
compared with 6.5 and can result in increased cpu usage.
3. Reliability.
You should get far fewer AV's with SQL 7.0 than with 6.5. Also fewer database
corruptions - to date, 6 months from SQL 7's RTM, there has not been a single
instance of database corruption with SQL 7.0 that was not caused by hardware
failure (info provided by MS PSS).
N.B. I've found SQL 6.5 SP4 and above
to be pretty resilient to corruption. Make sure all 6.5 systems are on at least
SP4 - I've seen about a dozen systems needlessly fall victim to a pre-SP4 bug
with LRU corruption when buffers get stressed on SMP systems.
4. Create
indexes concurrently. Under 6.5 this would cause locks on system tables and the
indexes would build serially. Under 7.0 if you kick off creates of non-clustered
indices on the same table at the same time, from separate connections, they will
all create concurrently. The re-use of the read-ahead buffers from the main
table gives near linear performance. Especially useful for data-warehouse/MI
type systems with lots of NC indexes on large tables.
5. Max Async IO.
Under 6.5 if you allocated max async io "too high" then performance would
nose-dive. With 7.0 this doesn't seem to be the case - the law of diminishing
returns still applies, but max async io can be set much higher - even to the
maximum of 255 - without worrying too much.
6. DBCC performance. On
complex/fragmented databases I have seen DBCC performance for a full
checkdb/checkcatalog of 60 times faster than the equivalent
checkdb/newalloc/checkcatalog on a 6.5 system. For non-fragmented, simple
databases where not so much disk head movement was needed anyway under 6.5 I
still see dbcc times that are twice as fast.
7. Query parallelism. Really
does work. Seen large queries greatly increase in performance by running on an
otherwise identical 4-way box compared to a 2-way.
8. Database size. Due
to the new 8K page size and improvements in the storage of text/index data most
databases will shrink in size when migrated to SQL 7. This isn't guaranteed and
there are lots of factors involved (see NC index stuff in the ugly section), but
reports of 50Gb SAP systems shrinking to < 30Gb are common.
9. Under
6.5 the realistic maximum size systems that you could put on SQL Server was
around the 300Gb mark due to backups/healthchecks/recovery taking too long. With
7.0 this rises to around the 1Tb mark and quite possibly higher given
appropriate hardware. (SQL 7 has been backed up at 600Gb per hour using a stripe
of 24 AIT tape drives - and more importantly restored at
500Gb/hour!).
Bad
---
1. BCP slower. Under many
circumstances a BCP in to a file with few indices will be slower under SQL 7.0
than 6.5 - this is probably due to the overhead of using OLE-DB internally,
however it should mean an end to problems caused by using fast-bcp and it's
bypassing of certain SQL checks. With many NC indexes it is quicker than 6.5
though. Using the new BULK INSERT command returns it to as fast or faster than
BCP due to the removal of context switches. Setting table-lock on really helps
due to the extra overhead of row-locks. I've seen jobs reduce from 80 mins to 50
mins with this change.
2. MMC. The MMC is dog-slow regardless of the
power of the machine it is being run on. Service Pack 1 noticeably improves the
speed (and reliability) of MMC.
3. If you repeatedly open server-side
cursors with small resultsets then you will see significantly slower performance
from SQL Server. This because the query is being optimised each time and this
takes time with SQL 7. This is fixed in SP1 (there was a trace flag needed for
the original hotfix but the default behaviour is changed in SP1). After applying
SP1 the plans generated for cursors are kept like they are for
stored-procedures. See Q197800 for more details.
4. Large queries
monopolising system. This was an issue with SQL 6.5, but if anything it is
"worse" with 7.0 - the queries generally complete a lot quicker with 7.0 though.
If you have a very large query running and it grabs all the processors to run it
will make the system very slow/unresponsive to other users and queries. SQL
dynamically decides how many processors to use for a query when it kicks off,
and if there is no other activity at the time it will be given all the
processors by default. This is not necessarily what you want. The max number of
processors a query can use can be set per query (MAXDOP hint) or via
sp_configure for a server wide setting - the default is all cpu's. Once a query
has started and has grabbed all the cpu's it can't give them back.
5.
Long stored-procedures that create lots of temporary tables as they go can take
a lot longer to run under SQL 7.0 - this is due to SQL 7.0 re-evaluating the sp
every time a new temporary table is created. The idea behind this is that it can
then choose the best access plan, but re-evaluating is an overhead. Create all
temp tables at the start of the stored-proc if possible.
6. From another
FAQ entry. Q. If I lose my data file (MDF) in SQL 7 I can't backup the log to
recover to a point in time - why not?
A. A small oversight on MS's part -
which will be fixed in the next major (not service-pack) release of
SQL.
Under 6.5 you would do BACKUP LOG <dbname> TO <device>
WITH NO_TRUNCATE.
Under SQL 7 this gets you an error
Server: Msg 3446,
Level 16, State 1
Primary file not available for database
<xx>
This is because the metadata that tells SQL where the files
are for the database are in the primary file (which you've just lost!) - in SQL
6.5 this info was held in system tables in master.
A workaround for this
is :-
Use only ONE file in the primary file group (the primary file), and
place this file on the same drive (mirrored) as your log files. This gives it
the same protection as the log.
Add another file group, with one or more
files for data - obviously this goes on different disks to the log. Mark this
second file group as the default (Alter database)
Then, when your data
file is lost, "backup log with no_truncate" will work because the primary file
with the metadata in (but no user data) is still available.
7. Nested
raiserror's cause an AV. Repro script below.
create procedure
PROC2
AS
RAISERROR('Test Error',16,-1)
go
create procedure
PROC1
AS
exec PROC2
if @@ERROR <>
0
begin
RAISERROR(@@ERROR,16,-1)
return
end
go
exec
PROC1
8. If you have a trigger on a table with an identity field and the
trigger inserts into another table without an identity then the value of
@@identity is set to NULL when the trigger finishes. This is different to 6.5.
Fixed in SP1.
Ugly (or just
different)
------------------------
1. SQL 7.0 is much more "fussy"
about things like invalid dates and times, lengths of data, numeric overflows
etc. SQL 6.5 and below would often just convert stuff to NULL if it couldn't
handle it or truncate a string if too long and not tell you. You can revert most
of this back to the SQL 6.5 behaviour if you "SET ANSI WARNINGS OFF". Many of
these changes only appear when you switch a database from 65 compatibility mode
to 70. I prefer to fix the SQL/code/data concerned as the SQL 7.0 behaviour is
better.
2. The MMC EM interface has no option to set column level
permissions via the gui. This won't be fixed until the Shiloh release, so it's
back to TSQL until then.
3. If a user/login doesn't have permissions to a
database they can still see it in the drop down ISQL/W box or in SQL EM. This is
a difference from 6.5 that may be fixed in SP2. It is due to the overhead of
scanning all the NT users/groups in the new integrated role security.
4.
16-bit ODBC applications may have problems with the new potential extended size
of char data (even if the new size isn't used) and/or you may get gpf's in
vbdb300.dll when accessing SQL Server. There is a separate FAQ entry on this one
with a fixed (but unsupported because MS didn't make the changes)
sp_datatype_info that resolves these problems. MS should be incorporating these
changes in SP2.
5. The new 3.70 ODBC drivers have a few compatibility
issues. e.g. I have seen odbc call failed errors with complex Access 97 front
ends and MDAC 2.1 drivers (problem fixed in MDAC 2.5 beta and 2.1 SP2). Also if
you use PASSTHRU then integer columns (datatype int4) are returned as decimal
instead when the ODBC datasource is configured as "use regional
settings".
6. SQL 7 is supposed to grab/release memory as needed to work
with varying workloads. It does this quite well unless Exchange 5.5 SP2 or below
is on the machine in which case they don't get along too well. Presumably this
will be fixed in SQL 7.0 SP2 / Exchange 5.5 SP3...
7. The enhanced
optimiser as well as improvements in disk throughput mean that SQL 7.0 is more
likely to be cpu bound than 6.5 was. Most systems will still be i/o bound
though. The new sp_datatype_info used extensively for ODBC connections is much
more heavy on cpu due to the extra calculations, increased numbers of datatypes
and attempt at backwards compatibility. If you constantly break/make connections
this can add up - one user reported a system running at 92% cpu, largely because
of this. When he amended the proc to just return a fixed set of types stored in
a permanent table for the purpose the cpu for the system dropped from 92% to
72%.
8. Some databases/tables may grow in size with SQL 7. One reason is
because NC indexes point to the clustering key if available rather than a page
number. With long keys this can increase the size of the indexes significantly.
Watch out for this if any key sizes are very large.
9. Another reason for
tables growing in size is that NULL columns used to take up no space at all, but
that is no longer true. So a NULL CHAR(10) now uses 10 bytes rather than 1, a
NULL MONEY now uses 8 instead of 1. A NULL varchar will take 0 as
before.
10. DECIMAL and NUMERIC data can take up a bit more space. The
tables for 6.5 and 7.0 respectively:
SQL 6.5
Precision Storage
bytes
1 - 2 2
3 -4 3
5-7 4
8-9 5
10-12 6
13-14 7
15-16
8
17-19 9
20-21 10
22-24 11
25-26 12
27-28 13
29-31
14
32-33 15
34-36 16
37-38 17
SQL 7.0
Precision Storage
bytes
1 - 9 5
10-19 9
20-28 13
29-38
17
11. Watch out for 16-bit db-lib applications and network packet
size (sp_configure option). The default with SQL 6.0 and below was that the
client dictated the network packet size, and would default to about 1500 bytes.
With 6.5 and 7.0 the server option overrides this if no explicit "dbsetlpacket"
is issued. The default server size is 4096 and so this significantly increases
the client memory buffer space needed. With multiple 16-bit db-lib applications,
or a db-lib application that makes multiple connections this can easily overflow
the fixed size allowed for all connections in the client buffers and caused out
of memory errors, gpf's or hangs. It doesn't matter whether it's on an NT client
- the restriction is in the 16-bit db-libs and it's use of "low dos" memory. To
resolve either change the application to specifically ask for a smaller packet
size or reduce the server "network packet size" via sp_configure. (Note this is
a SQL Server TDS application packet size and in no way relates to actual
physical network packet sizes that are configured per NIC).
12. When you
do an outer join to a table with a bit datatype on SQL Server 6.5 and there is
no corresponding record, the bit column yields a 0 instead of a null. On SQL
Server 7, the same query yields a null.
13. Constants returned by a case
statement are implicitly rtrim'ed. Will be fixed in SP2.
14. On an insert
if a trigger fires it thinks all columns have been updated even if some fields
have not been explicitly inserted. Fixed in SP1.
15. SQL Server 7 no
longer guarantees that inserted records can be retrieved in the same order
UNLESS you use an ORDER BY clause or have a clustered index. In SQL 6.5 this
would work without them. With 7 if you were using this facility to create a
table just to bcp the contents out then you will need to insert some sort of
ascending key to keep the rows in
order.
Miscellaneous
-------------
1. SP1. SP1 is heartily
recommended. A few sub-optimal optimiser decisions are fixed. A lot of bugs and
speed problems with the gui stuff like MMC and DTS are fixed. Overrall a very
stable service pack with lots of improvements. There's no reason to run SQL 7.0
without it.
2. IE5 and Win9x. A bug in SQL's use of a common internet
control causes crashes on Win9x machines with IE5 installed. SP1 fixes
this.
3. SQL Server out of locks. You can still get this message even
though SQL Server dynamically allocates locks. What the error really means is
that SQL Server is out of memory - the lock manager has been denied it's request
for more memory. Either give the machine more memory or reduce the load SQL
Server is under.
4. DTS. This is a marvellous tool, but had quite a few
glitches pre-SP1. One "feature" that is still there is that if you refer to
columns in a transform by their column name it can be significantly slower than
by their column number - i.e. DTSSource("EmployeeID") rather than DTSSource(13).
One DTS job sped up from 2hrs 45mins to 32 mins just by hard-coding column
numbers instead of names.
5. Watch out for the default setting of SET
CONCAT_NULL_YIELDS_NULL. This is ON which means that SELECT ‘abc’ + NULL yields
NULL. This has been known to break some applications.
6. Remember that
when upgrading a 6.5 database it stays in 65 compatibility mode. In this mode
things like the TOP command don't work - you need to go into 70 mode for the new
keywords to work properly.
7. Log files. These can get very big if set to
autogrow. If you then try to shrink them with dbcc shrinkfile invariably it
doesn't work too well. This is because the log file is internally divided into
smaller virtual logs and shrinking will only happen when the active part of the
log is at the beginning of your log file. You can use the dbcc loginfo(dbname)
command to see where the active part of the transaction log is. If it is at the
end of the logfile you could write a small while loop that does some inserts in
a test table to move the active part to the beginning of the real file. Then the
shrinkfile command should work ok - note that shrinkfile works asynchronously.
As a last resort you can always checkpoint the database, shutdown SQL Server and
delete the physical logfile. When SQL restarts it will create a new 2Mb log
device.
8. Putting the same column into a group by twice causes an AV.
It's stupid and basically incorrect syntax to do this anyway, but SQL 6.5 let it
go. Repro script based on Northwind.
SELECT
Employees.EmployeeID,ProductName,
UnitPrice=AVG(ROUND(Od.UnitPrice,
2)),
SUM(Quantity),
Discount=SUM(CONVERT(int, Discount *
100)),
ExtendedPrice=SUM(ROUND(CONVERT(money, Quantity * (1 - Discount)
*
Od.UnitPrice), 2))
FROM Products P
inner join [Order Details] Od on
(Od.ProductID = P.ProductID )
inner join Orders on (Od.OrderID =
Orders.OrderID)
inner join Suppliers on (P.SupplierID =
Suppliers.SupplierID)
Inner Join Customers on
(Orders.CustomerID=Customers.CustomerID)
Inner join Shippers on
(Orders.ShipVia=Shippers.ShipperID)
Inner join Employees on
(Orders.EmployeeID = Employees.EmployeeID)
Group by
Employees.EmployeeID,P.ProductID,
P.ProductName,Employees.EmployeeID
with
cube
Order by Employees.EmployeeID
9. Msg 8623,Internal Query
Processor Error: The query processor could not produce a query plan. This
happens with some complex queries - especially on single-processor machines.
Some queries that fail on 1 processor machines work ok on multi-processor
machines.
10. Tempdb performance may be affected by the auto-creation of
statistics. You can experiment with turning off this feature just for tempdb and
seeing if it helps.
Q. What happened to the gui for column level permissions in SQL 7?
A. It got missed out. It will re-appear in a future SQL
version/serice-pack.
For now you can use standard TSQL commands/sp's. See
the SQL Books Online (BOL) for details.
A. This is because under SQL 7.0 the code necessary to evaluate all the roles/NT groups etc. was deemed too expensive. However this is a legitimate security concern and MS are thinking about changing the way this works back to the old behaviour.
Q. Why does my ODBC v2 application not work with SQL 7? Why do I get a gpf in VBDB300.DLL?
A. This is probably because the datatypes returned by
sp_datatype_info to the application are not understood. Hopefully MS will
provide an official fix with SP2 for SQL 7, but for now here is a modification
to the stored-procedure concerned. Note that changing MS supplied stored-procs
is not recommended or supported and if something goes wrong with the new SP you
are completely on your own. It is supplied as is, with no warranty!
It is
based on the SQL 7 SP1 version, so apply SP1 before making this
change.
Look for ** to see where the changes are
--
-- Script
to update MS supplied version of sp_datatype_info to work properly with
--
ODBC v2 applications and to fix a gpf it causes in vbdb300.dll
--
-- Note
the SP modified here is the one from SP1 for SQL 7.
-- Changes made are
:-
--
-- 1. Do not return any types below -7. These are nchar, ntext etc.
that are SQL 7 only
-- and not understood by ODBC2 applications
--
--
2. For varchar/char do not return 8000 as the length, return
255
--
--
USE master
go
DROP proc
sp_datatype_info
go
SET QUOTED_IDENTIFIER ON
go
--
--
Object will be created with MSShipped flag
--
EXEC
sp_MS_upd_sysobj_category 1
go
/* Procedure for 7.0 server
*/
CREATE proc sp_datatype_info
(@data_type int = 0, @ODBCVer tinyint =
2)
as
declare @mintype int
declare @maxtype int
if @ODBCVer
<> 3
select @ODBCVer = 2
if @data_type = 0
begin
select
@mintype = -32768
select @maxtype = 32767
-- ** Change started **
--
For ODBC version 2 apps don't let them see new types
if @ODBCVer =
2
begin
select @mintype = -7
end
-- ** Change ended
**
end
else
begin
select @mintype = @data_type
select @maxtype =
@data_type
end
select
convert(sysname,case
when t.xusertype >
255 then t.name
else d.TYPE_NAME
end)
TYPE_NAME,
d.DATA_TYPE,
convert(int,case
when d.DATA_TYPE in (6,7) then
d.data_precision /* FLOAT/REAL */
when type_name(d.ss_dtype) IN
('numeric','decimal') and
t.xusertype <= 255 then @@max_precision /*
DECIMAL/NUMERIC */
-- ** Change Started **
-- Reduce max length returned
for char/varchar for ODBC 2 apps
when @ODBCVer = 2 AND OdbcPrec(t.xtype,
t.length, t.xprec) = 8000 then 255
-- ** Change ended **
else
OdbcPrec(t.xtype, t.length, t.xprec)
end)
"PRECISION",
d.LITERAL_PREFIX,
d.LITERAL_SUFFIX,
e.CREATE_PARAMS,
convert(smallint,case
when
d.AUTO_INCREMENT = 1 then 0 /* IDENTITY*/
else TypeProperty (t.name,
'AllowsNull')
end)
NULLABLE,
d.CASE_SENSITIVE,
d.SEARCHABLE,
d.UNSIGNED_ATTRIBUTE,
d.MONEY,
d.AUTO_INCREMENT,
convert(sysname,case
when
t.xusertype > 255 then t.name
else d.LOCAL_TYPE_NAME
end)
LOCAL_TYPE_NAME,
convert(smallint,case
when type_name(d.ss_dtype) IN
('numeric','decimal') and t.xusertype > 255 then TypeProperty (t.name,
'Scale')
else d.numeric_scale
end)
MINIMUM_SCALE,
convert(smallint,case
when type_name(d.ss_dtype) IN
('numeric','decimal') and d.AUTO_INCREMENT = 0 and t.xusertype <= 255 then
@@max_precision /* DECIMAL/NUMERIC */
when type_name(d.ss_dtype) IN
('numeric','decimal') and d.AUTO_INCREMENT = 1 then 0 /* DECIMAL/NUMERIC
IDENTITY*/
else TypeProperty (t.name, 'Scale')
end)
MAXIMUM_SCALE,
d.SQL_DATA_TYPE,
d.SQL_DATETIME_SUB,
NUM_PREC_RADIX =
convert(int,d.RADIX),
INTERVAL_PRECISION =
convert(smallint,NULL),
USERTYPE = t.usertype
from
master.dbo.spt_datatype_info d
INNER JOIN systypes t on d.ss_dtype =
t.xtype
LEFT OUTER JOIN master.dbo.spt_datatype_info_ext e on
t.xusertype
= e.user_type
and isnull(d.AUTO_INCREMENT,0) =
e.AUTO_INCREMENT
where
d.DATA_TYPE between @mintype and @maxtype
and
(d.ODBCVer is null or d.ODBCVer = @ODBCVer)
and (t.xusertype <= 255
or
isnull(d.AUTO_INCREMENT,0) = 0)
order by 2, 12, 11,
case
when
t.usertype=18 then 255
else t.usertype
end
go
GRANT EXEC ON
sp_datatype_info TO public
go
--
-- Turn off MSShipped flag for any
other SP's (not that we're creating any)
--
EXEC sp_MS_upd_sysobj_category
2
go
--
-- Allow updates and hack sysobjects directly. Make sure sp
is marked as with
-- quoted identifiers and MSShipped
--
exec
sp_configure 'allow updates', 1
reconfigure with
override
go
update
sysobjects
set
status =
0x80000009
where
name = 'sp_datatype_info'
go
exec sp_configure
'allow updates', 0
reconfigure with override
go
Q. Should I apply SP1 for SQL 7? Are there any known issues?
A. SP1 for SQL 7 underwent extensive beta-testing for release and
so should be pretty stable.
However, it contains a LOT of fixes and
therefore new or regressed bugs are inevitable. When these are known they are
listed at the bottom of the article.
For any new release/servicepack you
are advised to apply and test on test systems first, and if at all possible do a
stress-test so that any problems with blocking/locks are found before rolling
out to a production system.
All service-packs come with problems, however
in most cases they fix a lot more problems than they cause. 99% of bugs you may
find in SP1 will be present in the gold release and all previous service packs
as well - they simply aren't fixed in SP1.
Should you apply it?
Yes.
SP1 is available via the downloads option from
http://support.microsoft.com/support/sql. Also ftp direct
from
ftp://ftp.microsoft.com/bussys/sql/public/fixes/usa/SQL70
Service
Pack 1 - Known new
Bugs/Regressions
-------------------------------------------
1. A
query which uses a like on an indexed unicode column will behave correctly prior
to SP1. After SP1 is applied the query will return no records. This is fixed in
build 710.
Q. Why do I get an error in sqlsspi.c?
A. Full message is :-
Assertion
Failed!
Program:C:\"Application Name"
File: ../src/sqlsspi.c
Line:
120
Expression: Count
The reason for this is that you are probably
running a Win9x client/server that does not have the "Client for Microsoft
Networks" installed. This is needed for (amongst other things) accessing network
security information.
Q. What is the equivalent of an Oracle synonym in SQL Server?
A. Create a view.
create view titlessynonym as select * from
titles
Q. Does SQL Server support tape-loaders?
A. SQL doesn't have tape loader support, so it will only use the
first tape in a device.
You can use tape loaders with SQL Server by
buying one of the 3rd party backup tools that work with SQL Server agents. These
do dumps from SQL Server via named-pipes (6.5) or VDI (7.0) and then utilise
their own drivers for device support.
Examples are :-
BEI Ultrabac
http://www.ultrabac.com/
Cheyenne
Arcserve http://www.cheyenne.com/
Legato http://www.legato.com/
Backup Exec http://www.seagatesoftware.com/
ADSM
http://www.tivoli.com/
Q. Does SQL Server support before and after (pre and post) triggers? What about row vs set triggers?
A. SQL Server only supports "after" triggers, not "before" ones.
You can see what the "before" data is by looking at the virtual tables created
that are accessible from the trigger. These tables are called inserted and
deleted.
SQL Server triggers only fire once per query, so they are set
triggers rather than row triggers.
SQL Server does not support select
triggers.
Q. Where can I get examples of XP code for SQL Server?
A. For SQL 6.5 download the PTK from http://support.microsoft.com/download/support/mslfiles/PTK_I386.EXE
For
SQL 7 look on the CD under \devtools
A. When run via SQL Executive/SQL Agent, the job runs with the NT
credentials of the NT user account that the SQL Executive/SQL Agent service is
running under. This account needs to have access to the network resources
concerned - i.e. shares, files, printers etc.
Check which account is
being used by going to control panel/services/startup and checking.
If it
is using the LocalSystem account then this has no network access.
Any
network resources you do use, make sure they are referenced by UNC name and not
a specific drive letter. i.e. \\server1\bcps and not H:\.
Q. How can e-mail with SQL Server without using an MS-Mail or Exchange server?
A. A variety of methods :-
1. Use xp_cmdshell to run an
SMTP sendmail program.
2. Use an XP with built-in SMTP functionality -
http://www.spudsoft.demon.co.uk/code/index.html
3. Configure NT's mapi
interface to talk to SMTP - try the following instructions for SQL 6.5. (note
these aren't written by the author, and haven't been tested either, but they do,
allegedly, work)
Set up Microsoft SQL Server service. Note: Microsoft SQL
Server must start up using a user account that has been given administrator
privileges. The account must also allow the user to logon as a service. This
allows Microsoft SQL Server to interact with email. Note: By default, SQL Server
6.5 creates an account named "SQLExecutiveCmdExec". Verify that this account
exists and is set up properly:
1. Click on the "Start"
button
2. Programs
3. Administrative Tools ( Common
)
4. User Manager for Domains, if the option is "User Manager" go to
step 9.
5. When the User Manager program loads, select "Users" from the
menu.
6. Choose the menu option "Select Domain"
7. Type in the
name of the machine, e.g. "DBASQLTEST"
8. Click the OK
button.
9. You should now have a list of users on the
machine.
10. If the account "SQLExecutiveCmdExec" exists: double-click
the user, a dialog box will appear. Skip to step 18.
11. Select "Users"
from the menu.
12. Choose the menu option "New User".
13. A
dialog box will appear.
14. In the User Name field, type
"SQLExecutiveCmdExec"
15. In the Full Name field, type
"SQLExecutiveCmdExec"
16. In the password field type a unique password
(record you password in a safe place, you will need it later in this setup
)
17. In the Confirm Password field retype the password you just
entered.
18. Uncheck the box next to "User Must change Password at Next
Logon".
19. Check the box next to "User Cannot Change
Password".
20. Check the box next to "Password Never
Expires".
21. Click on the "Groups" button.
22. The Group
Membership dialog box will appear.
23. Add the group
"Administrators"
24. Click the "OK" button to close the Group
Membership dialog.
25. Click the "OK" button to close the User
Properties dialog.
26. Select "Policies" from the menu.
27.
Choose the menu option "User Rights".
28. The User Rights Policy dialog
box will appear.
29. Check the box next to "Show Advanced User
Rights"
30. On the drop down select list, choose the option "Log on as
a Service".
31. Click on the "Add" button.
32. The "Add Users
and Groups" dialog box will appear.
33. On the drop down select list,
choose the current computer name, e.g. "\\SERVERNAME*".
34. Click the
"Show Users" button.
35. Scroll down the list of users and select
"SQLExecutiveCmdExec".
36. Click on the "Add" button.
37. The
user "SQLExecutiveCmdExec" should now be in the "Add Names:" list.
38.
Click on the "OK" button to close the "Add Users and Groups"
dialog.
39. Click on the "OK" button to close the "User Rights Policy"
dialog.
Install Windows NT Messaging. Note: Next, make sure Windows NT
Messaging
is installed on the Microsoft SQL Server machine. · Note: SQLmail
uses
Windows Messaging, so it needs to be configured for proper operation.
Note:
This can be verified by:
1. Open the Control Panel and
double click on Add/Remove Programs.
2. Select the Windows NT Setup tab
and scroll to the bottom of the list box that appears.
3. Verify that
the Windows Messaging check box is checked.
4. If it is not,check it
now.
5. Click OK.
6. At this point, if you need to install
Windows Messaging you will need to supply the Windows NT CD.
Set Up Mail
Services · Note: You will need two internet mail accounts before
continuing.
1. You will need a POP mail account login, password and server
name. 2. You
will need a SMTP mail account login, password and server name.
3. Next, close
all programs on the Microsoft SQL Server machine and log in as
a new user.
Use the SQLExecutiveCmdExec account.
1. On the desktop, right-click the
"Inbox" icon, and select Properties
option. Here you will need to add anew
profile for the SQLExec user. Click on
the "Add" button to begin creating a
Windows Messaging Profile: 2. Uncheck
the box next to "Microsoft Mail"
(Unless there is an Exchange Server
Available) 3. Ensure the box next to
"Internet Mail" is checked. 4. Click on
the "Next" button. 5. You will be
asked for the method to connect to the mail
server, check the radio button
next to "Network". 6. Click on the "Next"
button. 7. You will be asked to
specify the Mail server name or IP address,
enter either one here. 8. Click
on the "Next" button. 9. You will be asked to
choose the mode for
transferring messages. Check the radio button next to
"Automatic". 10. Click
on the "Next" button. 11. You will be asked for the
email address, enter it
in the Email Address field. 12. Enter
"SQLExecutiveCmdExec" in the Full Name
field. 13. Click on the "Next" button.
14. You will be asked for the mailbox
name. Enter a mailbox name in the
mailbox name field, e.g. userid. (This is
the mail server login name ). 15.
Enter the password for the mailbox name in
the password field. (This is the
mail server login name's password ). 16.
Click on the "Next" button. 17. You
will be asked for a location for your
personal address book. Use the
default. 18. Click on the "Next" button. 19.
You will be asked for a location
for your personal folder file. Use the
default. 20. Click on the "Next"
button. 21. You should receive the message
that setup is "Done!" 22. Click on
the "Finish" button. 23. In the profiles
list box, you should now see an
entry for "Windows Messaging Settings". 24.
Click on the "Copy" button. 25.
You will be asked to name the new profile.
Type "SQLExecutiveCmdExec". 26.
Click "OK" to commit the copy. 27. In the
profiles list box, you should now
see an entry for "SQLExecutiveCmdExec". 28.
In the drop down select list for
"When Starting Windows Messaging, use this
profile:", choose the newly
created profile, "SQLExecutiveCmdExec". 29. Click
on the "Close" button to
complete the setup.
Configure SQL Server
Service and SQLExecutive to use new mail account · You
will need to stop the
Microsoft SQL Server service 1. Open the Control Panel.
2. Double-click
Services. 3. Scroll down until you find Microsoft SQL Server,
select it, and
click the stop button. 4. The service status should change to
stopped. 5.
Double-click on the Microsoft SQL Server service to bring up its
properties
dialog box. 6. At the bottom of the dialog is the account by which
Microsoft
SQL Server will use to startup. Change this to use the
SQLExecutiveCmdExec
account. Be sure to enter the password correctly here or
Microsoft SQL Server
will not start up. 7. Close this dialog by clicking the
"OK" button. 8. Start
the service by clicking the start button. 9. The
service should start up
successfully. If it does not start check to make sure
the password you just
entered matches the one entered in the User Manager for
Domains. 10. Scroll
down until you find SQLExecutive, select it, and click
the stop button. 11.
The service status should change to stopped. 12.
Double-click on the
SQLExecutive service to bring up its properties dialog
box. 13. At the bottom
of the dialog is the account by which Microsoft SQL
Server will use to
startup. Change this to use the SQLExecutiveCmdExec
account. Be sure to enter
the password correctly here or Microsoft SQL Server
will not start up. 14.
Close this dialog by clicking the "OK" button. 15.
Start the service by
clicking the start button. 16. The service should start
up successfully. If
it does not start check to make sure the password you
just entered matches
the one entered in the User Manager for Domains.
Configure SQL Server
Setup Options 1. Click on the "Start" button 2. Programs
3. Microsoft SQL
Server 6.5 4. SQL Setup 5. The "Welcome" dialog will appear.
Click the
"Continue" button. 6. The "SQL Server Already Installed" dialog
will appear.
Click the "Continue" button. 7. Check the radio button next to
"Set Server
Options". 8. Click the "Continue" button. 9. Check the box next
to "Autostart
SQL Mail". 10. Click the "Mail Profile" button, which is the
last button in
the center of the dialog box. 11. In the dialog box that
appears, enter
"SQLExecutiveCmdExec". 12. Click the "OK" button. 13. Click
"Change Options"
button. 14. The "Exchange Login Configuration" dialog box
may appear again.
If it does, simply click the "Continue" button. 15. A
dialog box stating that
the options have been successfully set should appear.
Click the "Exit to
Windows NT" button.
You will need to stop and restart SQL Server 1. Click
on the "Start" button
2. Programs 3. Microsoft SQL Server 6.5 4. SQL Service
Manager 5. A dialog
box with a traffic light will appear. 6. Double click the
Red light to stop
the service. Watch the status bar at the bottom of the
dialog box for the
message "The service is stopped" 7. Double click the Green
light to start the
service. Watch the status bar at the bottom of the dialog
box for the message
"The service is running" 8. Close the dialog
box.
Set up Internet Mail ( MAPI Setup )
· You should have at least
Internet Explorer installed on your server.
1. Double click the "Internet
Explorer" icon on your desktop to start IE3.
2. Select "Go" from the
menu.
3. Choose the "Read Mail" option.
4. The "Browse for Folder" dialog
box will appear.
5. You may either choose a folder or use the default.
6.
Click on the "OK" button.
7. A new dialog "Wizard" will appear.
8. Click
on the "Next" button.
9. In the name field, enter
"SQLExecutiveCmdExec".
10. In the Email Address field enter the email
address, e.g. user@domain.com.
11. Click on the "Next" button.
12. In the
"Incoming mail (POP3) server" field, enter the name of the
POP3
server.
13. In the "Outgoing mail (SMTP) server" field, enter the
name of the SMTP
server.
14. Click on the "Next" button.
15. In the
"Account Name" field, enter the email account name, e.g. userid
16. In the
"Password" field, enter the email account name's password.
17. Click on the
"Next" button.
18. You will be asked for the connection type, choose "I use a
LAN connection"
19. Click on the "Next" button.
20. Click on the "Finish"
button.
21. The MAPI mail client will appear. You may close the MAPI mail
client
application.
Start SQL Enterprise Manager. See if SQL Mail is
working by expanding your server and seeing if the SQL Mail icon turns green. ·
If it turns red, something went wrong; green means it is working properly. · It
may take a little time for this icon to turn any color, so wait for a little bit
before doing anything else. · If everything seems to be working properly, open
the SQL Tool and type the following:
1. xp_sendmail
'user@domain.com',@message='This is a test message.' Where user@domain.com is an
existing internet mail address that can receive messages.
2. Execute
the statement by pressing Ctrl-E or clicking the green GO button in the
Query
Tool. You should receive a message in the result window stating "Mail
Sent."
Hopefully the configuration process went well and Microsoft SQL
Server is now capable of processing mail. There are numerous stored procedures
available to process inbound and outbound mail. See the SQL reference manuals
for more
information on these.
Q. How can I transfer DTS packages from one SQL 7 server to another?
A. Two choices :-
1. Use the DTS transfer wizard. Set msdb
as the source and destination databases and "select * from sysdtspackages" on
the source.
2. Save each DTS package as a file. Copy the .dts files
created to the target machine. From EM, right click Data Transformation Packages
and choose all tasks Open Package for each package.
Option 1 is
quicker...
Q. As a user of Digital/Compaq Alpha technology how does MS dropping support affect SQL Server?
A. The complete ramifications of this are not yet known, but
:-
1. Support for all currently released SQL products/service-packs
continues and will not be affected.
2. New service-packs for 6.5 and 7.0
will continue to be produced for Alpha for the time-being.
3. No future
new versions of SQL Server will be released on Alpha - i.e. SQL 7.5 (Shiloh)
will not appear for the Alpha chip.
Q. How can I check with SQL whether a table is already there or not?
A. Two methods :-
1. If object_id('tbl_name') is not
null
<command>
2. if exists (select * from sysobjects where id =
object_id('tbl_name') and sysstat & 0xf = 4)
<command>
Q. What does a wait type of CXPacket mean?
A. You will only get this with SQL 7 because it only happens with
parallel queries. It means that one thread of the query is is waiting for a
message packet from another, and the one it is waiting on is either blocked by a
traditional cause or has hit some sort of parallelism bug.
If the query
doesn't complete then make sure SP1 is applied as there are several parallel
query fixes in SP1. If it still doesn't fix it then you have run into an unfixed
bug and will need to contact MS PSS and raise a bug report. You should be able
to work-around the problem by adding MAXDOP(1) to the query which will prevent
the query being parallelised.
Q. Why do I get an error - 'DTS Wizard Error - CoCreateInstance Class not Registered'?
A. You will only get this with SQL 7 because it only happens with
parallel queries. It means that one thread of the query is is waiting for a
message packet from another, and the one it is waiting on is either blocked by a
traditional cause or has hit some sort of parallelism bug.
If the query
doesn't complete then make sure SP1 is applied as there are several parallel
query fixes in SP1. If it still doesn't fix it then you have run into an unfixed
bug and will need to contact MS PSS and raise a bug report. You should be able
to work-around the problem by adding MAXDOP(1) to the query which will prevent
the query being parallelised.
Q. How can I insert the output of a dbcc command into a SQL Server table?
A. Some DBCC commands support this directly via the "insert into
exec" type format, others don't. Examples of both are given.
A dbcc
command that works "normally" is useroptions - this is an example from the
books-online :-
drop table #tb_setopts
go
CREATE TABLE #tb_setopts
(SetOptName varchar(35) NOT NULL ,SetOptValue varchar(35) null)
INSERT INTO
#tb_setopts (SetOptName,SetOptValue)
EXEC('dbcc useroptions')
select
* from #tb_setopts
Another is dbcc sqlperf :-
CREATE TABLE
#TempForLogSpace
(
DBName varchar(32),
LogSize real,
LogSpaceUsed
real,
Status int
)
SELECT @sql_command = 'dbcc sqlperf
(logspace)'
INSERT INTO #TempForLogSpace EXEC (@sql_command)
One
that doesn't is dbcc checkdb. To make this work you'll need to use xp_cmdshell
and ISQL as follows :-
DROP TABLE #maint
go
DECLARE @SQLSTR
varchar(255)
SELECT @SQLSTR = 'ISQL -E -Q"dbcc checkdb(master)"'
CREATE
TABLE #maint (Results varchar(255) NOT NULL)
INSERT INTO #maint(Results)
EXEC('master..xp_cmdshell ''ISQL -E -Q"dbcc checkdb(master)"''')
select *
from #maint
Q. Why do I get weird messages using SQL 7's MMC on Windows 2000 RC1?
A. This is caused by bugs in the version of IE5 shipped with RC1. They are fixed in the RC2 build - install that when available.
A. Netware connectivity is available!
NT-based systems
can integrate with existing Netware servers. The IPX/SPX network protocol is
supported on NT by using the NWLink IPX/SPX Compatible Transport. So, on top of
this protocol, you need some tools to provide the integration.
Q. What are Client Services for Netware?
A. CSNW provides an NT workstation with basic file and printer connectivity to Netware. It supports both Bindery and NDS.
Q. What are Gateway Services for Netware?
A. GSNW is available only for NT servers. It includes the CSNW service to provide basic file and printer connectivity. In addition, GSNW allows an NT Server to act as a non-dedicated gateway. This means that your NT Server can connect to a Netware box and share the Netware drives as NT shares for all of your Microsoft network clients to access seamlessly (including those coming in via RAS).
While it works well, it's likely that it would be a bottleneck if you were going to link large networks using this single gateway!
The Netware server will need a special GROUP created called NTGATEWAY and a user account on Netware must be assigned to this group and to the gateway service on the NT Server.
Q. How do I install Gateway Services for Netware?
A. Perform the following:
Q. How do I attach to a NetWare 3.12 Server?
A. Perform the following:
Q. How do I attach to a NetWare 4.1 Server?
A. NetWare 4.1 connections is more complex than 3.12 connection as NetWare 4.1 has the complexity of NetWare Directory Services:
Q. What are File and Print Services for Netware?
A. CSNW and GSNW provide the ability to connect to Netware for file, printing and applications from your Microsoft network based clients.
FPNW does the reverse - it allows Netware clients to see the NT Server as if IT was a Netware box! FPNW allows you to appear as a Netware 3.12-compatible server.
Q. What is Directory Service Manager?
A. DSMN copies Netware user/group accounts to NT Server and will then propagate any changes BACK to the Netware box. This sharing of user/group information happens without you adding any software to the Netware side at all.
So, what does DSMN give you?
Q. What is Migration Tool for Netware?
A. This is a tool to allow you to migrate user and group accounts as well as login scripts, files and directories from Netware servers to a PDC or BDC.
This tool is located under the Administrative Tools program group and is called "Migration tool for NetWare". When run you have to select the NetWare server to convert and the NT service to convert the information into. Also you have to select a prefix for the NetWare users and groups, nw_, is the norm. Once the migration starts it may take a long time depending on the number of records.
Q. What are the NT equivalents of NetWare Rights?
A. The table below outlines the NetWare rights and the NT equivalents:
| NetWare | Windows NT |
| Supervisor (S) | Full Control (All) |
| Read (R) | Read (RX) |
| Write (W) | Change (RWXD) |
| Erase (E) | Change (RWXD) |
| Modify (M) | Change (RWXD) |
| Create (C) | Add (WX) |
| File Scan (F) | List (RX) |
| Access Control (A) | Change Permissions (P) |
Q. NWCONVE.EXE is not migrating your users and groups.
A. The Netware migration tool (nwconve.exe) does not support the NetWare Directory Services (NDS) service type of logon on Windows NT 4.0, and therefore you will need bindery emulation configured on the NetWare server for the migration to successfully migrate.
To configure bindery emulation perform the following on the NetWare Server
To set it perform the following (still on the NetWare Server)
You should then log off and back on to the NT Server. Rerunning NWCONVE.EXE should then run.
Q. I have very slow performance saving documents to a FPNW server.
A. File and Print services for NetWare allows an NT Server to be viewed by Novell clients. Problems can occur when trying to save a file to a FPNW volume, especially in Word.
The performance problem is caused by the save operation retrying every 3 seconds if a sharing violation is encounted caused by the optimization of both the Server service and the FPNW service.
To correct this problem perform the following
Q. How can I disable the print separator page when printing to a NetWare print server?
A. If you are using the client services for NetWare, CSNW, then upon installation a new control panel applet would have been created which allows the configuration of all things NetWare.
Banners will no longer be printed. You will also notice that options such as notifies and form feeds can also be configured.
Q. How can I stop my machine complaining about NWLNKRIP service not starting?
A. This service relies on NWLNKIPX and if this is not running the service cannot start. NWLNKRIP is installed if the machine is running NetWare protocol but if you don't want the service perform the following to stop it trying to start.
Q. NetWare migration tool cannot find the domain controller.
A. When the NetWare migration tool (nwconv.exe) is run it tries to establish a connection to the domain controller, or specifically the ADMIN$ share. If it fails the error:
Cannot connect to server: <servername>
The Network name cannot
be found
The Admin$ share can be disabled by setting AutoShareServer to 0 on the domain controller. To fix this perform the following:
You should now reboot however if that is not convenient just type
C:\> net share admin$
which will create the share now and thanks to the registry change it will also be created at reboot time.
If AutoShareServer was already 1 or did not exist the it may be just admin$ has been corrupted so again type the command
C:\> net share admin$
to recreate.
Q. How can I assign NetWare variables to NT variables?
A. If an NT Workstation computer is running the Client Service for NetWare (CSNW) or an NT Server is running the Gateway Services for NetWare (GSNW), the login variables used by NetWare can be assigned to relevant Windows NT environment variables.
These mappings are performed using the NetWare login scripts on the NetWare server and can be a personal, system or container login script. The basic syntax is
SET <NT variable name>="%<NetWare variable name>
For example
SET LOGIN_NAME="%LOGIN_NAME"
SET FULL_NAME="%FULL_NAME"
SET
MAC_ADDRESS="%P_STATION"
A. After I installing SP5 on my NT4.0 you may start to get "print banner" and "notify when printed" even though you have deselected them in CSNW tool.
The solution to this is simply to replace nwprovau.dll in the system32 folder with the one from SP4.
1. The file may be in use by Windows. But just end Explorer.exe. Start Task Manager and start Cmd.exe. Rename the file. Click New Task run Explorer.exe to show the desktop again.
2.If you created an uninstall folder for SP5 and your uninstall folder contains Service Pack 4, locate the Nwprovau.dll file in the WinNT\$ntservicePackUninstall$ folder, and then copy the file to the WinNT\System32 folder.
3.If you did not create an uninstall folder for SP5, locate the Service Pack 4 CD-ROM and copy the Nwprovau.dll file from the I386 folder on the CD-ROM to the WinNT\System32 folder.
Q. How do I add the services for Macintosh?
A. Follow the instructions below:
Q. How can I read a Macintosh disk from Windows NT?
A. Mac Opener 2 by DataViz (http://www.dataviz.com/) allows Macintosh disks to be accessed by NT.
Another option is to ask the Mac user to format a floppy disk as a PC disk. Every MacOS 7.1.2 or above is shipped with "PC Exchange" Control Panel which gives you ability to read, write and format PC disks.
Q. Does NT RAS support AppleTalk?
A. No, however NBT (NetBIOS over TCP/IP) protocol is available for Macintosh from http://www.thursby.com/ (allowing Macintosh access to NT shares over RAS or LAN connections)
Q. Can NT act as an AppleTalk client?
A. An AppleTalk protocol and client is available for NT from http://www.miramarsys.com/ and http://www.copstalk.com/.
Q. How can I make a Macintosh PPP connection to Windows NT RAS?
A. Information below from http://cru1.cahe.wsu.edu/mac_ras.html (reproduced as original link no longer works and its great information)
If you receive a dialog window "PPP wait timeout! Waiting on: OK", MacPPP was not able to communicate with your modem.
If you have an external modem:
If you have an internal modem:
Double check the modem init string. Check the Modem Init text file for additional suggestions or contact your modem vendor to ask for the recommended modem initialization string.
If that fails, then perhaps your modem is not capable of running MacPPP/MacTCP software.
If you prefer to use FreePPP, you can download it from RockStar.Com or the WSU-IT website.
If you do not have a userid and password on our CRU_RAS server, please contact Vida Jones.
Q. I am unable to write to the Microsoft UAM folder from the Macintosh?
A. The UAM (User Authentification Module) volume that shows up by default with SFM is set to read-only for the macs (except for Administrators). To change this start File Manager (winfile.exe) or Server Manager (under NT 4.0), from the MacFile menu choose View/Modify volumes. Select the volume, and clear the "This volume is read-only". You may also change permissions by clicking properties, then permissions. Permissions for Mac Users are set separately from standard NT file permissions.
Q. Is there an Outlook (Exchange Server) client for Macintosh?
A. The latest version of Outlook for the Macintosh includes support for Mac OS 8, and was released as part of the Exchange Server 5.5 SP1 update. It runs on Macintosh 68k and PPC platforms. The full Macintosh client can be downloaded from ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.5/Sp2/Mac/.
Outlook 8.2 for Mac is available as part of Exchange 5.5 service pack 3.
Q. What configuration is needed for Mac's to work with Proxy Server 2.0?
A. HTTP Proxy is a TCP/IP based protocol. So your machines need to have nothing more than TCP/IP. AppleShare, and Windows Networking are a layer above TCP/IP and proxy servers are not concerned with them.
Assuming that your Mac has TCP/IP, you need to do the following configuration:
1, Your Mac must have an IP address and subnet mask that allows it to see the proxy server. In my case my server's IP address is 10.0.0.2 (this is a Intranet address - a non translatable address not visible outside the network), and my Mac's IP addresses are like 10.0.0.* (where * can be anything in the range or 2 to 255) with subnet masks of 255.255.255.0 (so basically they can see any machine with IP addresses in the range of 10.0.0.2 to 10.0.0.255).
There are two ways of setting the IP addresses -
* you can manually set them on each machine. This is pretty straightforward. It is done in the TCP/IP control panel. Just make sure that you do not give the same IP address to two machines
* you can use DHCP.
In the case of DHCP, you need to have a DHCP server - you can set that up on your NT machine too (add DHCP in Network services). With DHCP, each machine gets their IP addresses assigned by the server when they start up - insuring that there are no clashes (duplicate IP #’s), and that each machine gets its own IP.
2, Your applications must be told where the proxy server is. This is pretty much the same as how you would set up you apps on the PC too. Apart from that you don't need to set up anything else for proxy services. You will need to go into IE and setup Proxy Settings (preferences); proxy should be Internal IP Address of your Proxy Server. (10.0.0.2) At This point you should be able to Browse the Internet if your Proxy is working. If not Check your socks service on the NT Server (proxy settings) and make sure you have set the ports to all ACCESS ALLOWED. (SOCKS security) GE=0.
In control panel on the Mac under TCPIP we had to modify two network cards in the drop down list at the top for this to work correctly. Your MAC be different. We had to edit the subnet (255.255.255.0) twice in order for it to stick it kept getting erased!)
IF, however, you want to access shared volumes and printers on the NT box from the Mac, you will need to set up NT Services for Macintosh (another can of worms). But this is not needed for Proxy (internet) access.
Q. I am unable to connect to the server using the Mac Outlook client, why?
A. The first point is you can't use WINS with a Mac. (unless you use a third party product, e.g. http://www.thursby.com/)
If you utilize Exchange, The connection to the Exchange server needs the resolved name of the IP address. You will need to enter the IP address for the name of your Exchange server instead of the name. It is also possible to use the Appletalk Protocol to connect to the Exchange server. Select your choice in the OL Setup.
If you utilize a Internet Providers EMAIL (POP), then enter the Internet Providers POP and SMTP servers IP address instead of the name. Replace mail.myserver.net with xxx.xxx.xxx.xxx (ip address of server).
This is because outlook supports an older version of Socks than Proxy server. The older version of Socks does not support DNS or named servers. There are ways to get around this but are far more complicated than just entering the ip address of the server.
Q. My Mac hangs if I connect to an NT share and don't have full permissions for the directory root.
A. If you are connecting from a Mac to an NT share, and you do not have full permissions on the root directory of said share, the Macintosh may lock up. The solution is to turn off the "Recent Servers/Applications" option from Control Panel.
Q. Does NT Workstation support RAID?
A. Workstation does not support fault tolerant RAID, e.g. RAID 1 or RAID 5, however it does support RAID 0 (stripe set without parity). Obviously hardware RAID will work as it is transparent to the Operating System.
There is much talk about changing the ProductType registry key to enable fault tolerance on NT Workstation and while it can be done this is against Microsoft licensing and would also be unsupported by Microsoft. Do NOT mail me asking for the method as I will not distribute it and will just delete the mail message without replying.
Q. What RAID levels does NT Server Support?
A. NT Server supports RAID 1 (disk mirroring) and RAID 5 (strip sets with parity check). NT also support RAID 0, which is Striping without Parity, however this offers no data redundancy.
Q. How do I create a Stripe Set with Parity?
A. Follow instructions below
Note - A stripe set will only use the lowest common disk space on each physical drive, i.e. with 3 disks of 100MB, 50MB and 40MB free, each part of the stripe set would only be 40MB with a maximum of 120MB partition in total.
Q. How do I recreate a broken Stripe Set?
A. When a member of a Stripe Set with Parity fails, you do not get a warning, and everything continues to work. Indications include when you start Disk Administrator and on the Event Log. Follow instructions below
Q. How do I remove a Stripe Set?
A. Follow instructions below
Note - You will lose ALL data on the stripe set
A. If NT is providing software RAID 0 or RAID 5 (stripe set or stripe set with parity) then neither the NT boot or system partition may be on a RAID 0 or RAID 5 volume. This is because using this type of volume requires the fault tolerant driver and that is loaded during NT's bootup. If you require NT to be on a stripped set then you will need to purchase hardware RAID.
Q. How do I create a Mirror Set (RAID 1)?
A. To create a mirror you should first create what the prime will be, and then you can create a mirror of it:
Q. How do I break a Mirror Set?
A. If part a Fault Tolerant is lost (by hardware failure etc.) then a message will be displayed "A disk that is part of a fault-tolerant volume can no longer be accessed". The drive will still be usable, but the Mirroring will have been suspended. To break the mirror set:
Q. How do I repair a broken Mirror Set?
A. Make sure you have an area of unpartitioned space that is at least the size of the Primary partition:
Q. Can I install NT on a stripe set?
A. No. See Q. Can NT be on a Stripe Set? for more information.
Q. I am unable to boot using on the Mirror disk.
A. When you create a mirror disk the partition is automatically created for you but the Master Boot Record of the disk is not updated with the NT boot loader.
To install the NT boot loader you should first partition and format the drive with disk administrator which will write the MBR to the shadow (to be) disk. You should then delete this partition and continue creating the mirror as normal.
If you already have a mirror disk which you need to boot off and do not wish to use a modified NT boot disk (see Q. How do I create an NT Boot Disk? for details) you can write the MBR record to the shadow disk using the repair process.
Q. I have reinstalled NT now I have lost all RAID/volume sets.
A. Windows NT stores information about volume/mirror/stripe sets in the HKEY_LOCAL_MACHINE\System\Disk registry key so if you reinstall Windows NT it will lose this information and not recognize the volumes as fault tolerant sets.
The best way to avoid this problem is before you reinstall perform the following:
A single file, SYSTEM, will be created on the disk. Keep the disk safe and you should label it with the system name and the date taken.
When you reinstall NT you can then start Disk Administrator and select Configuration - Restore from the Partition menu, insert the disk and your original volume/RAID sets will be restored along with any drive letter assignments.
If you are simply installing another installation of NT on the machine and keeping the original you can just perform a Configuration - Search from the Partition menu and it will attempt to find any other copies of Windows NT and then give you the option to duplicate its configuration.
If none of the above is possible and you have already lost your configuration the only option is to use the FTEDIT.EXE resource kit utility which enables the editing of fault tolerant sets. Full help is given with the utility but use it carefully or you may actually lose the data.
Q. How do I create a RAID 5 set in Windows 2000?
A. Windows 2000 introduces dynamic disks and all members of a RAID volume set have to be on a dynamic disk. To convert a disk from basic to dynamic see 'Q. How do I convert a basic disk to dynamic?'.
To create a RAID 5 set perform the following:
 Single File Version_files/2000_createvolume.gif)
 Single File Version_files/2000_raid51.gif)
The disk areas will then be shown as RAID 5 and in regenerating mode.
You may get a message from the Logical Disk Manager "The operation did not complete because the partition/volume is not enabled. Please reboot the computer to enable the partition/volume".Click OK to this message but do not reboot until the regeneration has completed and the volume is shown as healthy otherwise you will have to reformat the partition upon reboot completion.
You may find you have to reformat the volume even after this and it seems to be a bug at present.
Q. How do I delete a RAID 5 set in Windows 2000?
A. Deleting a RAID 5 set will result in all contined data being lost so make sure you backup first.
To delete a RAID 5 set perform the following:
All space used by the RAID 5 volume will now be listed as unpartitioned.
Q. How do I regenerate a RAID 5 set in Windows 2000?
A. If one part of a RAID 5 set is replaced as a result of faulty hardware the volume will not lose any data thanks to the stored parity information however you must replace the broken disk to re-enable the fault tolerant ability of RAID 5.
 Single File Version_files/2000raid5failed.gif)
Once you have replaced the bad disk perform the following:
 Single File Version_files/2000raid5repair.gif)
You are now fault tolerant again. The RAID5 partition will have been removed from the 'missing' disk.
If you had other partitions on the disk that was removed delete them by right clicking on the partition and selecting 'Delete Volume...'. You should now right click on the 'Missing' text and select 'Remove Disk' from the context menu.
 Single File Version_files/removedisk.gif)
If you ever put back the original disk it would be displayed as "Foreign". To read in this disk see 'Q. How do I import a foreign volume in Windows 2000?'
Q. How do I create a mirror set (RAID 1) in Windows 2000?
A. All members of a RAID 1 volume set have to be on a dynamic disk. To convert a disk from basic to dynamic see 'Q. How do I convert a basic disk to dynamic?'.
To create a RAID 1 set perform the following:
 Single File Version_files/addmirror2.gif)
The Mirror set will show as Regenerating.
 Single File Version_files/addmirror3.gif)
Q. How do I break a mirror set (RAID 1) in Windows 2000?
A. Breaking a mirror will not result in data loss, you will be left with two single volumes with duplicate data.
To break a RAID 1 set perform the following:
You will then be left with two volumes, you may want to delete the now unwanted ex-mirror to avoid any confusion.
You would have noticed on step 3 another option "Delete Mirror..", this removes both volumes making up the mirror losing any data on them.
A. Follow procedures below:
Q. How big and where should my Pagefile be?
A. Below are things to consider.
To enhance performance, one can create a second pagefile on another physical disk. MOVING, however, is never advised, since it disables the option to create a Memory dump file at a crash (System Properties, Startup-tab). In order to be able to dump the RAM content to the pagefile (saved i.e. as MEMORY.DMP), the pagefile MUST be located (as well) on the boot partition.
Q. Users complain server response is slow, but when I use the server everything is fine.
A. It could be the server Screen Saver! The Open GL screen savers (especially the pipes) can use every CPU cycle off the Server. In general you should always use the blank screen saver on a server.
Q. Is there a RAM disk in NT4.0?
A. No. However there is a piece of software which creates a RAM disk. In general the NT cache does a very good job. Microsoft also produced a RAM disk which still works on NT 4.0 called NTRamdsk.
A commercial package SuperDisk-NT is now available from EEC Systems (http://www.eecsys.com/)
Q. How can I monitor disk performance?
A. NT's built in Performance monitor can be used to monitor
disk activity, however this is not active by default, and needs to be activated
by typing
diskperf -y
from the command prompt. You will
then need to reboot, and then disk activity can be viewed using Performance
Monitor.
Q. How can I tell if I need a faster CPU?
A. You use Performance Monitor (Start - Programs - Administrative Tools - Performance Monitor) to see how much time the computer is waiting to use the CPU:
Q. I need to run a number of 16 bit apps, what is the best way to do this?
A. The best way is to create a shortcut to the 16 bit application, then right click on the shortcut and select properties. Click on the shortcut tab and check the box "Run in separate memory space". This will make the app run in its own VDM (Virtual Dos Machine) with its own memory space. This improves performance and system stability as one 16 bit app can no longer effect another's.
An application can also be forced to run in its own memory space
using:
start /separate <application name>
Q. How can I run an Application at a higher priority?
A. It is possible to start an application at a priority other than normal, however if you run applications at high priority THEY may slow performance. Priorities range from 0 to 31, 0 - 15 are used by Dynamic applications, such as user applications and most of the operating system parts, 16-31 are used by real time applications like the kernel which cannot be written to the page file. Normal priority is level 8 (NT 3.51 normal was 7). The full list is
To start an application at a priority other than the default use the start command, e.g.
start /<priority> <application>, e.g. start /high winword
To do the same thing from a shortcut just use:
cmd /c start /<priority> <application>
Be warned that if you run applications at high priority may slow performance as other application get less I/O time. To use the /realtime option you have to be logged on as a user with Administrator privileges.
To modify the privilege of a currently running application use Task Manager
It is also possible to increase the priority of whichever application is currently in the foreground, as opposed to the background processes.
Q. How can I monitor processes that start after I start the Performance monitor?
A. If you are running performance monitor in log mode, after the log is closed and you wish to view certain processes in the drop down list you only see processes that were running at the time you started the log. This is not true :-)
What this means is the instances shown are only those running at the start of the time window, so to add other processes running at other times, you may need to continue moving the start of the time window.
Q. How can I view information in the Event Log from the command line?
A. A utility called DUMPEL.EXE is supplied with the Windows NT Resource Kit which outputs a comma or tab separated file. It allows the events from all 3 logs to be dumped on the local or remote computer. For full information see the NT Resource Kit Tools help however below is the basic syntax.
dumpel -f <filename for output> [-s \\<servername>]
[-l <which log, e.g. system, application,security>] -c
e.g.,
dumpel -f applog.txt -l application -c
This would dump out the application log as a comma separated file (alternatively use -t instead of -c for a tab separated file).
Another useful switch is -e <event> which allows you to only output a given event, e.g.
dumpel -f winlogon.txt -l application -c -m "winlogon"
Would display all information re winlogon (you don't need the quotes if the event is one word).
Another application is NTLast which can be downloaded from http://www.ntobjectives.com/. This utility does two major things that event viewer does not. It can distinguish remote/interactive logons and it matches logon times with logoff times. Example uses:
ntlast - gets a default list of last 10 successful logons against
local machine
ntlast /f - gets last 10 failed logon
attempts
ntlast /f /i - gets last 10 failed interactive logon
attempts
ntlast /f /r - gets last 10 failed remote logon
attempts
ntlast /i - gets last 10 successful
logons
ntlast /r - gets last 10 successful remote
logons
ntlast /n 6 - gets last 6 logons
And most useful
ntlast /m machinename /f /r - gets last 10
failed remote attempts against machinename
Q. Is there anything to help diagnose performance problems?
A. You can use the Excel Macro Perfmon.xla. Perfmon.xla can be downloaded from http://www.ntfaq.com/ntfaq/download/perfmon.zip. Use the macro as follows:
This macro is only basic, but it may give you some starting points to investigate and automates the line of thinking you should be following.
Q. Is there anyway to output performance logs directly to a comma separated file?
A. The Windows NT Resource Kit ships with the PerfLog service which can output data directly to a file in with comma or tab separated format. To install perform the following:
To start the service select from the Services control panel applet and click start. You can also start from the command prompt using
C:\>net start "performance data log"
To change the config at a later time just rerun the PDLCNFIG.EXE image.
Q. How can I control the amount of memory NT uses for file caching?
A. Windows NT does not allow much tuning of caching except for one registry entry.
If you start the Network control panel applet and select the Services tab you can select Server and click Properties. Select "Maximize Throughput for Network Applications" to use less memory (this actually sets LargeSystemCache to 0).
System internals have released CacheSet (http://www.sysinternals.com/) which allows you to more specifically set memory used for caching.
Q. How can I stop Windows NT System Code and Drivers being paged?
A. Normally User-mode & kernel-mode drivers and kernel-mode system code is written to either pageable or non-pageable memory. It is possible to configure NT never to page out drivers and system code to the pagefile that are in the pageable memory area however this should only be done on systems with large amounts of RAM or severe performance problems could develop.
Q. How can I change the size of the pagefile?
A. We have previously discussed moving the pagefile (see Q. How do I move my pagefile? ), however it may be you just need to modify the size of an existing pagefile or add a new one as an addition to your existing one. Remember the more disk heads, the better performance so moving your page file to a RAID 0 disk arrangement would give excellent performance (RAID 0 is a stripe set without parity), while writing to a RAID 5 disk may adversely affect performance due to the extra parity information that needs to be written (RAID 5 is a stripe set with parity). There is little point adding a second pagefile to another partition if it is on the same physical disk, it would be better to just increase the size of the existing file, however 2 smaller pagefiles on different physical disks will give better results.
 Single File Version_files/pagefile.gif)
Q. How can I remotely change the size of a pagefile?
A. Pagefile information is stored in the registry as a multi_string (so you HAVE to use regedt32.exe) and can be changed locally as follows:
 Single File Version_files/pagefilereg.gif)
To change on another machine you should use the resource kit REG.EXE utility but the command below will replace the current page file and will NOT check you have enough disk space so you may want to create a script that does check. Make sure the machine is rebooted after the change.
C:\> reg update
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management\PagingFiles"="<location> <initial size> <max size>"
\\<remote machine>
For example:
C:\> reg update "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PagingFiles"="C:\pagefile.sys 120 140" \\titanic.savilltech.com
Make sure you test this before trying to use on live machines.
Q. Performance Monitor is not listing all possible objects and counters.
A. If when trying to add a counter and the list of objects and counters is incomplete or blank the problem could be the data files that hold the list has become corrupted.
Under registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib is a key identifying the language of the system, e.g. 009 for U.S. English. Performance monitor will only list that counters for the selected language ID (this can be changed via control panel)
To resolve the problem restore the files PERFC<country code>.DAT and PERFH<country code>.DAT (e.g. perfc009.dat and perfh009.dat for U.S. English) from the installation CD to the %systemroot%\system32 directory
Q. How can I tell the role of my NT machine?
A. There are several ways to do this, however the easiest is
to type the command
net accounts
And at the bottom of the
output, the Computer Role will be shown as one of the following:
WORKSTATION
- A normal NT Workstation machine
SERVER - A standalone NT Server
machine
PRIMARY - A Primary Domain Controller (PDC)
BACKUP - A Backup
Domain Controller (BDC)
Q. How can I tell who has which files open on a machine?
A. To view which files are currently open, and which user
has them open use the
net file
command which displays
information in the form of
ID Path Username # Locks, e.g.
ID Path User name # Locks ------------------------------------------------------------------------------- 9 D:\index.lnk savillj 0 11 D:\john.lnk savillj 0 23 D:\www.savilltech.com\images\me.gif savillj 0 27 D:\www.savilltech.com\images\mcse.gif savillj 0 31 D:\www.savilltech.com\images\mvp.gif savillj 0 35 D:\www.savilltech.com\images\40179.JPG savillj 0 39 D:\www.savilltech...\goldeneye.gif savillj 0 43 D:\www.savilltech...\Rita1sml.jpg savillj 0 47 D:\www.savilltech...\Rita2sml.jpg savillj 0 49 D:\www.savilltech.com\me.html savillj 0 The command completed successfully.
Also using net file, it is possible to delete a file lock
using
net file 47 /close
which would remove this
lock.
To use Net File you must have the server service running on the machine (check Start - Settings - Control Panel - Services)
You can also use the Server Control Panel Applet on the domain controller (In Use).
There is a freeware utility called OFL (Open File List) from http://www.merxsoft.com/ which provides more information.
The best 3rd party applications I have found are NTHandle (a command line file use utility), and NTHandleEx (a GUI version of NTHandle). Both these utilities are available from http://www.sysinternals.com/.
Q. How do I view all the applications/processes on the system?
A. You can use Task Manager that is standard part of NT (Right click on the Task Bar, and select Task Manager). There is also the PVIEW program that comes with Visual C++. For command line viewing there is TLIST that comes with the resource kit
Q. Where can I get information about my machine?
A. There are several utilities available, however winmsd is good, and can produce a full printed report about your computer including IRP,DMA settings for devices. A command line version of winmsd is called winmsdp which is good to run regularly, this utility is part of the Windows NT Resource Kit.
Q. How can I tell when NT was last started?
A. From the command prompt, enter the command net statistics workstation and at the top it says "statistics since ...". You will need to be quick with the Ctrl-S (to pause the output, Ctrl-Q starts it again). This will give the time since the workstation service was started, so if someone has performed a
net stop workstation
net start workstation
the time up will be incorrect.
The time NT has been up is also displayed from the PVIEW utility, and also there is a set of applications that display this information called 3UPTIMES.ZIP (there is a command line and a windows version included). These apps are from http://barnyard.syr.edu/~vefatica/. Be aware this gives incorrect information if the system has been up more than 50 days.
The last line of output from the Windows NT Resource Kit utility SRVINFO.EXE displays the total uptime as well in the format:
System Up Time: 24 Hr 3 Min 29 Sec
There is an preformance monitor object
Object: System
Counter : System
Up time
ElWiz from http://www.heysoft.de/nt/eventlog/ep-elwiz.htm will always give the right uptime (among lots of other usefull information) and it is free, too.
System Internals also now provide an uptime utility with source from http://www.sysinternals.com/misc.htm.
Q. I have lost my NT Installation CD-ROM case that had the Key number, how can I find it out?
A. The easiest way is to run WINMSD (Start - Run - Winmsd) and look at the Version tab. On the line above the register info you will see a number in the form of 50036-xxx-yyyyyyy-71345. The xxx-yyyyyyy is the number on the back of the CD case. This is also the same as the registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId.
Q. How can I get detailed system information from the command prompt?
A. The Windows NT Server Resource Kit supplies SRVINFO.EXE which is an excellent tool for gaining a picture of your system with including details about:
C:\>srvinfo
Server Name: GARFIELD
Security: Users
NT
Type: WinNT WorkStation
Version: 4.0, Build = 1381, CSD = Service Pack 4, RC
1.99
Domain: SVILLUK
PDC: \\SVLON1
IP Address: 160.82.220.19
CPU[0]:
x86 Family 6 Model 3 Stepping 3
Hotfixes: [Q147222]:
Drive: [FileSys] [
Size ] [ Free ]
Services:
[Stopped] Alerter
..
..
System Up Time:
23 Hr 51 Min 43 Sec
The utility has a number of switches to give extra/less information:
SRVINFO [[|-ns|-d|-v|-s] \\computer_name]
-ns: Do NOT show any
service information
-d: Show service drivers and service
-v:
Get version info for Exchange and SQL
-s: Show shares
Q. How can I tell when NT was installed?
A. NT stores its install time in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate in seconds from 1 Jan 1970. I've written a utility you can use that will display this (in converted form :-) ) and some other information. Download from http://www.savilltech.com/download/wininfo.zip.
 Single File Version_files/wininfo.gif)
Q. How can I tell if my NT installation is a 120 day evaluation or full?
A. If you install NT using setup disks that were created with an evaluation CD and even if you still enter a full registered product ID code then your installation will expire however Microsoft do not provide a method to tell if your installation will expire or not, very annoying when it only gives you one hours notice before shutting down!
Download Win Info from http://www.savilltech.com/download/wininfo.zip and the value of "Installation Type" will show either
Special thanks to Mark Russinovich at http://www.sysinternals.com/ for his help in deciphering the expiry information. Do not mail myself or Mark asking for the method of detection, we will not disclose it.
System Internals, http://www.sysinternals.com/, have released an excellent command line tool, ISTRIAL.EXE, which also tells you if your version will expire.
Q. How can I check what type of NT installation I have?
A. There are now many types of NT installation, Windows NT Workstation, NT Server, NT domain controllers, Terminal Server Edition and Enterprise addition. The normal way would be to just type "net accounts" however this will not give all the information sometimes. One way to check is to look in the registry
If you attempt to open or edit these values (depending on your service pack) a warning will be shown and the value changed back to its original. Don't try to change them.
If you don't want to muck around in the registry, WinInfo (from http://www.savilltech.com/download/wininfo.zip) displays the Product Type (and much more) and will be one of
Q. How can I tell if my NT installation is a "Not For Resale" installation?
A. Microsoft provide "Not For Resale" versions of NT Server as part of kits such as MSDN. This software is fully functional except it has a set number of licenses, i.e. 5 or 10 and these cannot be increased.
To test if your installation is Full or "Not For Resale" download WinInfo from http://www.savilltech.com/download/wininfo.zip and check the 'Installation type' value. If it says "Not For Resale Version" then you will be limited to 10 clients.
Q. Where is time zone information stored in NT/2000?
A. Selecting the Date/Time control panel applet and the 'Time Zone' tab allows the local country and its associated time difference to be set along with daylight saving to be enabled.
Changing this dialog updates the registry values under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation key and the most useful values are as follows:
| ActiveTimeBias | The current time difference from GMT (Greenwich Mean Time) in minutes. This is the difference FOR GMT, so if you are one hour ahead, GMT is one hour behind and the value would be ffffffc4 which is hex for -60. |
| Bias | The normal time difference from GMT excluding daylight saving in minutes. Again this is the difference for GMT, so if you are three hours ahead (if you live in Moscow) Bias would be ffffff4c which is hex for -180. If you were two hours behind GMT (if you're on a boat in the Mid Atlantic) GMT is two hours ahead so the value is 120. |
| DaylightBias | The time difference used for daylight saving, again for GMT, so one hour ahead would be ffffffc4 (hex for -60). Notice ActiveTimeBias is the sum of Bias and DaylightBias in daylight saving months, or same as Bias in standard months. |
| DaylightName | Name used during daylight saving months |
| StandardName | Name used during non-daylight saving months |
| DaylightStart | Tells the computer when to start daylight mode. |
| StandardStart | When to start standard mode |
| DisableAutoDaylightTimeSet | Only exists if you unselect the "Automatically adjust clock for daylight saving" and is set to 1. |
Using the resource kit REG.EXE utility you could query these from the command line
C:\>reg query
hklm\system\currentcontrolset\control\timezoneinformation\bias
REG_DWORD
bias 0
C:\>reg query
hklm\system\currentcontrolset\control\timezoneinformation\daylightname
REG_SZ
daylightname GMT Daylight Time
Q. How can I tell which process has file X open?
A. Files accessed from a user over the network can be viewed with the 'Net File' command
D:\>net file
ID Path User name #
Locks
-------------------------------------------------------------------------------
51
G:\www.ntfaq.com ADMINISTRATOR 0
The command completed
successfully.
This does not give information of files open by local processes. Two programs allow you to view which process has file X open, NTHandle (a command line tool) and HandleEx (a GUI version) both from http://www.sysinternals.com/.
 Single File Version_files/handleex.gif)
Example of HandleEx in action.
Q. How can I tell which DLL's and API calls a program makes?
A. The Windows NT/2000 resource kit supplies a utility called APIMON which can be used to monitor all DLL and API calls made. To use perform the following:
 Single File Version_files/apimon.gif)
Q. How do I disable CD AutoPlay?
A. You can use the TweakUI utility and goto the paranoia tab, or edit the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom and change Autorun 0x1 to 0x0 to disable autorun. If you use TWEAKUI it will only affect the current user, where as the registry entry will set it for all users. To achieve the same as TWEAKUI change HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and set the value NoDriveTypeAutoRun from 0x95 to 0xff.
Q. How do I install a Joystick in NT?
A. On the NT CD goto directory drvlib\multimed\joystick\x86 and right click oemsetup.inf and select install.
Q. How do I change my Soundcards Settings (IRQ)?
A. From Control Panel, double click MultiMedia. Select the "devices" tab and expand the Audio Devices. Click on the soundcard and click properties. Click settings, and scroll to the setting you wish to change and click "change setting". Change the setting and click OK, then reboot.
Q. Does NT 4.0 support Direct X?
A. Direct X is built into NT 4.0, although limited. There is no way to upgrade the Direct X part of NT, however Service Pack 3 has complete Direct X 3.0 support. NT 4.0 pre Service Pack 3 supports the DirectDraw, DirectSound and DirectPlay components of DirectX.
Q. Does NT have a speaker driver?
A. There is no NT speaker driver like there was in DOS, however this used to hammer performance and it is better to buy a cheap soundcard.
The very nature of this driver prohibits its use. A preemptive multitasking operating system will not allow enough CPU cycles to generate the sound. The sound is generated by pulse with modulation which requires 100% of CPU time while the sound is being played. Sound cards offload this to their DAC chips
Q. How do I install my SoundBlaster Sound Card?
A. If you have one of the newer Plug and Play Sound Blaster cards then the install is simple.
If you have one of the older non-PNP sound cards download the file awent40.exe and follow the instructions that come with the file once expanded.
Q. How do I install a WaveBlaster card?
A. Follow the instructions below:
Q. I have lost the speaker icon from my task bar.
A. You can easily recreate this by running systray.exe. To ensure that you have the speaker icon every time you start windows you can place it in your startup group.
Verify that the SystemTray value name at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run has a text string of SysTray.exe.
Alternativly start the Multimedia control panel applet (start - settings - control panel - multimedia) and check that "Show volume control on the taskbar" is checked.
Q. How can I get my PCI based sound card to work under Windows 2000?
A. There are currently problems in 2000 with PCI based sound cards, including the Creative PCI 64 and Creative PCI 128 however it is possible to use the NT 4.0 drivers after making a small change to your system.
The problem is that Windows 2000 uses IRQ steering by default. PCI bus IRQ steering gives Windows 2000 the flexibility to reprogram PCI interrupts when rebalancing Plug and Play PCI and ISA resources around non-Plug and Play ISA devices.
Without IRQ Steering Windows 2000 cannot rebalance PCI and ISA IRQs for Plug and Play devices around non-Plug and Play ISA devices to solve resource conflicts. For example, if your computer's BIOS is unaware of non-Plug and Play ISA cards, the operating system does not have PCI bus IRQ steering, and the BIOS has set a PCI device to IRQ 10, you may have a resource conflict when you add a non-Plug and Play ISA device that is configured for IRQ 10. However, with PCI bus IRQ steering the operating system can resolve this IRQ resource conflict.
To do so, the operating system:
To disable IRQ Steering perform the following:
 Single File Version_files/irqsteer.gif)
Once the machine has restarted you should be able to install your NT 4.0 PCI sound drivers (make sure you get the new drivers from the sound card makers website).
If you do not have a Standard PC, you must disable ACPI BIOS detection as follows:
An alternative to the reinstall is to open the Device Manager (right click on My Computer, select Properties and select 'Device Manager'), open the Computer, double click on the system type shown (for example MPS PC), go to driver tab. Click on update driver. Choose display a list of drivers. Choose Show all hardware of this device class. Choose Standard PC.
Now you can change the IRQ steering option. Reboot and install the proper sound card driver.
Q. How do I create a captive account?
A. It is not possible to create a captive account, however you can force a user to run a program, and if they close that program they can be logged out:
The file Logout.exe just logs out the user. It is also possible to restrict a Users applications using the Policy Editor. From the Policy Editor you can select which applications a User can run (make sure you give them Explorer!).
Microsoft have also created the zero administration kit which allows a user to be confined to a single application or a set of applications.
Q. Where should Login Scripts go?
A. Login scripts should be in the WINNT\SYSTEM32\REPL\IMPORT\SCRIPTS directory
Q. What should be in the Login Script?
A. This will vary from site to site, however generally a
login script will synchronize the time of the workstations with the server
(providing the servers time is accurate!), and perhaps connect a home area (this
is set using User Manager). Net use x: /home will ask the domain server for your
home area location and connect to it. A login script may be
@echo off
net
time \\johnserver /set /yes
net use p: /home
Q. Are there any utilities that help with login scripts?
A. With the NT resource kit you get KIX that enables you to write more advanced login scripts. There is also a freeware utility call KixTart.
Microsoft has released the Windows Scripting Host which is bound to be the next standard in all cases where scripting is necessary, including login scripts.WSH will be included in NT5 and can be downloaded at http://www.microsoft.com/management/wsh.htm.
Q. Is there a way of performing operations depending on a users group membership?
A. On the resource kit for NT you'll find a program called IFMEMBER, this is what you'll have to base your login script upon. Important safety tip, IFMEMBER works by checking for membership in a group and returning an ERRORLEVEL hence you'll have a bunch of IF THENS..
Ifmember sets errorlevel to the number of groups in the list that the user is actually a member of, for example:
| groupa | groupb | groupc | |
| savillj | Y | Y | N |
If you typed command
ifmember group1 group2
an errorlevel of 2 would be returned.
ifmember groupa
if %errorlevel%==1 <command>
Q. How do I limit the disk space for a User?
A. NT server has no way to do this, Windows 2000 has per volume quotas on NTFS 5.0 volumes.
There is 3rd party software for NT 4.0 such as
Q. What variables are available for use with a User?
A. Below is a list of variables you can use in login scripts and other batch files. These may only be used on NT client/servers.
| %COMPUTERNAME% | Name of computer |
| %HOMEDRIVE% | Users local drive letter |
| %HOMEPATH% | The full path of the users home area |
| %HOMESHARE% | The share that contains the users home area |
| %LOGONSERVER% | This is the name of the machine that validates the user logon |
| %OS% | The operating system the User is connected to |
| %PROCESSOR% | e.g. 486 (useful to put in a login script and ridicule if a 386 or below) |
| %USERDOMAIN% | Domain containing the Users Account |
| %USERNAME% | The name of the user |
Q. Can I add user accounts from a database?
A. There is a utility with the resource kit, ADDUSERS.EXE, that as an input excepts a database file (e.g. and Excel spreadsheet) and will add users and groups.
Q. Is there a utility that shows who is currently logged on?
A. The resource kit has a utility called WHOAMI.EXE. It displays the domain/workgroup and username. You can also press Ctrl+Alt+Del and the current logged on user will be shown.
Alternativly you could just display the %userdomain% and %username% variables, e.g.
C:\> echo %userdomain%\%username%
Q. How can I change environment variables from the command line?
A. The resource kit has a utility called SETX.EXE. It
enables the user to change environment settings, e.g.
setx
johnvariable 1
setx johnvariable -k
HKEY_LOCAL_MACHINE\...\DefaultDomainName
Q. How can I hide drive x from users?
A. This can be done using the TWEAKUI utility from the "My
Computer" tab, and just deselect the tick next to drives you want to hide. All
this does is change the registry value
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
\Explorer\NODRIVES
which is a 32-bit word (DWORD). The lower 26 bits of the 32-bit word correspond
to drive letters A through Z. Drives are visible when set to 0 and hidden when
set to 1.
Drive A is represented by the rightmost position of the bitmask when viewed in binary mode.
e.g. A bitmask of 00000000000000000000010101(0x7h)
The bitmask above hides local drives A, C, and E
Drives hidden using the NODRIVES setting are not available through Windows Explorer, under the My Computer icon, or in the File Open\Save dialog boxes of 32bit Windows applications. File Manager and the Windows NT command prompt are not affected by this registry setting.
Q. How do I make the shell start before the logon script finishes?
A. Change the registry value HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon\RunLogonScriptSync to 0, which means the shell starts before the logon script has finished. A value of 1 means the shell will not start until the logon script finished.
Q. How can I find out which groups a user is in?
A. NT provides a means of getting information about your
domain account using the
net user <username>
/domain
which includes information about group membership, however
there is a utility that ships with the NT resource kit called SHOWGRPS.EXE that
only shows the groups and the usage is:
showgrps
<domain>\<user>
e.g. showgrps savilltech\john
Q. I can no longer see items in the common groups from the Start Menu.
A. There is a registry flag that sets whether or not the common groups are displayed on the Start Menu. To disable this setting, set HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups to 0 using the registry editor (regedit.exe). By default this value will not exist.
Q. How do I configure a user so they can change the system time?
A. The ability to change the time on an NT system is a Right that has to be granted through the User Rights Policy in User Manager.
Also see Q. Can I synchronize the time of a NT Workstation with a NT Server?
A. To add a new user to a domain you need to logon to the Server as an Administrator and run the User Manager for Domains Utility. Before adding a new user however, you should consider the different naming conventions that can be used, and there are really 4 main standards
It is important to stick to a standard, however unless this is a new installation, there will already be a standard to follow at your company. To add a user:
Q. How do I configure roaming profiles?
A. When you sit at a computer and change its attributes, such as the wallpaper, when someone else logs on they still have the environment that they last had when they logged on, and this is achieved using a profile for the user which is stored locally in the %systemroot%/profiles/<username>, e.g. d:\winnt\profiles\savillj.
If the user then sat at a different computer they would not have their setup, to achieve a profile that follows the user to different NT machines (a roaming profile) you need to store the users profile on a network share, that can be downloaded each time the user logs on. When the user logs off the network profile is updated, and a copy of the profile is saved locally. To configure roaming profiles perform the following
To make the profile mandatory, i.e. the user cannot change it, rename the file ntuser.dat to ntuser.man which is located at the base of the profile location.
As mentioned earlier, profiles are cached locally to machines, however this can be disabled by performing the following
Q. How can I configure each user to have a different screen resolution?
A. You cannot, the screen resolution is stored in the registry, in a non-user specific area and is therefore not configurable for individual users. The resolution would have to manually changed when the user logs on.
Q. How can I create a list of all User Accounts?
A. There a number of ways to produce a list of all user accounts in a domain (or accounts just on a machine):
set oDomain =
GetObject("WinNT://SAVILLTECH")
WScript.echo "Domain : " +
oDomain.name
for each oDomainItem in oDomain
if oDomainItem.Class
= "User" then
WScript.echo " Full Name=" +
oDomainItem.FullName
end if
next It may be that none of these suit your exact needs, or you need to access the user list from within a program, you can use the NetUserEnum(), NetGroupEnum() and NetLocalGroupEnum() functions to get the required information. For each of these, the first argument is the computer name to perform the operation on, a null pointer will make it use the current system, or use NetGetDCName() to get the computer name of the Domain Controller. That's enough code for me, I'm starting to sweat :-)
Q. How can I add a user from the command line?
A. The simple answer is to use the net user <username> <password> /add (/domain) , however it is possable to automate not only the addition of the user, but also his/her addition to groups and the creation of a template user account directory structure. Many organisations have a basic structure with word, excel directories and some template files. This can be automated with a basic script. For example
addnew.bat
net user %1 password /add
/homedir:\\<server>\users\%1 /scriptpath:login.bat
/domain
net localgroup "<local group>" %1
/add
repeat for local groups
net group
"<groups>" %1 /add /domain
repeat for global
groups
xcopy \\<server>\users\template
\\<server>\users\%1\ /e
cacls \\<server>\users\%1 /e /r
Everyone
remove the everyone permission to the
directory
cacls \\<server>\users\%1 /g %1:F /e
cacls
\\<server>\users\%1 /g Administrators:F /e
Q. How can I move users from one machine to another?
A. If you just want to replace the PDC of a domain with a new machine, the easiest way is to install the new machine as a BDC and then promote to the PDC which removes the need of adding/removing users.
If you actually want to merge two domains or just move some accounts the procedure below should help. You will need the resource kit utility addusers.exe
Q. How can I configure a user to logoff at a certain time?
A. Basic user manager functionality allows the setting of working hours for a user, and using user account policies you can force NT to logout users who are logged on past their hours.
Q. How can I grant User Rights from the command line?
A. Usually user rights, such as Logon Locally, are grant by starting User Manager and selecting User Rights from the Policies menu. If you want to grant rights from the command line, for use with account generation scripts etc., the Windows NT Resource Kit Supplement Two includes a new utility called NTRIGHTS.EXE which grants user rights from the command line.
The program uses a series of codewords for each user right:
| Code Word | User Right |
| SeNetworkLogonRight | Access this computer from the network. |
| SeTcbPrivilege | Act as part of the operating system. |
| SeMachineAccountPrivilege | Add workstations to domain. |
| SeBackupPrivilege | Back up files and directories. |
| SeChangeNotifyPrivilege | Bypass traverse checking. |
| SeSystemtimePrivilege | Change the system time. |
| SeCreatePagefilePrivilege | Create a pagefile. |
| SeCreateTokenPrivilege | Create a token object. |
| SeCreatePermanentPrivilege | Create permanent shared objects. |
| SeDebugPrivilege | Debug programs. |
| SeRemoteShutdownPrivilege | Force shutdown from a remote system. |
| SeAuditPrivilege | Generate security audits. |
| SeIncreaseQuotaPrivilege | Increase quotas. |
| SeIncreaseBasePriorityPrivilege | Increase scheduling priority. |
| SeLoadDriverPrivilege | Load and unload device drivers. |
| SeLockMemoryPrivilege | Lock pages in memory. |
| SeBatchLogonRight | Logon as a batch job. |
| SeServiceLogonRight | Log on as a service. |
| SeInteractiveLogonRight | Log on locally. |
| SeSecurityPrivilege | Manage auditing and security log. |
| SeSystemEnvironmentPrivilege | Modify firmware environment values. |
| SeProfileSingleProcessPrivilege | Profile single process. |
| SeSystemProfilePrivilege | Profile system performance. |
| SeUnsolicitedInputPrivilege | Read unsolicited input from a terminal device. |
| SeAssignPrimaryTokenPrivilege | Replace a process level token. |
| SeRestorePrivilege | Restore files and directories. |
| SeShutdownPrivilege | Shut down the system. |
| SeTakeOwnershipPrivilege | Take ownership of files or other objects. |
To grant a user right perform the following
ntrights +r SeInteractiveLogonRight -u SavillTech\savillj
This would grant savillj of the SavillTech domain the right to log on locally. To grant the right on a remote machine use the -m switch
ntrights +r SeInteractiveLogonRight -u SavillTech\savillj -m \\<machine name>
Q. How can I configure the system so all users share a common favourites folder?
A. It is possible to explicitly define the UNC for the favourites folder for each user by editing the registry. The steps would be as follows
Q. How can I change the local Administrator passwords on machines without going to them?
A. As you may be aware it is possible to change your password from the command line using the net user command, and if you combine this with the at command you can run the command on different machines, e.g.
at \\<machine name> <time> cmd /c net user Administrator
anythingyouwant
e.g. at \\savilljohn 18:00 cmd /c net user
Administrator password
The /c after cmd causes the command window to close after the command has been executed. An alternative to the at command would be the soon command
soon \\<machine name> cmd /c net user Administrator password
For this to work you will need to ensure the Scheduler (Task Scheduler) service is running on the destination machines.
Q. How do I change my password?
A. Perform the following:
To change your password from the command line use the net user command, e.g.
net user <username> <password> (/domain)
To change from a program use the NetUserChangePassword() call.
Q. How can I configure default settings for new users?
A. When a new user logs in for the first time a copy of the default user profile (ntuser.dat) is copied into the users profile. To set default settings for a user you can edit the default ntuser.dat file. Anything you define under HKEY_CURRENT_USER can be changed by editing ntuser.dat.
To change default settings for a new user on a workstation perform the following:
Anyone logging onto the machine will now pick up these default settings.
To configure a default NTUSER.DAT for a domain perform the above and logon as a user to take these settings. You now need to export these out to the PDC.
If you have trouble exporting a profile see Q. I get an error when I try to export a profile other than Administrator. (I did :-) )
Q. How can I tell which User has which SID?
A. Perform the following:
If you knew the SID and just wanted to know the user name you could use the REG.EXE command (with Resource Kit Supplement 2), e.g.
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList\<SID>\ProfileImagePath"
e.g. reg
query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList\S-1-5-21-1843332746-572796286-2118856591-1000\ProfileImagePath"
And again this will show the ProfileImagePath giving you the user.
A. This was the standard behavior under NT 3.51, but for this to work under NT 4.0 as well as the user profile being ntuser.man instead of ntuser.dat the users profile folder also has to be .man so rename the users profile folder to <name>.man.
Q. How do I automatically logoff clients after n minutes of inactivity?
A. The registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters. Add a new variable (Edit - New - Dword value) and call it Disc. Set the value to the number of minutes inactivity wanted. Some network programs constantly communicate with the server (such as mail) so this will not always work. This will only terminate remote connections, to actually logoff from a session use the winexit.scr that comes with the resource kit.
Q. How can I modify the size of icons on the desktop?
A. As you may be aware you can change the size of icons in Explorer by selecting the Large icon/Small icon from the view menu. You can actually make the icons even bigger!
If large icons are selected in Explorer you will now see the new size, you don't need to logoff, just change folders.
It's also possible to change the icons for the small icon/start menu
Logoff and on again for the change to take effect.
To change the number of colours the icons use perform the following:
Again you need to logoff for the change to take effect.
A. This can be disabled via the registry:
You need to restart the computer for this to take effect.
Q. How can I configure the Alt-Tab display?
A. Again you can configure this through the registry:
Restart the computer for the change to take effect
Q. How can I edit the list of connections listed in Explorer when I map a connection?
A. When you select "Map Network Drive" from Tools menu in Explorer and click the drop down box for the path, Explorer checks the HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections area of the registry for a list of old/current drive mappings. To remove items from the list (or add) perform the following:
Q. How can I exclude the Temporary Internet Files folder from the user profile?
A. By default the storage area for temporary internet files is "%systemroot%\Profiles\<user>\Temporary Internet Files", and if you implemented roaming profiles then these files would count as part of your profile taking up valuable server space. To change the location from the browser perform the following:
You will need to restart the machine for the new location to take effect
Alternatively you could create a reg file to manually update the following registry values and include it as part of a logon script
An example .reg file would be
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Cache\Paths\path1]
"CachePath"="E:\\TEMP\\Cache1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Cache\Paths\path2]
"CachePath"="E:\\TEMP\\Cache2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Cache\Paths\path3]
"CachePath"="E:\\TEMP\\Cache3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Cache\Paths\path4]
"CachePath"="E:\\TEMP\\Cache4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Folders]
"Cache"="E:\\TEMP"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders]
"Cache"="E:\\TEMP"
Make sure you use 2 \'s. This would set the cache area to e:\temp however you could change this to anything you want. Save the above as cache.reg and run as
regedit /s cache.reg
Netscape does not store temp files under the user profile (if you are interested it is stored in the registry location HKEY_LOCAL_MACHINE\SOFTWARE\Netscape\Netscape Navigator\Users\<user>\DirRoot ;-) ).
Q. How can I stop the programs in my start-up folders running when I log on?
A. Hold down Shift during your logon and any programs in the startup folders will not run.
If Administrators wish to disable this behavior add IgnoreShiftOveride of type String to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and set the value to 1.
A. This can be caused by a number of things. You can try deleting the user from the command line:
net user <username> /delete [/domain]
If this does not work try renaming the account and then deleting it
The above solution would work if you had an invalid username (like AAAAAAAAAAA)
Q. How can I stop users from being able to map/disconnect network drives?
A. This is accomplished using the Policy Editor under normal conditions however it can also be performed by directly editing the registry.
Q. How can I disable a whole group of users?
A. There is no built in mechanism to do this but can be accomplished with 2 commands:
The first command users the resource kit utility SHOWMBRS.EXE outputing to a file:
C:\>showmbrs <domain>\<group> >
users.txt
e.g. C:\>showmbrs savilltech\sales >
users.txt
The second command iterates through the file and performs a net user <username> /active:no /domain
C:\>for /f "skip=2" %I in (users.txt) do net user %I /active:no /domain
An example output is as follows
 Single File Version_files/disblgrp.gif)
If you wanted to create a script enter the following into file dsblgrp.bat. The usage is
dsblgrp <group name>
e.g. dsblgrp savilltech\sales
REM
REM dsblgrp <group name>
REM by John Savill, 20th July
1998
REM
showmbrs %1 > users.txt
for /f "skip=2" %%I in
(users.txt) do net user %%I /active:no /domain
Make sure you use two %% before the I or it won't work.
There is a problem with showmbrs.exe that only view groups with less than 7 members. To fix this download the fixed version from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/Shombrs.exe
Q. How can I remove a user from a group from the command prompt?
A. If the group is a local group perform the following:
C:\> net localgroup <group name> <user> /delete
e.g.
C:\> net localgroup Administrators savillj /delete
If the group is part of a domain user
C:\> net group <group name> <user> /delete /domain
Q. How can I remove the : from the time?
A. This can be accomplished by editing the registry
To see the change logoff and on again.
Q. How can I rename a user from the command prompt?
A. A utility, RENUSER.EXE exists which can be downloaded from http://www.ntfaq.com/ntfaq/download/renuser.zip which has the following usage:
C:\> renuser <old username> <new username> [<domain
name>]
e.g. C:\> renuser savillj johns
savilltech
Q. Roaming profiles are not saved to the server.
A. If a user is a member of the Domain Guests group then no changes to profiles are stored, therefore you should check the members of the Domain Guests group do not include those users that are having the problem.
Q. I have made user shares hidden now connection fails.
A. To hide a share all you need to do is add the $ sign to the end, for example, \\server\share$.
If previously in your logon scripts you had the command
net use f: \\<server>\%username%
it will no longer work as the share is hidden with the $ and to connect you will need to specifically specify the $ so change the command to
net use f: \\<server>\%username%$
Q. How can I disable the Display control panel applet?
A. Using policies it is possible to disable the display control panel applet, however it can also be accomplished using the registry editor
The change takes immediate effect and if you try and run the display control panel applet either by right clicking on the desktop and selecting properties or starting from the control panel applet you will receive the message
"Your system administrator disable the Display control panel"
Q. How can I disable elements of the Display control panel applet?
A. Again using policies it is possible to disable elements of the display control panel applet, however it can also be accomplished using the registry editor
| NoDispAppearancePage | Removes the Appearance tab which means users cannot change the colours or colour scheme |
| NoDispBackgroundPage | Removes the Background tab meaning no more Pamela Anderson background (damn!) |
| NoDispScrSavPage | Removes the Screen Save tab |
| NoDispSettingsPage | Removes the Settings and the Plus tab |
These change takes immediate effect and any disabled tab will not be displayed.
Of course the user can go into the registry and change these back which is why it is better to implement these as policies (which is what I do), however as they take immediate effect there is nothing to stop someone creating a reg script to run as part of the start-up group, which sets it to how they want to get round the policy, but I would never condone this :-)
Q. How do I debug roaming profiles?
A. It is possible to create a log file of all roaming profile transactions using the checked version of userenv.dll. The checked version of the UserEnv.dll is the same dynamic link library (.dll) as the retail version, except that it contains debug flags that you can set and use with the kernel debugger. This file, which is included in both the Windows NT Device Driver Kit (DDK) and the Windows NT Software Development Kit (SDK)
A log file of the roaming profile transactions will be written to userenv.log to the root of the C: drive. Below is an profile log.
=========================================================
LoadUserProfile:
Entering, hToken = <0xb0>, lpProfileInfo = 0x12f4e8
LoadUserProfile:
lpProfileInfo->dwFlags = <0x2>
LoadUserProfile:
lpProfileInfo->lpUserName = <savillj>
LoadUserProfile:
lpProfileInfo->lpProfilePath =
<\\titanic\Profiles\savillj>
LoadUserProfile:
lpProfileInfo->lpDefaultPath = <\\TITANIC\netlogon\Default
User>
LoadUserProfile: lpProfileInfo->lpServerName =
<\\TITANIC>
LoadUserProfile: lpProfileInfo->lpPolicyPath =
<\\TITANIC\netlogon\ntconfig.pol>
ParseProfilePath: Entering,
lpProfilePath = <\\titanic\Profiles\savillj>
ParseProfilePath: Tick
Count = 20
ParseProfilePath: FindFirstFile found something with attributes
<0x10>
ParseProfilePath: Found a directory
LoadUserProfile:
ParseProfilePath returned a directory of
<\\titanic\Profiles\savillj>
RestoreUserProfile:
Entering
RestoreUserProfile: Profile path =
<\\titanic\Profiles\savillj>
RestoreUserProfile: User is a
Admin
IsCentralProfileReachable: Entering
IsCentralProfileReachable:
Testing
<\\titanic\Profiles\savillj\ntuser.man>
IsCentralProfileReachable:
Profile is not reachable, error = 2
IsCentralProfileReachable: Testing
<\\titanic\Profiles\savillj\ntuser.dat>
IsCentralProfileReachable:
Found a user profile.
RestoreUserProfile: Central Profile is
reachable
RestoreUserProfile: Central Profile is
floating
GetLocalProfileImage: Found entry in profile list for existing local
profile
GetLocalProfileImage: Local profile image filename =
<%SystemRoot%\Profiles\savillj>
GetLocalProfileImage: Expanded local
profile image filename =
<E:\WINNT\Profiles\savillj>
GetLocalProfileImage: No local mandatory
profile. Error = 2
GetLocalProfileImage: Found local profile image file ok
<E:\WINNT\Profiles\savillj\ntuser.dat>
Local profile is
reachable
Local profile name is
<E:\WINNT\Profiles\savillj>
RestoreUserProfile: About to call
UpdateToLatestProfile
UpdateToLatestProfile: Entering. Central =
<\\titanic\Profiles\savillj> Local =
<E:\WINNT\Profiles\savillj>
UpdateToLatestProfile: Central and local
profile times match.
RestoreUserProfile: About to Leave. Final Information
follows:
Profile was successfully loaded.
lpProfile->szCentralProfile =
<\\titanic\Profiles\savillj>
lpProfile->szLocalProfile =
<E:\WINNT\Profiles\savillj>
lpProfile->dwInternalFlags =
0x112
RestoreUserProfile: Leaving.
UpgradeProfile:
Entering
UpgradeProfile: Build numbers match
UpgradeProfile: Leaving
Successfully
ApplyPolicy: Entering
ApplyPolicy: PolicyPath is:
<\\TITANIC\netlogon\ntconfig.pol>.
ApplyPolicy: Local PolicyPath is:
<E:\WINNT\Profiles\savillj\prf1.tmp>.
ApplyPolicy: Looking for user
specific policy. OpenUserKey: No entry for savillj, using .Default
instead.
CopyKeyValues: EnableProfileQuota => 1
<OK>
CopyKeyValues: ProfileQuotaMessage => You have exceeded your
profile storage space. Before you can log off, you need to move some items from
your profile to network or local storage. <OK>
CopyKeyValues:
MaxProfileSize => 48 <OK>
CopyKeyValues: WarnUserTimeout => 15
<OK>
ApplyPolicy: Processing group(s) policy.
ApplyPolicy: Failed to
get group processing order.
ApplyPolicy: Looking for machine specific
policy.
OpenUserKey: No entry for ODIN, using .Default
instead.
ApplyPolicy: Leaving with 1
LoadUserProfile: Leaving with a value
of 1. hProfile =
<0x90>
=========================================================
Q. How can I copy a user profile?
A. User profiles are stored under the %systemroot%\profiles directory, but if you just try to copy this to someone else the new user will not have permission to use the profile. Instead the following procedure must be used.
You should then check that the file ntuser.dat has been created where you selected.
If you have trouble exporting a profile see Q. I get an error when I try to export a profile other than Administrator.
Q. What are the differences between NT and 9x profiles?
A. The first differences is that difference files are used:
| Windows NT | Windows 9x |
| NTuser.dat | User.dat |
| NTuser.dat.LOG | User.da0 |
| NTuser.man | User.man |
The Windows 9x User.da0 and the NT NTuser.dat.Log files work in a different way. Everytime you log off in Windows 9x a copy of User.dat is copied to to User.da0. Windows NT uses NTuser.dat.LOG as a transaction log file to provide fault tolerance. This allows Windows NT to recover the user profile if a problem occurs while Windows NT is updating NTuser.dat.
This obviously means you can't share a profile between the two OS's. Other differences include:
Q. When I log off all my home directory files are deleted.
A. The most common cause is if your roaming profile path and your home directory path are the same. It seems that part of the update makes sure the contents of the directories (and subdirectories) are the same, and as the local profile directory does not contain your home directory files they are deleted!
You should therefore change the location of the roaming profile so it is different from the users home directory. It may be a subdirectory if you wish. This can be changed by using the User Manager application, click the Profiles button and change the locations.
Q. How can I delete a local profile?
A. Using the System Control panel applet any locally stored profile can be deleted.
Please note you can't delete a profile if you are currently logged on as that user, an area that the profile is in use will be displayed.
If you want to remotely delete a locally stored profile you can use the DELPROF.EXE utility which is supplied with the Windows NT Server Resource Kit. The tool deletes all profiles that have not been used for a given number of days, for example
C:\>delprof /p /q /i /c:\\garfield /d:3
Would delete any profiles that have not been used for 3 days. The /p prompts for confirmation before deleting each profile, the /q suppresses the starting:
Delete profiles on \\garfield that have not been used in the last 1 days? (Yes /No)
prompt. The /i ignores errors, /c is the computer name and /d: is the number of days the profile needs to be older than.
Q. Copy profile locally problems.
A. If you are not using roaming profiles but are instead just copying a profile for another domain user on the local machine you may just create a directory under profiles for the user and copy it there as per the instructions in Q. How can I copy a user profile?
If you do this you will find that when the user logs in for the first time for whom you copied the profile, they will not use the directory you created for them, but instead a <username>.000 will be created instead. This is because a mapping is used for the user to the Profile area and if the user logs in for the first time and a directory of its user name already exists it won't use it and will instead create a new area of the format <username>.nnn where nnn starts at 000.
The workaround to this is to logon as the domain user first, logout and then copy the profile as this will setup the correct mapping of the user to profile area.
If this has already happened perform the instructions in Q. Defining the profile area to use for a user.
Q. Defining the profile area to use for a user.
A. By default when a user logs on for the first time at a machine a directory under %systemroot%\profiles is created under the name of the user to hold the users profile, e.g. for user saviljo the area created would be %systemroot%\profiles\saviljo.
Problems arise if the directory already exists and so an alternate directory <user name>.nnn will be created, starting with 000. This mapping is stored in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. You can therefore force a user to use a specific profile area by performing the following:
The user should now login using the profile you originally copied for them. Once you are sure it works you can delete the <username>.nnn directory under %systemroot%\profiles. You should make sure the user has the right to user the original profile, for example if you have copied it to that location and granted rights accordingly.
Q. How can I view which local groups on a trusting domain a user belongs to?
A. The normal method for checking which local groups a user belongs to on a machine would be to start User Manager and double click on the user in question and click the Groups button.
If however you wanted to see which local groups on a server a member of another domain belonged to there is no way to do this. Fortunately a utility from http://www.fidutec.com/ has been released as FreeWare which does exactly this. The diagram below best illustrates how it works.
 Single File Version_files/gestgrp.gif)
Download from http://www.ntfaq.com/ntfaq/download/gestgrp.exe
Q. How do I limit user profile space?
A. Service Pack 4 introduces PROQUOTA.EXE which is used to limit user quotas.
Profile quotas are enabled by using a system policy.
Ensure clients have the PROQUOTA.EXE image by either installation Service Pack 4 on them or manually copy the file to the %systemroot%\system32 directory.
When the clients log back on they will now have their quotas monitored and
these can be examined by clicking the  Single File Version_files/proquota.gif){kind=small}
small icon.
NOTE: Remember that the user will not be able to log off if the user profile quota is exceeded, and, by default, small files are not listed in the dialog that displays the files contained in the profile. If Internet Explorer 4.x is installed, these small files could include the entries in the Temporary Internet Files folder. This cache uses a small percentage of the total drive space, but can easily grow to be several megabytes in size. To delete these files, the user will need to empty the cache through the Internet Explorer Internet Options dialog box.
If quotas are enabled and the user cannot logoff, the PROQUOTA.EXE process can be killed in Task Manager. This will allow the user to logoff.
The following list describes the registry keys and values for Profile Quotas in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Q. I can't logoff as my user profile quota is over the limit.
A. Service Pack 4 introduced PROQUOTA.EXE which allows user profile space to be limited. In the event of the quota exceeded the user will not be able to logoff until the profile size has been reduced to within the limit.
If you need to logoff then you can simply stop the PROQUOTA.EXE process.
If you have the resource kit you could just enter the command
C:\> kill proquota
Q. How do I grant user rights in Windows 2000?
A. In Windows NT 4.0 user rights are assigned via User Manager - Policies - User Rights.
User Manager has been replaced in Windows 2000 and the way to assign user rights is not obvious!
Remember if you are setting this for a domain controller, DC's are by default in an OU (Organisational Unit) called Domain Controllers which has a setting for User Rights which will override any setting on the local computer. To edit the Group Policy Object (GPO) for the DC OU, right click on the OU in Active Directory Users and Computers, select Properties then the Group Policy tab.
 Single File Version_files/nt5profl.gif)
Q. How can I logoff from the command prompt?
A. The Windows NT 4.0 Resource Kit Supplement 2 ships with the utility LOGOFF.EXE and this can be used to logoff from the command line.
The syntax is
C:\> logoff [/f] [/n]
Where the option /f means running processes will be closed without asking to save unsaved data but will ask for confirmation. /n will logoff without confirmation but will ask to save unsaved data.
Using both together will result in no confirmation and all unsaved data being lost.
Q. Where is User Manager for Domains in Windows 2000?
A. Windows 2000 no longer users User Manager for domain account administration. The new tool is the "Directory Management" MMC. See Q. How do I administer domain users in Windows 2000? for more information.
Q. How do I administer domain users in Windows 2000? - Windows 2000 only
A. Windows 2000 has a whole new look for its administration tools with Microsoft Management Console (MMC) snap-ins, and for the administration of domain users the Domain Management MMC snap-in is used. This is selected from the Administrative Tools folder (Start - Programs - Administrative Tools - Directory Management)
Once started expand the domain and Users branch to see the users.
 Single File Version_files/dirman.gif)
Context menus are heavily used in Windows 2000, and an example is to change a users password simply right click on the user and select "Reset Password".
 Single File Version_files/resetpass.gif)
Selecting Properties allows other properties of the user to be set such as
group membership, profile location etc.
Q. How do I remove the Goto menu from Explorer?
A. Service Pack 4 for Windows NT 4.0 and Windows 2000 support a system policy "Remove Tools->GoTo menu from Explorer". To configure via the policy editor, poledit.exe, perform the following:
Alternatively you can perform this directly in the registry
Q. How do I rename a global group?
A. There is no application way to rename a global group, the only action that can be taken is to create a new global group and copy the contents:
You will notice the content of the original group has been copied over. You can now delete the original global group but be careful, global groups are often used in local groups in the specific domain and any trusting domains so ensure it is not used anywhere prior to deletion.
An API exists, NetGroupSetInfo, which allows you to change its name with GROUP_INFO_0 and specify a value using grpi0_name.
Q. Global groups over 20 characters create problems, why?
A. When you create a global group using User Manager it will not allow you to create a global group of more than 20 characters, Local groups do not have this restriction.
This limit is imposed to allow for interoperability with OS/2 LAN Manager, DOS LAN Manager, IBM LAN Server, and Windows for Workgroups.
You may have created a global group of more than 20 characters if you wrote a custom application that called the NetGroupAdd() function. Always limit your programs to 20 characters using LM20_GNLEN constant as defined in LMCONS.H.
You may find the group works fine until you try to access it in User Manager then you would get the message below:
The following error occurred accessing the properties of the group <group name>:
The filename, directory name, or volume label syntax is incorrect.
The group properties cannot be edited or viewed at this time.
To fix the problem you would need to write a custom app calling the NetGroupDel function as you can't rename a global group.
Q. How can I disable the "Logon Using Dial-Up Networking" at logon time?
A. It is possible to disable the "Logon Using Dial-Up Networking" check box when logging on by performing the following:
The change will take effect at next reboot and the logon using dial-up networking box will be greyed out.
Q. How can I stop a user closing the login script before it completes?
A. Jobst Schmalenbach has written an updated Gina.dll which can be configured to log the user off is they attempt to close the login script before it completes execution.
It can be downloaded from http://senna.eng.monash.edu.au/~jobst/WindowsNT/index.html and contains full configuration instructions.
An alternative is to hide it. This can be done by creating DWORD value HKEY_USERS\<user>\Console\WindowSize and set to 050005 in Hex and HKEY_USERS\<user>\Console\WindowPosition set it to 04FF06FF in Hex. This makes the Window very small and positions it off the screen.
Q. How can I configure a screen saver using a System Policy?
A. Its possible to write your own .adm file (which is what System Policy Editor uses) to create a more flexible Screen Saver policy.
 Single File Version_files/scrsave.gif)
Q. How can I tell at what time I logged on?
A. If you type
C:\> net statistics workstation
from the command prompt it will show you the time the workstation service started which does NOT necessarily reflect the last logon time as some sources would have you believe.
If you press Ctrl - Alt - Del then you will also be shown the logon date and time.
The best way is to use the Event Viewer:
You will need to ensure auditing is enabled for logon success and failure
Q. How can I stop certain folders being replicated as part of the user profile?
A. Service Pack 4 introduced a new registry setting, ExcludeProfileDirs, which can be used to exclude certain directories from the replication of user profiles.
To implement perform the following:
This can also be done via a system policy:
Start the Policy Editor (poledit.exe)
Create a new policy (or open an existing one providing it was created after SP4 installation)
Double click Default User
Expand 'Windows NT User Profiles'
Check the 'Exclude directories in roaming profile'
In the data box type the name of the directories to be
excluded
Click OK
Save the policy to the netlogon share of the PDC
Q. How can I generate a list of last user logon times for a domain?
A. I've written a small bit of VBScript which using the Windows Scripting engine can be used to generate a list of all user last logons (if the last logon time is not available the user will be omitted). You will need Windows Scripting Host installed, see 'What is the Windows Scripting Host' for more information'.
Save the following text into file userlogin.vbs
' List last logon times
' 07-09-1999 John Savill, http://www.ntfaq.com/
on error resume
next
set oDomain = GetObject("WinNT://SAVILLTECH")
WScript.echo "Domain :
" + oDomain.name
for each oDomainItem in oDomain
if oDomainItem.Class =
"User" then
WScript.echo "Full Name=" + oDomainItem.FullName + "Last login="
+ formatdatetime(oDomainItem.LastLogin)
end if
next
In line 'set oDomain = GetObject("WinNT://SAVILLTECH")' you should change SAVILLTECH to your domain name.
To run type the following:
C:\> cscript userlogin.vbs
Below is a sample output:
C:\>cscript d:\temp\disuser.vbs
Microsoft (R) Windows Scripting
Host Version 5.0 for Windows
Copyright (C) Microsoft Corporation 1996-1997.
All rights reserved.
Domain : SAVILLTECH
Full Name=Maria Aala (DIS 120
inactive)Last login=27/05/1999 14:44:24
Full Name=Paul J AaronLast
login=16/08/1999 13:01:56
Full Name=Hany A AbbasLast login=23/08/1999
13:25:46
Full Name=Tony S AbbittLast login=27/08/1999 15:07:20
Full
Name=Adnan AbdallahLast login=16/07/1999 10:34:58
Full Name=Tony AbelaLast
login=21/07/1999 10:43:20
Full Name=Juan Claudio AbelloLast login=25/06/1999
11:15:32
Full Name=Marie J B AbreyLast login=07/09/1999 08:00:34
Full
Name=Philippa AbsilLast login=07/09/1999 06:33:18
Full Name=Ace Test account
for NetID - Alistair PurvisLast login=28/01/1999 07:5
4:30
Full Name=Chris
AckermannLast login=07/09/1999 08:21:20
Full Name=Curtis S AdamsLast
login=10/08/1999 12:32:02
Full Name=Helen R Adams DIS user left 27.8.99Last
login=02/08/1999 08:52:58
Full Name=Michael Adams Dis 4.6.99 NMFLast
login=03/06/1999 08:50:10
Full Name=Philip R AdamsLast login=14/06/1999
12:49:00
The advantage of using VBScript is you can change the code to output exactly what you want but don't mail me asking for help changing it!
In the above example it only checks with the PDC. If you have BDC's these values may be wrong as last logon times are not updated from BDC's to the PDC. You may want to update the script to also query the BDC's and display the latest time (if anyone does this feel free to mail it to me and I'll update the FAQ).
You can also use USRSTAT.EXE from the resource kit.
Q. How do I delete/rename the Recycle Bin?
A. When you right click on the Recycle Bin it's context menu does not display a rename or delete option as on other desktop shortcuts/components. To add the rename option perform the following:
If you right click on Recycle Bin you now have a rename option.
If you want to be able to delete the icon change the Attributes value to 60010020 by following the procedure above. To have the rename and delete option change the Attributes value to 70010020. You can now delete by right clicking on the icon and select Delete. Click Yes to the confirmation.
You may want to avoid manually updating the registry and you can delete the icon by using the TweakUI utility. If you have TweakUI installed perform the following:
Q. How do I disable Task Manager?
A. This can be done using the registry as follows
This can also be done using the policy editor
To remove Task Manager for all users just rename taskmgr.exe to something else, or if it is on a NTFS partition you can set the permissions so normal users cannot access it.
Q. How do I disable Window animation?
A. Using TWEAKUI on the General tab, you can unselect "Window Animation" which will stop the animation when a window is minimized/restored. This can also be accomplished using the registry:
Q. How do I reduce/increase the delay for cascading menus?
A. You can use TWEAKUI - Mouse tab and decrease/increase the menu time, however this can also be accomplished using the registry editor and changing the value HKEY_CURRENT_USER\Control Panel\Desktop\MenuShowDelay.
Q. How do I change the My Computer icon?
A. This can be changed using Themes for NT or the Plus Tab of Display settings, however it can also be changed using the registry editor
Q. How do I hide the "Network Neighborhood" icon?
A. You can use TWEAKUI and on the "Desktop" tab unselect "Network Neighborhood". This can also be done using the registry:
Q. Why can't I move any icons?
A. It is possible to configure NT to autoarrange the icons, which means you cannot manually move them. To turn off this feature, right click on the desktop (anywhere where there is not a window), Arrange Icons, and unselect auto-arrange.
Q. How can I disable the Right mouse button?
A. For those systems running with Service Pack 2 or above, it is possible to disable the context menu as follows:
To remove this, just delete the value NoViewContextMenu and logout and login again (or set it to 0)
Q. How do I change the colour used to display compressed files/directories?
A. The colour used is stored in the registry in hexadecimal format, therefore before you try and change the colour you need to work out what the value is in hex. Usually you know a colour as an RGB value like 255,0,0 for red and to convert this to Hex use the calculator supplied with Windows NT (calc.exe)
You will now have a hex value for the colour, e.g. 255,128,0 would be ff, 80, 0
If you would prefer to avoid the registry, you can make the same change using the TweakUI utility
Q. How can I configure the wallpaper to be displayed somewhere other than the center of the screen?
A. It is possible to configure NT to display a wallpaper anywhere on the screen, however you have to manually update the registry
Q. How can I stop the "Click here to begin" message?
A. There are 2 ways to accomplish this. If you have the TweakUI utility perform the following
If you don't have TweakUI you will need to edit the registry directly
Q. How can I get more room on the Task Bar?
A. If you move the cursor over the top of the task bar it will turn into a double headed arrow. When the cursor is the double arrow hold down the left hand button and drag upwards and the task bar's area will be increased one row at a time. Likewise you can shrink it by dragging downwards.
Q. How do I add the Control Panel to the Start Menu?
A. Create a New folder under the start menu you wish to have it on. (administrator or All users) Name the New folder
Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
Complete with the period, brackets and dashes. Once entered it will automatically be renamed to Control Panel and unlike the Settings Control Panel it will be cascading meaning all control panel applets will be shown as sub-objects.
If you have a problem, try pressing F5 to refresh the screen, or log off and on again.
Q. How can I remove a program from the Open With when right clicking?
A. Each entry in the "Open With" has an entry in the registry HKEY_CLASSES_ROOT called <extension>_auto_file, e.g. doc_auto_file for work. To remove the entry just delete the base <extension>_auto_file tree in the registry. If you were unsure you could use the following:
Q. How do I change the Internet Explorer icon?
A. For Internet Explorer version prior to 4.0 follow the procedure below:
There is a program called MicroAngelo available from http://www.iconstructions.com/ which automates this procedure.
The solution above does not work for Internet Explorer 4.0 and above, the method is as follows:
There are some really nice IE icons at http://www.blably.com/iconstructions/ .
Q. How do I add an item to the Right Click menu?
A. Follow the procedures below:
When you right click on a file the new entry will be displayed.
Q. Is it possible to move the Task bar?
A. The Task bar can be moved any of the 4 sides, left, right, top and bottom. To move just single click on the task bar and drag to the side you wish the task bar to reside on.
If you have lost the task bar just press Ctrl-Esc to redisplay.
Q. How can I configure NT to display a thumbnail of bitmaps as the icon instead of the Paint icon?
A. Perform the following, for best effect make explorer use large icons
Q. Can I remove one of the startup folders on the Start Menu?
A. Unfortunately no, one is your own user startup folder (%systemroot%\Profiles\<Username>\Start Menu\Programs\Startup) and the other is the All Users (%system root%\Profiles\All Users\Start Menu\Programs\Startup). Both are system files and therefore undeletable.
It is possible to hide one or both of the startup folders by setting the hidden attribute on the folder:
attrib +h %system root%\Profiles\<Username>\Start Menu\Programs\Startup
A trick has been found to remove one of the startup menus by copying the All Users Startup group over the Administrator Startup group which then deletes the All Users startup group.
Q. How can I clear the Run history?
A. The Run history is stored in the registry in location HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU as a series of values a-z. To delete an entry from the run menu perform the following:
If you want to clear the whole Run list you can use the TweakUI utility
Q. How can I remove the Documents menu?
A. There is no way to remove the Documents menu from the Start button without Active Desktop installed and you have to empty it at the start of each session. With Windows 98 you can remove the Documents menu.
Log off and on again and the Docuements menu is gone.
For NT you will have to perform the following:
The documents menu is actually the contents of %systemroot%\Profiles\<username>\Recent, e.g. d:\winnt\Profiles\savillj\Recent, and if you delete the contents of this folder then nothing will be shown in the documents menu. The easiest way to do this would be to create a batch file and place it in you startup group
When you login from now on the batch file will be run and delete your Documents menu.
The same effect can be gained if you have TweakUI installed by clicking the Paranoia tab and checking "Clear Document history at logon"
If you have Active Desktop in NT 4.0 or Windows 2000 using TweakUI 98, select the IE tab and unselect the 'Show Documents on Start Menu'. This can also be done by directly editing the registry and setting HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu to 1 (of type REG_BINARY).
Q. How do I disable the context menu for the Start button?
A. The context menu if displayed when you right click on an object. If you right click on the Start button you get options to start explorer, find etc. To disable this perform the following:
Right clicking on Start will now have removed these options.
To disable the context menu entirely perform the following
To re-enable the Context menu you would set to 0. Logout and in again for this to take effect.
Q. How do I change the Network Neighborhood icon?
A. This can be changed using Themes for NT or the Plus Tab of Display settings, however it can also be changed using the registry editor
Q. How do I change the Recycle Bin icons?
A. There are two icons for the Recycle bin, an empty and a full. To change them use the following
You can also change the icons using the Plus tab of Display properties.
Q. How do I change the Briefcase icon?
A. To change this icon perform the same as in Q. How do I change the Network Neighborhood icon? but use HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\DefaultIcon in step 2.
Q. How can I get rid of the arrow over the shortcuts?
A. You can remove the overlay by using TweakUI
You can also remove the arrow by editing the registry
Q. I have deleted the Recycle bin how can I recreate it?
A. If you have TweakUI click the Desktop tab and check the "Recycle Bin" and click Apply then OK. If you do not have TweakUI you can re-add by directly updating the Registry:
Q. I have deleted Internet Explorer from the desktop how can I recreate it?
A. Again you can use TweakUI, select Desktop and check the "The Internet" box, click Apply then OK. Alternatively you can directly edit the registry:
Q. How can I add a shortcut to launch a screensaver on the desktop?
A. Screensavers are just programs with a .scr extension. To create a shortcut of a screensaver perform the following:
This screensaver would not be password protected.
Q. How do I delete/rename the Inbox icon?
A. When you right click on the Inbox icon it's context menu does not display a rename or delete option as on other desktop shortcuts/components. To add the rename option perform the following:
If you right click on the Inbox icon you now have a rename option.
If you want to be able to delete the icon change the Attributes value to 60000000 by following the procedure above. You can now delete by right clicking on the icon and select Delete. Click Yes to the confirmation.
You may want to avoid manually updating the registry and you can delete the icon by using the TweakUI utility. If you have TweakUI installed perform the following:
Q. I have deleted the Inbox icon, how can I recreate it?
A. If you have TweakUI click the Desktop tab and check the "Inbox" and click Apply then OK. If you do not have TweakUI you can re-add by directly updating the Registry:
Q. How can I stop and start Explorer (the shell)?
A. Explorer is just a process so you can stop the Explorer process and then start a new one. You should use caution with this though and you will also lose the service type icons on the taskbar when Explorer restarts.
Q. How do I enable the mouse snap-to?
A. Is it possible to configure windows to move the mouse to the default button to speed up general operations. To enable this perform the following:
This can also be accomplished using the Mouse control panel applet, select the "StepSavers" tab and check the SnapTo box if you have the IntelliMouse software installed or select the Motion tab and check the "Snap Mouse to the default button in dialog" box if you don't. Click Apply then OK and you won't have to reboot.
Q. How do I enable X Windows-Style auto-raise?
A. Is it possible to configure windows so when you move the mouse over a window it will come into focus:
Q. How do I remove a template from the New menu?
A. If you select New within, for example, Explorer you will be given a large list of document templates that have registered themselves on your machine.
If you would like to trim away some of these perform the following:
It will now be removed from the new menu (you will have to restart Explorer if it is running so it reloads in the registry information).
Q. I don't have the new item on my desktop context menu.
A. If when you right click on the desktop there is no "New" item perform the following:
You should now have a New item on the desktop context menu. A reboot is not needed.
Q. How do I remove the Favorites branch of the Start menu?
A. If you wish to remove your Favorites from the Start menu perform the following:
Log off and on again and voila, the Favorites menu is gone.
Q. How do I disable the logoff buttons?
A. If you wish to disable the logoff buttons on the Start menu/NT Security dialog perform the following
The change takes immediate effect. To undo simply set to the value to 0.
Q. How do I stop the default Shortcut to text added to new shortcuts?
A. Perform the registry change as described below to stop the "Shortcut to" being prefixed to the name of your shortcuts.
Q. How do I modify the shortcut arrow?
A. Perform the registry change as described below to modify the arrow used on shortcuts
The above change would then take effect at next logon.
To avoid the logoff you could modify an icon related entry, make the screen repaint by changing the background and set back, e.g. HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics\Shell Icon Size.
If the Shell Icons\29 value does not exist then you will need to create the
Shell Icons branch and then create the 29 value of type String, told you that
your hands would get dirty J
A better way is to use TweakUI to perform the above arrow change.
Q. How can I set the default view for all drives/folders?
A. Set the view to what you want (perhaps "Details") and close the window while holding the Ctrl key.
Q. How can I stop my environment changes being saved when I logoff?
A. By default when you Logoff, Windows stores your settings into your profile and this includes any open Explorer windows, position changes etc. It is possible to stop NT saving these settings:
When you logoff any open windows will not be reopened and savings will not be saved. This setting can also be set domain wide using the policy editor.
Q. How can I enable Hi-Colour icons?
A. If you run the Desktop control panel applet (Start - Settings - Control Panel - Desktop) and select the Plus! tab you can check the box "Show icons using all possible colors" to get better resolution icons, however this can also be done by directly editing the registry (if you don't have the Plus! tab or if you wish to perform via a logon script etc.)
Pressing F5 to refresh your screen should make the change take effect, if not reboot.
Q. How can I configure the wallpaper to stretch across the screen?
A. If you run the Desktop control panel applet (Start - Settings - Control Panel - Desktop) and select the Plus! tab you can check the box "Stretch desktop wallpaper to fill the screen" to force the wallpaper to fill the entire screen, however this can also be done by directly editing the registry (if you don't have the Plus! tab or if you wish to perform via a logon script etc.)
To make the change take effect either logoff and then logon or run the Desktop control panel applet and change anything to make it refresh the screen.
Q. How can I configure dialog box content to be shown while dragging windows?
A. If you run the Desktop control panel applet (Start - Settings - Control Panel - Desktop) and select the Plus! tab you can check the box "Show window contents while dragging". This can also be done by directly editing the registry (if you don't have the Plus! tab or if you wish to perform via a logon script etc.)
To make the change take effect either logoff and then logon or reboot the machine.
Q. How can I configure Font smoothing?
A. If you run the Desktop control panel applet (Start - Settings - Control Panel - Desktop) and select the Plus! tab you can check the box "Smooth edges of screen fonts". This can also be done by directly editing the registry (if you don't have the Plus! tab or if you wish to perform via a logon script etc.)
To make the change take effect either logoff and then logon or reboot the machine.
Q. How can I modify the grace timeout for password protected screensavers?
A. When a password protected screen saver starts there is a grace period before a password needs to be entered to deactivate. This can be changed as follows:
Q. How can I minimize all open windows?
A. To minimize all open Windows press <Win key> + M. To restore press <Win key> + <shift> + M
Q. How can I configure logoff to show on the Start menu in Windows 2000?
A. This is normally done by selecting 'Taskbar & Start Menu...' from the Settings menu of the Start button, select the 'Start Menu Options' and check the ' Display Logoff' option.
You can also accomplish this by directly editing the registry:
Q. How can I configure Control Panel to cascade on the Start menu in Windows 2000?
A. This is normally done by selecting 'Taskbar & Start Menu...' from the Settings menu of the Start button, select the 'Start Menu Options' and check the 'Expand Control Panel' option.
You can also accomplish this by directly editing the registry:
Q. How can I remove the Scheduled Tasks icon from My Computer?
A. The Scheduled Tasks icon can be removed by editing the registry as follows:
To restore it using your reg file just double click on the reg file from Explorer and scheduled tasks will be restored.
Q. How can I configure the Administrative Tools to show on the Start menu?
A. By default under Windows 2000 Professional the Administrative Tools branch is not shown and it is on the Windows 2000 Server, Advanced Server and Datacenter products.
It can be configured as follows:
This updates the registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuAdminTools to either NO or YES.
Q. How can I recreate 'My Briefcase' if I deleted it?
A. To recreate the My Briefcase icon on your desktop just type the command
syncapp
Either from a CMD.EXE session or the RUN box.
You can also recreate by right clicking on the desktop and selecting New - Briefcase.
A. My Briefcase allows you to synchronize multiple copies of files and keeps track of changes such as modifications, additions and deletions.
The normal usage method is as follows:
To sync the folders after making any changes open the briefcase in Explorer and click the 'Update All' button or select from the briefcase menu. Any modifications will be displayed and you have the option to perform the actual update.
 Single File Version_files/briefcase.gif)
If you would actually like to be able to edit the files local on different machines then you should perform the following:
You would now edit the files locally from the briefcase folder which would be synchronized with the floppy disk. You would have two briefcases, one on each machine. To synchronize you would select Update All after selecting the briefcase on the hard disk and inserting the floppy disk with the original files on.
If two computers are connected via a network just create a briefcase on one machine which is accessible via a network share to the other and copy the files accordingly.
If you create a briefcase on a hard disk and wish to move to a floppy do NOT copy it, you must MOVE or the associations between the files will be lost.
Q. How can I avoid having to click 'Show Files' in 2000's Explorer all the time?
A. In Windows 2000 certain directories content is automatically hidden (such as the %systemroot%, system32 etc folder) to avoid the user accidentally corrupting the system. In order to see the files you have to click the 'Show Files' text.
 Single File Version_files/showfiles.gif)
If you know what you are doing this can get annoying quickly and you can disable this as follows:
Q. How can I configure the command prompt?
A. When you are in a cmd.exe session, it is possible to change the prompt to display other information, such as time, date, OS version etc. To change the prompt just use
prompt <text>
e.g. prompt johns prompt
While basic text will work it is not very helpful, and below is a list of all the codes you can use
| $A | & Ampersand |
| $B | | Pipe |
| $C | ( Open parenthesis |
| $D | Current date |
| $E | Escape code (ASCII code 27) |
| $F | ) Close parenthesis |
| $G | > greater-than sign |
| $H | Backspace (erases previous character) |
| $L | < Less-than sig |
| $N | Current drive |
| $P | Current drive with path |
| $Q | = Equal sign |
| $S | Space |
| $T | Current time |
| $V | Windows NT version number |
| $_ | Carriage return and linefeed |
| $$ | $ sign |
If you have command extensions, you can also use
$+ Zero or more + characters depending on the depth of the PUSHD directory
stack
$M Displays the remote name associated with the current drive
letter
Q. How do I enable/disable command extensions?
A. When you use CMD.EXE, there are various extensions which are enabled by default. To enable/disable perform the following
You can also enable/disable them for a specific command session by using the appropriate qualifier to cmd.exe
cmd /y disables command extensions for this cmd session
cmd /x enables command extensions for this cmd session
Q. What commands can be used to configure the command window?
A. The commands below may be useful:
mode con lines=n - Where n is the number of lines to keep
(if n is larger than can fit on the screen a scroll bar will be
added)
mode con cols=n - Where n is the number of columns to
show (again a scroll bar will be added)
Q. How can I configure a scroll bar on my command window?
A. It is possible to increase the line buffer for the command windows above the normal 25. To change the "history" perform the following:
You will now see a scroll bar on side of your command window. You would also have seen under the properties you can change the default starting location for command windows.
What the above actually does is create HKEY_CURRENT_USER\Console\E:_WINNT_System32_cmd.exe key with a value ScreenBufferSize where the first part is the buffer height in hexadecimal.
Q. How do I cut/paste information in a command box?
A. To copy the entire contents of a command window, you can maximize the window (Alt - Enter) and press the Print Scrn button. Alternatively:
Alternatively you can enable QuickEdit mode by right clicking on the title bar and selecting properties. Select the options tab and check the "QuickEdit Mode" box. Now you can select text with the left mouse button and just press Enter to copy into the clipboard.
When QuickEdit is turned on, you also can paste into the command box with Alt-right-mouse-button. Much faster than click-Edit-Paste.
Q. How do I enable Tab to complete file names?
A. NT has this functionality built in, however by default it is disabled. To enable perform the following
Q. How do I create a shortcut from the command prompt?
A. There is a utility supplied with the Windows NT Server Resource Kit Version 4.0 Supplement One (phew) called shortcut.exe which can be used to create .lnk files. The application is quite powerful, and allows you to specify not only the resource to link to, but also an icon etc. An example is shown below
shortcut -t "d:\program files\johnsapp\test.exe" -n "Johns App.lnk" -i "d:\program files\johnicon\icon1.ico" -x 0 -d "e:\johns\data"
What does it mean?
-t this is the location of the resource to be linked
to
-n the name of the link file to be
created
-i the icon file
-x
the icon index to use in the icon file
-d
the starting directory for the application once started
You can copy shortcut.exe off of the CD with the resource kit, and it is located in <processor>\desktop (e.g. i386\desktop). There are no other files needed, just shortcut.exe.
Q. How can I redirect the output from a command to a file?
A. The most basic use is as follows:
<command> ><file name>
e.g., dir/s
>list.txt
However with this errors still get output to the screen, to rectify this use the 2> for the errors, e.g.
<command> ><file name> 2><error
file>
e.g. dir/s >list.txt 2>error.txt
If you want the errors and output to goto the same file use the following
<command> ><file name> 2>&1
Q. How can I get a list of commands I have entered in a command session?
A. You can press the up and down arrow keys when in a command session to display your old commands (same as the old DOSKEY software), however if you press the F7 key a list of all the commands entered will be displayed and you can then select the command and press enter to run it.
 Single File Version_files/cmdf7.gif)
You can configure the history by right clicking on the title bar and selecting the Options tab. Update the "Command History" section.
Other keys you can use are as follows:
| F2 | Searchs for a character in the previous command and will display up to that character |
| F3 | Recalls the last command issued |
| F8 | Moves backwards through the command history |
| F9 | Lets yuo return to a command but its number given by F7 |
Q. How can I start explorer from the command prompt?
A. Enter the command
explorer /e
to start explorer in your current directory, or
explorer .
to bring up the single pane version of explorer.
Q. How can I change the title of the CMD window?
A. By default the title display name is the location of CMD.EXE, however this can be changed using two methods depending on the situation.
If you currently have a command session and you wish to change its title use the title command,
title <title>
e.g. title John Savill's Command
Window
Alternativly if you want to start a new command session from an existing command prompt use the start command
start "<title>"
e.g. start "John Savill's Command
Window"
Q. What keyboard actions can I take to navigate the command line?
A. Rather than just using the left and right arrows to move one character at a time through the command you can also use the following
| Home | Start of the line |
| End | End of the line |
| Ctrl+left arrow | Move back one wor |
| Ctrl+right arrow | Move forward one word |
| Insert | Toggle between insert and overstrike mode |
| Esc | Delete current line |
You can also use the Tab key to complete filenames for you as described in Q. How do I enable Tab to complete file names?
If you enable QuickEdit on command windows (Right click on the title bar, select properties, Options, QuickEdit Mode) you can select an area of text with the left mouse button, right click on it to copy it to the clipboard and then click the right mouse button again to paste it the current cursor location (reminds me of the good old VT keyboards with the hold key ;-) )
Q. How can I change the default Dir output format?
A. The DIR command has many switches and you can configure your own default behavior for the command instead of the normal format. For example you may want to view the output one page at a time (/p), in lowercase (/l), with files time as their creation rather that last write (/tc) and sorted by extension then name (/oen). Normally you would type
dir /p /l /tc /oen
however this is slightly tedious so to set this as your default perform the following
 Single File Version_files/dircmd.gif)
Any new command session will now use the new dir output format.
Q. How do I pause output from a command to one screen at a time?
A. Just add |more to the end of the command, e.g.
findstr /? |more
would display the help one screen at a time.
Q. How can I increase the environment space for a single command session?
A. While you can update the config.nt with a larger shell= to effect all command sessions, to set the environment space just for a single session, call the command with the /e switch, e.g.
COMMAND /E:2048 MYAPP.EXE
where /e:nnnnn is sets the initial environment size to nnnnn bytes.
Q. How can I stop a process from the command line?
A. Usually to stop a process, you start task manager, select the Processes tab, select the process and click "End Process" however you can also accomplish the same from the command prompt using 2 Resource Kit utilities.
Firstly you need to get a list of all processes on the system and this is accomplished using the tlist.exe utility.
C:\>tlist
0 System Process
2 System
20 smss.exe
26
csrss.exe
34 WINLOGON.EXE
42 SERVICES.EXE
45 LSASS.EXE
72
SPOOLSS.EXE
91 Nettime.exe
64 navapsvc.exe
...
198
notepad.exe Untitled - Notepad
214 TLIST.EXE
The first part, the number, is the process ID, for example, 198 is the process ID of the notepad.exe process that is running. Once we know the Process ID (or PID) we can stop it using the kill.exe utility.
C:\>kill 198
process #198 killed
You can optionally use the -f switch which forces the process kill.
You may, if you wish, kill a process on its name instead, e.g.
c:\>kill notepad.exe
will also work.
Q. How can I open a command prompt at my current directory in Explorer?
A. It may be a normal situation you are browsing directories in Explorer and want to open a command prompt at the current location without having to type a long cd .... to get to the correct directory. It is possible to add a context menu option to folders to bring up a "Command prompt here" which will open a command prompt at your current explorer location.
A Powertoy, Command Prompt Here, can be downloaded from Microsoft (and is also included with the resource kit, cmdhere.inf), however all this does is update a couple of registry entries and can be accomplished manually allowing greater flexibility
There is no need to reboot the machine and the new option will be available when you right click on a folder
 Single File Version_files/johnhere.gif)
Q. How can I open a command prompt at my current drive in Explorer?
A. Exactly the same as the previous tip but this time a command prompt for a base drive (which has a separate context menu)
Below is an inf file that incorporates the creation of the Command Here for drives and directories of you don't have cmdhere.inf that comes with the resource kit. Save it with a .inf extension and then right click on it and select install.
; Command Here
[Version]
Signature = "$Windows
NT$"
Provider=%Provider%
[Strings]
Provider="SavillTech
Ltd"
[DefaultInstall]
AddReg = AddReg
[AddReg]
HKCR,Directory\Shell\CmdHere,,,"Command
Here"
HKCR,Directory\Shell\CmdHere\command,,,"%11%\cmd.exe /k cd
""%1"""
HKCR,Drive\Shell\CmdHere,,,"Command
Here"
HKCR,Drive\Shell\CmdHere\command,,,"%11%\cmd.exe /k cd ""%1"""
Q. How can I change the editor used to edit batch/command files?
A. If you right click on a .bat or .cmd file and select edit the file will be opened in Notepad however you may want to use a different editor as the default.
This can be accomplished by making two small registry modifications
No reboot is required and any changes take immediate effect
You could also perform the above via a GUI front end by selecting View - Folder options - File Types from Explorer. You could then select the file type, e.g. "MS-DOS Batch file" and click Edit. The context menu options available are listed and you can modify them. All this does is update the registry values we have looked at.
If you wanted to leave the existing option and add a new Edit option, e.g. "Edit with MSDEV" perform the following (in this example we will only update .bat with a second edit option but the same could be performed on cmd):
You will now have two options when you right click on a batch file, edit and edit with MSDEV.
 Single File Version_files/editms.gif)
You can use this on any type of file, e.g. txt files by editing HKEY_CLASSES_ROOT\txtfile\shell\open\command. Just look through HKEY_CLASSES_ROOT\xxxfile where xxx is the extension (actually to find the correct file type use the assoc command, e.g. assoc .txt, it will then return the file type, txtfile).
Q. The AT command works differently under NT 4.0 than NT 3.51.
A. To better support long file names the parsing algorithm was changed in NT 4.0 so that only the target file should be surrounded by quotes, for example
Under Windows NT 3.51
C:\> at 20:00 "notepad
d:\documents\bonde\maxfactor.txt"
Where as under Windows NT 4.0
C:\> at 20:00 notepad
"d:\documents\bonde\maxfactor.txt"
This causing a problem as if you surround the whole command in double quotes, for example a batch file, it will not run correctly.
Support for a registry key has been improved in Windows NT 4.0 Service Pack 4 which allows you to force the parse of the AT command to behavior in the same manner as 3.51 and to achieve this perform the following:
Q. How can I append the date and time to a file?
A. You can use the batch file below which will rename a file to filename_YYYYMMDDHHMM.
@Echo OFF
TITLE DateName
REM DateName.CMD
REM takes a filename
as %1 and renames as %1_YYMMDDHHMM
REM
REM
-------------------------------------------------------------
IF %1.==. GoTo
USAGE
Set CURRDATE=%TEMP%\CURRDATE.TMP
Set
CURRTIME=%TEMP%\CURRTIME.TMP
DATE /T > %CURRDATE%
TIME /T > %CURRTIME%
Set PARSEARG="eol=; tokens=1,2,3,4* delims=/, "
For /F %PARSEARG% %%i
in (%CURRDATE%) Do SET YYYYMMDD=%%l%%k%%j
Set PARSEARG="eol=; tokens=1,2,3* delims=:, "
For /F %PARSEARG% %%i in
(%CURRTIME%) Do Set HHMM=%%i%%j%%k
Echo RENAME %1 %1_%YYYYMMDD%%HHMM%
RENAME %1
%1_%YYYYMMDD%%HHMM%
GoTo END
:USAGE
Echo Usage: DateName filename
Echo Renames filename to
filename_YYYYMMDDHHMM
GoTo END
:END
REM
TITLE Command Prompt
Example:
D:\Exchange> datetype logfile.log
RENAME logfile.log
logfile.log_199809281630
Other date options include LOGTIME.EXE which enables you to specify a string and then writes the time followed by the string to the file logtime.log at the current default directory.
The other option is NOW.EXE which just replaces itself with the date and time, e.g.
D:\temp>now Batch complete
Mon Sep 28 15:54:19 1998 -- Batch
complete
Both of the above utilities are part of the resource kit.
Another way is by using the following FOR command, a log file can be created using real dates.
rem created unique log filename, e.g. Wed0804
FOR /F "tokens=1-4
delims=/ %%i in ('date/t') do set file=%%i%%j%%k
Set
LOG=drive:\directory\filename-%file%.log
The result is a file named filename-date.log. Easier and works great!
Q. How can I switch my command window to full screen mode?
A. Normally your command prompt (cmd.exe) is displayed in a window, however it can be configured to be displayed "full screen"
An alternative (and which allows you to switch from full screen to window) is to press Alt-Enter which toggles between window and full screen mode.
Q. International versions of NT have strange behavior in command prompt.
A. The cause may be that the commands require a US Set of Characters. Try starting your command prompt session with
C:\> CHCP 437
This will hopefully help. It just sets the active code page to English (MS DOS Latin US).
Q. How do I decrease the boot delay?
A. There are two ways of performing this change, the first method just automates the second method.
Method 1
Method 2
Method 1 just updates the timeout value in the [boot loader] section of boot.ini so we can do this manually:
A. There is a file in your system32 directory, CONFIG.NT,
that tells NT how to run DOS 5 sessions. Add the
line
device=c:\winnt\system32\ansi.sys
or
device=%systemroot%\system32\ansi.sys.
You will then have to start a command line using the COMMAND.COM that came with DOS 5.0 (dig out those old disks!).
Q. How can I configure the local machine to perform a task at a set time?
A. Use the at command, e.g. for a job to run every weekday
(like a backup)
C:\ at 20:00 /every:M,T,W,Th,F "<command
string e.g. backup>"
For this to work the Schedule service must be running with can be started from the Services control panel applet or via the command line
C:\> net start schedule
Q. How do I change the Organization name on NT?
A. Your company changed names again? To change the company name in NT is easy,
Q. How do I change the default location NT expects to find NT software for installation(i.e. CD)
A. Start the Registry editor, and change HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SourcePath and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath to the desired path (double click on the value to change it then press OK)
Q. How can I remove the Shut Down button from the login screen?
A. To remove the Shut Down button, start the registry editor, and change KHEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and change ShutdownWithoutLogon from 1 to 0.
This can also be accomplished using the policy editor (poledit.exe). Expand the Windows NT System - Logon tree and blank out "Enable shutdown from Authentication dialog box".
Q. How can I Parse/Not Parse autoexec.bat?
A. The value HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec should be set to 1 for autoexec.bat to be parsed, or 0 for autoexec.bat not to be parsed.
Q. How do I add a path statement in NT?
A. Start Control Panel, double click the System icon, and goto the Environment Tab. Choose if it should be a user or system path defined, and click on the path variable, and then add the statement to the end of the current string (including a ;), then click set.
Q. Can I change the default Windows Background?
A. Using the Registry Editor (regedt32), edit the key HKEY_USERS\.DEFAULT\Control Panel\Desktop and double click the Wallpaper Key, and enter the value including directory (e.g. c:\winnt\savlogo.bmp).You can also change the background colour HKEY_USERS\DEFAULT\Control Panel\Colors, double click Background, and change value (e.g. 0 0 0 for black).
Q. How do I change the Start menu items under the line?
A. Items above the line are part of the logged in users profile (winnt/profiles/<user name>/Start Menu/Programs). Items under the line are part of the all user group (winnt/profiles/All Users/Start Menu/Programs). To change these click on Start - Settings - Taskbar & Start Menu - Start Menu - Advanced and then move directory to the All Users and then make changes. You can only set the All Users Folder if you are logged on as a member with Administrative Privs.
Q. How can I restore the old Program Manager?
A. NT 4.0 by default uses the "Explorer" shell (explorer.exe), however the old Program Manager (progman.exe) is still delivered with NT 4.0, and be configured to be the default shell using the registry:
Q. Is there a way to start NT in Dos mode?
A. The command shell is command.com, and NT can be started in this mode with command.com as the default shell. Just perform the steps in previous FAQ, but instead of changing the shell value to progman.exe, change it to command.com or cmd.exe.
Q. How can I disable "Lock Workstation" when I press Ctrl-Alt-Del?
A. Service Pack 4 introduces a new registry entry.
Lock Workstation will now be greyed out.
This is also possible if you don't mind hacking one of the system dll files. The file that the ctrl-alt-del dialog is stored in is msgina.dll. Using any 32bit resource editor (such as one with a Win32 C++ compiler, Visual C++, Borland C++) you can edit this dll and remove the "Lock Workstation" button. Below are instructions for performing this with Visual C++ however for another resource editor find dialog #1650 and edit the attributes of the "Lock Workstation" to "inactive" or "invisible".
There is now a utility written by Alaxander Frink which automates the above process available at http://wwwthep.physik.uni-mainz.de/~frink/nt.html .
Q. How can I make NT powerdown on shutdown?
A. Follow the procedures below:
You will need an ATX power supply and an updated HAL.DLL from the computer manufacturer in order for this to work, otherwise the machine will just reboot.
Windows NT 4.0 Service Pack 4 ships with a file, HAL.DLL.SOFTEX which works on many systems. To install perform the following:
C:\> cd %systemroot%\system32
C:\WINNT\system32>
rename hal.dll hal.old
C:\WINNT\system32> copy
g:\i386\hal.dll.softex hal.dll
Reboot.
An alternative to renaming hal.dll would be to add option /hal=filename.ext in "boot.ini".
Another file, halmps.dll.softex, is shipped for multi processor systems. Some people have reported that after using the softex dll's the CPU miss the idle loop's and this stay at higher temperatures so you may want to watch out for this. If you purchase Softex NT Power Management v2.19 and install it the same happens on a Dell Inspiron 3500 Laptop with Mobile Celeron 366.
Softex have a newer version of the HAL.DLL version 4.0.1381.5 which fixes the CPU idle problem. You can download this from http://support.dell.com/filelib/download/index.asp?fileid=1981&libid=7 I believe.
Windows 2000 includes better support for ACPI.
Q. How do I enable Ctrl-Esc to start Task Manager?
A. This was removed in release 4.0 of NT and changed to Ctrl - Esc - SHIFT, however it can be restored by editing the registry:
Q. How can I allow non-Administrators to issue AT commands?
A. By default only Administrators can issue AT commands (which use the schedule service). It is possible to allow Server Operators to also submit AT commands:
You may want to recreate your emergency repair disk after making this change.
Q. How do I control Access to Floppy Drives/CD-ROM drives?
A. By default Windows NT allows any program to access the floppy and CD-ROM drives. In a secure environment you may only want the interactive user to be able to access the drives and this is accomplished using the registry:
Q. I have DOS, Windows95 and NT installed, and want them all to show on the boot menu.
A. You need a handy utility called bootpart, which creates multiple operating .sys files enabling DOS and Windows 95 to be shown on the boot menu:
Be aware that using Bootpart may cause problems if you select "Previous Windows version" from Windows 95.
Q. How do I remove an App from Control Panel?
A. Each item in the Control Panel corresponds to a .cpl file. When Control Panel starts it search's %systemroot%/system32 for all .cpl files. To remove an item from Control Panel rename the .cpl file (e.g. to .nocpl).
An alternative to this if you only want certain users not to be able run a particular applet is to have the boot partition on NTFS, and remove the READ permission for these users/groups.
Have a look at Q. What are the .cpl files in the system32 directory? for more information on the .CPL files.
Q. How do I assign a drive letter to a removable drive?
A. It is not possible to assign a drive letter to a removable device using Disk Administrator, however you can assign drive letters to the other partitions leaving the letter unused that you want the removable drive to use. NT assigns drive letters to physical devices first (first partition) then to removable drives and then to other partitions (e.g. secondary partitions). For example if you had one harddisk with two partitions and a removable drive the letter assignments would be
To ensure that a removable drive receives a certain drive letter follow the instructions below:
A fix is now available which allows you to actually set the letter for a removable drive, http://support.microsoft.com/support/kb/articles/q142/6/35.asp.
Q. How do I configure a default Screen Saver if no one logs on?
A. This is accomplished using the registry editor:
Q. How do I configure the default screen saver to be the Open GL Text Saver?
A. Follow the procedure below:
A word of caution, the Open GL screen savers use a lot of system resources, so I would not advise to use this, however I was asked :-)
Q. How can I create a new hardware profile?
A. If you are about to change hardware, you may want to create a copy of your current hardware config before starting which will enable you to revert to your old configuration:
Q. I have entries on the Remove software list that don't work, how can I remove them?
A. Each entry on this list (Start - Settings - Control Panel - Add/Remove Programs) is an entry in the regisry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. Just remove the key for any entries you don't want.
Q. How can I disable Dr. Watson?
A. Dr. Watson can be disabled using the registry editor:
Alternativly just set HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\AUTO to 0
To re-enable Dr. Watson type drwtsn32 -i
Q. How do I create a network share?
A. It is possible to create a share from the command prompt by typing:
net share <share name>=<drive>:<dir>
/remark="<description>"
e.g. net share john=c:\data\johndrv
/remark="Johns drive"
A share can also be created using explorer:
It is possible to add a $ to the end of the share so it will appear hidden, and not visible from a network browse.
Q. How do I connect to a network share?
A. You can connect to a network share using the command prompt:
net use <drive letter>: <UNC>
e.g. net use f:
\\johnpc\john
A share can also be connected to using explorer:
The advantage of using the "net use" command is you can connect to hidden shares, i.e. john$ (although you can also connect by manually typing the address in explorer), and also this can be used from within command files.
Q. How do I configure the boot menu to show forever?
A. The timeout is changed by editing the boot.ini file which is on the boot partition and changing the timeout parameter:
Q. How can I configure the machine to reboot at a certain time?
A. There is a command line utility shipped with the resource kit called SHUTDOWN.EXE that can be used to reboot the local machine
shutdown /l /r /y /c
Where /l tells it to shutdown the local machine, /r to reboot, /c to close all programs and /y to avoid having to say yes to questions. You can then combine this with the AT command (don't forget you need the Schedule service to be running (Start - Settings - Control Panel - Services) to use the AT command) to make this happen at a certain time:
AT <time> shutdown /l /r /y /c, e.g.
AT 20:00 shutdown /l /r /y
/c
Additions to the at command could be /every:M,T,W,Th,F so it happens every day, e.g. AT 20:00 /every:M,T,W,Th,F shutdown /l /r /y /c
You will then be given 20 seconds before the machine is shutdown, to abort the shutdown type
shutdown /l /a /y
You may also consider ShutdownPlus (http://www.wmsoftware.com/shutdownplus) which replaces the standard Windows shutdown and logoff dialog boxes. Shutdownplus allows you to run applications and stop services (stopping services only under NT/2000) at shutdown, restart, or logoff.
Q. How can I configure Explorer to start with drive x: ?
A. The procedure below is used to change the shortcut for Explorer in the start menu, however you could just as easily create a new shortcut on the desktop and then edit the properties of it and change the target.
Q. How can I decrease the time my machine takes to shutdown/reboot?
A. It is possible to manually shutdown each service (well some of them) and then shutdown the machine. To identify which services are running enter the command
net start
(you can add > [filename] to the end to make it output to a file, i.e. net start > services.lst). You can then try to shutdown each of them by entering the command
net stop "<service name>" ,e.g. net stop "spooler". Some services will ask you to enter a y to confirm, and for these just add /y to the end. You will be able to build up a list of all the services that can be manually stopped, and you should put these in a .bat file, e.g.
net stop "Computer Browser""
net stop "Messenger"
.
.
net
stop "Workstation"
To the end of the file add the command
shutdown /r /y /l /t:0
to reboot the machine (leave of the /r to just shutdown the machine). SHUTDOWN.EXE is part of the Windows NT Resource Kit. You may also want to add @echo off to the start of the file. You could add a check to accept an input parameter to reboot or shutdown, e.g. save this file as shutfast.bat, and call using shutfast reboot, or shutfast shutdown
@echo off
net stop "Computer Browser""
net stop
"Messenger"
net stop "Net Logon"
net stop "NT LM Security Support
Provider"
net stop "Plug and Play"
net stop "Protected Storage"
net
stop "Remote Access Autodial Manager"
net stop "Server"
net stop
"Spooler"
net stop "TCP/IP NetBIOS Helper" /y
net stop
"Workstation"
if %1==reboot goto reboot
shutdown /l /y
/t:0
exit
:reboot
shutdown /l /y /r /t:0
exit
You could add a shortcut on the desktop for this batch file with the relevant parameter.
You can also decrease the time NT waits for a service to stop before terminating it by performing the following:
I have been informed of an application TrapSD from http://www.pyzzo.com/ which helps close applications at shutdown.
Q. How can I change the startup order of the services?
A. Each service belongs to a Service Group, and it is possible to modify the order that the groups start:
See Knowledge Base Article Q102987 at http://support.microsoft.com/support/kb/articles/q102/9/87.asp for more information
Q. How can I configure the system so that certain commands run at boot up time?
A. There is a utility called AUTOEXNT which is supplied in a zip file. You use perform the following:
When the system boots in future the AutoExNT service will check for the existence of the file autoexnt.bat and execute any commands in it.
A version of this is also shipped with the resource kit, however it is better
to use the downloadable version. To install the Resource kit version you have to
type
instexnt install
Q. What are the .cpl files in the system32 directory?
A. Each .cpl file represents one or more control panel applets (Start - Settings - Control Panel). Below is a list of common .cpl files and what Control Panel Applets they represent
| .cpl file name | Control Panel Applets |
| ACCESS.CPL | Accessibility options |
| APPWIZ.CPL | Add/remove programs |
| CONSOLE.CPL | Console |
| DESK.CPL | Display |
| DEVAPPS.CPL | PCMCIA, SCSI adapters and tape drives |
| INETCPL.CPL | Internet |
| INTL.CPL | Regional Settings |
| JOY.CPL | Joystick |
| MAIN.CPL | Fonts, keyboard, mouse and printers |
| MLCFG32.CPL | |
| MMSYS.CPL | Sounds and multimedia |
| MODEM.CPL | Modems |
| NCPA.CPL | Network |
| NTGUARD.CPL | Dr Solomons |
| ODBCCP32.CPL | ODBC |
| PORTS.CPL | Ports |
| RASCPL.CPL | Dial up monitor |
| SRVMGR.CPL | Server, services and devices |
| SYSDM.CPL | System |
| TELEPHON.CPL | Telephony |
| TIMEDATE.CPL | Date/time |
| TWEAKUI.CPL | TWEAKUI |
| UPS.CPL | UPS |
If you renames any of these files then the items they represent in the
Control Panel would not be shown, e.g.
rename timedate.cpl
timedate.non
would remove the date/time control panel applet.
Also, setting HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (REG_DWORD) to 1 will hide the Control Panel, Printers and My Computer in Explorer and Start Menu. You would normally need to create this value as it does not exist by default.
Q. How can I create a non-network hardware configuration?
A. You may have some machines that are not always connected to the network, and a solution is to create an alternate hardware profile which has all network devices and services disabled.
To actually use this configuration when you boot up the machine, after you select the operating system to load, e.g. "Windows NT Workstation 4.0" you will receive another menu with your hardware profile choices. Select the required and click enter.
Q. How can I remove the option "Press Spacebar for last known good config"?
A. The choice is hard coded into NT and therefore cannot be removed, however you can remove the functionality of what it does.
Several sets of configuration information are stored in NT, the current configuration and one or more sets of old configuration that are known to work. What NT does in the registry is to point to the current configuration and also a link to one of the other sets. It is possible to change the link to the last known good config, thus pressing space at bootup will have no effect.
The option "Press Spacebar for last known good config" has caused lots of trouble, because of use with the Novell IntranetWare for Windows NT, which is unavaiable after restoring the last known good configuration; the same is true for any self created hardware profile.
It has been found that an interesting solution for this and other related system crashes: Save the whole registration key from the regedit (interestingly, this method doesn't work with the more detailed regedt32) as a script file named for example save.reg, and if a system is damaged a simple double click on this executable file regenerates the whole configuration without loss of information. Moreover you can zip this file - usually as large as 5 MBytes - to a volume of nearly 500 KBytes. With these tools in hand it is possible, to restore a crashed system from disk with rdisk and afterwards regenerate it with the registry file to the last known standard.
Q. How can I disable the OS2/POSIX subsystems?
A. It is possible to disable one or both of these
Q. How can I run a control panel applet from the command line?
A. It is possible to run Control Panel applets from the command line by just typing
control <applet name>
There are some instances when the .cpl file represents more than one control panel applet when you need to pass a parameter of which applet to run, below is a list
e.g. control main.cpl printers
will run the printer
control panel applet
However it is better to associate the .cpl extension with control.exe, which means you only need to type the applet name. This is accomplished using the assoc and ftype commands
assoc .cpl=ControlFile
ftype ControlFile=control.exe %1
%*
You can now just enter the command and it will run (be sure to include the .cpl extension).
For a full list of control panel applets to .cpl files see Q. What are the .cpl files in the system32 directory?
Q. How can I configure a program/batch file to run every x minutes?
A. NT comes with a powerful built in scheduling tool, the at command, however it is not really suitable for running a command every 5 minutes, to do this you would have to submit hundreds of at jobs to run at certain times of the day. There are a number of tools supplied with the Windows NT Resource Kit which will help.
The first is called sleep.exe, and is user to set a command file to wait for
n seconds (like the timeout command), and its usage is simply
sleep
300
which would make the batch file pause for 5 minutes, so if you
wanted a command file/program to run every 5 minutes you could write a batch
file with the following (name run5.bat)
<program name>
sleep
300
run5
There are a number of problems with this approach, the command session has to stay open, and the 5 minutes does not start until the program has closed (however this can be solved by running the program in a separate thread by putting the word "start" in front of the program, e.g. start <program>).
Another program is called SOON.EXE and this schedules a task to run in n
seconds from now, to use soon the scheduler service has to be running (start -
settings - control panel - services). Again you could create a batch file to use
it (runsoon.cmd)
soon 300 runsoon.cmd
notepad.exe
Run
the command file using the at command or soon, e.g. from the command
line
soon 300 runsoon.cmd
to get it started
Once the SOON is scheduled to run, if you wanted to stop it you would use the AT command to get a list of current scheduled jobs
C:\>at
Status ID Day Time Command Line
-------------------------------------------------------------------------------
0
Today 9:04 AM runsoon.cmd
Once its ID is known it can be stopped using
C:\>at [\\computer name] <ID> /delete
e.g.
C:\>at 0 /delete
Q. What registry keys do the Control Panel applets update?
A. The table below shows the control panel applet and the corresponding registry area, those not shown are stored in multiple areas.
| Accessibility Options | HKEY_CURRENT_USER\Control Panel\Accessibility |
| Date/Time | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation |
| Devices | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services |
| Display | HKEY_CURRENT_USER\Control Panel\Desktop and HKEY_LOCAL_MACHINE\HARDWARE\RESOURCEMAP\VIDEO |
| Fonts | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts |
| Internet | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
| Keyboard | HKEY_CURRENT_USER\Control Panel\Desktop |
| Modems | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Unimodem |
| Mouse | HKEY_CURRENT_USER\Control Panel\Mouse |
| Multimedia | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia |
| Ports | HKEY_LOCAL_MACHINE\HARDWARE\RESOURCEMAP |
| Printers | HKEY_CURRENT_USER\Printers |
| Regional Settins | HKEY_CURRENT_USER\Control Panel\International |
| SCSI Adapters | HKEY_LOCAL_MACHINE\HARDWARE\RESOURCEMAP\ScsiAdapter |
| Services | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services |
| Sounds | HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default |
| Tape devices | HKEY_LOCAL_MACHINE\HARDWARE\RESOURCEMAP\OtherDrivers\TapeDevices |
| Telephony | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony |
| UPS | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS |
Q. How can I run a script at shutdown time?
A. There is no direct way to accomplish this, however it is possable to write a script and then call the shutdown.exe utility that is shipped with the NT Resource kit
shutdown /l /y
You could then add a shortcut to this script on the desktop. An alternative is to use a utility called ShutUp which can be downloaded from http://www.zdnet.com/pcmag/download/utils/shutup-a.htm .
You may also consider ShutdownPlus (http://www.wmsoftware.com/shutdownplus) which replaces the standard Windows shutdown and logoff dialog boxes. Shutdownplus allows you to run applications and stop services (stopping services only under NT/2000) at shutdown, restart, or logoff.
Q. How can I create my own tips to be shown when NT starts?
A. The tips that NT displays are stored in key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Tips, and can easily be edited using the registry editor. You will notice that the names of the values are incremented by one so to add a new tip just either edit an existing one or create a new value (of type string) and set its name to the next available number.
The tips are displayed sequentially and the counter is stored in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Tips\Next and can be changed if you want. The values are stored in hexadecimal.
To control if tips are shown set the value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Tips\show to 01000000 to display and 00000000 to not display.
Q. How can I change the location of the event logs?
A. In event viewer you will notice that there are 3 different logs, Application, System and Security and each of these are mapped to a .EVT file in the %systemroot%/system32/config directory, however for performance/disk space reasons you may wish to move them and this can be done by performing the following
Q. How can I configure the default Internet Browser?
A. When you start an Internet Browser they usually perform a check to see if they are the default browser, however you may have turned this check off and want to change the default browser
Q. How can I change the alert for low disk space on a partition?
A. By default when a partition has less than 10% free disk space an event ID 2013 is created with the following text
"The disk is at or near capacity. You may need to delete some files".
To view these events use Event Viewer, however it is possible to change the percentage that the alert is created
Q. Is it possible to delete/rename the Administrator account?
A. It is not possible to delete the Administrator account, if you try and delete it an error "Cannot delete built in accounts" will be displayed. You can however rename it, in fact it is recommended that the account be renamed to avoid the possibility of hacking, most hackers try to enter a system using an admin account. To rename the Administrator account perform the following
Q. How can I tell NT how much secondary cache (L2) is installed?
A. NT will try and detect how much L2 cache is installed at startup time however it cannot always tell and will use a default of 256. If you have more you can manually configure NT with your exact amount
Q. What switches can be used in boot.ini?
A. The boot.ini file has a number of lines and some of these relate to the Windows NT Operating system, e.g.
multi(0)disk(0)rdisk(0)partition(2)\WINNT="Windows NT Workstation Version 4.00"
There are a number of switches that can be appended to the Windows NT startup line to perform certain functions. To edit the file perform the following
The switches that can be added are as follows
| /3GB | New to Service Pack 3. This causes the split between user
and system portions of the Windows NT map to become 3GB for user
applications, 1GB for System. To take advantage of this the system must be part of the NT Enterprise suite and the application must be flagged as a 3GB aware application. |
| /BASEVIDEO | The computer starts up using the standard VGA video driver. Use this if you have installed a graphics driver that is not working. |
| /BAUDRATE | Specifies the baud rate to be used for debugging. If you do not set the baud rate, the default baud rate is 9600 if a modem is attached, and 19200 for a null-modem cable. |
| /BOOTLOG | Makes 2000 write a log of the boot to the file
%SystemRoot%\NTBTLOG.TXT Windows 2000 Only |
| /BURNMEMORY= | Makes NT forget about the given amount of memory in MB. If /burnmemory=64 was given then 64MB of memory would be unavailable |
| /CRASHDEBUG | The debugger is loaded when you start Windows NT, but remains inactive unless a Kernel error occurs. This mode is useful if you are experiencing random, unpredictable Kernel errors. |
| /DEBUG | The debugger is loaded when you start Windows NT, and can be activated at any time by a host debugger connected to the computer. This is the mode to use when you are debugging problems that are regularly reproducible. |
| /DEBUGPORT= comx | Specifies the com port to use for debugging, where x is the communications port that you want to use. |
| /FASTDETECT | Specifying
FASTDETECT causes NTDETECT to skip parallel and serial device enumeration
for a boot into Win2K, whereas ommitting the switch has NTDETECT perform
enumeration for a boot into NT 4.0. Win2K setup automatically recognizes
dual-boot configurations and sets this switch for BOOT.INI lines that
specify a Win2K boot. Windows 2000 Only |
| /HAL=<hal> | Allows you to override the HAL used, for example using a checked version |
| /INTAFFINITY | Sets the multiprocessor HAL (HALMPS.DLL) to set interrupt
affinities such that only the highest numbered processor in an SMP will
receive interrupts. Without the switch the HAL defaults to its normal
behavior of letting all processors receive interrupts. Windows 2000 Only |
| /KERNEL=<kernel> | Same as above but for the kernel |
| /MAXMEM:n | Specifies the maximum amount of RAM that Windows NT can use. This switch is useful if you suspect a memory chip is bad. |
| /NODEBUG | No debugging information is being used. |
| /NOGUIBOOT | When this option is
specified the VGA video driver responsible for presenting bit mapped
graphics during Win2K's boot process is not initialized. The driver is
used to display boot progress information, as well as to print the Blue
Screen crash screen, so disabling it will disable Win2K's ability to do
those things as well. Windows 2000 Only |
| /NOSERIALMICE=[COMx | COMx,y,z...] | Disables serial mouse detection of the specified COM port(s). Use this switch if you have a component other than a mouse attached to a serial port during the startup sequence. If you use /NOSERIALMICE without specifying a COM port, serial mouse detection is disabled on all COM ports. |
| /NUMPROC=n | Only enables the first n processors on a multiple processor system |
| /ONECPU | Only use the first CPU in a multiple processor system |
| /PCILOCK | Stops Windows NT from dynamically assigning IO/IRQ resources to PCI devices and leaves the devices configured by the BIOS. |
| /SAFEBOOT: | This is an automatic
switch which NTLDR should complete for you when you use the F8 menu to
perform a safe boot. Following the colon in the option you must specify
one of three additional switches: MINIMAL, NETWORK, or DSREPAIR. The
MINIMAL and NETWORK flags correspond to safe boot with no network and safe
boot with network support. The safe boot is a boot where Windows 2000 only
loads drivers and services that are specified by name or group in the
Minimal or Network Registry keys under
HKLM\System\CurrentControlSet\Control\SafeBoot. The DSREPAIR (Directory
Services Repair) switch causes NT to boot into a mode where it restores
the Active Directory from a backup medium you present.
An additional option that you can append is
"(ALTERNATESHELL)". This tells NT to use the program specified by
HKLM\System\CurrentControlSet\SafeBoot\AlternateShell as the graphical
shell, rather than to use the default which is
Explorer. |
| /SOS | Displays the driver names while they are being loaded. Use this switch if Windows NT won’t start up and you think a driver is missing. This option is configured by default on the [VGA] option on the boot menu. |
| /WIN95 | This switch is only pertinent on a triple-boot system that has DOS, Win9x and Windows NT installed. Specifying the /WIN95 switch directs NTLDR to boot the Win9x boot sector stored in BOOTSECT.W40. See Microsoft KB Article Q157992 for more information. |
| /WIN95DOS | This switch is only pertinent on a triple-boot system that has DOS, Win9x and Windows NT installed. Specifying the /WIN95DOS switch directs NTLDR to boot the DOS boot sector stored in BOOTSECT.DOS. See Microsoft KB Article Q157992 for more information. |
| /YEAR= | Specifying this value causes NT/Windows 2000 core time function to ignore the year that the computer's real-time clock reports and instead use the one indicated. Thus, the year used in the switch affects every piece of software on the system, including the NT kernel. Example: /YEAR=2005. Note: this option is only available on NT 4.0 Service Pack 4 and Windows 2000. |
You can then edit the boot.ini file and either add Windows NT startup entries or modify existing entries, for example you could add a debug entry in the file as follows
multi(0)disk(0)rdisk(0)partition(2)\WINNT="Windows NT Workstation Version 4.00 [debug]" /debug /debugport=com2
Q. How can I change the default editor used for editing batch files?
A. By default if you right click on a batch file and select Edit then the batch file will be opened in Notepad, however the application used can be changed as follows:
There is no need to reboot, the change take immediate affect. To reset back to notepad change the entry to
%SystemRoot%\System32\NOTEPAD.EXE %1
Q. What are the default protections on an NTFS boot partition?
A. Below is a list from Knowledge base article Q172008 at http://support.microsoft.com/support/kb/articles/q172/0/08.asp
<root>:\-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change System - Full Control
<boot partition>:\Msapps and <subdirectories>-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\Program Files and <subdirectories>-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\Temp-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change System - Full Control
<boot partition>:\Users-
Administrators - Special (RWXD) Everyone - List (RX) System - Full Control
<boot partition>:\Users\Default-
Creator/Owner - Full Control Everyone - Special (RWX) System - Full Control
<boot partition>:\Win32app-
Administrators - Full Control Creator/Owner - Full Control Everyone - Read (RX) Server Operators - Full Control System - Full Control
<boot partition>:\%SystemRoot%-
Administrators- Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\Config-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\Cookies-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\Cursors-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\Desktop-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\Fonts-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\Help-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\History-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\Inf-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\Java and <subdirectories>-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\Media-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\Nwspool-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\Profiles-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\profiles\Administrators
Administrators - Full Control System - Full Control
<boot partition>:\%SystemRoot%\profiles\All Users and <subdirectories>-
Administrators - Full Control Everyone - Read System - Full Control
<boot partition>:\%SystemRoot%\profiles\Default User and <subdirectories>-
Administrators - Full Control Everyone - Read System - Full Control
<boot partition>:\%SystemRoot%\Profiles\<username> and <subdirectories>-
Administrators - Full Control <username> - Full Control System - Full Control
<boot partition>:\%SystemRoot%\Repair-
Administrators - Full Control Creator/Owner - Full Control Everyone - Read Server Operators - Full Control System - Full Control
<boot partition>:\%SystemRoot%\Shellnew-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\System-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\System32-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\System32\Cache-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\System32\Dhcp-
Administrators - Full Control Creator/Owner - Full Control Everyone - Read (RX) Server Operators - Full Control System - Full Control
<boot partition>:\%SystemRoot%\System32\Drivers and <subdirectories>-
Administrators - Full Control Creator/Owner - Full Control Everyone - Read (RX) Server Operators - Full Control System - Full Control
<boot partition>:\%SystemRoot%\System32\Inetsrv and <subdirectories>-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\System32\Lls-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\System32\Logfiles-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\System32\Netmon and <subdirectories>-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\System32\Os2 and <subdirectories>-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\System32\Ras
Administrators - Full Control Creator/Owner - Full Control Everyone - Change (RWXD) Server Operators - Full Control System - Full Control
<boot partition>:\%SystemRoot%\System32\Repl
Administrators - Full Control Creator/Owner - Full Control Everyone - Read (RX) Server Operators - Full Control System - Full Control
<boot partition>:\%SystemRoot%\System32\Repl\Export and <subdirectories>-
Administrators - Full Control Creator/Owner - Full Control Everyone - Read (RX) Replicator- Change (RWXD) Server Operators - Change (RWXD) System - Full Control
<boot partition>:\%SystemRoot%\System32\repl\import and <subdirectories>-
Administrators - Full Control Creator/Owner - Full Control Everyone - Read (RX) Replicator- Change (RWXD) Server Operators - Change (RWXD) System - Full Control
<boot partition>:\%SystemRoot%\System32\Spool and <subdirectories>-
Administrators - Full Control Creator/Owner - Full Control Everyone - Read (RX) Print Operators- Full Control Server Operators - Full Control System - Full Control
<boot partition>:\%SystemRoot%\System32\Viewers-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
<boot partition>:\%SystemRoot%\System32\Spool\Wins-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change (RWXD) Server Operators - Change (RWXD) System - Full Control
<boot partition>:\%SystemRoot%\Temporary Internet Files and <subdirectories>
Administrators- Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
Any other directories-
Administrators - Full Control Creator/Owner - Full Control Everyone - Change Server Operators - Change System - Full Control
These permissions do not apply to a drive that is converted to NTFS using the CONVERT utility. A converted NTFS drive consists of all files and directories with Everyone - Full Control as the default permission. To reset to the normal protections see Q. How can I restore the default permissions to the NT structure?
Q. How do I configure the default keyboard layout during login?
A. You can change the keyboard layout using the keyboard control panel applet (start - settings - control panel - keyboard - Input Locales) however this does not affect the layout used during logon (which is by default English (United States)). To change this perform the following:
Make sure you select a country code that has been installed via the control panel or your system will not boot.
A table of the codes to the countries is given below:
| 00000402 | Bulgarian |
| 0000041a | Croatian |
| 00000405 | Czech |
| 00000406 | Danish |
| 00000413 | Dutch (Standard) |
| 00000813 | Dutch (Belgian) |
| 00000409 | English (United States) |
| 00000809 | English (United Kingdom) |
| 00001009 | English (Canadian) |
| 00001409 | English (New Zealand) |
| 00000c09 | English (Australian) |
| 0000040b | Finnish |
| 0000040c | French (Standard) |
| 0000080c | French (Belgian) |
| 0000100c | French (Swiss) |
| 00000c0c | French (Canadian) |
| 00000407 | German (Standard) |
| 00000807 | German (Swiss) |
| 00000c07 | German (Austrian) |
| 00000408 | Greek |
| 0000040e | Hungarian |
| 0000040f | Icelandic |
| 00001809 | English (Irish) |
| 00000410 | Italian (Standard) |
| 00000810 | Italian (Swiss) |
| 00000414 | Norwegian (Bokmal) |
| 00000814 | Norwegian (Nynorsk) |
| 00000415 | Polish |
| 00000816 | Portuguese (Standard) |
| 00000416 | Portuguese (Brazilian) |
| 00000418 | Romanian |
| 00000419 | Russian |
| 0000041b | Slovak |
| 00000424 | Slovenian |
| 0000080a | Spanish (Mexican) |
| 0000040a | Spanish (Traditional Sort) |
| 00000c0a | Spanish (Modern Sort) |
| 0000041d | Swedish |
| 0000041f | Turkish |
These can also be seen in the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout\DosKeybCodes
Q. How can I add my own information to General tab of the System Control Panel applet?
A. When you receive a PC from a manufacturer you may see extra lines of description text and a company logo in the General tab of a System Control Panel applet, and this can be changed or added as follows:
You do not need to reboot the machine, the system control panel applet will pick up the files when started. The information above would give the following:
 Single File Version_files/sysgen.gif)
Q. How can I change the program associated with a file extension?
A. The easiest way is to:
An alternative method is to:
Q. How do I set a process to use a certain processor?
A. This is called processor affinity where you set a process to use a specific processor on a multi-processor system.
You cannot set affinity for a service, or set affinity for a program which has not yet been started.
Q. I have duplicate entries on my boot menu.
A. This is easy to remedy and is usually caused by reinstalling Windows NT.
Q. How can I stop a service from the command line?
A. To get a list of the running services enter the command
net start
(you can add > [filename] to the end to make it output to a file, i.e. net start > services.lst). You can then try to shutdown each of them by entering the command
net stop "<service name>" ,e.g. net stop "spooler". Some services will ask you to enter a y to confirm, and for these just add /y to the end.
You can also use the Resource Kit SC.EXE command, use
sc query
to get a list of the services, and then
sc stop <service name>
to stop the service.
Q. How can I add the printer panel to the Start menu?
A. To add a Printer panel to the Start menu, perform the following:
The Printer Panel will now be on the start menu and will be cascading meaning all printers can be viewed as sub-objects of the menu item.
Q. How can I hide the Administrative Tools on the Start menu?
A. There are several options open to you:
1, Set the protections on the folder and its contents so only members of the Administrative group can read/execute it. This will only work if the boot partition is NTFS
Non-administrative users will now see an empty "Administrative Tools" menu. You could select different users if you wish.
2, You could also just move the Administrative Tools folder from the All Users section to a specific account area on the machine. There may be complications with roaming profiles etc.
The methods above just hide the items from the menu, however users could still run the applications from Run, however the operating system prevents unauthorized users altering the system using these tools so that is not a problem (you could always set the protections on the images as well if you don't want users to run them).
Q. How do I restrict access to the floppy drive?
A. The NT Resource Kit and the Zero Administration Kit come with FLOPLOCK service
With the service started on Windows NT Workstation, only members of the Administrators and Power Users groups can access the floppy drives. When the service is started on Windows NT Server, only members of the Administrators group can access the floppy drives.
To remove the service perform the following:
A. The easiest way is to install TWEAKUI, and goto the Network Tab and just fill in the boxes. It can be done manually through the registry by following the instructions below:
You should also make sure DontDisplayLastUserName (also under the WinLogon key) is set to 0.
The instructions above should only be done by someone who is happy with using the registry editor. Below is an example reg file that could be used:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultUserName"="User"
"DefaultDomainName"="Domain"
"AutoAdminLogon"="1"
"DefaultPassword"="Password"
It is also possible using a program called autolog.exe that comes with the resource kit. Just run the executable and you will be able to fill in the information.
To logon as a different user you need to hold down the shift key as you logoff.
You will have to use regedit32.exe to disable write permissions to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon" if you want to be able to logoff and login as another user but still have the "original" user as the autologon.
Q. How do I disable AutoLogon?
A. Again use TWEAKUI, or in REGEDIT set AutoAdminLogon to 0, and clear the DefaultPassword
Q. How do I add a warning Logon message?
A. You need to use the registry editor
This can also be done via the policy editor (poledit.exe)
Alternatively, a text message can be displayed by creating the key LogonPrompt in HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon
Windows Scripting Host can also be used to create these messages as follows:
Set WSHShell = CreateObject("WScript.Shell")
s1 = "HKLM\Software\Microsoft\Windows\CurrentVersion\WinLogon\"
s2 = "LegalNoticeCaption"
s3 = "LegalNoticeText"
objShell.RegWrite s1+s2, "SavillTech Ltd"
objShell.RegWrite s1+s3, "Only Authorized Access Allowed!"Q. How do I stop the last logon name being displayed?
A. Set the registry setting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUserName from 0 to 1
This can also be done using the policy editor, and is under the Windows NT System - Logon tree, and tick "do not display last logged on username".
Q. How can I stop people logging on to the server?
A. If you want to disable an NT servers ability to handle authentication then it is possible to stop the "Net logon" service:
To disable all of NT's server services, click on Server and click stop, which will stop "Net Logon", "Computer Browser" and any other server services.
Q. Users fail to logon at a server.
A. By default members of Domain Users will not be able to logon to a server, i.e. a PDC or a BDC, and if they try the error "The local policy of this system does not allow you to logon interactively". If you want users to be able to logon to a server (why I don't know) follow the procedure below:
Q. How do I enable NumLock automatically?
A. The registry entry HKEY_CURRENT_USER\Control Panel\Keyboard\InitialKeyboardIndicators can be used to set the initial state of the Num Lock key for the current user. To modify the state of NumLock for the logon screen.
An easier way is to turn NumLock on and the logoff using Ctrl-Alt-Del Logoff which will preserve the state of Numlock..
Q. How do I limit the number of simultaneous logons?
A. Perform the following:
Q. %SystemRoot% is not expanded when I use it in a command.
A. If when you type SET or PATH at a command prompt, you notice that the %SystemRoot% environment variable has not been expanded this is a problem and needs to be corrected:
You can also check HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot and make sure that this REG_SZ value conains the proper path (e:\winnt).
Q. How can I disable the Win key?
A. To disable both Windows keys perform the following:
Once the machine has restarted the Win key will no longer work
You can automate this by placing the command in a regini file, create the file remove_win.ini with the following contents
\Registry\Machine\SYSTEM\CurrentControlSet\Control\Keyboard Layout
Scancode Map = REG_BINARY 24 \
0x00000000 0x00000000 3 \
0xE05B0000 0xE05C0000 \
0x0
To then run the script enter the command
regini remove_win.ini
Regini.exe is supplied with the Windows NT Resource kit.
To re-enable the Win key delete the "Scancode Map" value you created.
Q. How do I set the number of Cached logons a machine stores?
A. By default an NT machine (since version 3.5, 3.1 only stored the last 1) caches the last 10 succesful logons, however this can be changed from anywhere between 0 and 50.
If someone attempts to logon and the domain controller is not available but their information is cached they will received the message
"A domain controller for your domain could not be contacted. You have been logged on using cached account information. Changes to your profile since you last logged on may not be available."
but still be logged on succesfully. If their information is not cached they will get the message
"The system cannot log you on now because the domain <domain name> is not available"
and not be logged on.
Q. How can I configure the system to run a program at logon time?
A. The easiest way is to add it to the start-up folder, and you have two choices, the first is to add the program just to your start-up menu (%systemroot%\Profiles\<username>\Start Menu) or to the all users startup menu (%systemroot%\Profiles\All Users\Start Menu).
If you don't want to do it this way (if you don't want users to be able to remove it) there is a registry key which can be used to run programs.
If you want a program to run only once and then never run again, perform the above but add the values under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce. Once the program has run it gets deleted from the RunOnce key.
You can also configure programs for your account only by adding values to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Q. How can I install the Policy Editor on a Workstation?
A. The Policy editor is POLEDIT.EXE and a number of .adm files. To install the Policy Editor on a workstation perform the following:
You will now be able to run the Policy Editor on a Windows NT Workstation. You may want to create a shortcut to POLEDIT.EXE in your Administrative Tools folder.
Q. How can I delete the "My Computer" icon?
A. It is not possible to delete the icon, however you can make it invisible.
You could then move the icon to the bottom of the screen to hide the "My Computer" text.
Now, don't use autoarrange, and don't select a greater screen resolution and you will never see it again.
Q. How do I disable the file delete confirmation?
A. If you use the "Recycle Bin" then you can disable the delete confirmation
Q. How can I switch the time between 24 hour and 12 hour?
A. There are 2 ways to configure this.
The first is using the Regional Control Panel applet
The second is to directly edit the registry
Q. How can I suppress boot Error Messages?
A. If you are performing development or know of a problem you may decide you wish to suppress any of the error pop-ups that are displayed when there is a problem. An example would be a driver that can't be loaded or some other system component that is not acting correctly.
The pop-ups can be generated from either of the two main start-up phases, and a separate registry key needs to be set for each stage.
Errors that are displayed as a result of the boot phase can be disabled as follows:
To suppress error messages that are displayed as part of the post-boot start-up phase which includes most device driver messages perform the following:
Instead of a blanket ban on all error msgs, you may prefer to mark some services as "optional" and not to generate an error if they don't start correctly. This can be accomplished by setting HKEY_LOCAL_MACHINEM\SYSTEM\CurrentControlSet\Services\<service>\ErrorControl to 0. For more information see:
Q. How can I enable/disable the Ctrl-Alt-Del to enter logon information? - NT 5.0 only
A. Windows NT 5.0 introduces the ability to remove the necessity of pressing Ctrl-Alt-Del, the Security Attention Sequence (SAS) to logon. By default on a workstation this is no longer needed however on a server it is still necessary but this can be configured with a single registry entry.
Disabling this feature does not decrease the security of Windows NT. To gain access to the computer, users are required to log on to Windows NT with a valid user name and password. The Windows NT logon process suspends all other user-mode processes to protect the logon process and is the only process that can create the access tokens used by the Windows NT security system.
Q. How can I stop the last username to logon from being displayed?
A. There are two ways of doing this. The easiest is if you have the TweakUI utility installed perform the following:
If you don't have TweakUI or simply want to achieve the result through the registry (maybe so you can set it from a logon script):
Q. The screen saver can only be configured to start up to 60 minutes.
A. This is a hard coded restriction of Windows NT 4.0, however Service Pack 4 increases this to 999 minutes.
Q. I have lost the ADMIN$ share.
A. If you have configured the system to not automatically create system shares at start-up time by setting the relevant registry entry AutoSharexxx then this share will not be created as that is what you are asking.
If however you do not have this set and you have just lost the ADMIN$ share which points to the %SytemRoot% folder, e.g. d:\winnt then you can recreate it by entering the following command:
C:\> net share admin$
For more information on suppressing the system shares please see Q. How do I stop the default admin shares from being created?
Q. How can I configure Notepad to wrap?
A. By default Notepad will allow you to enter text and not wrap when the screen is full, rather it will just scroll right. This behaviour can be altered.
Under the Edit menu of Notepad you can check "Word Wrap" however this can also be configured using the registry is you wanted to set this as the default for policies, as part of a login script or an unattended installation.
Q. How do I modify the login timer for profiles?
A. When you logon and, for instance, your local profile is newer than the one stored on the profile server you have an option of which to use and a timer of 30 seconds is given. This 30 seconds can be modified as follows:
Q. How do I change the location for temporary files?
A. The are a number of "temp" variables, mainly temp and tmp and the values of these can be changed as follows:
Alternatively you can directly edit the registry to make these changes
A final method from the command line is to use the SET command
C:\> set temp=d:\temp
Most Windows applications such as Word check the variable 'tmp' for the location of temporary files and not 'temp' so make sure you modify 'tmp' and not just 'temp'.
Q. How do I modify system variables?
A. As with user variables, these can be changed using the system control panel applet:
Alternatively you can directly edit the registry to make these changes
A final method from the command line is to use the SET command
C:\> set OS=OS2 DON'T do this :-)
Q. How do I disable the ability to change password?
A. Service Pack 4 introduces a new registry entry.
Change Password when you press Ctrl-Alt-Del will now be greyed out.
Q. How do I stop a process on a remote machine?
A. If you are playing a multi-player game of Quake and are about to get killed for the sixth time just stop the opponents Quake process :-) (always works for me). To stop a remote process perform the following:
Note: The utilities discussed are part of the NT Resource Kit.
The target machine must have the RKILLSRV.EXE service running (either from the command line or installed as a service). To install as a service enter the command
C:\> instsrv rkillsrv c:\ntreskit\RKILLSRV.EXE
This will install the executable as a service and set its start-up to automatic so it will restart at every boot-up. After being installed the service will not be started and so if it is to be used before a reboot you should start via the services control panel applet or start from the command line using
C:\> net start rkillsrv
Once the service has been configured and started on the remote machine processes can be manipulated from client machines by users who have Administrative privileges via the command line RKILL.EXE and the GUI WRKILL.EXE utilities.
To view the running processes with the command line tool type
C:\> rkill /view \\<machine name>
e.g. rkill
/view \\nt4pdc
Once you have identified the process to stop enter the command
C:\> rkill /kill \\<machine name> <process id>
e.g. rkill /kill \\nt4pdc 84
Using the GUI utility, WRKILL.EXE, the process is simpler and allows you to stop a process by selecting it and clicking "Kill Selected Process". Click Yes to the confirmation and then OK to the success dialog.
 Single File Version_files/wrkill.gif)
Bye, bye quake, 1-0 to me! :-)
Q. How do I install the Security Configuration Editor?
A. The Security Configuration Editor, SECEDIT.EXE, is a new utility that forms part of Service Pack 4 however due to Microsoft's pledge not to provide new functionality with service packs previously the utility was only available on the service pack 4.0 CD. After public demand a web download version is available from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/tools/SCM/SCESP4I.EXE.
Once downloaded you should execute the file and select an extraction directory.
Once the extraction is complete move to the extracted file directory and double click on MSSCE.EXE to install.
The installation installs two versions of SCE (Security Configuration Editor) a GUI and command line version. If you only wanted to install the command line tool enter the command
C:\> mssce /c /s
The /c means command line only, and the /s means silent install (no prompts).
The SCE is a Microsoft Management Console snap-in and so to use you must follow the steps below:
You may want to save this configuration
To edit a configuration expand the Configurations branch and the directory and select a configuration.
 Single File Version_files/secedit.gif)
Setting the shutdown using the Security Configuration Editor
Once you have modified a configuration and saved it you need to activate it.
Q. How can I get the cool UI effects to work on my P166 computer? - Windows 2000 only
A. Windows 2000 comes with a number of really cool UI effects, e.g. gradient captions, menu fade-in, cursor shadow, etc..
Most of the UI effects are controlled via a checkbox in the Display Properties applet (go to the Effects tab and select Animate windows, menus and lists). The cursor shadow effect can be turned on/off via the Mouse Properties applet (Pointers / Enable pointer shadow).
Contributed by Thomas Lee
Q. How do I increase the number of Page Table Entries on my system?
A. To change the number of Page Table Entries (or System Pages) which are used for mapping I/O buffers and other information into the system address space perform the following:
By default the value is 0 which means use the system default.
Q. How can I change the short date format from yy to yyyy?
A. Due to Year 2000 concerns you may want the NT short date format to show 4 digit years as opposed to the short 2 digit version. The normal method is as follows:
All this actually does is set the registry entry HKEY_CURRENT_USER\Control Panel\International\sShortDate and so you can use this to automate the update. For example using the REG.EXE utility, e.g.
C:\> reg update "HKCU\Control Panel\International\sShortDate=M/d/yyyy"
This could be incorporated in a login script or even a custom system policy.
You will also notice under the registry key the long date format can be set by changing sLongDate.
An alternate solution to set for new systems is by using an unattended installation, make the sShortDate change as part of the CMDLINES.TXT setup. This is then adopted by admin and any new accounts created on the workstation. Sample code:
***** CMDLINES.TXT *****
"rundll32 setupapi InstallHinfSection
DefaultInstall 128 .\y2k.inf"
***** EOF ********
*** y2k.inf ***
[Version]
Signature="$Windows NT$"
[DefaultInstall]
AddReg=AddReg
[AddReg]
HKU,".DEFAULT\Control
Panel\International","sShortDate",,"M/d/yyyy"
*** EOF ***
Q. How do I enable fast reboot on 4.0 SP3 and above?
A. Service Pack 3 introduces a new ability to reboot the machine by pressing <Shift>-<Ctrl>-<Alt>-<Delete> at the same time (basically the normal three finger plus shift). This will then shutdown all applications and reboot the machine. To enable this perform the following:
An event will also be written to the System Event Log (viewable using the Event Viewer):
Event ID - 6008
The previous system shutdown at <time> on
<date> was unexpected.
Q. How can I create a program alias?
A. It is possible to create an alias for a program, for example to define johnword.exe to actually run winword.exe. To do this perform the following:
If you now select Run from the start menu and type johnword.exe it would start Microsoft Word, cool!
If you type your alias from the command prompt it will not find it, however if you type
C:\> start <alias name>
it will work fine.
The actual program name does not have to be an .exe program -- it can be any file that has an association (such as "C:\temp\ntfaq.url"). The alias itself can remain as an .exe.
If the alias is an .exe, then the "run" or "start" command does not need to include the extension. If the alias is NOT an .exe, then you need to use the full name but then you are not limited to any extensions (but it must have some extension). Your alias can be John.Savill which you have aliased to "C:\ProgramYadaYadaYada\Winword.exe" and Word will start up just fine.
Q. How can I share my clipbook with other machines?
A. Windows NT machines have a built-in Clipbook server service which allows other machines to use its clipbook and this is enabled as follows:
You can also start the service from the command line by entering the command
C:\> net start clipsrv
or
C:\> net start "clipbook server"
You can then copy your data to the clipboard as normal by pressing Ctrl + C, PrtScn or Alt + PrtScn (to only copy the current window).
From the client perform the following:
Q. How can I stop tips showing on startup?
A. To stop tips for the current user you can uncheck the display checkbox on the dialog when it is displayed or edit the registry:
To stop it being shown for new users edit the the value under HKEY_USERS\.DEFAULT and set to 0 which new users will inherit. This works under Windows 2000.
Q. How can I configure Outlook Express to be the default News reader?
A. To configure Outlook Express as the default News reader perform the following:
You can also manually perform the change by making the following registry changes:
Q. How can I modify the My Computer text to show logged on username and machine name?
A. It may be useful to have the My Computer icon to show the current logged on user and computer name and this can be configured as follows:
Without changing the value type to REG_EXPAND_SZ the %username% and %computername% does not get expanded to the actual user name and computer name.
This tip works on both NT 4.0 and Windows 2000. Note this tip does not work on RC1 or later builds of Windows 2000. I will check when the final version is released.
Last updated 11 September 1999
Q. How do I enable live scrolling on Word 97?
A. In Office 2000, in particular Word 2000, when you move through a Word document using the scroll bar the page update happens dynamically. Under Word 97 the update does not occur until you release the mouse button. Live scrolling can be enabled under Word 97 as follows:
Q. A useful tip for navigating in Explorer and the Registry Editor.
A. Not really a question, but something handy I picked up.
If you start Explorer (or anything that has an Explorer interface including RegEdit) and select a parent directory, pressing the '*' on the numeric keypad will expand every subfolder. Pressing the '-' key on the numeric keypad will then collapse it again.
Q. How can I automatically kill hung processes when I logoff?
A. When you tell NT to shut down, it first sends shutdown requests to any running processes. Most 32-bit applications honour these requests and shut down, but older 16-bit apps running in the Virtual DOS Machine often won't. When this occurs, the operating system prompts you with a dialog box asking if you want to kill the task, wait for the task to die on its own, or cancel the shutdown. By modifying the Registry, you can automate this process.
You can force NT to kill all running processes on shutdown by performing the following:
You can also add this key to HKEY_USERS\.DEFAULT\Control Panel\Desktop for new users to inherit.
Q. How can I change the Info Tip for icons? - Windows 2000
A. In Windows 2000 when you move the cursor over an icon (such as My Network Places or My Computer) text is displayed explaining the icons use.
This text is stored in a registry entry InfoTip of type String for each CLSID entry and can be changed to any text you want.
For example to change the My Network Places text:
The change take immediate effect.
Other useful entries are (all under HKEY_CLASSES_ROOT\CLSID\):
| {20D04FE0-3AEA-1069-A2D8-08002B30309D} | My Computer |
| {450D8FBA-AD25-11D0-98A8-0800361B1103} | My Documents |
| {645FF040-5081-101B-9F08-00AA002F954E} | Recylce Bin |
| {00020D75-0000-0000-C000-000000000046} | Microsoft Outlook |
| {21EC2020-3AEA-1069-A2DD-08002B30309D} | Control panel |
| {2227A280-3AEA-1069-A2DE-08002B30309D} | Printers |
| {7007ACC7-3202-11D1-AAD2-00805FC1270E} | Network and dial-up connections |
| {85BBD920-42A0-1069-A2E4-08002B30309D} | Briefcase |
| {871C5380-42A0-1069-A2EA-08002B30309D} | Internet Explorer |
| {BDEADF00-C265-11d0-BCED-00A0C90AB50F} | Web Folders |
Q. How can I control who can eject ZIP disks? - Windows 2000
A. Windows 2000 introduces a new registry key which allows you to configure who can eject ZIP disks:
I have been informed that the above also works on NT 4.0 as long as you run the undocumented IomegaAccess utility included in the latest Iomegaware download. This utility installs a service that grants all users rights to format, eject, etc. Note that the program must be run from the hard drive, as the service defaults to referencing the installation directory on startup.
Q. How can I configure monitor power off for the logon screen? - Windows 2000
A. If you select the Screen Saver tab of the Desktop control panel applet you can configure Power saving settings which include powering off the monitor after x minutes. To enable the monitor to power off for the logon screen perform the following on each machine:
To change the settings such as monitor timeout change the settings on your local profile, export HKEY_CURRENT_USER\Control Panel\PowerCfg\PowerPolicies\0 to a file and import to HKEY_USERS\.DEFAULT\Control Panel\PowerCfg\PowerPolicies\0.
If you need to do this on lots of machines create an .adm file and set as part of the system policy.
Q. What are the problems with workstations having the same SID?
A. At the start of the GUI phase of installation each NT/2000 installation generates a unique Security IDentifier (SID). If you then clone a workstation each installation would have the same machine SID. This is not a problem in a Windows NT 4.0 domain as users have a SID generated by the domain controller and do not user the local workstation SID for security. It IS a problem in a Windows 2000 domain as the local machine SID is used in nearly all aspects of security and before migrating to 2000 you should resolve any duplicate SID issues which may have been caused by cloning installations.
Duplicate local SID's are also a very big security risk in Workgroups, lets look further.
In a workgroup the user accounts are based on the local workstation SID plus a relative identifier (RID), if all the workstations had the same SID then the first account generated (and so forth) on each workstation is the same because of the duplicate local SID. This makes it impossible to secure files and folders on a user basis since different users will have the same SID and all security is based on the user SID.
An example illustrates this best:
Two workstations, wstation1 and wstation2 deployed using cloning software each have duplicated SID's.
User John on wstation1 has a local machine account on wstation1 of S-1-5-34-148593445-285934854-2859284934-1010.
User Kevin on wstation2 has a local machine account on wstation1 of S-1-5-34-148593445-285934854-2859284934-1010.
User John saves private work on an NTFS drive and creates a share called private that only he can access. If Kevin browses the network and attempts connection he will have full access as his SID is identical to John's. There is no way to differentiate between them. Expand this to 100 machines installed via duplication all with the same local SID then you can see you have no security. Any files stored on removable media with security would also be vulnerable.
Microsoft has a tool, SYSPREP, which can be used on a workstation system BEFORE cloning which resolves the SID problem by generating a new SID when the new cloned installations are started. SYSPREP is provided as standard in Windows 2000 and a version for 4.0 can be requested from Microsoft.
SYSPREP does have a few "problems" on Windows member servers as if a server with several local accounts is cloned the SID of any extra accounts are not updated, only the two primary accounts, Administrator and Guest are fixed. This means other accounts would be left with the old SID and thus considered orphaned.
Other SID fixing utilities are:
Q. How can I disable daylight saving time changes?
A. Start the Date/Time control panel applet, select the 'Time Zone' tab and unselect the "Automatically adjust clock for daylight saving".
It can also be done directly in the registry
Q. How can I improve I/O performance?
A. If your system is fairly I/O intensive, you may benefit from
raising the I/O Page Lock Limit, which can increase the effective rate the OS
reads or writes data to the hard disks.
First, benchmark your common
tasks. See how long it takes to load and save large files, how long it takes to
search a database or run a common program; just do your normal tasks, timing
them to record how fast they are. Then follow these steps:
Unless you do little I/O, this should give you a significant boost in performance.
I have recently learned that this value specifies the maximum amount of application memory that can be locked into physical memory at any given point in time. Device drivers typically lock user buffers in order to transmit them to a hardware device. If the limit is exceeded an I/O operation will simply return a STATUS_QUOTA_EXCEEDED error to the application. Thus, the value should only be raised if I/O operations begin returning this error, and it has absolutely no effect on performance.
Q. How can I configure the Windows 2000 System File Checker?
A. Windows 2000 includes a new component which protects system files by scanning all protected system files and replaces incorrect versions with correct Microsoft versions.
It is possible to modify the behavior of this protection using the SFC.EXE utility (you must be a member of the Administrators group).
SFC [/SCANNOW] [/SCANONCE] [/SCANBOOT] [/CANCEL] [/PURGECACHE]
[/CACHESIZE=x] [/QUIET]
/SCANNOW Scans all protected system files
immediately.
/SCANONCE Scans all protected system files once at the next
boot.
/SCANBOOT Scans all protected system files at every boot.
/CANCEL
Cancels all pending scans of protected system files.
/QUIET Replaces all
incorrect file versions without prompting the user.
/PURGECACHE Purges the
file cache and scans all protected system files immediately.
/CACHESIZE=x
Sets the file cache size
Setting the Quiet options updates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable and the other options modify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCScan.
You can disable SFC by performing the following:
Q. How to I install an Enterprise Certificate Authority? - Windows 2000
A. An Enterprise Certificate Authority is needed in a domain to allow clients to request certificates, for example an Encrypted File System recovery certificate. To install perform the following:
The Certificate Authority MMC snap-in will now have a shortcut in the Administrative Tools folder.
Q. How do I create a Certificate Trust List for the domain? - Windows 2000
A. You need to configure each domain with a list of Certificate Authorities that it trusts to allow users of the domain to request certificates. You first need to install an Enterprise Certificate Authority.
You also need to ensure you have an Administrator certificate (or an explicit Trust Signing certificate) which can be requested as follows:
 Single File Version_files/newcertificate.gif)
To create the Certificate Trust List perform the following:
 Single File Version_files/ctlnew.gif)
 Single File Version_files/ctlnew2.gif)
Q. How can I lock a workstation from the command line?
A. Windows 2000 enables you to lock the workstation by typing the following command
C:\> rundll32.exe user32.dll,LockWorkStation
You could also use this as a shortcut on you desktop.
Q. How do I create a default association for files with no extension?
A. Normal files with an extension can have a program associated however this is not the case with files that don't have an extension. If you double click on one and select an application and check the box to always use that application it is ignored and every time you select a file you have to choose the application.
You can force this using the registry:
 Single File Version_files/noext.gif)
If you now double click on a file with no extension it will open with the application selected.
To check what an existing application used look at its entry under HKEY_CLASSES_ROOT, e.g. HKEY_CLASSES_ROOT\.doc uses Word.Document.8 so if you wanted this as your default editor you would change HKEY_CLASSES_ROOT\.\(Default) to Word.Document.8.
Any method which avoids the need to edit the registry is as follows:
Q. How do I create a default association for files with an unknown extension?
A. Files with an unknown extension will bring up an "open with" dialog when you double click on them however it is possible to associate an application with files of an unknown type.
You can force this using the registry:
If you now double click on a file with no extension it will open with the application selected.
You can optionally delete the HKEY_CLASSES_ROOT\Unknown\shell\openas key and its content but it is not necessary and it will just remove the open with context menu option.
It is possible to just add a notepad option to the context menu of Unknown by using the existing entry in HKEY_CLASSES_ROOT/Unknown/shell, adding a new key value of NotePad and a new Key value of 'open' underneath Notepad then a new Key called 'command' under open. Set the (Default) value of command to Notepad.exe %1. Registry file to perform this:
REGEDIT4
[HKEY_CLASSES_ROOT\Unknown\shell\notepad]
[HKEY_CLASSES_ROOT\Unknown\shell\notepad\open]
[HKEY_CLASSES_ROOT\Unknown\shell\notepad\open\command]
@="notepad
%1"
Q. How do I set DLL files to use their own icon rather than the standard?
A. Windows displays DLL files in Explorer with a generic DLL icon.
This generic icon conveys no information about the DLL file, other than the fact
that the file is a DLL.
Many DLL files have one or more icons and its possible to have one displayed in Explorer.
Start the registry editor (regedit)
Move to HKEY_CLASSES_ROOT\dllfile\DefaultIcon
Double click (Default) and change
from
%SystemRoot%\System32\shell32.dll,-154
TO
%1
Click OK
Close the registry editor
Q. How can I make Explorer show the extension of known file types?
A. Normally Windows Explorer will not show the extension of known file types however you can force Explorer to show them:
Q. How do System Policies work?
A. You have a different System Policy for Windows 95 machines, and Windows NT machines. The Windows NT Policy editor is shipped with Windows NT server, and the Windows 95 System Policy editor is on the Windows 95 CD-ROM in the \ADMIN\APPTOOLS\POLEDIT directory. Policies alter registry settings on the target machine, and once the registry settings have been changed, the changes remain until changed by something else, therefore if you implement restrictions they will remain even if the policy file is deleted. By default, Windows clients look for policy files in the NETLOGON share on the domain controller (for NT, the machine that validates the logon, for Windows 95 the PDC unless you implement load balancing). Windows NT looks for the policy file NTCONFIG.POL and Windows 95 machines CONFIG.POL.
An important thing to note, is that NTCONFIG.POL/CONFIG.POL are not copied to BDC's by default and you have to setup directory replication.
A. In this example we will modify the Logon Banner:
Q. How do I create my own Policy template?
A. When system policy editor is run you can select which templates to include. There are 3 which are supplied with NT, and are stored in the %systemroot%/inf directory
The only ones you will use normally are common.adm and winnt.adm. Windows.adm was supplied for compatibility with windows95 machines, however policies created with Windows NT will not work on Windows 95 so this template is not used.
To select which templates to use, select "Policy template" from the options menu.
The structure of an adm file is simple and follows the structure shown below
CLASS MACHINE or USER
CATEGORY !!<string for first level>
CATEGORY !!<string for second level> this is optional
POLICY !!<string for name to be displayed next to check box>
KEYNAME !!<string for the keyname where the value is, do not include the first
VALUENAME !!<actual value name>
VALUEON "1" VALUEOFF "0"
PART !!<displayed in the bottom of the system policy screen> TEXT
END PART
END POLICY
END CATEGORY
END CATEGORY
[strings]
<strings defined>="Windows NT Network"
Simple! The !! means what's after is a string and has to then be defined in the [strings] section. You don't have to use strings and can just put the entries directly be enclosing in quotes if it contains a space, it just might help for long key names if used repeatedly. For every keyword (except for class) there must be a end keyword, e.g. for category there must be a end category, same as an if and endif etc.
For examples, look at the common.adm and winnt.adm files and then compare to how they look in the system policy editor to get the display and effect you want. There are many other combinations and effects such as a drop down box which can be accomplished using the following
PART !!<string> DROPDOWNLIST
VALUENAME ""<actual value>
ITEMLIST
NAME "<string>" VALUE NUMERIC n
NAME "<string>" VALUE NUMERIC n
NAME "<string>" VALUE NUMERIC n
END ITEMLIST
END PART
Q. Where can I get information on Profiles and Policies?
A. The document below has excellent information and links. This originally was on the http://www.usyd.edu.au/ web site but has since been removed. This has been reproduced by permission of Luke Brennan, co-author of the document.
This is a guide for experienced NT administrators having difficulties with Microsofts dumb new implementation of System Policies in NT 4.0. We had to do it and finally documented what we have found/learnt. Many thanks to the other News Group subscribers who hacked this out with us. Many curses to Microsoft for giving us headaches. This stuff is not documented in the otherwise highly regarded resource kits. Great product but...
A policy file can be thought of as a Registry Hive. If you keep that in mind, it might all click for you a bit faster!
Default Computer which equates
to the Registry entries under the HKEY_LOCAL_MACHINE
hierarchy.Default User which equates to
the HKEY_CURRENT_USER hierarchy.
\\PDC\NETLOGON share. If you are feeling
masochistic, you can choose manual mode and enter/guess the path to the
PDC/BDC NETLOGON share.
HKEY_CURRENT_USER for the user or the member of the group(s).
The order of execution for the user policy is first:
Default User policy on the PDC is used then:
\\PDC\NETLOGON share and is called
NTconfig.pol. The local path on the PDC to NETLOGON
is %SystemRoot%\system32\Repl\Import\Scriptsconfig.pol and it must initially be stored
into NETLOGON on the PDC)
\\PDC\NETLOGON\NTconfig.pol.
\\PDC\NETLOGON\NTconfig.pol to the
%SystemRoot%\System32\Repl\Export subdirectory, for replication
to the BDC's. Most people who implement this type of network recommend that
you directly copy the files to the
%SystemRoot%\System32\Repl\Import\Scripts subdirectory of each
BDC to ensure the message gets through. Do remember to turn on the
directory replication service or your export will sit there
forever!
NETLOGON share of the PDC, where they are replicated to the
BDCs in the domain. When a user logs on, the NTConfig.pol file
(depending on the client) is parsed for policy settings to apply.
Options|Group Priority)
%SystemRoot%\Profiles\Policy subdirectory. This was the biggest
gotcha in the implementation of System Policies in NT 4.0.
This should be a function of the OS. The user should not have to access such
an important file. It was our feeling that this was a bug
in Windows NT 4.0.%SystemRoot% so that the policy
can be downloaded. This is still an appalling bug as far as
we're concerned.Automatic, unless you
are feeling brave enough to define a path manually. I mean it
should be simple, but in a multiple domain controller
environment... NETLOGON share
(better known as %SystemRoot%\System32\Repl\Import\Scripts
subdirectory) of the PDC. The file should be named NTconfig.pol.
Windows NT FAQ is a key resource to aid in understanding what you can do to restrict/limit using the Policy Editor and/or Registry Editor.
%SystemRoot%\Profiles\Policy on the workstation(s) has the
correct (write) permissions on the directory and
files within it. If you're running SP2, then the permissions
problem shifts to your %SystemRoot% directory. Install
SP3 to solve this.
NETLOGON share. The security should be Everyone:READ
and Administrator:FULL for both the share and normal
security settings. You wouldn't have forgotten that now, would you?
NETLOGON share as
config.polgrouppol.dll into the windows\system directory on
your Win95 machine. Profiles are much simpler.
%SystemRoot%\profiles\Default User directory,
not the %SystemRoot%\profiles\all users
directory that you might have thought.NETLOGON share, any
workstations with an older copy will see this and update automagically.
Windows NT FAQ is a key resource to aid in understanding what you can do to restrict/limit using the Policy Editor and/or Registry Editor.
GUEST group, are they? If so,
profiles won't get saved!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DeleteRoamingCache
default.man then in the event of
the workstation being off the net or unable to contact the server, this will
cause the system to display a message telling the user that since it can not
contact the domain controller, he/she can't be logged in. This is the NT
3.5x behaviour and can be useful! If you want the normal NT4 profile to
behave in the same way, just give the profile a .man and make sure that you
disable local profile caching on the target workstations. I haven't tested
if an NT4 folder with .PDM works the same way.
.man
extension. So, put it in the NETLOGON share and then point the
users profile to \\PDC\NETLOGON\default.man. Profiles
directory.Now that you think you're secure, go into HELP and you'll find that it will allow your users to bring up Control Panels, etc, even though you THOUGHT you had disabled them...
How
to Create and Assign User Profiles for Users in a Domain -
(KnowledgeBase)
How to Use
%LOGONSERVER% to Distribute User Profiles - (KnowledgeBase)
Useful
Resource Kit Utilities for Domain Administrators - (KnowledgeBase)
How to
Assign the Administrator Profile to Other Users - (KnowledgeBase)
How to set
User Manager Settings for Multiple Users - (KnowledgeBase)
Controlling
Common Program Groups Seen In User Profiles - (KnowledgeBase)
Saving
Workstation Default User Profiles for a Domain - (KnowledgeBase)
Using NET
USERS to Manage Local User Accounts on a Workstation - (KnowledgeBase)
Disabling Access to Network Resources Using System Policies - (KnowledgBase)
How to Restrict Access to NT Registry from a Remote Computer - (KnowledgeBase)
Last Revised: 8th June, 1997 by
Luke Brennan
(L.Brennan@isu.usyd.edu.au), Matt
Holt (M.Holt@isu.usyd.edu.au) and Greg Rudd
(G.Rudd@isu.usyd.edu.au)
Q. How can I control the Policy updates?
A. Its possible to dictate how policies are applied to a Windows NT machine.
This is normally configured using the System Policy Editor by selecting Default Computer - Network - System policies update and checking Remote Update.
You then have the option to have either Automatic update which means the NT client makes a connection to the NETLOGON share of the domain controller that validated the logon or alternatively you could select Manual and then enter a path and name where the policy is located.
It is also possible to configure the machine to display any error messages and to enable load balancing.
 Single File Version_files/updatemode.gif)
All the changes above can also be configured directly through the registry.
You can also create two other values under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Update
Q. How can I implement locally based system policies?
A. Normally system policies are implemented on domain controllers to be used on an entire domain however Microsoft do provide support for local system based policies.
There are two approaches possible:
This configuration allows you to use both a local and a domain-wide system policy, depending on which user account database the user logs on to. This is the normal method domains use as when you logon to a domain the computer looks for policies in the Netlogon share of the domain controller validating the logon.
With this method the location of the policy file is given and so does not require the Netlogon share. I would recommend the first method 9 times out of 10.
A. Logon as the Administrator (or a member of the Administrators group) and perform the following
It is also possible to configure auditing on a file/directory. Right click on the file/directory, select properties, and select the security tab and then select auditing.
Q. How do I view/clear the security log?
A. Logon as the Administrator (or a member of the Administrators group) and perform the following
In Windows 2000 start the Event Viewer MMC snap-in (Start - Programs - Administrative Tools - Event Viewer, or via Computer Manager). Right click on the Security Log and you can clear from the context menu.
Q. Where can I get more information on the Event Viewer?
A. See http://www.heysoft.de/ for more information
Q. Where can I get information on NT security problems?
A. There are various sites:
Q. How can I restore the default permissions to the NT structure?
A. Follow the procedure below:
The procedure above will only work on an NT 3.51 system. To perform the above on an NT 4.0 system you require the Windows NT Resource Kit SUpplement 2 and should perform the following
FIXACLS sets the permissions to the values defined in %SYSTEMROOT%\INF\PERMS.INF. Therefore, access to this file is also required to run FIXACLS.
Q. How can I copy files and keep their security and permissions?
A. By default when you copy files from one NTFS partition to
another, the files inherit their protections from the parent directory. It is
possible to copy the files and keep their settings using the
SCOPY program that comes with the NT resource kit. SCOPY can
copy owner and security audit information:
SCOPY
c:\savilltech\secure.dat d:\temp\ /o /a
would copy the owner and
auditing information. You can also use /s to copy information in
subdirectories.
The restriction for this command is that both the origin and target drives must be NTFS or the command will fail.
Q. How do I enable auditing on certain files/directories?
A. Auditing is only available on NTFS volumes. Follow the instructions below:
You must ensure that File access auditing is enabled (Start - Programs - Administrative Tools - User Manager - Policies - Audit).
These events can then be viewed using the Event Viewer (Start - Programs - Administrative Tools - Event Viewer - Log - Security)
Q. How do I use the System Key functionality of Service Pack 3?
A. Service Pack 3 introduced a new feature in NT with the ability of increasing security on the SAM database. This is performed by introducing a new key in one of 3 modes
To generate the system key you use the syskey.exe, however be warned, once you activate the encryption you cannot turn it off without performing a system recovery using an ERD produced before syskey was enabled. To enable encryption perform the following
Once rebooted if you choose a password once the GUI phase of NT starts a dialog box will be displayed and you should enter the password you gave and click OK, after that you may log on as normal. If you choose floppy disk you will be prompted to insert the disk and then click OK
Although you cannot remove the system key, you can change the mode by running syskey.exe and click Update. You will be asked to either enter the existing password or insert the system key floppy if changing from one of these modes.
For more information see Q143475 at http://support.microsoft.com/support/kb/articles/q143/4/75.asp
Q. How do I remove the System Key functionality of Service Pack 3?
A. As stated in the previous FAQ there is not a simple remove function however if you restore the SAM from an ERD that was taken before the system key was enabled, it will remove this feature from the system.
Q. How can I configure the system to stop when the security log is full?
A. To avoid security logs being lost you can configure the system to halt if the security log becomes full so that only Administrators can logon, they can then archive the log and purge
When this happens the OS will display a BSOD.
Q. How can I clear the pagefile at shutdown?
A. As you will be aware the pagefile contains areas of memory that were swapped out to disk, it may be in a secure environment you want this pagefile cleared when the machine is shutdown as parts of memory containing passwords/sensitive information may have been mapped out to the pagefile.
Q. How do I enable strong password filtering?
A. Windows NT 4.0 Service Pack 2 introduced a new password filter, passfilt.dll, which implements the following new restrictions
To enable this functionality perform the following on all PDC's (and stand alone's if used). You do not need to install this on BDC's, however you should in case the BDC is promoted to a PDC.
It should be noted you will still be able to set passwords in User Manager that do not meet the criteria, this is by design as direct SAM updates are not filtered.
Q. How do I set what happens during a crash?
A. By default a crash dump file will be produced but there are two other items that can be configured.
The first option is to enter a log entry in the system log. This can be set using the Startup/Shutdown tab of the system control panel applet in NT 4.0 and the "Startup and Recovery" button under the Advanced tab of the system control panel applet in NT 5.0 by checking the "Write an event to the system log".
This can also be achieved by setting the registy key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\LogEvent to 1.
The other option is to send an Administrative alert (you need the alerter service to be running to enable this option). Again using the same dialog as before check the "Send an administrive alert".
This can also be achieved by setting the registy key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\SendAlert to 1.
Q. How can I configure the system to automatically reboot in the event of a crash?
A. This can be set using the Startup/Shutdown tab of the system control panel applet in NT 4.0 and the "Startup and Recovery" button under the Advanced tab of the system control panel applet in NT 5.0 by checking the "Automatically reboot".
This can also be achieved by setting the registy key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot to 1.
Q. How do I enable auditing on the SAM?
A. It is possible to enable auditing of any failed or successful access to your sensitive information by the only accounts which have the ability to access such information, e.g. Administrators. This can be done as follows:
 Single File Version_files/audit1.gif)
 Single File Version_files/audit2.gif)
Auditing the Security key is optional but without it only password keys will be audited. Setting auditing on the Security key will allow you to track other security relevant changes to the system.
You will now see entries in the Security log via event viewer, e.g.
 Single File Version_files/audit3.gif)
Q. How can I enable strong protection on shared system objects?
A. It is possible to tighten security on shared system resource attributes, such as the attributes of COM1: or of printers. By tightening base security, these shared resources will be administered only by system administrators.
To enable this perform the following:
After performing this change you should update your Emergency Repair Disk using RDISK.EXE.
Q. How can I restrict access to objects from Anonymous accounts?
A. It is possible to restrict the ability to list domain user names and enumerate share names available to anonymous logon users (also known as NULL session connections). If you feel this is a security risk Service Pack 3 for Windows NT 4.0 introduces a new option to stop anonymous users listing users and shares.
To enable this perform the following:
After performing this change you should update your Emergency Repair Disk using RDISK.EXE.
Q. How do I enable SMB signing?
A. Windows NT 4.0 Service Pack 3 provides an updated version of the Server Message Block (SMB) authentication protocol, also known as the Common Internet File System (CIFS) file sharing protocol.
When SMB signing is enabled on both the client and server SMB sessions are authenticated between the machines on a packet by packet basis. This does have a performance hit of between 10 to 15% as every packets signature has to be verified.
To enable SMB signing on the NT Server perform the following:
By default a Workstation with SP3 or above is SMB signing enabled but to manually enable:
If you have set RequireSecuritySignature then any clients not support SMB signing will fail to communicate including logons and you may receive the error:
"Invalid user name or password..."
If you get this then check the workstation is SMB signing enabled.
Q. How do I disable LanManager challenge/response in NT?
A. Windows NT Servers with Service Pack 4 and above support three authentication types,
By default when a client connects to a server both LM and NTLM are used in case the server does not support NTLM however LM is far weaker than NTLM so you may wish to disable LM for security reasons.
Editing the registry key described allows the client to select which authentication is will use but ensure is NTLM2 is select SP4 is applied to all servers. The setting below is required on the clients and servers so you may wish to automate this via a logon script or policy
For more information on deploying see http://support.microsoft.com/support/kb/articles/q147/7/06.asp
Q. How can I check the security of my passwords?
A. Microsoft have a strong password filter that can force users to use passwords that are not easily guessable and more details can be found at 'Q. How do I enable strong password filtering?'.
If you want to test all your users's password's an excellent utility is l0phtcrack that will try and ascertain your passwords.
L0phtcrack allows NT Administrators & Information Security Engineers to quickly evaluate the security of users passwords. L0phtcrack supports traditional dictionary attacks, hybrid dictionary attacks, and fullblown exhaustive keyspace attacks (user definable).
L0phtcrack can gather NT password hashes through a number of ways, including the registry, SAM files, or even by monitoring SMB network activity.
L0phtcrack has recently won the InfoWorld Golden Guardian award and has been recommended by Microsoft.
Lophtcrack can be downloaded from http://www.l0pht.com/l0phtcrack/ and can be used for free for 15 days and is very simple to use once installed.
Once you start the utility you can either load in a Sam file (from the %systemroot%\system32\config directory) but not on your current installation as the files are locked or dump out passwords from the registry by selecting "Dump Passwords from Registry" from the Tools menu and select the computer, e.g. a domain controller or the local machine. If you want to dump from the registry you must be an Administrator on the machine whose registry you are trying to dump.
After importing the information from a source you will have a list of usernames and the hash values of the passwords, selecting 'Run Crack' from the Tools menu will then start the attack on the passwords.
 Single File Version_files/l0phtcrack.gif)
Notice the easy passwords were found quickly and
it is starting to guess the more complex ones, only a matter of
time.
The idea of running this is to find people who are using weak passwords and force them to change it, a good start is to use the strong password filtering which will FORCE users to use complex passwords and always make sure to have a minimum password length of 8 characters (set in User Manager - Policies - Account). This helps, but can give a person a false sense of security. For example, if the password requirement is just alphanumeric, a password like "N0ts3cur3" would be guessed rather quickly with a hybrid dictionary attack so you should still audit passwords regularly.
One reader of the FAQ has pointed out 8 characters is not the best number as an 8 character password consists of basically one 7 character passwords and a one letter password (the last character) which will be guessed almost instantly and may give a clue to the first seven characters. Many times, we've guessed the first half of the password based off of the 8th, 9th, and 10th characters. (i.e. ???????werty is either 123456qwerty or qwertyqwerty)
"When users are forced to use special characters, 9 out of 10 times, the user will put the special character at the end of the password. In an 8 character minimum password, the eight character becomes the symbol, and the first seven are letters and num! bers. The seven characters are cracked with L0pht crack in 24 hours or less. Thus, an 8 character password (even with a special character at the end) may either be cracked in 24 hours, or give up enough info to guess the first half (yes - a lot of assumptions here - but this theory has held up over 30,000 times). I'd like us to reset the industry line of thought on NT passwords and suggest that the strongest password policies are those that require seven characters (instead of 6 or 8). Also, the strongest passwords are those that are either 7 or 14 characters exactly, with at least one special character in each half (with very few exceptions - note Paul Ashtons 7 character or less pwd attack). Given that users will write down pwds that are 14 characters in length, 7 becomes the next best choice. I believe Dave Leblanc, InfoWorld, and some folks at Microsoft will agree that exactly 7 characters is a recommended length."
A description of Permissions in NT.
The default permissions in NT are loose to provide for easy use (see Microsoft Knowledge Base Article Q148437). To make the system more secure, read "Securing Windows NT Installation" (http://www.microsoft.com/NTServer/Basics/TechPapers/). With a few exceptions, it suggests granting Administrators, Creator/Owner and System Full Control, Everyone Read for all system and program files, and leaving registry permissions alone. But be forewarned: unless you have the luxury of restricting programs to those that have earned the NT logo, be prepared for some hassles if you do it. And, Microsoft missed a few, in particular the need to remove Everyone Read from the system logs, \%systemroot%\system32\config and its contents.
Help topics 'Special Access Directory Permissions' and 'Special Access File Permissions' describe the 6 types of permission in the NT file system. Each can be applied to directories and files on a top-down then individual basis. Windows Explorer may be used (Properties) to apply ownership and permissions to directories and files for small systems.
Under Windows NT, deny access takes precedence over grant access (article Q102608). When NT checks permissions, it does so in one pass, not discriminating between users and groups. As soon as any "deny access" permission is reached, the search is terminated and access to the resource is denied. So, if Everyone No Access is in the list for something, that's exactly what it means. (NT Everyone is not Unix World! The only way to recover from that misconception is for an administrator to forcibly take ownership of the item then amend the permissions.) To give Owner full access and everyone ELSE read-only, grant Creator/Owner Full Control, Users Read; to refuse access to everyone else, simply omit any entry for Users. It is essential to retain System Full Control of all NT system files, unless you enjoy plugging hard drives into other machines to get them working again.
A useful structure for an independent user environment is to create a directory \<username> with permission <username> Full Control, then designate that as the user's root directory. The same permission should be applied to \%systemroot%\System32\Profiles\<username> and all its contents. If users are to maintain their own phone books, Users Read/Write is needed for the \%systemroot%\System32\RAS directory, then <username> Full Control for the <username>.pbk file in it when the user creates it.
Some programs with 16-bit code in them (e.g. WordPerfect 8) require Change permission to the \Temp directory so they can store swap files (to bypass the 16-bit memory limit). Unfortunately, in NT this directory is used for sensitive system files, so real security is not possible if such programs are used.
Legacy programs often assume full access to their system registry entries. Regedt32 (Security) is used to apply permissions to individual registry entries. If you get abnormal behavior of a program, try granting Everyone Full Control to all the keys under the company's name in the Local Machine registry section. (Backup the registry first, of course, for restore if it doesn't work.) For example: WordPerfect 8 announces that ASCII files are an 'unsupported format' unless Users have Full Control of the Corel key and all its subkeys; Storm's EasyPhoto terminates with 'lego not found' unless Users have Full Control of the Storm registry. Most TWAIN systems require Users Change access to \WinNT and all Twain*/Twunk* files in it.
You can get what look like permission or sharing problems if you use the Internet Explorer Connection Wizard to set up Internet connections - Fax enabled can prevent modem access etc. You should delete all IE-generated connections and establish new ones with the NT Dial-up Networking system, not the IE system. Individual account connections should be set up in user phone lists, not the (default) system list, especially if users store their passwords. (This can be forced by granting only Administrator and System access to rasphone.pbk)
Reports on groups, users, ownership and permissions are not available from Microsoft (article Q137848), but are available from others. See http://www.microsoft.com/security/default.asp for links to these and other advanced NT security resources.
Contributed by John Sankey
Q. What backup software is available for Windows NT?
A. Windows NT ships with NTBACKUP.EXE which is suitable for backing up most installations however its features are quite basic, for the larger more complex installations one of the following may be worth a look
A. Before you can add a tape drive you should first ensure that the correct SCSI driver is loaded for the card the tape drive is connected to. Once the SCSI driver is loaded you should perform the following
Q. What types of backup does NTBACKUP.EXE support?
A. NTBACKUP.EXE supports 5 different types of backups
Q. What backup strategies are available?
A. The main backup strategy is on a weekly plan as follows
As you know an incremental backup only backs up those files that have changed since the last backup and then sets them as backed up so this type of backup should be quite fast. In the event of a failure you would have to first restore the normal backup and then any subsequent incremental backups.
An alternative would be as follows
Differential backups and incremental backups are the same except that differential does not mark the files as backed up, therefore files backed up on Monday will still be backed up on Tuesday etc. Therefore to restore the backup you would only need to restore the normal backup and the latest differential backup.
It is important to not just have on week's worth of tapes, you should have a tape rotation and have maybe 10 tapes and rotate on a fortnightly basis.
If you wanted an extra backup as a one off you would use a copy backup as this does a full backup but does not mark files as backed up and therefore would not interfere with other backup schemes in use.
Q. What options are available when using NTBACKUP.EXE?
A. Once you start NTBACKUP a list of all drives on the machine will be shown. You can either select a whole drive or double click on the drive and then select directories. Once you have selected the drives/directories click the Backup button.
When performing a backup there are a number of fields that should be completed.
Q. Can I run NTBACKUP from the command line?
A. NTBACKUP is fully usable from the command line using the format below
ntbackup <operation> <path> /a /b /d "text" /e /hc:<on/off> /l "<filename>" /r /t <backup type> /tape:n /v
The parameters have the following meanings
| <operation> | This will be backup . If you wanted to eject a tape you could enter eject (but must also include the /tape parameter) |
| <path> | The list of drives and directories to be backed up. You may not enter file names or use the wildcard character. To backup multiple drives just put a space between them, e.g. ntbackup backup c: d: etc... |
| /a | Append backup sets to the end of the tape. If /a is omitted then the tape will be erased |
| /b | Backup the local registry |
| /d "text" | A description of the tape |
| /e | Logs only exceptions |
| /hc:<on/off> | If set /hc:on then hardware compression will be used, if /hc:off then no hardware compression will be used. |
| /l "<filename>" | Location and name for the logfile |
| /r | Restricts access (ignored if /a is set) |
| /missingtape | Specifies that a tape is missing from the backup set when the set spans several tapes. Each tape becomes a single unit as opposed to being part of the set. |
| /t <backup type> | The type of backup, normal, Incremental, Differential, Copy or Daily |
| /tape:n | Which tape drive to use (from 0 to 9). If omitted tape drive 0 is used |
| /v | Performs verification |
Q. How do I schedule a backup?
A. Before a backup can be scheduled, you must ensure the scheduler service is running on the target machine, it does not have to be running on the issuing machine. For information on the schedule service see Q. How do I schedule commands?
Once the scheduler service has been started it is possible to submit a backup command using the ntbackup.exe image (image is a name for an executable)
at 22:00 /every:M,T,W,Th,F ntbackup backup d: /v /b
The command above would schedule a backup at 10:00 p.m. on weekdays of drive D: and the local registry with verification.
If you are having problems with the scheduling you may want to the /interactive switch so in the event of a problem you can interact with the backup program.
A. To restore a backup saveset is simple and will depend on what was backed up, however the basics are
Q. How do I backup open files?
A. Sometimes fills can be corrupted as a backup program will try to backup an open file and when restored the file is corrupt. To stop NTBACKUP from backing up open files perform the following
If you do have "Backup files in use" set to 1 then you should also set the following parameter
HKEY_CURRENT_USER\Software\Microsoft\Ntbackup\User Interface\Skip open files
The values for this are
0 - Do not skip the file, wait till it can be backed up
1 - Skip files
that are open/unreadable
2 - Wait for open files to close for Wait
time (which is another registry value in seconds)
For more information have a look at Q159218 (http://support.microsoft.com/support/kb/articles/q159/2/18.asp)
To backup open files without corruption you should look at Open File Manager software from http://www.stbernard.com/ (yeah the advert with the cute dog!). You can download a 15 day free trial.
Q. What permissions do I need to perform a backup?
A. The operator performing the backup requires the "back up files and directories" user right. This can be given directly using user manager, or the preferred way is to make the user a member of either the Administrators group or the backup operators group.
Q. How do I backup the registry?
A. Most of the registry hives are open, making them unable to be copied in the normal way, however there are several methods available to you
NT does not automatically rename the old Registry to .DA0 as does Windows 95. However, you can use RDISK, the Emergency Recovery Disk utility, to generate fresh duplicates of the Registry, and use this script to keep three old versions on hand:
REM REGBACK.BAT note: change M: to home directory on LAN
REM pkzip25
is a product of PKWARE, see www.pkware.com for details
rdisk /s-
if exist
m:regback.old del m:regback.old
ren m:regback.sav regback.old
ren
m:regback.zip regback.sav
pkzip25 -lev=0 -add -attr=all m:regback
%systemroot%\repair\*.*
exit
Q. How can I erase a tape using NTBackup that reports errors?
A. When NTBackup starts and when a tape is inserted a scan of the device is performed and if any errors are found one of the following messages will be displayed
You will not be able to perform any actions on the tape including erasing it. It is possible to force NT to not check a tape when inserted using the /nopoll parameter, e.g.
c:\>ntbackup /nopoll
You will now be able to erase the tape within NTBackup. If you have multiple tape drives you may want to use the /tape:n parameter to instruct NTBackup to ignore a certain tape drive, otherwise no other parameters should be used.
Once you have erased the tape you should exit ntbackup and restart to use the tape (without specifying /nopoll).
Q. How can I remove a dead submitted Backup process?
A. If you submit a backup using the AT command (the schedule command) and the ntbackup program has a problem, you run Task Manager but are unable to kill the process as an error along the lines of you don't have authority to end the process will be shown. The only solution is to reboot the server.
If you had submitted the ntbackup command with the /interactive switch you would see some kind of error.
Rather than rebooting the server you can create a "special" version of task manager which will be able to kill the rogue NTBACKUP process. Simply submit task manager to start one minute in the future using the AT command or even better using the Resource Kit SOON.EXE utility:
C:\> soon 30 /interactive taskmgr
In 30 seconds task manager will be displayed and you will be able to kill the NTBACKUP process.
The AT syntax would be
C:\> at [\\<computer name>] <time in future> /interactive taskmgr
The \\<computer name> is optional and would start Task Manager on another machine.
An alternate method is as follows:
use the TLIST.EXE and the KILL.EXE provided in the Resource kit.
From the command prompt issue...
C:\> tlist -t |
more
The output is .... <snip>
ATSVC.EXE (315)
CMD.EXE
(345)
NTVDM.EXE
(348)
NTBACKUP.EXE (314)
(the PID will vary from system to system)
(the "-t" option is
important. It provides a tree-like-output to determine which process is the
parent and child process)
Use the KILL.EXE to end the parent process CMD.EXE and
NTBACKUP.EXE
C:\> kill -f 345
By killing the parent process it DOES NOT kills the children process it created. Once you kill the CMD.EXE process you then need to kill the children processes that the CMD.EXE called.
Just don't kill the ATSVC.EXE process!!! If you do you no longer have the schedule service running, and you will have to restart it.
You must have Administrative privileges to run the KILL.EXE program.
You may find this better than fumbling with the AT command and waiting for it to start the TASKMGR as a system account.
If this is on a remote server where you can't get to the console load the RKILLSRV.EXE as a service on the remote machine, and use the RKILL.EXE on your local machine. Both programs are from the resource kit. You must have Administrative privileges on the target system to kill the processes.
RKILL.EXE syntax...
Usage : rkill /view \\servername
to get
the process list on servername
Usage : rkill /kill \\servername
pid
to kill process pid on servername
Usage : rkill /token
\\servername
to get your remote security token on servername
Q. How do I create an Emergency Repair Disk?
A. From the Start Menu, select Run, and type RDISK. Click on Update Repair Info. It will then recreate the repair information stored in the winnt\repair directory. It will ask if you want to create a repair disk, insert a blank formatted disk and select Yes. RDISK /S updates the information in the %systemroot%/repair and also the SAM and SECURITY keys. Permissions on the repair should be strict as a user with access to the files could create a repair disk and use it to crack the system passwords.
Q. How do I create an NT Boot Disk?
A. Follow the steps below
You can then boot off of this disk, it will look at the existing NT partition and load the kernel as usual. This is useful for a mirrored system as you could edit the boot.ini file and change the disk, e.g.
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT Workstation Version 4.00"
could be changed to
multi(0)disk(0)rdisk(1)partition(1)\WINNT="Windows NT Workstation Version 4.00"
if the mirror was the first partition on the second NT disk.
Q. I get the error "Can't find NTLDR"
A. This is a core file which must be in the root directory, and that fact that it cannot find it may mean other files are also missing, however to fix this problem perform the following:
Q. How do I recover a lost administrator password?
A. If there are no other accounts in the administrator group, and the machine is not part of a domain where the Domains Administrator account could be used to logon and change the local Administrator password (the domain's Administrator group is automatically made a member of the machines Administrator group when the machine joins the domain) then the only way is to reinstall NT into a new directory (not the same, as it will upgrade and see the old password) and it will let you enter a new Admin password. Also if you have an old ERD that you knew the password at time of making, you could use this and restore the SAM and security portions of the registry.
There is also a piece of software from http://www.winternals.com/ that can break into an NT system (LockSmith) that will change any password. The software is not free, and will cost around US$100. Their new product, ERD Professional can also change passwords and is available from the same site.
A similar piece of software is also available from http://www.mirider.com/ that allows you to boot off of a set of disks and change the Administrator password.
Q. I have set a drive to no access, now no-one can access it.
A. Logon as an Administrator and then perform the following
Q. If I copy a file with Explorer or from the command line, the permissions get lost.
A. The only time a file keeps it permissions if is it is moved on the same partition. If it is copied it inherits the protection of the owning directory (a move across drives is a copy and delete). Also FAT does not support permissions so anything copied to FAT will lose protections.
Q. How can I get my taskbar back?
A. Press Ctrl-Alt-Del, then select Task Manager, click the applications tab, select New Task, and type Explorer.
Q. I get the error "NTOSKRNL.EXE missing or corrupt" on bootup.
A. This is usually due to an error in the boot.ini file. The entry for NT is either missing or incorrect. Edit the boot.ini file and check the entry for NT is correct, for example for an IDE disk the entry should look something like
multi(0)disk(0)rdisk(0)partition(2)\winnt="Windows NT workstation"
Check that disk and partition are correct. If you have recently added a new disk or altered the partitions try changing the disk() and partition() values. If you are sure everything is OK, then the actual file may be corrupt so copy NTOSKRNL.EXE off of the installation CD onto the %systemroot%/system32 directory.
You may need to edit the boot.ini if Linux is installed onto a system. During installation DiskDruid (Red Hats disk configuration utility) may create a primary partition (depending on disk configuration) and although the extended NT partition was there first (and at the beginning of the disk), the primary partition affects the numbering of the partition() parameter of boot.ini. Changing it from (1) to (2) (for example) allows the successful boot of NT.
Q. How do I configure Directory Replication?
A. Directory Replication is the process of replicating directories and their contents from one machine to one or more machines. The only machines that can be export servers are Windows NT Server machines. Import servers can be an NT server, NT workstation or OS/2 LAN Manager machine.
The main usage for Directory Replication is for the export of login scripts from the PDC to the BDC(s), where the PDC is the export server and the BDC the import server. This means when you login the BDC can also supply the login script as well as the authentication of the user, leaving the PDC free. This is the case that will be explained below.
The user has now been added to the domain, and the export server now needs to be configured
You may be wondering why you should keep your login scripts in the export area, when your NETLOGON share is import/scripts, well it will actually replicate to itself from the export/scripts to import/scripts so they will be the same.
Some people have problems with replication and adding Repuser to the Domain Administrators group may fix the problem. Also only directories directly under the /export directory will be replicated, files will not be, they have to be in a subdirectory of export.
If you have problems you may also need to add an entry to the registry to allow the replicator service to access the remote registries. Open hkey_local_machine\system\currentcontrolset\control\securepipeservers\winreg\allowedpaths and add "system\currentcontrolset\services\replicator"
Q. How do I remotely create an Emergency Repair Disk?
A. You can schedule an ERD creation using
at
\\<machine name> <time> /interactive /every:M,T,W,Th,F
%windir%\system32\rdisk /s-
It may be preferable to store the contents of this disk on a location at the server, so the following batch script could be used:
%windir%\system32\rdisk /s-
net use z: \\<server name>\temp
/persistent:no
if not exist z:\%computername% md z:\%computername%
copy
%windir%\repair\*.* z:\%computername%\
net use z:
/delete
exit
This would then be submitted as
at \\<machine name>
<time> /interactive /every:M,T,W,Th,F
\\<server>\<share>\ERD.BAT
You could also just put the call to ERD.BAT in the login script so the contents of the repair disk will be updated every time the user logs on.
If you notice that the setup.log file does not always get copied to the destination. Changing the attributes to -r -s -h before copying and changing them back after seems to make the difference.
A more supported method is to use a software product such as ERDisk from http://www.aelita.com/.
Q. How do I promote a Backup Domain Controller to the Primary Domain Controller?
A. When possible you should always promote a BDC to the PDC while the main PDC is still active, in this way the original PDC will be demoted to a BDC and no information will be lost, however sometimes the PDC will not be available (i.e. its crashed) and a BDC needs to be promoted, as in the absence of a PDC, a BDC does not automatically promote itself.
If the PDC was online, it would automatically be demoted to a BDC when the promotion occured.
To bring the original PDC back if it had not been demoted prior to the upgrade just start as normal, it will detect the running PDC and stop its netlogon service. You can then start Server Manager and select "Demote the BDC" and then promote.
Q. How do I reinstate my old PDC back into the Domain as the PDC?
A. It is not possible to have 2 PDC's in a domain so assuming the machine crashed, i.e. has not been demoted to a BDC before being shutdown, then when it starts it will still be configured to be a PDC
Q. What tuning can be performed on Directory Replication?
A. There are a number of registry entries you can update.
These are all values under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Replicator\Parameters
| GuardTime | Sets the amount of time the export folder must have had no changes before files are replicated, by default 2 minutes. |
| Interval | How often an export server looks for changes in the replicator folders, by default 5 minutes |
| Pulse | Number of times the import computer repeats the change notice after the initial announcement. By default three. |
| Random | Specifies the maximum time that the import servers can
wait before requesting an update. An import server uses the export
server's value of Random to generate a random number of seconds
(from 0 to the value of Random). The import server waits this long
after receiving an update notice before requesting the replica from the
export server. This prevents the export server from being overloaded by
simultaneous update requests.
Default: 60 |
Q. I am unable to perform a repair without a CD-ROM drive?
A. Performing any repair requires a CD-ROM in the drive, however this was fixed in Service Pack 2 and later
You will now be able to boot off of these disks and repair the registry/boot sector without a CD-ROM. Replacing system files without a CD-ROM is detailed in the procedure Q150497 which can be viewed from http://support.microsoft.com/support/
Q. Changing the Administrator password if you have forgotten it.
A. The instructions below require a second installation of NT on the machine you have forgotten the password to. I uses the srvany.exe resource kit utility.
You now need to correct the changes made
You may now delete the second installation of NT if you wish and remove it from the boot menu (edit boot.ini after removing the hidden, read only and system attributes attrib c:\boot.ini -r -s -h).
All this actually does is change the spooler service to use the SRVANY.EXE program which runs NET as the service with parameters "user Administrator password", which is the same as net user Administrator password which is a way to change the password. Check the resource kit for more information on SRVANY.
Q. Where is RDISK in NT 5.0? - NT 5.0 only
A. The RDISK.EXE utility has been replaced with an option in the NTBACKUP.EXE utility.
The recovery disk can no longer be used to restore user accounts etc. and you will need to backup/restore the Active Directory which will be covered in the backup section.
Q. How do I install the Recovery Console? - Windows 2000 only
A. The Windows 2000 recovery console enables an Administrator to gain access to a 2000 system from a command session to replace damaged files and to disable or enable services. When installed it adds an option to the Windows 2000 start menu.
To install perform the following:
Rebooting the computer will enable the option "Microsoft Windows 2000 Command Console" to be selected and start Windows 2000 in command mode.
You will be asked which 2000 installation to repair and the Administrator password:
The Recovery Consoel provides system repair and recovery functionality. Type EXIT to quit the Recovery Console and restart the computer. 1: C:\Winnt Which Windows 2000 installation would
you like to log onto |
Once you have entered the password you will be able to enter a number of commands such as DISABLE to disable a service, DISKPART to create and remove partitions and many others. Just type HELP for a list of all commands.
Its also possible to activate the console directory from the installation CD by booting off of the CD (if you motherboard supports CD booting), select Repair and press C to repair using the console.
If you have renamed the Administrator account the console will still work however deleting the Administrator account will render the console inoperative.
The Recovery Console does not currently work on domain controllers.
Q. How do I create a bootable CD-ROM containing ERD Commander/Professional?
A. ERD Commander is a fantastic tool by http://www.winternals.com/ which gives access to NT systems by booting off modified Windows NT setup disks which allows access to not only the file system but also the registry and many other items to enable you to recover an unbootable NT system. It also gives access to removable media allowing you to replace corrupted system files, something you otherwise can't do without a second NT installation on the machine. The professional version also allows you to change passwords from outside of NT!
Its now possible to create a bootable CD-ROM containing ERD Commander which allows you to just insert the CD-ROM, reboot and you have an ERD Commander session.
A full procedure can be downloaded here, BOOTABLEERD.doc, however below are the steps I used and have included some additional files to make it easier for you.
Note: If you create a bootable ERD Commander Professional CD (versions 1.06a or lower), the program continues to ask for disk 4 for the FTDISK, PASSWORD, & CHKDSK commands. This will be fixed in the next version
Thanks to Guillaume Bordier for the original word document
Q. I have installed Office 97 now I can no longer use Desktop Themes.
A. There was a bug with Office97 that corrupted the JPEG loader. Download the patch (ThemeFix.exe)
Q. I cannot delete a file called AUX.BAT or COM1!
A. A file of which the name (or a part of it) is equal to a DOS devices (NUL, COMx, AUX, LPTx, PRN...) cannot be deleted with Explorer or the usual DEL syntax. Use DEL \\.\drive:\path\AUX.BAT instead (replace drive and path with appropriate values). (The files may be the remains of a failed installation, you can create them e.g. with COPY some existing file \\.\drive:\path\COM1)
Q. The AT command does not work!
A. A sine qua non to use AT is a running Schedule service. To start it, type 'net start schedule' on the command line or use Control Panel/Services (if you want to use it regularly, set the Startup Type to Automatic). A common problem is that people try to use the example given in the online help: AT sometime CMD /C DIR > TEST.OUT.
Unfortunately, in NT 4.0, this does not work anymore. You must use AT sometime CMD /C \"DIR > TEST.OUT\" instead.
Note: You must now include an escaped quote before the command and after the file name you are redirecting the output to.
The execution of the command starts by default in %systemroot%\system32, as can be seen from the output of the above example. You should specify the complete path if the command is in a different directory, e.g. AT sometime C:\TEMP\TEST.BAT. A further problem is that the command is executed in the security context of the LOCAL SYSTEM account, not the caller. However, the SYSTEM account does not have access to network resources, so your program cannot reside or access files on mapped drives (even if they are mapped from the local machine!). Also, environment variables (e.g. PATH) may be set differently. You can test the environment interactively with AT sometime /INTERACTIVE CMD.
Q. I can't format a disk/ create an Emergency Repair disk?
A. There are a number of possible problems. Firstly if using Service Pack 2 ensure you have the kernel fix applied. Also some virus killers (such as Dr Solomons) lock up drives making a format impossible as NT thinks the drive is locked (this is why you can't create an Emergency Repair disk). Stop the virus process using control panel - services and click on the Virus Killer process and press stop. Once the disk is formatted or the Emergency Repair disk go back to control panel and start the virus killer process again.
Q. When I change CD's/access the floppy drive NT crashes.
A. This is probably the bug in Service Pack 2. If you have service pack 2 then apply the KERNEL Fix.
Q. After a new installation of NT, I can logon but no shell starts.
A. Usually a normal user will have this problem, not an Administrator, as the problem is security on files. To cure this problem the security on the %systemroot% needs to be set so the Everyone group has RX access (Read, Execute)
If the shell does not start from any account try the following:
If the above fails you will need to:
For more information see http://support.microsoft.com/support/kb/articles/q155/5/79.asp
Q. I have a Matrox Millenium graphics card and the windows blink and flash when moved.
A. If you are using the graphics card at 1600 x 1200 resolution in True Color (24-bit) or True Color (32-bit) mode, a window's frame may blink or flash when you drag the window across the screen. This is a known problem, and resolve, enable the Show Window Contents While Dragging option from the Plus tab on the Display control dialog (Start - Settings - Control Panel - Display)
Q. When I start NT I get NTDETECT twice.
A. This is caused by a missing or corrupt NTDETECT.COM. To resolve, copy the latest NTDETECT.COM from either the latest service pack, or if no service packs have been applied, from NT installation disk 1.
Q. My desktop disappears after a crash.
A. By default, if Explorer crashes it automatically restarts, however this may have been corrupted or changed so using the registry editor change the value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell to 1.
Q. I have installed a second CPU, however NT will not recognize it.
A. When moving from a single CPU to dual-CPU, multiprocessor
versions of a number of NT files, including the HAL and the OS kernel, must be
installed. The UPTOMP.EXE utility, contained in the NT Resource Kits,
installs the multiprocessor files. The files can be installed manually
(see the MS Knowledge Base articles Q156358 "How to Manually Add Support for a
Second Processor" and Q168132 "After Applying Service Pack NT Reports Single
Processor").
The MS Knowledge Base article Q142660
(http://support.microsoft.com/support/kb/articles/q142/6/60.asp
) "Upgrade from Uni- to Multiprocessor (Uptomp.exe) and Win32k.sys" describes a
known problem when using UPTOMP.EXE on a version 4.0 NT system. The fix,
described in the article, adding the following line to the file uptomp.inf,
located at the base directory of the Resource Kit installation, e.g.,
reskit.
win32k.sys=0, 2, win32k.sys
Finally, if you install the multiprocessor files on a system to which a Service Pack has been applied, you probably need to reapply the Service Pack after running UPTOMP.EXE and before rebooting. Until you reapply the Service Pack your disk contains a mix of file versions, with the multiprocessor files at the revision level of the distribution media and files already present at the Service Pack revision level. Such a mix of versions can cause your reboot to fail.
For Compaq Proliant servers, Compaq has provided a very automated method of changing the HAL, which does not require the NT Resource Kit, and is distributed on the Compaq SmartStart CD. 45 minutes seems to be the time from opening the case till the last reboot and that was by a user!
Q. I reinstalled NT, now I cannot logon.
A. When you reinstall NT, a new SID is created. It is therefore necessary to remove the computer account for the machine from the NT server, and then add a new entry.
Q. I have Windows 95 installed, and I am trying to start the NT installation but it fails.
A. If you want to install NT with 95 installed, start a DOS
session (command.com) and first type
lock
which enables
direct disk access for the NT installation program. Remember also to use
winnt.exe (not winnt32.exe)
Q. An Application keeps starting every time I start NT.
A. Applications can be started from a number of places
The easiest way would be to search the registry using REGEDIT on the application name
Q. Each time I start NT I get a file delete sharing violation?
A. There is a problem with TweakUI and the clear document history at startup option which can result in an error "Cannot delete <filename>, there has been a sharing violation". Disable the TweakUI Document History clear option or live with pressing OK each time.
Q. Sometimes when I run a program or Control Panel applet it says "no disk in drive a:".
A. It is possible the NT path statement has an "a:" included. Check the following
A. Run the "RDISK /S" a few times and this error will fix itself.
Q. I have installed Service Pack 3, now I cannot run Java programs.
A. Download the latest version of Internet Explorer which includes the latest virtual machines. There is also a hotfix for Service Pack 3 available from Microsoft ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/archive/java-fix/JAVAFIXI.EXE .
Q. Every time I start NT, explorer is started showing the system32 directory.
A. This is caused by an incorrect program call at startup, search the areas a program can be started from for an incorrect entry, these are listed at An Application keeps starting every time I start NT.
One example is as follows:
This should resolve the problem. Obviously the above is only one possible cause and so all entries should be checked.
Q. I have removed my IDE CD-ROM drive, now NT will not boot.
A. Unless it is hardware related, such as you have not connected the cable correctly or you have not set the master/slave correctly you need to perform the actions below before disconnection the CD-ROM drive. Therefore if you have already disconnected the CD-ROM you should reconnect it temporarily.
You should now be able to boot normally. See Knowledge base article Q125933 for more information.
Q. I get the error, WNetEnumCachedPasswords could not be located in MPR.DLL
A. This is usually caused by an incorrect mapi32.dll, sometimes software installs the Windows95 version. Copy mapi32.dll from your NT installation CD-ROM to %systemroot%/system32.
Q. What information is shown in the Blue Screen of Death (BSOD) ?
A. The NT operating system has 2 basic layers, the user mode and kernel mode. The user mode cannot directly access hardware, is limited to an assigned address space and operates at Ring 3 (lower priority). If a user mode program has an error, then NT just halts the programs process and generates an Operation error, and as the application runs in its own virtual address it cannot affect any other program. Common components that run in user mode are
NT 4.0 introduced a change in the NT architecture as Kernel mode process run much faster (Ring 0) they moved Video and Printer drivers from User mode to Kernel mode. Kernel mode is a privileged processor mode, allowing direct access to the memory and hardware. Kernel mode errors are not usually recoverable and a reboot of the system will be required. The BSOD is a built in error trapping mechanism which is used to halt any further processing to avoid system/data corruption. This means a faulty graphics/print driver could now crash NT. Components in kernel mode are
But what does the BSOD (or STOP message screen) show? Below is the basic structure of the BSOD, however what you see will differ and you may not have some of the sections as I'll explain below
--------------------------------------------------
Section
1: Debug Port Status Indicators
DSR CTS
SND
--------------------------------------------------
Section
2: BugCheck Information
*** STOP: 0x0000000A
(0x00000002,0x00000000,0xDB30442D)
IRQL_NOT_LESS_OR_EQUAL *** Address
db30442d has base at db300000 - matrxmil.SYS
CPUID: GenuineIntel 5.2.4
irql:1f SYSVER
0xF0000565
--------------------------------------------------
Section
3: Driver Information
| Dll Base | DateStmp - Name | Dll Base | DateStmp - Name |
| 80100000 | 2cd348a4 - ntoskrnl.exe | 80400000 | 2cd348b2 - hal.dll |
| 80010000 | 2cd348b5 - ncrc810.sys | 80013000 | 2cda574d - SCSIPORT.SYS |
etc..
--------------------------------------------------
Section
4: Kernel Build and Stack Dump
Address dword dump Build [1381]
-Name
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx -
matrxmil.SYS
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx -
ntoskrnl.exe
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx -
ntoskrnl.exe
etc..
--------------------------------------------------
Section
5: Debug Port Information
Restart and set the recovery options
in the system control panel
or the /CRASHDEBUG system start option if this
message reappears,
contact your system administrator or technical support
group
OR if you system is started with /debug or /crashdebug
Kernel Debugger Using : Com2 (Port 0x2f8, Baud Rate 9600)
Beginning
Dump of physical memory
Physical memory dump complete. Contact your system
administrator or
technical support group
Section 1: This section will only be shown if the system was start /debug or /crashdebug. To tell if your system is debugger enabled, just look at the boot menu when you start the machine and the words [debugger enabled] will be shown next to the Windows NT menu choice. To enable /debug follow the instructions below:
The 3 letter words are signals, e.g. RTS is Ready to Send, DSR Data Send Ready, CTS Clear to Send, and SND means data is being sent to the COM port
Section 2: This sections contains the error (or BugCheck) code with up to four developer-defined parameters (defined in the KeBugCheckEx() function call). In this case the BugCheck was 0x0000000A IRQL_NOT_LESS_OR_EQUAL which means a process attempted to access pageable memory at a process level that was to high and is usually caused by a device driver.
For example, a BugCheck of 0x00000077 or 0x0000007A mean the pagefile could not be loaded into memory. The second hexadecimal value will help you diagnose the cause, e.g.
| 0xC000009A | STATUS_INSUFFICIENT_RESOURCES, caused by lack of non-paged pool. |
| 0xC000009C | STATUS_DEVICE_DATA_ERROR, generally due to bad block on the drive. |
| 0xC000009D | STATUS_DEVICE_NOT_CONNECTED, bad or loose cabling, termination, or controller not seeing drive. |
| 0xC000016A | STATUS_DISK_OPERATION_FAILED, also caused by bad block on the drive. |
| 0xC0000185 | STATUS_IO_DEVICE_ERROR, caused by improper termination or bad cabling on SCSI devices. |
For a full list of what the codes mean see knowledge base article Q103059 at http://support.microsoft.com/support/kb/articles/q103/0/59.asp .
Section 3: This lists out all drivers that were loaded at the time of the crash. It is split into 2 sides, with 3 columns to each site. The first column is the link time stamp (in seconds since the year 1970) and can be converted into real time using the cvtime.exe application (f$cvtime on VMS :-) ).
Section 4: This shows the build number of the Operating System and a stack dump that shows the addresses that were used by the failed module. The top lines may show the offending code/driver, however not always as kernel trap handlers may execute last to preserve error information.
Section 5: This will depend on if you have the /debug setup, but it basically just shows the communication settings and if a .dmp file has been created.
Q. I have created my own application service, however when the user logs off the application stops.
A. When a user logs off, a number of messages are sent. For graphical applications the messages WM_QUERYENDSESSION and WM_ENDSESSION are sent, and to console (character mode) applications the message CTRL_LOGOFF_EVENT is sent. If your application responds to these messages then it may cause it to stop. You will need to modify your program to either ignore or handle the messages differently. There is more information on this in the resource kit.
Q. I can't install any software.
A. Sometimes the file config.nt can become corrupted, specifically the files= line, therefore:
Q. I get an error "This application is not supported by Windows NT".
A. This can sometimes be caused by the files
%SystemRoot%\system32\config.nt
%SystemRoot%\system32\autoexec.nt
not having everyone:full access protection if the boot partition is NTFS. To check/change this protection
Incorrect or missing entries in either file can also cause problems. For example, removing the FILES=nnn line from CONFIG.NT will result in problems. Compare your files to another, working computer.
It can also be caused by a missing or damaged .dll file.
Expand the following files from the original Windows NT compact disc or you latest Service Pack/Hot fix to the %Systemroot%\System32 directory:
NOTE: The Ver.dll file is located in the %SystemRoot%\System folder and the %SystemRoot%\System32 folder, and both versions have the same file size and date.
I had this exact problem a short time ago and it was because a Windows 98 version of VER.DLL had replaced the NT one.
Q. I have installed IE 4.0 now my shortcut icons are corrupt.
A. Windows keeps a cache of icons and this can become corrupted and so one method to try is to delete the hidden file '%SystemRoot%\ShellIconCache' and restart Windows NT. The 'correct' desktop icons will be recreated when you login.
C:\> attrib %systemroot%\shelliconcache -h
C:\> del
%systemroot%\shelliconcache
If the icons are still corrupt delete the file again and reboot. I have seen many occasions where two reboots are necessary.
This problem can also be caused by an incompatibility between the final version of Internet Explorer 4.0 and TweakUI. To fix this you will need to uninstall TweakUI.
If you get an error saying it was unable to be removed you can manually remove it by entering the following command
rundll32 syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 4 e:\winnt\inf\tweakui.inf
You should then reboot the computer.
If you find after the reboot the icons are still corrupt, install TweakUI again and then remove.
Q. I have lost access to the root of the boot partition, now I can't logon.
A. If you set the root of the boot partition to no access then you will be unable to logon. To get round this perform the following
Q. I receive the error: WNetEnumCachedPasswords could not be located in MPR.DLL:
A. This problem is caused by the file mapi32.dll being replaced by an application installation, usually with the Windows 95 version. To correct the problem reinstall the mapi32.dll file from the NT installation CD-ROM
Be aware that if you have applied service packs, mapi32.dll was redelivered in some of the service packs so you should take mapi32.dll from the service pack delivery (expand the service pack and then copy the file over).
Q. How can I perform a kernel debug?
A. To perform a kernel debug, the computer should be connected via a null modem cable or a modem connection for dial in purposes. The computers will be referred to as "Host" for the machine that will perform the debug, and "Target" for the machine that has the problem and is being debugged.
The computers should both be running the same version of Windows NT and the symbol files for the Target machine should be installed on the Host computer. The symbol files are supplied on the Windows NT installation CD-ROM in the Support\Debug directory.
The Target computer's boot.ini entry needs to be modified to allow debugging as follows:
In the example above the Target machine will allow debug connection using Com2: at a speed of 9600 bps.
The host computer needs to be configured with the information it needs to perform the debug and the installation of the symbol files.
To install the symbol files move to the \support\debug directory on the CD-ROM and enter the command
expndsym <CD-ROM>: <target drive and
directory>
e.g. expndsym f: d:\symbols
This may take some time. Remember if you have installed service packs on the target machine the symbol files for these will also need to be installed on the host computer. The symbol files for service packs need to be download from Microsoft separately.
The next stage is to configure the environment variables needed for the debugging, such as the symbol file location etc., these are outlined below.
| _NT_DEBUG_PORT | COM port to be used, e.g. COM2: |
| _NT_DEBUG_BAUD_RATE | Speed for the connection, e.g. 9600, make sure this matches the /baudrate specified on the target machine |
| _NT_SYMBOL_PATH | Location of the symbols files (where you expanded them to using the expndsym utility) |
| _NT_LOG_FILE_OPEN | Name of the file used for the log of the debug session (optional) |
It may be worth putting the definition of the above into a command file to avoid having to type in the commands every time, e.g.
echo off
set _nt_debug_port=com2
set
_nt_debug_baud_rate=9600
set _nt_symbol_path=d:\symbols\i386
set
_nt_log_file_open=d:\debug\logs\debug.log
Next you should copy over the kernel debug software which is located in the support\debug\<processor> directory on the NT installation CD-ROM, e.g. support\debug\I386. It is easier just to copy over the entire directory as it is not very large (around 2.5MB). The actual debugger for the I386 platform is I386KD.EXE and you would just enter I386KD to start the debugger. To enter a command press CTRL+C and wait for the kd> prompt.
Q. How do I configure remote debugging?
A. If you find you do not have the knowledge to debug a Windows NT problem you may need to get Microsoft to perform the debug for you, and in this scenario 3 computers will be involved, the computer at Microsoft, the host machine and the target.
The Microsoft machine will need to connect via RAS to either the host machine, or a computer on the same network, so one machine will need to run the RAS server service.
The configuration is the same as in the previous FAQ, except that on the host machine instead of entering the command I386KD.EXE the command
remote /s "I386KD -v" debug
where debug is the name of the session (this can be anything). At the Microsoft end once they had connected to the network they would enter the command
remote /c <computer name of the host> debug
again debug is the name of the session and must match that configured at the host machine.
Q. I get the error "Not enough server storage is available to process this command".
A. This problem may be due to the machines having a non-zero PagedPoolSize in the registry. This can be set by performing the following:
If PagedPoolSize is 0 then it allows NT to dynamically allocate memory, the installation of software such as ARCServe is known to cause this problem.
This can also be caused when accessing a Windows NT Server share from a Windows NT client if IRPstackSize is too small. To correct try the following:
You may find once setting this, other connections, such as those to NetWare volumes, gain a performance boost.
Another cause for this error is if you installed Service Pack 3 onwards before installing any network components. If this is the case then re-apply Service Pack 3 and any subsequent hotfixes. It is good practise to reapply a service pack whenever you modify/add components to the system.
Q. I can't delete a directory called con, prn.
A. CON is a reserved name, so to delete you must use the UNC,
C:\>rd \\.\<drive
letter>:\<dir>
e.g. rd \\.\c:\john\con
This can also apply to the prn directory. At boot time, PRN is internally configured to direct any communication with the PRN device to LPT1 (just some background :-) ).
Q. I get an error when I try to export a profile other than Administrator.
A. This is usually due insufficient privilege on the Protected Storage System Provider\<SID> key. To be able to export your profile perform the following:
You should now be able to export this profile. To be able to export someone else's profile perform the following:
You will now be able to export this users profile.
Q. I have chosen a screen resolution that has corrupted the display and now I can't change it back.
A. When you try and change screen resolution, Windows NT asks you to test it, if you ignore this and set the display to a resolution that causes a problem your only course of action to to boot in VGA mode, and then once in VGA mode set the resolution back to something you know works.
Q. I get error "Boot record signature AA55 not found (1079 found)".
A. If Windows NT is installed on a logical drive in an extended partition (the 4th partition is usually the extended start), after you select the OS choice and NTDETECT runs, this error message will appear:
"OS Loader 4.0 Boot record Signature AA55 Not Found, xxyy Found. Windows NT could not start because of a computer disk hardware configuration problem. Could not read from the selected boot disk. Check boot path and disk hardware. Please check the Windows NT Documentation about hardware disk Configuration and your hardware reference manuals for additional information. "
The Master Boot Record consists of boot code that is used by the system BIOS to read the partition table. From data contained in the partition table, the MBR can determine which partition is set to be bootable (active) and also the starting sector of that partition. Once that location is determined , the BIOS jumps to that sector and begins the next phase of the boot process by executing additional code that is operating-system specific.
If you have files required for boot located above 1024 cyl, it will fail. If you're running scsi, there's a chance you can get around it by using the scsi driver as ntbootdd.sys. If you're on IDE you're out of luck.
Windows NT 5.0 gets round the boot failure if any files needed for boot are above cylinder 1024 with an updated NTLDR. This file can be copied to a Windows NT 4.0 installation on the active partition without any ill effects, just make sure you have Service Pack 4 applied to the system before copying the NT 5.0 NTLDR.
If the only thing wrong with sector zero was that the last two bytes are not 55AA, this can be fixed with a disk editor such as Norton Diskedit. However, this message is usually indicative of something overwriting or destroying the entire boot sector (sector zero) including the partition table entries.
When you install Windows NT on a logical drive in an extended partition - OSLOADER needs to "walk the extended partition table" through BIOS calls in order to get to the partition you have Windows NT installed in. Each of these logical drives are addressed in a "daisy chain" of partition tables. Each sector that contains a partition table entry MUST end with a 55AA as the last 2 bytes in the sector.
The best way to determine how to recover is to use a disk editor to see if the partition table entries are still intact. Each sector occupies 512 bytes. The first 446 bytes of sector zero contain the MBR boot code followed by the partition table entries, and ends with 55AA. If the partition table entries are still intact at offsets 1BE through 1FD, manually record their values, then write 55AA starting at offset 1FE. Once the signature 55AA is written the MBR boot code can be regenerated by using the Fdisk.exe program from MS-DOS version 5.0 or later.
FDISK /MBR
WARNING: This process will repair the bootstrap code and the 55AA signature by rewriting sector zero but will also overwrite the partition table entries with all zeros, rendering your logical drives useless (unless, that is, the 55AA signature is manually entered using a disk editor prior to your performing the FDISK /MBR).
If the partition table entries are not intact or were overwritten with unreadable characters, the problem is more involved and entails locating the master boot sector (MBS) for each partition and manually rebuilding the partition table entries. This process is beyond the scope of this article.
To speed recover from future MBR corruption, use the Windows NT 4.0 Resource Kit utility Disksave.exe to save a copy of the MBR to a floppy disk. This can be used if needed at some future date to restore the MBR using Disksave.exe.
In the case where Windows NT is installed on a logical drive in an extended partition, you will need a disk editing utility like Norton Diskedit to examine each sector containing an extended partition logical drive entry to make sure it ends with a 55AA. This process is beyond the scope of this article.
A virus in your boot sector may also cause this problem so run an anti-virus program on your boot sector if in doubt.
Most of this information is from Knowledge base article 149877.
Q. When I boot up NT, it pauses for about 30 seconds on the blue screen.
A. Each dot is part of the boot-time chkdsk (autochk.exe), and each 3 dots represent one drive so there should be 3*<number of drives> dots. Sometimes if something is wrong with that drive the startup will be delayed. However there is a known problem with NT if your computer has one or more IDE disks and one or more SCSI disks which results in a pause of around 30 seconds. The problem is due to the detection code used by NT and is currently being investigated by Microsoft.
Q. I receive a RDISK error, disk is full.
A. When you run the rdisk.exe it updates the directory %systemroot%\repair with the following files
| File | Registry Hive |
| AUTOEXEC.NT | This is not a registry hive but rather a copy of the autoexec.nt file located in the %systemroot%\system32 directory |
| CONFIG.NT | As above |
| DEFAULT._ | HKEY_USERS\.Default |
| NTUSER.DA_ | New user profile |
| SAM._ | Parts of HKEY_LOCAL_MACHINE\Security |
| SECURITY._ | HKEY_LOCAL_MACHINE\Security |
| SETUP.LOG | Details of location of system and application files along with cyclic redundancy check information for use with a repair |
| software._ | HKEY_LOCAL_MACHINE\Software |
| system._ | HKEY_LOCAL_MACHINE\System |
As the system is used the files setup.log, sam._ and security._ will grow. The sam._ and security._ files are only updated if rdisk.exe is run with /s qualifier, e.g. rdisk /s.
If the contents of the %systemroot%\repair directory exceeds 1.44 MB then you will receive the error "The Emergency Repair disk is full. The configuration files were saved in your hard disk". You should look at the contents of the repair directory and ascertain which file is the problem, i.e. setup.log is 1MB!
If setup.log if the problem then you can perform the following.
If the problem is not setup.log and is that the sam._ and security._ files are too large then the problem is there are too many accounts on the system so you need to delete some of your user accounts :-) Only joking!
What you can do is locate an ERD that was created early in the computers life where the sam._ and security._ files are small and copy these to the %systemroot%\repair directory and in future do not run rdisk.exe with /s option. This does mean that account information will not be recoverable and you will need to know what the Administrator password was when the original ERD was created (as if it was used accounts would be set back to this state).
Obviously you will still want to be able to restore accounts in the event of a disaster so I would suggest one of the following
For more information see Knowledge base article Q130029 at http://support.microsoft.com/support/kb/articles/q130/0/29.asp
Q. My Shortcuts try and resolve to UNC paths?
A. Shortcuts when created are automatically created with an UNC with \\<Computer name>\<file> in .lnk file. This is usually a problem if you copy shortcuts to other machines, however there are a number of ways to fix this.
To fix a single shortcut you can use the shortcut.exe program supplied with the Windows NT Resource Kit supplement 1 kit.
To dump out a shortcut use shortcut -u <file>.lnk
To alter the shortcut to not track the machine before you copy it to others use the command
shortcut -c -s -n <shortcut name>.lnk
To change the target and working directory on a moved shortcut use
shortcut -c -t d:\www.ntfaq.com\index.html -d d:\www.ntfaq.com -n ntfaq.lnk
To disable link tracking for all shortcuts perform the following:
Q. When I select a hyperlink or open a channel system32 folder opens?
A. A fix for this can be requested from Microsoft support, 338.exe. The fix has not been fully tested which is why it cannot be downloaded from their site. This fix will be in Service Pack 4.
As a work around you should either remove the Active Desktop or when the Logon box is displayed wait 1 minute before logging on.
Q. When I try and use WinAT I get a Dr Watson error.
A. This is usually caused by the Resource Kit being installed in a long file name directory, e.g. d:\program files\reskit. To get rid of this problem install the resource kit in a short name directory (8 characters or less).
If you go to a command prompt and type WINAT, it will actually start OK even if it's on a long file/path name. If you do it from your Start menu or Start Run, it will fail.
Q. Drive mappings are being created by themselves.
A. One known cause of this behavior is the FINDFAST.EXE application that is supplied with Office 97. If either set of the following conditions are both true then drive mappings may be created automatically:
Condition set 1
Condition set 2
There are a number of resolutions to this
My experience with FindFast is that is uses up a great deal of system resources and is not worth the resource usage for what it does so option 4 may be your best bet.
See Knowledge Base article Q150604 (http://support.microsoft.com/support/kb/articles/q150/6/04.asp) for more information.
Q. I can't create a partition over 1GB on an Adaptec 2940 SCSI controller.
A. As you boot up, you should be able to do a ALT-A, this takes you into the SCSI BIOS, under "Advanced Host Adaptor Settings" "Extended BIOS Translation for DOS Drives >1Gb" must be enabled.
Q. I get a STOP 0x00000078 error.
A. This can be caused by a bug in Windows NT where the error is produced if the NonPagedPoolSize is greater than 7/8 of your physical memory. To correct this perform the following:
Q. A file Testdir.tmp is created on a shared volume which cannot be deleted.
A. When a file/folder is copied to a shared NTFS volume, a file Testdir.tmp is created and then automatically deleted. Sometimes the user performing the copy does not have delete permission on the shared NTFS volume and so the file is not deleted and has to be manually deleted by someone who has the delete privilege.
To fix this, give the Delete permission to the user or group who perform the copies.
Q. How can I replace an in use NT system file?
A. If you attempt to replace any of the core NT system files a message will be displayed saying the file is currently locked. The Windows NT Resource Kit ships with MV.EXE which is a 32 bit version of the POSIX MV utility which allows file moves to be scheduled for the next reboot which will mean the system files will not be locked by the operating system.
The basic format of MV is as follows:
c:\>mv /x /d d:\temp\ntfs.sys d:\winnt\system32\drivers\ntfs.sys
The /x means do not save a copy of the file that is replaced. If you do not specify /d a hidden,system subdirectory "deleted" will be created under the destination directory and a copy of the original file placed there.
The /d means do not copy the file until reboot time. The first file name is the file to be copied and the second the the destination name and directory of the copy.
You can do this without using the MV.EXE utility by just manually updating the registry (which is all MV does)
Below is an example value for PendingFileRenameOperations
 Single File Version_files/repinuse.gif)
Once the reboot is complete and the file replaced the PendingFileRenameOperations value will be deleted from the registry.
Q. I removed my folder association and cannot open any folders!
A. That was silly :-)
Fortunately this can be fixed with two simple commands which should be run from a command session (cmd.exe)
The first command creates a new file type, folder, and the action associated with it. The second command creates the association between the "extension" and its file type.
Q. The batch file I schedule to run does not work with the /every switch.
A. You may find that if you submit a batch file with out the /every switch it works fine, e.g.
at 22:00 /interactive command.bat
however if you try
at 23:00 /every:M,T,W,Th,F /interactive command.bat
it fails. To correct this add cmd /c "<batch file>", e.g.
at 23:00 /every: M,T,W,Th,F /interactive cmd /c "command.bat"
Q. I have a volume of type Unknown in Disk Administrator.
A. If you have a partition in Disk Administrator that is of type unknown it does not necessarily mean the partition is corrupt. If the user has no permissions on the root of the drive then Unknown will be shown as the file type. To correct this perform the following:
The file system type of the partition will now be visible in Disk Administrator.
Also remember Disk Administrator cannot understand non NT partitions such as Linux partitions which would also give the volume type is unknown error.
Q. I am unable to use Start from the command line with files with spaces in.
A. The Windows NT Start command allows the user to create separate window/process to run a specified program. If you try and run something that consists of a long file name with a space in quotes if fails and just brings up an empty cmd.exe window, e.g.
C:\> start "d:\documents\ntfaq book\contents.doc"
fails. In order to make it work only the part that has the long name should be in quotes, e.g.
C:\> start d:\documents\"ntfaq book"\contents.doc
will work OK. This applies to anything such as a server, share etc, e.g.
C:\> start \\"<server with space>"\"<share with
space>"\"<dir with space>"\"<file with space>"
e.g.
C:\> start \\"johns server"\"docs share"\"ntfaq dir"\"table of
contents.doc"
This is basically down to the fact that the first item in quotes should be the title of the window, and so a better way to work round the problem is to use
C:\> start "" "d:\documents\ntfaq book\contents.doc"
which will now work fine and there can be as many spaces as you want in any part.
Q. I am not offered the option to install from an INF context menu.
A. The options given from a context menu are derived from its file type entry under HKEY_CLASSES_ROOT\inffile. The first item to check is that .inf is associated with inffile, and this can be checked with
C:\> assoc .inf
.inf=inffile
If you do not get the above response enter the command
C:\> assoc .inf=inffile
The next step is to check the context menu item "install" exists for inffile:
You should now have an install option for .inf files.
Q. How can I deallocate corrupt Memory?
A. If you get the blue screen or Dr. Watson often. Your Memory may be corrupt or you have mixed the Memory.
For testing this FAQ I have mixed two EDO-SIMM (2x16 MB) with two normal SIMM (2x16 MB) on a ASUS-Board P55 TP4-XE (This board can use mixed Memory). After this I often received Dr. Watson errors.
You should use the MAXMEM-Switch in Boot.ini to deactivate the corrupt memory bank until such time mixed memory is not longer in the mother-board. The MAXMEM switch will always use the lowest physical memory addresses, and therefore always uses bank0+. During the NT boot process NT probes the memory hard to make sure that it is really there and working -- generating a blue-screen if any memory tests fail.
Windows NT uses this switch and limits the whole memory from 64 to 32 MB and chooses only the good memory bank. You can also use this Switch to observe the swapping process if limiting the whole memory.
Q. I am unable to run certain 16 bit applications.
A. Certain 16-bit applications won't run under Windows NT, for example if they try and directly access hardware but if you are receiving any of the following errors then you may be able to do something about it:
A possible cause for these errors are if any of the following dynamic link libraries are missing, corrupt or simply the wrong version.
To fix expand/copy the files from the latest service pack/hotfix you have applied or if not found in the latest service pack, from your Windows NT installation CD-ROM.
Another cause may be that the file NTVDM.EXE has been deleted from your %systemroot%\system32 directory so check this.
Q. I have a service stopping NT from booting.
A. Normally you can modify the start-up of services using the Services control panel applet or Computer Management MMC snap-in - System Tools - Services in Windows NT 5.0. When you modify the start-up of a service it actually changes a value, Start, under the Services registry key, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
The first action to try is when Windows NT boots select "Last Known Good configuration" however if this does not work you can use the following.
The Start value of a service can have a number of values as defined in Q. What are the ErrorControl, Start and Type values under the Services subkeys?
In order to modify the start-up state of a service from outside of NT you will need to install a second copy of Windows NT on the machine (or if you can get the System file from the machine onto another machine using a tool like ERD Commanded (from http://www.winternals.com/) the extra copy is not necessary).
You can now deleted your second copy of NT if you wish however it is always useful and takes up a minimal amount of space.
Another solution is to use ERD Professional which allows you to specify startup options for services/drivers from outside of NT, have a look at http://www.winternals.com/.
Q. If I run winfile d: it starts Explorer?
A. If you try and pass WINFILE.EXE (the old File Manager pre 4.0) a drive, expecting it to start by default on that drive, you will find that it starts WINFILE as normal and then opens an Explorer view of the drive specified, e.g.
C:\> winfile d:
would start a File Manager session and an Explorer session which points to d:
This behavior is not a bug and is caused by a misunderstanding of the parameters expected by WINFILE.EXE. Any parameters passed to WINFILE.EXE are interpreted that it should run as a program, e.g. you could type
C:\> winfile notepad c:\file.txt
and it would start a File Manager session and a notepad session editing file.txt.
The reason Explorer starts if you specify a drive letter is that under NT and 95/98 any directory listings are executed by Explorer. Try typing C: from Run and it will start Explorer pointing to C:
Q. I have problems with tips after Service Pack 4.
A. If you receive an access violation from IntelliPoint Productivity Tips, Tips.exe, when starting Windows NT 4.0 SP4, it is recommended that you install the latest version of IntelliPoint software, available from the Microsoft Web site at http://www.microsoft.com/products/hardware/mouse/. Version 2.2c should fix the problem.
If this does not solve the problem perform the following:
Q. After installing Service Pack 4 my ATAPI/IDE ZIP drive is not available.
A. This seems to be caused by the drive not being assigned a drive letter. To resolve perform the following:
Q. Disk power management does not work after Service Pack 4.
A. After Service Pack 4 is applied the Windows NT operating system accesses the disk every 5 minutes which will interfere with disk power management features. This disk access is caused by a time stamp used by the Event Log service and was intended for NT Server only but has been enabled on Workstation.
To fix this perform the following:
Q. I get error: Your password must be at least 0 characters long.
A. If you have enabled the strong password filter (for information on this see Q. How do I enable strong password filtering?) but your domain account policy has no password restrictions and allows blank passwords then you will get the error:
Your password must be at least 0 characters long. Your new password cannot be the same as any of your previous 0 passwords. Also, your site may require passwords that must be a combination of upper case, lower case, numbers, and non-alphanumeric characters. Type a password which meets these requirements in both text boxes.
To resolve this you will need to turn off the secure password filter
Alternatively turn off the ability to have blank passwords:
A. Remote Explorer is a new NT specific virus. If you wish to check your Windows NT system for this virus, you can look in the "Service" applet in the Control Panel. If you see a service called "Remote Explorer", you may be infected by this virus.
The virus has been known to hit MCI Worldcom and results in .exe, .txt and .html file damage.
A virus killer is available from http://www.nai.com/products/antivirus/remote_explorer.asp
A. Normally to edit the default domain controller policy you would
If when Group Policy Editor starts, you instead have "Local Policy" at the root the likely cause is the MMC start setting has been corrupted and this is usually caused by the installation of Office 2000. To repair perform the following:
The policy editing should now work as expected. The basic problem is MMC was not being passed all the parameters and thus opening the default "Local policy".
Q. My desktop icons are corrupt, what can I do?
A. To speed up desktop refresh and its creation, the desktop icons are cached. Sometimes this file can become corrupted and will lead to the icons on the desktop being blank or incorrect.
To resolve this you can delete the icon cache file, %SystemRoot%\ShellIconCache. Before doing this you must stop Explorer (right click on Task bar and stop all instances of Explorer.exe).
C:\> attrib %systemroot%\shelliconcache -h
C:\> del
%systemroot%\shelliconcache
Restart the computer
This can also be accomplished using the Repair tab of the TweakUI utility.
Q. How can I kill an orphaned process?
A. When a service terminates abnormally, it can sometimes leave an "orphaned" child process behind.
If you have the resource kit you can use the following to view a list of all processes and their relationship to one-an-other.
C:\> tlist -t
To then kill a process use
C:\> kill <process name or id>
If this fails add -F to force the kill, e.g. kill -F <process name or id>. If this still fails you could try submitting the kill command as it will then run under the computers built in System account:
C:\> AT <time> /INTERACTIVE CMD /C KILL -F <process name or id>
(you would need the schedule service to be running for this to work, net start schedule).
If this still fails one last approach is possible using the Resource Kit PVIEW.EXE utility:
If none of the above works you will have to reboot.
Q. I have lost my executable association.
A. If your computer configuration has been corrupted and executable files no longer behave correctly perform the following from the command prompt (cmd.exe)
C:\> assoc .exe=exefile
C:\> ftype exefile="%1"
%*
Executables should now work as per normal.
Q. How can I save the BSOD information?
A. System Internals have a utility called BlueSave which can be downloaded from http://www.sysinternals.com/ which will save up to 3 BSOD's before expiring and at that point you should purchase the commercial version from http://wininternals.com/.
Once installed the BSOD will be saved in file %systemroot%\BLUESCRN.TXT to help you diagnose problems. A sample BLUESCRN.EXE can be seen here.
Q. Why do I get the message 'Initialization of USER32.dll or KERNEL32.dll' failed?
A. Every desktop object on the system has a desktop heap associated with it. The desktop object uses the heap to store menus, hooks, strings, and windows.
There is soft limit on the Desktop Heap size (128KB). This can be expanded by changing a parameter in the Registry as follows:
If you try and set the value to anything less than 128 then a default of 128 will be used by the system, ignoring you value.
Q. Users are unable to logon to my Small Business Server even though I have enough licenses.
A. A known problem exists on small business server where more than 10 licenses are installed and the 6th person attempting to logon will fail and an event written to the Application event log:
Event 201: No license was available for user <user name> using product SMBServer 4.0.
To fix the problem perform the following:
Q. How can I use path names longer than 255 characters?
A. Windows NT has a maximum path size defined as MAX_PATH which is 255 characters. It is possible to use more characters by calling the wide (W) version of CreateFile and prefixing "\\?\" to the path. The "\\?\" tells the function to turn off path parsing. This lets you use paths that are nearly 32,000 Unicode characters long. You must use fully-qualified paths with this technique. This also works with UNC names.
The "\\?\" is ignored as part of the path.
For example, "\\?\D:\documents\faq.txt" is seen as "D:\documents\faq.txt".
Programs expecting to find legal file lengths may fall over attempting to open a file with a long path. If, for example the buffer they are putting the path into expects a legal file length.
Q. I get error 'Setup was unable to copy the following file CDROM.SYS', why?
A. This problem can be caused if you are loading the ATAPI real mode CD-ROM driver in the config.sys.
Q. Logon scripts are hanging/looping, why?
A. A known problem exists as reported in Microsoft KB article 234049 which can result in login scripts hanging or looping if a file called net.bat or net.cmd exists in the netlogon folder of the domain controller.
This problem is caused by any client attempting net commands such as "net use" or "net time" which incorrectly uses the .bat file in the netlogon share rather than the correct net.exe on the client.
To resolve remove the net.bat or net.cmd from the netlogon share.
Q. The NTVDM and WOW subsystems cannot start correctly, what can I do?
A. The NT Virtual Dos Machine and the Windows On Windows subsystem are used to run older 16 bit software applications. Below are some trouble shooting steps
dos=high,
umb
device=%SystemRoot%\system32\himem.sys
files=60
shell=%SystemRoot%\system32\command.com
/e:4096 If you still have problems checkout Knowledge Base article http://support.microsoft.com/support/kb/articles/q196/4/53.asp which has more information.
These files are also on the Emergency Repair disk so you could just copy the versions from the disk over your existing ones which may fix the problem.
This can also be caused by a virus, for example "NYB" in the boot sector of the machine. (PC has a bootable DOS and a bootable NT partition).
Q. What does message/error/event X mean?
A. Microsoft have an excellent online tool which can tell you the meaning of common event and error messages.
Goto http://mspress.microsoft.com/reslink/common/msg/ and select the relevant component and message for a detailed explanation.
Q. When I double click on a MSI file it has no association, what can I do?
A. MSI files are Microsoft's new software installation package format and will allow applications to be published to a domain, site or group in Windows 2000 and also allow the application to self-repair.
If when double clicking a MSI file it asks for an application to run under, its default association has been lost so perform the following to fix:
C:\> ftype Msi.PackageMsi.Package="%SystemRoot%\System32\msiexec.exe" /i
"%1"C:\> ftype Msi.Package="%SystemRoot%\System32\msiexec.exe"
/i "%1"
Continue to the next step
C:\> assoc .msi.msi=Msi.PackageC:\> assoc .msi=Msi.Package
Q. I am unable to stop a process from Task Manager even though I'm an Administrator, what can I do?
A. I recently had this exact problem with some Antivirus processes I could not kill, it said I had insufficient access so all I did was start a Task Manager session under the 'System' process by submitting with the AT command, for example
C:\> at <time one minute in the future> /inter
taskmgr.exe
When Task Manager starts you should be able to stop anything (but be CAREFUL!).
An alternative to AT would be the SOON resource kit command and the syntax would be
C:\> soon 30 /interactive taskmgr
Another option would be to use the the PVIEW resource kit utility to change the security on the process and then stop as normal.
Another way would be to use the kill -f command but you would need to be a local Administrator of the machine. You could use the Resource kit PULIST.EXE program to view the processes.
Q. I am unable to run CHKDSK, it cannot lock or open volume for direct access.
A. When you run Check Disk (CHKDSK) or AutoChk on a partition on which NT is installed you may receive one of the following messages
This can be caused by a 3rd party application locking the partition such as a virus checker or disk monitor tool. To correct disable any 3rd party services or devices that may be locking the partition.
Q. I get a Blue-Screen of Death during setup, help!
A. If after you remove the 3rd setup disk from the machine and reboot a blue screen is displayed:
Setup has encountered a fatal error that prevents it from continuing. Contact your software representative for help. Status code (-x4, 0, 0, 0)
This indicates a virus in the Master Boot Record of the disk (this affects NTFS as well as FAT). Use an anti-virus product to clear the MBR and proceed with installation.
Q. After uninstalling Windows 98 I am unable to boot NT.
A. When you uninstall Windows 98 from a dual boot machine with 95 and NT its setup program may delete the Windows NT boot.ini file which is needed by NTLDR to start Windows NT.
To resolve either manually copy a backup of boot.ini to the active partition (C:) or use the Emergency repair disk to restore.
Q. My last known good configuration is missing or corrupt and I can't boot NT.
A. Windows stores a last known good configuration which is replaced with the current configuration after a successful login.
If during boot the System hive is corrupt it will try to use the last known good, if this is also corrupt you will get the following error and NT will not be able to boot:
Windows NT could not start because the following file is missing or
corrupt:
\%systemroot%\SYSTEM32\CONFIG\SYSTEMHardware Profile/Last Known Good
menu
To resolve use one of the following:
Use the emergency repair disk and choose the 'Inspect Registry Files' from the recovery menu. Choose 'Replace System Configuration' from the next menu screen. This will replace the damaged Registry hive with the one on the ERD however if the ERD is out-of-date you will lose any changes.
If you don't have a ERD or its to old, restore the registry from a tape that has a backup of the registry (you would require a second parallel installation of NT).
If you can't do either of the previous options the files that make up the ERD are stored on the local harddisk in %systemroot%\Repair directory. You can therefore manually expand this backup:
C:\> cd \winnt\repair
C:\>
expand system._ system
C:\> copy system
c:\winnt\system32\config
If it still fails uninstall NT and use Windows 98, you can play more games :-)
Q. When I start Explorer I get a Dr Watson error, what can I do?
A. If when you start Explorer yet receive the error:
The handle is invalid
or
Dr. Watson Services.exe
Exception: Access Violation (0xc0000005),
Address: 0x76e073d4
This may be caused by a corrupt event file, a .evt file. Clicking OK to the error may also display the error:
Event Viewer
Remote Procedure Call failed
The Event Viewer Log files (Sysevent.evt, Appevent.evt, Secevent.evt) are always in use by the system thus preventing the files from being deleted or renamed. The EventLog service (which has the files open) cannot be stopped because it is required by other services, thus the files are always open.
In order to fix there are two methods depending on if your boot partition is NTFS or FAT
If you had another copy of NT installed on the computer you could boot to that installation and directly delete the .evt files from the %systemroot%\system32\config directory.
Q. I get an error after installing IE 4.0 SP2 on a Terminal Server.
A. After you apply Windows NT 4.0 Service Pack 4 Terminal Server Edition on a Terminal Server and install Microsoft Internet Explorer 4.01 Service Pack 2, a user may receive the following error message when logging on for the first time:
Advanced INF install.
INF install failure. Reason:
Access is denied.
Setting up personalized settings for:
Microsoft
FrontPage Express
To resolve perform the following:
Q. I get error 'Program will not fit in memory', what's the cause?
A. Its not caused by a lack of memory but is normally caused by a program not being downloaded correctly (an .exe) and is subsequently corrupt. Download the file again checking you are in image (binary) mode when downloading.
Q. After installing SP4/SP5 on NT 4.0 daylight saving is automatically enabled.
A. Both service packs automatically enable daylight savings time (DST), regardless of the active time zone setting. If you live in an area that doesn't observe DST and you want to install these service packs, you need to manually clear the setting on the Time Zone tab of the Control Panel applet Date/Time.
Q. I've installed a Promise Ultra IDE card but NT/2000 will no longer work.
A. Although the Promise card is an IDE card Windows NT/Windows 2000 treats it as a SCSI card and so the boot.ini file ARC path needs to be changed from the multi().../signature() format to scsi().
Note: The new signature() format is used in Windows 2000 for IDE devices, and example line is:
signature(a1bb)disk(0)rdisk(0)partition(2)\WINNT="Windows NT
Workstation Version 4.00"
For example if I had boot.ini file:
[boot
loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating
systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT Workstation
Version 4.00"
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT
Workstation Version 4.00 [VGA mode]" /basevideo /sos
and then installed the Promise card (and install the driver before moving the IDE cable from the motherboard to the card), I would change boot.ini to:
[boot
loader]
timeout=30
default=scsi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating
systems]
scsi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT
Workstation Version
4.00"
scsi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT
Workstation Version 4.00 [VGA mode]" /basevideo /sos
Make sure you also change the "default=" part. Obviously make sure you have loaded the Promise driver before trying to boot (Windows 2000 as of build 2114 has build in support).
Q. Some entries are missing from the Add/Remove programs control panel applet.
A. The Add/Remove control panel applet remove tab builds its list by searching HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall for any entries with a DisplayName value. There is a bug which causes entries with a text string of >64 characters to be ignored so you may want to check the DisplayName values and shorten where appropriate.
Q. The default source path for my Windows 2000 installation is not correct.
A. If you install Windows 2000 from a local hard disk, Windows 2000
defaults to the first installed CD-ROM drive letter when you make any changes to
your installation that require files from the installation source. This does not
occur if installation was completed using a network share. This means whenever
it wants to add a component you have to correct the installation
location.
For example, if you install Windows 2000 from D:\2128\I386 (a
local hard disk), Windows 2000 will default to E:\2128\I386 when the
source files are needed (where E is the first CD-ROM drive letter).
To fix the problem perform the following:
It should now use the correct location when adding/fixing components.
Q. How do I create a queue to a Network Printer?
A. If you have a printer that has its own network card and IP address, you can create a queue to the device by following the instructions below
Q. How do I delete a network port (e.g. LPT3:)?
A. Network ports are defined in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports. Select the port you wish to delete and from Edit Menu select Delete.
You can also delete from the command line
net use lpt3:
/del
Q. How do I configure my print jobs to wait until out of hours?
A. If you have large print jobs that you would rather run out of hours it is possible to configure usage hours on a print queue:
Jobs submitted to this print queue will now only be printed between the hours specified. If you wanted some jobs to be printed straight away you should define 2 queues, one for overnight, one for all hours.
Q. How can I disable the Printer PopUp message?
A. Start the Registry editor, and change KHEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers and set the entry NetPopup to 0. You should then reboot Windows (however stopping and restarting the print spooler will suffice). If the printer is on an NT server, than this setting needs to be set on the Server which controls the print queue.
This can also be done from the Printers Control applet
Q. How do I change the Print Spool location?
A. Using the registry editor change the value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\DefaultSpoolDirectory by double clicking on it and set it to the required area. This will change the print spool area for all printers, to change the print spool for only one printer move down to a printer key and create a value of type REG_SZ called SpoolDirectory and set this as where the spool files should be.
Q. How do I enable Print Auditing?
A. If you need to check what is being printed, then you can enable Print Auditing:
Print events will now be sent to the Security log which can be read from the Event Viewer (Start - Programs - Administrative Tools).
If you experience problems with events not being audited try enabling File and Object Access as well.
Q. How do I enable drag and drop printing?
A. To enable drag and drop printing, all you have to do is create a shortcut to the printer on your desktop
You can then just drag files over the printer and they will be printed (providing they are registered file types that NT knows how to print)
Q. How do I configure a Print Separator Page?
A. A printer separator page is configured by creating a text file using a number of special control codes. The basic format of the separator page is as follows
$ ---- this can be any character, and must be the first
character on the first line. Choose a character not normally used to be the
control character, in this case $
$LUser Name $N
---- $L is used to display normal test until another code is found, $N displayed
the username
$L, Job Number $I ---- $I displays the
job number
$E ---- $E means end of page
Other characters you can use are
$B$S ---- Turn on block character
printing
$D ---- Data job
printer
$F<filename> ---- A file to
print
$H ---- Printer specific control
code
$x ---- Where x is a number of blank lines to
print
$T ---- Time job was
printed
$U ---- Turns off block character
printing
$Wxx ---- Width of the separator
page
To configure the printer to use the separator file:
Q. How can I restrict which users can install local printer drivers?
A. It is possible to restrict print driver installation so that only Administrators and Print operators (on a server) or Power Users (on a workstation) can install local printer drivers
Q. How many printers can be on one NT Server?
A. You are only limited by how large the registry grows. I know of sites with 990 print queues, all lpr, on one NT server with no performance problems - NTS 4.0/SP3 dual P200 Pro, 256MB, FDDI.
There are some variables, but each queue adds about 30-35 KB to the registry. By periodically eliminating the wasted space and removing LastKnownGood as above, the limit is probably somewhere around 3500. I would expect performance to be a problem before this limit is hit.
Q. How can I print to an ascii text file?
A. A print driver "Generic/Text only" exists, which can be used with the file output ability as its default.
To use the ascii print driver go into your application and print, select the "Generic / Text Only" printer and click OK. A dialog will be displayed. Enter the file name you want the output to and click OK. You will now be able to view the file using Notepad or the like.
Q. How do I set security on a printer?
A. There are various levels of security you can set on a printer.
No Access - User may not print to the device
Print - User may print to
the device and pause,resume and delete their own jobs
Manage Documents -
Enables the user to change the status of ANY print job submitted by any user.
The user may not change the status of the printer
Full - Enables complete
access and administrative control of the printer
By default all users have Print access (the Everyone group) and also the "CREATOR OWNER" name has "Manage Documents" access. Creator Owner is the user that printed the document which means users have the ability to delete their own entries on the print queue.
To change print permissions perform the following:
Q. I get the error "The print processor is unknown" when installing a printer.
A. There are 2 causes for this.
If the winprint.dll is not found you should expand Winprint.dl_ from your Windows NT installation CD using the EXPAND command
expand -r <cd-rom drive>:\i386\winprint.dl_ %systemroot%\system32\spool\prtprocs\w32x86
If the file is there then you need to check the registry
Q. Where in the registry is the default printer set?
A. The default printer is set on a per user basis and so is part of the HKEY_USERS hive. To view the default printer for the currently logged on user view the
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Device
value. It is of the format "\\LN014\LN.S651.CSP001.HPLJ5,winspool,Ne01:", where the first part is the actual printer share, then the spooler and finally the connection, e.g. network or parallel port.
To view a different user or view remotely you would view HKEY_USERS\<SID of user>\Software\Microsoft\Windows NT\CurrentVersion\Windows\Device. To check which user has which SID see Q. How can I tell which User has which SID?
If no default printer is manually defined then the first printer alphabetically will be set as the default.
Q. When I try to print to a parallel device (lpt1) I receive error: System could not find the file.
A. This is usually caused by the parallel service not running. To check/fix perform the following:
If you still have problems also check the Parport and ParVdm services under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ as theses are also needed for parallel printing.
Another cause for this error is if LPT1 is disabled via the system BIOS so you should also check this.
Q. How can I allow members of the Printer Operators group to Add Printers?
A. While members of the Print Operators group can stop and restart the Print Spooler, modify jobs and other admin functions they cannot add or modify the actual printers. This can be changed by performing the following:
Stop and start the machine for the change to take effect. Alternatively just stop and start the print spool service,
C:\> net stop spooler
C:\> net start
spooler
Q. How can I configure NT as a print server for UNIX systems?
A. The Windows NT Server that will be acting as the print service must have the following:
Once all of this is completed it is necessary to add a registry key as for UNIX to successfully pass data to an NT server the data type must be set to RAW.
The default value for SimulatePassThrough is 0, which informs LPD to assign data types according to the control commands.
You should now shutdown and restart the server. Once the start has completed the NT box will be able to accept UNIX print jobs. At the UNIX end you would need to use the following commands (example only for SCO Open Server 5).
On the SVR system you would use.
An example would be NT server name SAVPDC and print HP4SI the unix command would be
# lpadmin -p p0 -sSAVPDC!HP4SI
Thanks to Steven Vobes for this Unix information
Q. How can I audit the no. of pages printed by any particular user on an NT network?
A. If you only need basic information for NT-based workstations, you can extract this from the print server's event log. The event log will record each job, including the page count. However, the page count is always 0 for Win98, Win95, Win3.x and non-Windows workstations, as well as for print jobs from console or MS-DOS applications -- and it does not take into account the number of copies requested by the user.
To enable the auditing of prints perform the following:
Once auditing is enabled they can be viewed using the Event Viewer application, System Log. To view only print logs select "Filter Events" from the view menu and set the Source to Print. Each print job will be logged with its size in bytes and number of pages.
If you need to have accurate page counts, you will need to purchase a third-party package for monitoring and managing the printing activities. One such package is Printer Accounting Server from Software Metrics (http://www.metrics.com/); it works with a wide variety of printer types and network connections to accurately track the printing.
Q. How do I create a custom page size for a printer?
A. Custom size pages can be useful in a number of scenerios and the information below helps you to create one.
Q. The additional NetBIOS name of my server does not work for print services.
A. It is possible to specify multiple NetBIOS names for a single machine as described in 'Q. How can I define multiple NetBIOS names for a machine?' however a bug in Windows NT 4.0 means only the MAIN NetBIOS name is used for print services.
When trying to connect to a printer hosted by an NT server from a client the error:
"Could not connect to printer: The printer name is invalid. "
will be displayed if the server name you are using is one of the servers Optional NetBIOS names.
To workaround this always make sure the 'printers' NetBIOS name is always the machines main NetBIOS name.
For more information see http://support.microsoft.com/support/kb/articles/q187/3/32.asp.
Q. How can I stop print jobs writing to the System Log?
A. By default, Windows NT and Windows NT Advanced Server log every print job processed by the server in the System Log.
To stop this perform the following:
Setting these values actually updates the registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\EventLog which is a DWORD value. Each option has a value
Log spooler error events is 1
Log spooler warning events is 2
Log
spooler information events is 4
You then add these numbers up for the combination you want, for example:
A value of 7 means log information, error and warning events.
A value of 3 means only log error and warning events.
You have probably noticed the 1, 2 and 4 is because it is just setting the relevant bit in the DWORD, so bit 1 is error, bit 2 warning and bit 3 information.
Q. How do I create a queue to a Network Printer in Windows 2000?
A. If you have a printer that has its own network card and IP address such as a HP JetDirect card, you can create a queue to the device by following the instructions below
If the port on the printer is incorrect (i.e. for a JetDirect card it will use 9100 but the actual port is 9099 for an internal card) perform the following:
Q. How can I view print jobs from the command line?
A. Windows NT provides built in ability to monitor print queues from the command line using the NET PRINT command.
To view the current print queue use syntax
C:\> net print \\<server>\<print share>
For example:
C:\>net print \\LNPSPA0001\LNPRTP0017
Printers at
\\LNPSPA0001
Name Job # Size
Status
-------------------------------------------------------------------------------
LNPRTP0017
Queue 1 jobs *Printer Active*
saviljo 247 120 Printing
The command
completed successfully.
Notice there is a single print job by user saviljo which is being printed.
Q. How can I delete a print job from the command line?
A. You can delete a print job using the NET PRINT command but must first know its job id and this can be ascertained by typing
C:\> net print \\<server>\<print share>
<user>
<job id> <size> <status>
Once you know the job ID to delete just type
C:\> net print \\<server> <job number>
Q. How can I add a printer to the send to context option?
A. To add a printer to the send to context option perform the following:
You will now be able to right click on a document and send to the printer, cool!
 Single File Version_files/sendtoprinter.gif)
Q. Sharing printers between Unix and NT.
A. I have enclosed instructions for printing to Unix servers (almost the same as for network printers), and also how the NT machine can be used as a gateway for 2 way printing between windows (all versions) and Unix. The Unix use is AIX, although the others should be similar.
Sharing NT printers with unix machines
It is necessary to add a registry key as for UNIX to successfully pass data to an NT server the data type must be set to RAW.
The default value for SimulatePassThrough is 0, which informs LPD to assign data types according to the control commands.
Create a queue on the unix machine as normal, for a text only print queue on aix use:
Using an NT machine as a Windows - Unix print gateway
Thanks to Chris Griffiths for this
Q. How can I set the default printer from the command prompt?
A. A new utility has been written called DEFPRINT.EXE which allows the default printer to be set from the command prompt.
A couple of examples...
D:\>defprint /p
Found 2 printers
PrinterName: \\EDUC-HQ\Comm Ed (North)
ServerName:
\\EDUC-HQ
PortName: edu-ce-hp5-2
DriverName: HP LaserJet
5
PrintProcessor: winprint
ShareName: commed-2
PrinterName: \\EDUC-HQ\Comm Ed (South)
ServerName:
\\EDUC-HQ
PortName: EDU_COMMED_HP5M
DriverName: HP LaserJet
5
PrintProcessor: winprint
ShareName: commed-1
D:\>defprint /d commed-1
Would set the default printer to commed-1
Equally,
D:\>defprint /d edu_commed_hp5m
would do the same job
D:\>defprint /d lpt1
Would set the default printer to be the local
printer (only if it existed)
Q. What Newsgroups are good for NT information?
A. The ones I subscribe to are:
Before posting to any of the Microsoft newsgroups, please read the Microsoft policy on Newsgroup posting, a HTML version of this can be viewed at http://www.ntfaq.com/ntfaq/MSNews.html.
Q. Where can I get more information?
A. There are various sites on the web that have extra information
Q. Where can I go for Training in Microsoft Products?
A. To find a training center in you area goto http://www.microsoft.com/train_cert/.
Q. Where is information about becoming a MCSE?
A. Goto http://www.microsoft.com/train_cert
Q. Where can I find the resource kit?
A. It is available from most large book shops. Workstation is around US$50, Server US$150. You can purchase it online from http://www.amazon.com/ by clicking one of the following:
Updates to the Resource Kit tools are available from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/.
A free support version of the Resource kit can be downloaded from http://www.microsoft.com/ntserver/nts/downloads/recommended/ntkit/
Q. How do I run an application as a service?
A. The NT Resource Kit includes a utility called SRVANY.EXE which runs an applications as a service. There is more information on this at http://support.microsoft.com/support/kb/articles/q137/8/90.asp, also read the file that comes with the resource kit (Start - Resource Kit - Configuration - Running an application as a service).
Q. How can I shutdown a computer remotely?
A. Use the Shut Down workstation utility supplied with the NT Resource Kit.
Q. Where can I find a Unix su (substitute user) like utility?
A. Background for those unfamiliar with Unix: It is a good idea for system administrators to do everyday's work with a low privileged account and only change to an account which is a member of the Administrators group if you really have to do administrative work. To avoid closing all open applications and log off, it is useful to have a utility that allows you to temporarily start applications running in the security context of a different account.
The Resource Kits ships SU.EXE, a free equivalent is SU.ZIP (on Cica in /admin). Both require setting system privileges for the caller. An alternative is SUSRV.ZIP (also from Cica), which has to be installed as a service, but does not require privileges. There is no equivalence to Unix suid programs (i.e. a file attribute which achieves that the file is run in the security context of the owner instead of the caller, without specifying a password).
A new utility is NTsu which will allow you to run programs in the security context of any user in your system or domain. NTsu also allow you to have multiple desktop's, each one for a different user, and you can switch from one to another. NTsu is FreeWare. It can be downloaded from http://32bit.bhs.com/ or http://www.ntfaq.com/ntfaq/download/ntsu10.zip. The official page is at http://www.teleline.es/personal/quimeras/ntsu/ntsu.htm
Q. I'm running NT on Alpha - Can I run INTEL programs?
A. Digital have produced a special on-the-fly binary translator available at http://www.service.digital.com/fx32/.
A. TWEAKUI is part of the Power Toys set released for Windows95, however TWEAKUI (and a number of the other utilities) also runs on NT4.0. The utility basically puts a graphical front end to some of the more useful Registry settings and allows the user to remove icons from the desktop (such as Rubbish Bin), automatically login and many other useful config options.
Download it from http://www.microsoft.com/Windows/Downloads/Contents/WUToys/NTTweakUI/Default.asp , then run the file and a number of files will be created. Right click on the TWEAKUI.INF and select install, and a TWEAKUI option will be in the control panel.
A. Below are some sites that are worth a look
Q. Do Windows 95 Powertoys work in NT?
A. Some of them do, and I suspect as time goes on they all will. The ones that currently work on NT 4.0 are
As part of the Powertoys for Windows 95 there is also a QUICKRES utility that allows a change of resolution without a reboot, however this does not work in NT, but the NT resource kit includes an identical utility (called QUICKRES.EXE).
Q. Is there a X-terminal for NT?
A. There are a number of X terminals for NT:
A. It is still shipped with NT 4.0, just run WINFILE.EXE. For information on Windows 2000 see 'Q. Where is File Manager in Windows 2000?'
Q. Where do I get Themes for NT?
A. Desktop Themes are supplied on the NT Resource kit, however if you have Windows95 installed with the plus pack you can copy the files themes.cpl and themes.exe to the %systemroot$/system32 directory and reboot your machine. These files are contained in Plus_3.cab on the Windows 95 CD-ROM.
Q. Where can I get UNIX tools for NT?
A. There are three selections of utilities that I know of:
Q. How can I fix/replace/copy files on an NTFS partition from outside Windows NT?
A. NT Internals has released ERD Commander which allows you to perform read and write operations on NTFS/FAT and CDFS partitions. ERD Commander can be purchased from http://www.winternals.com/products/erdcommander.shtml or a free read-only version from http://www.sysinternals.com/erdcmndr.htm.
Once downloaded just run the executable erdcmndr.exe and it will self install to a directory of your choosing. It will also create a program group "ERD Commander". Once installed it will ask if you want to create the ERD Commander disks. ERD Commander works by altering a set of NT installation disks with its own special versions of certain files so instead of installing NT it brings up a DOS like command prompt. You can either modify an existing set of installation disks or let ERD Commander create a new set (you will need to insert you NT installation CD-ROM). The instructions below are for creating the disks.
When the creation has completed you can insert disk 1 and reboot the machine to boot into ERD Commander. You will then be prompted to insert disk 2 then disk 3 and then finally disk 2 again.
There is a pause of about 30 seconds when it first displays the "Microsoft (R) Windows NT", don't worry, this is normal. You will then be shown a list of all the drives.
 Single File Version_files/erdshot.gif)
Pay attention to the drive letters, they may not match your usual drive assignments, this is because Windows NT grants letters on active partitions of each disk first, where as ERD Commander assigns them as it comes across them from floppy disk 0, hard disk 0 and then CDRom 0 onwards. For example if you had 2 harddisks, harddisk 0 and harddisk 1, with harddisk 0 having 2 partitions, Windows NT would assign the letters as
Harddisk 0, partition 1 c:
Harddisk 1, partition
1 d:
Harddisk 0, partition 2 e:
This is because active partitions are assigned drive letters first. ERD Commander would label the partitions as
Harddisk 0, partition 1 c:
Harddisk 0, partition
2 d:
Harddisk 1, partition 1 e:
This is not a problem, just be aware, don't panic that your files have disappeared :-)
You can now enter normal commands like dir, rename, copy etc. When you are finished Ctrl-Alt-Del does not work, just remove the ERD Commander disk and type exit.
Q. What are the "Windows NT Support Tools"?
A. These are a set of tools used to aid debugging and diagnosis of Windows 3.51 and 4.0 systems.
The current version is 1.0 and these tools are free and can be downloaded from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/tools/OEMSupportTools/OEMTools.exe (5.29MB).
The support tools consist of 3 programs
The download file is self-extracting and detailed instructions are provided in the readme.txt file.
Q. How do I load the RKILLSRV.EXE?
A. The RKILLSRV allows you to stop processes remotely by running as a service and you can then use WRKILL.EXE or RKILL.EXE to stop a process on that machine.
Its inconvenient to have RKILLSRV running as a process so its better so have it running as a service.
Use the SRVINSTW.EXE provided in the resource kit. It is a GUI program that allows one to set up a program written properly to run as a service. Emphasis: The program MUST be written to run as a service!!!
Once started you should select "Install a service" and click Next. Select the machine, a name for the service, the program, the service type, an account to run under and finally how the service is run (e.g. automatic).
With the SRVINSTW.EXE you can setup programs on your local machine or on a remote machine.
You must have Administrative privileges on the target machine.
Q. Where is File Manager in Windows 2000?
A. File Manager, or WINFILE.EXE is no longer supplied with NT and thus not available under Windows 2000.
If you upgraded a 4.0 machine to Windows 2000 then File Manager is not deleted and will still be available, also you may copy WINFILE.EXE from a 4.0 machine to Windows 2000.
Under Windows 2000 you may also use the File Management MMC snap-in.
I would say that by now you should be using Explorer and not File Manager anyway to take advantage of the advanced feature set provided by Explorer.
Q. What is the Microsoft Management Console (MMC)?
A. Microsoft Management Console (MMC) - previously known by the code name "Slate" is Microsoft's new interface for machine and application management and allows the user to create a custom console with "snap-ins" loaded. MMC provides a shell with no functionality, a 'snap-in' provides the functionality, such as DNS management, and while a number of default console configurations will be supplied with certain snap-in's pre loaded you will be able to create your own console with one or more snap-ins loaded.
 Single File Version_files/mmccustom.gif)
A custom console with the Group Policy Editor, Services and
Disk Management Snap-in loaded.
The main MMC window has the 'Console' menu which is used to add and remove snap-ins to the console and to also save the configuration to enable you to reload any useful snap-in combinations.
Future Microsoft applications, such as Exchange 6.0 (Platinum) will use MMC snap-ins instead of normal applications and other software providers will follow suit with snap-ins for most application management interfaces.
The MMC is core in Windows 2000 and was first seen in NT 4.0 with Option Pack 4, Internet Information Server 4.0 and Service Pack 4's Security Configuration Editor.
The latest version of the MMC for Windows NT 4.0 can be downloaded from http://www.microsoft.com/MANAGEMENT/MMC/download.htm.
Q. How do I create a custom MMC configuration?
A. One of MMC's great features is its flexible and we will take a quick look at this by creating out own custom console.
The first step is to start the MMC shell, select Start - Run and type MMC.EXE. MMC will be started with no snap-ins loaded and has no functionality.
 Single File Version_files/console.gif)
The next step is to add a snap-in:
 Single File Version_files/diskmanadd.gif)
The main console will now show the snap-ins added at the root. Its possible for each snap-in to be in its own window within the MMC rather than as a single tree by right clicking on the snap-in and selecting 'New Windows from Here' from the context menu. If you did this for all snap-ins loaded you could close the main tree window.
 Single File Version_files/newwindow.gif)
Once your console is laid out to your liking you can save it as follows:
If you save to your profile area, e.g. d:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools the new MMC configuration will be displayed on the Start Menu.
Q. Where is X from NT 4.0 in Windows 2000?
A. Windows NT 4.0 had a large number of applications for domain and system management which have been replaced in Windows 2000 as, or part of, a MMC snap-in. The table below shows mapping of 4.0 application to MMC snap-in.
In many situations the 2000 has its own snap-in but is usually called from a larger group snap-in, e.g. Computer Management MMC snap-in which contains many other snap-ins.
| 4.0 Application | Windows 2000 snap-in | Notes |
| Backup (NTBACKUP.EXE) | NTBACUP.EXE | New utility but same name. Does not use MMC as may be called from command prompt as part of automated procedure. Based on Seagate technology |
| Disk Administrator (WINDISK.EXE) | Disk Management | By default in Computer Manager MSC file, Start - Programs - Administrative Tools - Computer Management - Storage - Disk Management |
| Event Viewer (EVENTVWR.EXE) | Event Viewer | By default in Computer Manager MSC file, Start - Programs - Administrative Tools - Computer Management - System Tools - Event Viewer |
| License Manager (LLSMGR.EXE) | LLSMGR.EXE | Start - Programs - Administrative Tools - Licensing |
| Migration Tool to Netware (NWCONV.EXE) | ||
| Network Client Administrator (NCADMIN.EXE) | Remote Install Service | Start - Programs - Administrative Tools - Active Directory Users and Computers - Select computer - Remote Install tab |
| Performance Monitor (PERFMON.EXE) | Performance Logs and Alerts | By default in Computer Manager MSC file, Start - Programs - Administrative Tools - Computer Management - System Tools - Performance Logs and Alerts |
| Remote Access Admin (RASADMIN.EXE) | Routing and Remote Access | By default in Computer Manager MSC file, Start - Programs - Administrative Tools - Computer Management - Server Applications and Services - Routing and Remote Access |
| Server Manager (SRVMGR.EXE) | Active Directory Users and Computers | Start - Programs - Administrative Tools - Active Directory
Users and Computers - Select Domain - Computers branch
Promote of a machine to a domain controller is via DCPROMO.EXE utility |
| System Policy Editor (POLEDIT.EXE) | Group Policy Editor | Right click on a container, select Properties and select Group Policy tab. |
| User Manager for Domains (USRMGR.EXE) | Active Directory Users and Computers | Start - Programs - Administrative Tools - Active Directory Users and Computers - Select Domain - Users branch |
| User Manager for Domains (USRMGR.EXE) - Trusts | Active Directory Domains and Trusts | Start - Programs - Administrative Tools - Active Directory Domains and Trusts - Right click domain - Select Properties - Select Trusts tab |
| User Manager for Domains (USRMGR.EXE) - Account Policies | Group Policy | Start - Programs - Administrative Tools - Active Directory Users and Computers - Right click on Domain - Select Properties - Select Group Policy - select Domain Policy and click Edit - Computer Configuration - Windows Settings - Account Policies |
| User Manager for Domains (USRMGR.EXE) - User Rights | Group Policy | Start - Programs - Administrative Tools - Active Directory Users and Computers - Right click on Domain - Select Properties - Select Group Policy - select Domain Policy (or a container) and click Edit - Computer Configuration - Windows Settings - Local Policies - User Rights Assignment |
| User Manager for Domains (USRMGR.EXE) - Audit | Group Policy | Start - Programs - Administrative Tools - Active Directory Users and Computers - Right click on Domain - Select Properties - Select Group Policy - select Domain Policy (or a container) and click Edit - Computer Configuration - Windows Settings - Local Policies - Audit Policy |
| Windows Diagnositics (WINMSD.EXE) | System Information | By default in Computer Manager MSC file, Start - Programs - Administrative Tools - Computer Management - System Tools - System Information |
| Domain Network Services (DNS) | DNS | Start - Programs - Administrative Tools - DNS |
| Dynamic Host Configuration Protocol (DHCP) | DHCP | Start - Programs - Administrative Tools - DHCP |
| WINS | WINS | Start - Programs - Administrative Tools - WINS |
Q. How can I synchronize accounts between NT and Unix?
A. A Unix based tool WinDD NIS from http://www.ncd.com/windd_nis.html enables user account and group information to be synchronized with an NT domain.
Q. How can I add Open with Run Dialog to the context menu?
A. Download rundlg.zip and extract.
Use rundlg.inf file to install it (you can uninstall it later from control panel).
Right-click on any .exe, .bat, or .cmd file and you'll see "Open in Run Dialog" menu item. Click on it and you'll see Run Dialog with the selected file name.
Q. Does application x work with NT 4.0?
A. See the list below
Q. Does game x work with NT 4.0?
A. See http://www.ntgamepalace.iscool.net/ for an extensive lists of games that work with NT4.0, and tips to make them work.
Q. Does NT run 16bit applications?
A. There is no definitive answer. NT does not allow an application to directly access hardware, so any application that directly tries to access hardware would cause a violation, also private device drivers are not supported (such as a VXD). A VXD is usually a .386 file.
Besides direct hardware access, some 16 bit apps will not run under NT because they use a 16 bit API function call that either has no 32 bit equivalent, or the 32 bit equivalent has a completely different function call (different number/types of arguments) and NT can't convert the 16 bit version to the 32 bit version. If either of these things occur, NT will halt execution of the 16 bit app and throw some sort of error similar to the one it throws when direct hardware access occurs. This doesn't happen very often, but it seems that NT 4.0 has more problems with 16 bit code than NT 3.51 due to the 16 bit to 32 bit conversion process.
As a side note, this conversion of 16 bit code to 32 bit code is one of the reasons that NT will run 16 bit code slower than Win95 given all other things held equal. This has nothing to do with the Pentium Pro's problem with 16 bit code, it is an NT problem.
NTVDM simulates MD-DOS environment for MD-DOS-based applications. Applications that run in user mode do not have direct access to hardware. The VDDs intercept the applications' h/w calls and interact with the Windows NT 32-bit device driver. This process is transparent to the application.
Q. Will NT 3.51 drivers work with NT 4.0?
A. Standard NT drivers will automatically be upgraded from the NT CD. 3rd party drivers may not work and the supplier should be contacted. In particular Video drivers and Printer drivers were moved for NT4.0 from Win32 to the NT executive to improve performance and reduce memory use (basically moved from Ring 3 - user mode to Ring 0 - kernel mode). This does have the effect that a graphics driver could crash NT.
Q. How do I change the letter associated with a drive?
A. From the Start Menu, select Administrative Tools and Disk Administrator. Right Click on the partition and choose "Assign Drive Letter", then just select the drive letter you wish to use. It is a good idea to recreate the Emergency Repair Disk after changing any drive information.
Q. How can I get NT to recognize my second harddisk?
A. Sometimes the Enhanced IDE (EIDE) adapter is misidentified as an ATAPI controller which loads the ATAPI.SYS driver. Disable this driver (Control Panel - Devices - Startup - Disable) and load the correct EIDE driver.
Q. How do I install a HP scanner?
A. There is full information on this at http://pw2.netcom.com/~gmelendz/index.html
Q. How do I install dual screens?
A. NT 5.0 will have support for this, however in the mean time you are limited to certain graphics cards with specialty drivers, such as two Matrox Millenium cards. Multi monitor support is also provided by #9, Diamond MM, Dynamic Pictures and STB. Some even have single PCI slot solutions, such as some STB cards and Diamond FireGL 3000.
Q. How much memory can NT support?
A. NT is a 32-bit operating system which means it can support 2^32 amount of memory (4 Gigs). However NT splits memory into 2 parts, 2 gigs for the programs and 2 gigs for the Operating System. There are known to be some problems when having more than 64MB even in NT4.0, please see Q117373
Q. How much memory do I need for NT?
A. For NT Workstation on Intel 12MB is the minimum, however 16MB is the recommended min, 24MB will reduce virtual memory usage and increase performance. For RISC based processors 24MB is recommended, and 32MB to improve performance. Most NT people will say the real acceptable performance numbers are 40MB for NT Workstation and 64MB for NT Server. It really does depend on what you will be running on the server.
For NT Server 16MB is the minimum, however most sites have 32MB.
Q. I cannot see my CD-ROM drive from NT?
A. If it is a IDE CD-ROM Drive ensure you have the ATAPI CD-ROM driver installed (or one supplied with drive).
If it is a SCSI CD-ROM ensure the correct SCSI driver is loaded.
Q. What are the IRQ's used for?
A. An Interrupt allows the piece of hardware to get the CPU's attention. For something like a Network card this is important as the card has limited buffer space so unless the CPU does not move the data out of the buffer it will get lost. Below is a table of the common IRQ uses.
| IRQ Level | Common Use | Comments |
| 0 | Timer | Hard-wired on motherboard |
| 1 | Keyboard | Hard-wired on motherboard |
| 2 | Cascade from IRQ 9 | May be available depending on Motherboard |
| 3 | COM2 or COM4 | |
| 4 | COM1 or COM3 | |
| 5 | LPT2 | This is usually free as not many people have 2 parallel ports. Sound blaster cards usually use this. |
| 6 | Floppy disk controller | |
| 7 | LPT1 | Sound blaster cards can use this |
| 8 | Real-time clock | Hard-wired on motherboard |
| 9 | Cascade to IRQ 2 | Wired directly to 2, sometimes tell software 9 when mean 2 |
| 10 | Unused | This is usually used by Network cards, many of them not allowing it to be changed |
| 11 | Unused | Usually used by SCSI controllers |
| 12 | PS/2, Bus mouse | If you are not using a PS/2 or bus mouse this can usually be used by another device |
| 13 | Math Coprocessor | Used to signal errors |
| 14 | Hard disk controller | If you are not using an IDE hard disk you may use this for another device |
| 15 | Some computers use this for the secondary IDE controller | If you do not use the secondary IDE controller you may use this for another device |
Note about attempting to free IRQ's used by unused motherboard devices: if your BIOS lets you disable the device manually and doesn't get reset by any Plug-and-Play software you have (for instance, Windows 95), you are probably okay. Otherwise, you'll just have to experiment to determine whether you can really use the IRQ occupied by the unused motherboard device.
Q. How Many CPU's does NT support?
A. NT Workstation can support 2 CPU's, NT Server supports 4 CPU's, however the OEM version of NT Server can support up to 32 CPU's.
Q. Is there a list of hardware NT supports?
A. Microsoft has a NT hardware compatibility list at http://www.microsoft.com/hwtest/hcl/.
For Windows 2000 please see Q. Where is the Hardware Compatibility List for Windows 2000?
Q. Can I test my hardware to see if it is compatible with NT?
A. It is possible to create an NT Hardware Qualifier Disk. Boot to DOS, and insert the NT CD-ROM and a blank formatted floppy disk. On the CD-ROM goto \SUPPORT\HQTOOL and run makedisk. Then just boot off of the floppy disk.
Q. Can I test my SCSI devices?
A. A tool is provided on the NT installation CD that will test SCSI adapters from Adaptec and BusLogic, to use this tool perform the following:
Q. How do I disable mouse detection on a COM port (for UPS usage)?
A. Follow the steps below after first removing the UPS from the computer
The /NoSerialMice switch only disables the Microsoft Serial Mouse device driver.
If you have installed any third-party mouse drivers, go into Control Panel - Devices and disable their Serial Mouse drivers as well. For example, if you installed the Logitech Mouseware V8.0 for a Trackman Marble, you must also disable the "Logitech Serial Mouse" device, called "lsermous" (note that the Arial lower-case l looks like a capitol i).
Q. Where can I get a driver for x?
A. If you have a piece of hardware that does not have a driver with NT you should check in two places, the maker of the hardware, i.e. for the Iomega Ditto goto http://www.iomega.com/ . If there is nothing there you should try the Microsoft site as they make the drivers for some hardware, for example the HP NT 4.0 drivers are made by Microsoft. If you cannot find the driver in either of these places then e-mail the technical support of the hardware maker, asking them for the driver, in some cases the driver is not on the web site, but they will e-mail it to you (makes a lot of sense :-))
For Iomega drivers can be downloaded from 1-800-998-0037.
Q. My U.S. Robotics 56K modem only connects at 19200.
A. The USR .inf that is supplied with NT defaults to and has a limit of 19200. Download the latest mdmusr.inf from USR which will allow the top speeds.
Q. Can I use the IDE interface on my sound card?
A. It depends if it is ATAPI 1.2 compliant. If it is, there should be no problems, however if it is not, it will not work and you will be unable to use this port.
Q. Does NT support Plug and Play?
A. In a limited sense. There is a driver that can be installed that will detect Plug and Play devices, however it is not supported and you will receive no support. To install the driver
Installing the driver sets the following registry values:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnpisa\Enum\Type -
0x1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnpisa\Enum\Start -
0x1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnpisa\Enum\ErrorControl
-
0x0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnpisa\Enum\DisplayName
- "Pnp ISA Enabler
Driver"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnpisa\Enum\ImagePath
- "system32\DRIVERS\pnpisa.sys"
A. Follow the instructions below:
Q. How do I give my tape drive a letter so it is visible from explorer?
A. NT on its own cannot do this, however there is a 3rd party "driver" that gives this functionality. For more information see http://www.tapedisk.com/.
Q. How can I force NT to use a mouse on a given port?
A. When NT boots its hardware detection component checks all hardware and updates the registry, sometimes it may not detect the mouse however it is possible to force NT to use a mouse on a given port:
For more information see knowledge base article Q102990 at http://support.microsoft.com/support/kb/articles/Q102/9/90.asp
Q. How can I view which resources devices are using under NT?
A. The easiest way to view resource usage by devices is to use the built in WINMSD.EXE utility supplied with Windows NT:
You could also use the winmsdp.exe utility that is supplied with the resource kit. The command
winmsdp /i
will output the IRQ usage information to the file msdrpt.txt.
A. The warnings are there for a reason however if you want to stop them perform the following:
Q. How can I tell if I am using the Compaq Hardware Abstraction Layer?
A. Compaq have their own HAL.DLL, designed in conjunction with Microsoft the Compaq version of the HAL.DLL takes advantage of the Compaq's hardware more effectively than the shipped Windows NT HAL.DLL.
This special HAL.DLL can be downloaded from http://www.compaq.com/ or from their download area at 713-518-1418. The current version is 1.20A and the filename is sp2465.exe.
To check which version of the HAL.DLL you have perform the following.
Q. How do I get a dual monitor Matrox Millenium system to not split dialog boxes across the screens?
A. Perform the following:
From the release notes this no longer works in 4.0 but does for 3.51 systems.
Q. How can I suppress the error message generated if my ZIP drive is not connected?
A. This is a function of the Iomega Zip service (PPA3NT, obvious name!) and error announcement can be disabled by performing the following:
Q. Does Windows NT 4.0 support USB?
A. Universal Serial Bus is the new external bus standard for the connection of PC peripherals. The idea behind USB is it will be plug and play and as devices are connected they will automatically be detected and installed.
Windows NT 4.0 does not provide built in USB support, you will need to wait for Windows 2000 or switch to Windows 98. Some boxes convert the USB devices into serial ports.
Inside Out has produced USB cards and hubs for NT 4.0, see http://www.ionetworks.com/press/nt.html although these are limited.
Q. Why can't I hot swap my PCMCIA card with Windows NT 4.0?
A. Windows NT 4.0 does not support hot swap capabilities for PCMCIA cards -- the card must be inserted at boot. This support will be supported Windows NT 5.0. If you need these capabilities with Windows NT 4.0, you can use a third party package, such as SystemSoft's CardWizard product. For more information, check out their web site at http://www.systemsoft.com/.
Q. How do I install a ZIP drive under NT?
A. There are different types of ZIP drivers, internal, external, ZIP-PLUS and all of this will work under Windows NT 4.0.
If you have an internal ZIP drive just ensure you have Service Pack 3 or later installed which provide built in support for internal ZIP drives and will display the drives in Explorer as "Removable drive".
If it is an external ZIP drive you will need to download and install the correct drivers from http://www.iomega.com/. All downloaded drivers/tools are self extracting and contain good install instructions.
Q. How do I enable Bus Mastering in Windows NT?
A. Windows NT 4.0 has native bus mastering support with Service Pack 3. To enable bus mastering in Windows NT 4.0 perform the following:
So Intel and Microsoft do officially support DMACHECK. See also
DMACHECK.EXE IDE BusMaster is very important : you can read or write on disk without using 100% of CPU (like SCSI)
Q. I said no to a PNPISA device now I want to install it.
A. If you have installed the PNPISA driver which enables NT to use some plug and play devices and upon reboot said no to install some devices it will not ask you again.
If you later decide you DO want to install the device it is necessary to make NT "forget" that it has ever seen it before. Each PNPISA device has an entry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnpisa and so do make NT forget about a device just delete its key.
Upon reboot you will be able to install the device.
For more information on installing the driver see Q. Does NT support Plug and Play?
Q. How do I perform unattended installations on machines with AGP graphics cards?
A. An update HAL.DLL is needed to support machines with AGP graphics cards and a PCI bridge. One such HAL is supplied with Service Pack 3 so you need to replace the standard HAL.DLL shipped with NT with the Service Pack 3 version.
Some Intel boards have a fault and a patch is available from Intel. Without this patch installed, a user will be able to get only hardware refresh-rate VGA with even a high-end graphics card. The hitch, however, is that the patch will only install on Service Pack 3 or later builds of NT.
Q. Does NT support DVD drives?
A. Windows NT 4.0 does not natively support DVD drives where as Windows 2000 does for data reading and for playing movies.
Creative Labs have released a Windows NT 4.0 driver for their DVD product and can be downloaded from http://www.soundblaster.com/
Once you have downloaded the file you should expand using the command
C:\> dvdent4 -d
This will then create two directories, Drivers and Appl. To install the drivers just run setup.exe from the Drivers directory, reboot and then run setup from the Appl directory.
Q. How can I check the amount of physical RAM in my machine?
A. There are loads of methods to get this information.
From the command line you can use
C:\> memory /s
66506752
Q. How can I safely disable a device?
A. When you disable a device you may have to reboot and many of us would have experienced upon reboot the Blue Screen of Death and we are stuck. Below is a method to allow you to test the system without the device.
 Single File Version_files/hwremdev.gif)
If you don't see a blue screen of death, this configuration is probably safe. If you get the blue screen, shut the computer off and when it comes back up, choose Original Configuration and let it continue to boot. You can then go back into Control Panel and enable that device again.
Q. How can I make NT see more than 8 units on SCSI?
A. By default Windows NT 4.0 will only detect the first eight logical units on a SCSI device.
This has been fixed in Service Pack 5 with the following action:
NT will now support up to 255 SCSI units.
Q. Does Windows support the Promise Ultra ATA/66?
A. The Promise Ultra ATA/66 is an IDE interface card which with newer hard disks you can have 66MB/s transfer times.
Promise have produced drivers for Windows NT 4.0 which can be downloaded from http://www.promise.com/ and there is now a special version for Windows 2000, however as of build 2114 a built in driver for the Ultra ATA/66 is supplied and works great. If you move from IDE to the Promise card you will need to change your boot.ini file from the multi() to the scsi() syntax.
If you perform an in-place upgrade of NT 4.0 with the promise ultra 66 card/driver installed to Windows 2000 (2031) Pro it works absolutely perfectly with the Promise Card. In Device Manager, the Ultra 66 card is listed correctly under SCSI devices, and under driver details, you will get "c:\winnt\system32\drivers\ultra66.sys" with a file version of 1.42 (build 0218), by Promise Technology, Inc. You should update to the new Windows 2000 driver once installation has completed to be on the safe side.
Q. What is the Windows Scripting Host?
A. The Windows Scripting Host (WSH) is a tool that will allow you to run Visual Basic Scripting Edition and JScript within the base Operating System, either on Windows 95 or Windows NT 4.0. Using the scripting languages you already know you can now write script to automate common tasks, and to create powerful macros and logon scripts.
Windows NT 5.0 natively supports the Windows Scripting Host.
Q. Where can I get the Windows Scripting Host?
A. The Windows Scripting Host software can be downloaded from http://msdn.microsoft.com/scripting/ along with a large amount of help files/samples.
The JScript and VScript engines you need are supplied with Internet Explorer 3.01 and above, however the latest versions are supplied with Internet Explorer 4.01. These engines can be downloaded separately from the same address as the WSH.
Q. How do I install the Windows Scripting Host software?
A. When the software is downloaded from http://msdn.microsoft.com/scripting/ a single file is fetched, WSH.EXE.
Switches for WSH.EXE are
/Q - Quiet Mode
/T:<full path> - Specifies temporary working
folder
/C - Extract files only to the folder when used also with
/T
/C:<CMD> - Override Install Command defined by author
To install perform the following:
If you wanted to install as part of a logon script or the like you would use
C:\> wsh /q
Which then asks no questions and gives no confirmations. You could check to see if WSH is installed and only install if not found, e.g.
if not exist %systemroot%\system32\wscript.exe \\<server>\<share>\wsh.exe /q
Where \\<server>\<share> is a share that holds the WSH.EXE image.
Q. Where can I get more information on WSH?
A. There are a number of sites to get information
An excellent electronic book can be purchased online from http://ourworld.compuserve.com/homepages/Guenter_Born/WSHBazaar/WSHBazaar.htm and is first class, I recommend it.
There are three books available that I know of
For more information on ADSI see
Q. How do I create a new user in NT using ADSI?
A. Use the following ADSI script.
On Error Resume Next
strUser="UserID"
Set
oDomain=GetObject("WinNT://YourDomain")
Set oUser=oDomain.Create ("user",
strUser)
If (err.number=0) Then 'If not 0 then user ID already
exists
oUser.SetInfo
oUser.SetPassword
"mypassword"
oUser.SetInfo
End If
To update other elements of information you can use
set
user=GetObject("WinNT://domain/user")
User.FullName=FirstNameVar
User.HomeDirectory=UserHome
User.Profile="\\Server\Share\user"
User.LoginScript=LogonScript
User.Description="Description"
User.setinfo
For more FAQ's see the WSH FAQ at http://wsh.glazier.co.nz/frame.asp?target=faq/wshfaq.asp
Q. How do I run a windows script from the command line?
A. Normally when you run a windows scripting host file such as a visual basic or java script file from Explorer WSCRIPT.EXE is executed and runs the script using the necessary script plug-in.
To run from the command line use CSCRIPT.EXE which has a number of optional parameters as follows:
//B Batch mode: Suppresses script errors and prompts from displaying
//D
Enable Active Debugging
//E:engine Use engine for executing
script
//H:CScript Changes the default scripting host to
CScript.exe
//H:WScript Changes the default scripting host to WScript.exe
(default)
//I Interactive mode (default, opposite of //B)
//Job:xxxx
Execute a WSC job
//Logo Display logo (default)
//Nologo Prevent logo
display: No banner will be shown at execution time
//S Save current command
line options for this user
//T:nn Time out in seconds: Maximum time a script
is permitted to run
//X Execute script in debugger when Active Debugging
enabled
Yes you need to type '/' twice.
Suppose you had the following hello.vbs file:
Wscript.Echo "Hello"
Wscript.Quit 0
You would run with command
C:\> cscipt hello.vbs
which would print Hello to the command window. Typing
C:\> wscript hello.vbs
would bring up Hello in a window.
A. A batch file is just a text file with a .bat or .cmd extension that adheres to a syntax and a set of valid commands/instructions. To run a batch file just enter the name of the file, you don't need to enter the .cmd or .bat extensions. In line with programming tradition the first batch file we write will output "Hello World".
Q. What commands can be used in a batch file?
A. Windows NT 4.0 introduced some extensions to cmd.exe, so to use these make sure HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions is set to 1. The following is a list of the more common commands you will use
| call <batch file> | This is used to call one batch from inside another. The execution of the current batch file is suspended until the called batch file completes |
| exit | Used to stop batch file execution. If a batch file is called from inside another and exit is called both batch files are stopped |
| findstr <string> <filename(s)> | Used to find a string in a file. There are a number of parameters from this and is quite powerful |
| for | Standard for loop for /L %n IN (1,1,10) DO @ECHO %n Would print 1 to 10 |
| goto <label> | Causes the execution of a program to skip to a given
point. The actual label name must be preceded with a colon (:),
e.g. goto label1 ... :label1 ... |
| if <condition> .. | The if statement has a great deal of functionality. Some
of the more common ones are: if /i <string1> <compare> <string2> <command> The /i makes the comparison case insensitive and compare can be one of: EQU equal NEQ not equal LSS less than LEQ less than or equal GTR greater than GEQ greater than or equal if errorlevel if exists <file name> |
| rem <string> | A comment |
| start <window title> <command> | Starts a new command session and runs a given command. Unlike call the execution of the current batch file is not halted and continues |
There are some extra utilities supplied with the NT Resource Kit which can be useful.
Q. How can I perform an action depending on the arrival of a file?
A. This is a common request as users on hosts have files FTP'd from a host and need to action it when it arrives. Below is a simple batch file to do this:
:filecheck
if exist e:\upload\file.txt goto actionfile
sleep
100
goto filecheck
:actionfile
...
This would check for file.txt every 100 seconds. The program sleep.exe is supplied with the resource kit so you would need the resource kit installed.
Q. How can I access files on other machines?
A. You can use the UNC naming conventions, e.g. \\<server name>\<share name>\<dir>\<file>. Alternatively you could map the drive, access the file using a drive letter and then unmap the drive, e.g.
net use g: \\savilltech\filetosee
... g:\dir\file.txt
net use g: /d
Q. How can I send a message from a batch file?
A. Use the NET SEND command, e.g.
net send <machine> "<message>"
Q. The command I enter asks for input, can I automate the response?
A. Most commands have a switch to confirm an action however if a command requires a response when run, for instance a logon may want you to enter a password try the following:
echo <password> | logon savillj
This runs the command "logon savillj" and assuming it then asked for a password, the echo would then echo the password with a return thus entering your password for you.
You can also echo a return using
echo.|command.exe
Q. How can I pass parameters to a batch file?
A. When you call a batch file you may enter data after the command which the batch file refers to as %1, %2 etc, for example the batch file hello.bat
@echo hello %1 boy
Would output
hello john boy
if called as "hello.bat john" (you don't need to enter .bat extension, I just use it here as I used bad file names :-) )
You can actually modify the passed parameter in the following ways
| Parameter | Description |
| %1 | The normal parameter. |
| %~f1 | expands %1 to a fully qualified path name. If you only passed a file name from the current directory it would expand to the drive/directory as well |
| %~d1 | extracts the drive letter from %1. |
| %~p1 | extracts the path from %1 |
| %~n1 | extracts the file name from %1 without the extension |
| %~x1 | extracts the file extension from %1 |
| %~s1 | changes the meaning of n and x options to reference the short name. You would therefore use %~sn1 for the short file name, or %~sx1 for the short extension |
You can combine some of the above as follows
| Parameter | Description |
| %~dp1 | expands %1 to a drive letter and path only. |
| %~sp1 | for short path |
| %~nx1 | expands %1 to a file name and extension only. |
To see all of these in actions put this into a batch file testing.bat
@echo off
echo fully qualified name %~f1
echo drive %~d1
echo
path %~p1
echo file name %~n1
echo file extension %~x1
echo short file
name %~sn1
echo short file extension %~sx1
echo drive and directory
%~dp1
echo file name and extension %~nx1
Run the file with a long file name, for example the batch file run on file c:\temp\longfilename.long would produce output
fully qualified name c:\TEMP\longfilename.long
drive c:
path
\TEMP\
file name longfilename
file extension .long
short file name
LONGFI~1
short file extension .LON
drive and directory c:\TEMP\
file
name and extension longfilename.long
Obviously all the above also work on the second, third parameter etc, and you just substitute 1 for the parameter, e.g. %~f2 for the second parameters fully qualified path name.
Within a batch file %0 holds information about the file when it is run and that the command extensions can also be used with it (e.g. %~dp0 will give the drive and path of the batch file).
Q. How can I stop my batch files outputing the command to screen as it runs it?
A. This is stopped by just placing
@echo off
at the top of your batch file. To stop a single command being output to the screen just put @ in front of the command.
Q. How do I call a batch file from within another batch file?
A. It is possible to just enter the name of the batch file in a batch file which will run the called batch file however once completed it will not pass control back to the calling batch file leaving the rest of the calling batch file unrun. For example suppose we had the batch files
calling.bat
@echo off
echo Calling bat here
called.bat
echo Back to Calling
bat
called.bat
@echo off
echo called bat here
If you then run calling.bat you would not get the line "Back to Calling bat"
displayed as after called.bat terminates it does not return to calling.bat. To
call a batch file and have it return to the calling batch file once completed
use call . For example if calling.bat was modified to have "call
called.bat" instead of "called.bat" the line "Back to Calling bat" would be
displayed as once called.bat was completed control would return to
calling.bat.
Q. .bat files have lost their association.
A. This is easily fixed. Enter the commands:
ftype batfile="%1" %*
assoc .bat=batfile
Q. How do I search files for a string from a batch file/command line?
A. There is the basic find command which allows you to search one file at a time for string, however findstr is far more versatile. The command has the following switches
FINDSTR [/B] [/E] [/L] [/R] [/S] [/I] [/X] [/V] [/N] [/M] [/O] [/F:file] [/C:string] [/G:file] [strings] [[drive:][path]filename[ ...]]
| Parameters | Meaning |
| /b | Match pattern if at the start of a line |
| /e | Match pattern if at the end of a line |
| /l | Search literally |
| /r | Use text as a regular expression (default) |
| /s | Search current directory and all sub-directories |
| /i | Ignore case |
| /x | Selects lines that are an exact match |
| /v | Selects lines that do not match |
| /n | Displays the line number before the matched line |
| /m | Displays only the matching file names |
| /o | Displays the offset of the match before the matched line |
| /g:<file> | Gets the search string from the specified file. /g:argument.txt |
| /c:"<string>" | Use text as a literal. /c:"string" |
| /f:<file> | Gets the file list from the specified file. /f:filelist.txt |
| strings | The search string (in double quotes if multiple words) |
| files | Files to be searched |
Use spaces to separate multiple search strings unless /c is used
findstr "Windows NT FAQ" ntfaq.html - searchs for Windows, NT or FAQ
in ntfaq.html
findstr /c:"Windows NT FAQ" ntfaq.html - searchs for
"Windows NT FAQ" in ntfaq.htm
Q. Environment settings set by a batch file are not working.
A. When you execute a batch file (or any other DOS command without a pif setting) the _DEFAULT.PIF file in the %systemroot% directory is used. If, as in my case, it has the "Close on Exit" setting enabled, this causes the batch process to close. Change this as follows:
Q. How can I perform an operation on every machine on the network that is running?
A. Normally a logon script can be used but if you wish to run a command/copy a file to every current machine now you can use the following.
C:\> net view > list.txt
This outputs a list of all current machines to the file list.txt. We can then parse that file to perform an operation, e.g. to copy files:
C:\> FOR /F " tokens=1 " %i in (list.txt) do copy quaropts.dat "%i\C$\program files\navnt"
If you placed the above into a file you would need to user two %%, e.g.
FOR /F " tokens=1 " %%i in (list.txt) do copy quaropts.dat "%%i\C$\program files\navnt"
Q. How can you send a programs output to a NULL device?
A. If you wish to suppress a programs output you can use the NULL device (as you would use UNIX's /dev/null). For example to make a program output to the NULL device instead of the screen use:
C:\> program.exe > nul
If you wanted to blank a file you can also use NUL
C:\> copy nul file.name
Q. How can I change colour within a batch file?
A. You can use the Windows NT Workstation 4.0 Color command to set the Command Prompt window colors. For example:
C:\> color 06
sets the colour to yellow on black. The first part is background colour, the second the foreground and are:
| 0 | Black |
| 1 | Blue |
| 2 | Green |
| 3 | Aqua |
| 4 | Red |
| 5 | Purple |
| 6 | Yellow |
| 7 | White |
| 8 | Gray |
| 9 | Light Blue |
| A | Light Green |
| B | Light Aqua |
| C | Light Red |
| D | Light Purple |
| E | Light Yellow |
| F | Bright White |
So color 2F would be bright white on Green..
Q. How can I call a subroutine in a batch file?
A. An easy way to do this is to have the batch file call itself
recursively and pass itself a couple of parameters, like so:@echo
off
if (%1)==(Recurse) goto Recurse
goto Begin
:Begin
echo Batch
file begins.
call %0 Recurse test
goto End
:Recurse
echo This is
a recursive call.
echo The parameters received were "%1" and "%2".
goto
Clean-End
:End
echo Finished.
:Clean-End
Be
careful! Recursive batch files can be dangerous, especially if your subroutine
fires off another program.
Other methods:
:Begin
echo start subroutine
call :Subroutine
echo finished
subroutine
goto End
:Subroutine
echo In subroutine
goto :EOF
:End
From Rob Warner and Ian Hamilton (both sent the same idea):
For NT .cmd files, the following is possible
@echo off
call :Begin
echo Finished.
goto :eof
:Begin
echo Batch file begins.
call :recurse Recurse test
goto
:eof
:Recurse
echo This is a recursive call.
echo The parameters
received were "%1" and "%2".
goto :eof
Note the syntax for calling subroutines (with parameters) and the special construct for returning (goto :eof).
Q. How do I enter freehand comments in my batch file without using 'rem'?
A. When NT batch file processing encounters the goto command,
it ignores any lines in the batch file until it finds the appropriate
goto label:@echo off
goto Begin
BATCHFILE.BAT
v1.01 - does what batch files do
written 09/09/1999 by Joe
Programmer
MODIFICATION HISTORY:
v1.00 09/04/1999 jp
initial
version
v1.02 09/09/1999 jp
converted all dates in comments to
four-digit
years for Y2K
compliance
:Begin
<...>
:End
Thanks to Royce Williams for this one.
Another way from Noel Casey:
A further method for freehand comments in batch files is to use a double colon ::
This works in NT4 and W95
Example
@echo off
echo Hello
echo.
:: This is equivalent to rem at the begining of line
rem This is an
equivalent statement to the line above
:: This looks and reads better than
rem
:: Thats all
echo Bye!
A. Samba is a suite of programs which work together to allow clients to access to a server's filespace and printers via the SMB (Server Message Block) protocol. Initially written for Unix, Samba now also runs on Netware, OS/2 and VMS. For more information goto http://samba.anu.edu.au/samba/
Q. Why disk spanning function of PKZIP (command line version) not work under NT?
A. Because NT command processor CMD.EXE uses '&'
character for separating several commands on the same command line and PKZIP
uses the same character for creating multi-disk archives. Solution is to enclose
'&' in quotes like this:
C:>pkzip "-&" -pr <archive.zip>
<files...>.
There is now a Win32 console (line command) PKZip 2.5 with disk span support. Check http://www.pkware.com/
Q. What virus killers are available for NT4.0?
A. Below is a table of virus killers I know about.
| Cheyenne Software InocuLAN | http://www.cheyenne.com/ |
| Data Fellows F-PROT Professional | http://www.datafellows.com/ |
| McAfee Anti-Virus | http://www.mcafee.com/ |
| Norman Virus Control | http://www.norman.no/ |
| Panda Anti-Virus | http://www.pandasoftware.com/ |
| Symantec's Norton Anti-Virus for NT | http://www.norton.com/ |
| Ontrack Computer Systems VirusScan | http://www.ontrack.com/ |
| Dr. Solomon's Anti-Virus Toolkit | http://www.sands.com/prods/toolkit/ |
| SOPHOS | http://www.sophos.com/ |
| Vet | http://www.vet.com.au/ |
Q. Does NT support the LS120 (adrive)?
A. Yes, see the Microsoft HCL at http://www.microsoft.com/hcl/hclmain.asp and search for "Superdisk" in "All product categories"
A. Yes as long as the system has Service Pack 4 installed. Service Pack 3 with the Year 2000 hot fixes applied is also compliant.
For more information see the Microsoft Year 2000 Information Centre at http://www.microsoft.com/y2k . Also see http://www.microsoft.com/technet/year2k/
A. See the table below
| ACL | Access Control List | A list that controls the access to an object |
| API | Application Programming Interface | An API is an interface through which programs interact with each other, normally through DLL calls. |
| BDC | Backup Domain Controller | An NT Server machine that receives a copy of the master user-database from the PDC and can validate logons |
| COLD | Computer Output to Laser Disk | |
| DAP | Directory Access Protocol | Used to access a directory service |
| DHCP | Dynamic Host Configuration Protocol | A service that automatically assigns IP-addresses to clients from a given range (scope) |
| DLC | Data Link Control | International standard protocol IEEE 802.2
Used with mainframe gateways and to control printers with a JetDirect-card |
| DSA | Directory System Agent | The name of a domain controller, e.g. titanic |
| DSA UUID | DSA Universally Unique ID | The 128 bit number used to identify objects stored in the directory. |
| FAT | File Allocation Table | The DOS way of organizing a harddisk
Lots of wasted space on large disks Little file security |
| GUID | Globally Unique IDentifier | A 64-bit number that is statistically unique |
| HPFS | High Performance File System | The OS/2 way of organizing a harddisk |
| ICMP | Internet Contol Message Protocol | Internet Control Message Protocol (ICMP) is a
maintenance protocol specified in RFC 792 and is normally considered to be
part of the IP layer. ICMP messages are encapsulated within IP datagrams,
so they can be routed throughout an internetwork. ICMP is used by Windows
NT to: Build and maintain route tables. Assist in Path Maximum Transfer Unit (PMTU) discovery. Diagnose problems (using the utilities ping and tracert). Adjust flow control to prevent link or router saturation. |
| IPX/SPX | Internetwork Packet Exchange / Sequenced Packet Exchange | Novell NetWare protocol
Based on the Xerox protocol XNS(Xerox Networking Services) |
| LDAP | Lightweight Directory Access Protocol | Protocol used to query a directory service |
| MAC-addresses | Media Access Control layer addresses | 48-bit address that is hardwired into the
netcard
DHCP, among others, use this to identify a machine requesting a certain IP-address within its lease duration |
| NBT | NetBIOS over TCP/IP | NetBIOS built on top of the TCP/IP suite |
| NDIS | Network Driver Interface Specification | Microsoft binding standard (interface between
netcard driver and protocol)
Can load into high memory on DOS systems |
| NetBEUI | NetBIOS Extended User Interface | The actual NetBIOS transport protocol |
| NetBIOS | Network Basic Input/Output System | An API of 18 networking-related commands |
| NIC | Network Interface Card | Such as an ethernet card. Also you have InterNIC, the organization that assigns domain names and IP-addresses to Internet hosts, http://www.internic.net/ |
| NTFS | New Technology File System | The NT way of organizing a harddisk
Efficient storage High level of security |
| ODI | Open Data-link Interface | Novell binding standard (interface between
netcard driver and protocol)
Can not load into high memory on DOS systems |
| PDC | Primary Domain Controller | The NT Server machine that stores the master user-database in a domain |
| RAID | Redundant Array of Inexpensive Drives | A number of disks with data distributed all
over them to allow for faster access
Can also provide data-recoverability NT supports RAID level 0,1 and 5 |
| RIP | Routing Information Protocol | The protocol that takes care of routing on the Internet |
| SID number | Security IDentification number | Every object in an NT domain have a SID number
Reinstalling will not give the same SID number |
| SPS | Standby Power Supply | Device that is installed between the wall
outlet and the computer inlet
The power goes directly into the computer with a branch to the batteries When the power fail, the batteries take over, but with a delay The delay should be 4 ms or better for proper operation |
| TCP/IP | Transmission Control Protocol / Internet Protocol | The protocol used for Inter- and Intranet communications |
| UDP | User Datagram Protocol | A basic alternative to TCP for IP communication
Among other things, UDP is used for communicating with DHCP-servers |
| UPS | Uninterruptible Power Supply | Device that is installed between the wall
outlet and the computer inlet
The power is directed through the batteries, thus stabilizing the variance of the power from the outlet Because of this, the switch delay is 0 ms |
| WINS | Windows Internet Naming Service | A dynamic IP-to-name database |
Q. What are the shortcuts available with the "Win" key?
A. See the table below
| WIN + R | Display the Run dialog |
| WIN + M | Minimize all windows |
| WIN + Shift + M | Undo minimize all windows |
| WIN + F1 | Help |
| WIN + E | Explorer |
| WIN + F | Find Files |
| Ctrl +WIN + F | Find Computer |
| WIN + TAB | Cycle through minimized taskbar icons |
| WIN + BREAK | Systems Properties |
Q. How can I open a file with an application, other than the one it is associated with?
A. Usually you can right click on the file, and select open. If you hold down shift and right click on the file you will have "open with."
Q. How do I change the icon associated with a short cut?
A. Follow the steps below:
Q. Is it possible to map a drive letter to a directory?
A. You can use the SUBST command to map a
pseudo drive letter to drive/directory
subst r:
d:\winnt\system32
would map the letter r to the directory
winnt\system32 on the d: drive.
Q. What keyboard shortcuts are available?
A. See the table below
| F1 | Help |
| F2 | Rename |
| F3 | Find |
| F4 | Display combo box in Explorer |
| F5 | Refresh |
| F6 | Switch panes in Explorer |
| F10 | Menu Mode |
| ALT + ENTER | Properties |
| CTRL + Drag a file | Copy |
| CTRL + G | Goto |
| CTRL + Z | Undo |
| CTRL + A | Select All |
| CTRL + ESC | Start Menu |
| CTRL + SHIFT + ESC | Task Manager |
Q. How do I schedule commands?
A. Windows NT has a built in scheduler service which enables applications to be started at specified times. To schedule events the schedule service must be started:
The scheduler service only needs to be started on the target
machine, not the issuing machine. If the scheduler service is not started on the
target machine the error
The service has not been
started
will be displayed.
To schedule a command you use the AT utility. AT is used with the following syntax:
at [<computername>] <time> [/interactive]
[/every:date/day..] [/next:date/day..] <command>
e.g.
at \\savmain 22:00 /interactive /every:M,T,W,Th,F sol.exe
The example would start the solitaire game on the SAVMAIN machine at 10:00 p.m. every weekday. The /interactive means the application can interact with the desktop, i.e. the currently logged on user. If /interactive is omitted and the application requires user interaction it will just start and finish instantly.
When a command is submitted it will be given an ID. To delete a scheduled command use:
at [<computername>] <id> /delete /yes
e.g.
at \\savmain 3 /delete /yes - The /yes skips confirmation
of the delete
The above may seem quite a lot to take in if all you want to do is a backup (see Q. How do I schedule a backup? for an example of using AT with a backup), so a utility called WINAT is shipped with the NT Resource Kit that puts a graphical interface to the AT command which you may find easier, however the functionality is the same. The advantage with WINAT is that it automatically starts the Schedule service on the target machine.
Q. What are the long path names in the boot.ini file?
A. The pathnames in the boot.ini file are the ARC (Advanced RISC Computing) pathnames, and are used to locate the NT boot partition. There are two main types of ARC names depending on if the disks are IDE or SCSI. For IDE they will follow the convention below:
multi(x)disk(x)rdisk(x)partition(x)\%systemroot%
Both the multi and disk are not really used for IDE and should always be 0. The rdisk is the physical drive and will be 0 or 1 on the first IDE controller, or 2 and 3 on the second IDE controller. Partition() is the partition number on the disk and starts from 1.
The scheme is slightly different for SCSI:
scsi(x)disk(x)rdisk(x)partition(x)\%systemroot%
Scsi() is the controller number of the SCSI identified in the Ntbootdd.sys. Disk() is the SCSI ID of the physical disk. RDISK() is the SCSI logical unit number (LUN), which will nearly always be 0. Partition is the same is with IDE and is the partition number starting with 1.
The multi() designation means that the drive can respond to INT 13 calls, and most SCSI drives can so you may use multi() with a SCSI drive also.
In a pure IDE system, the MULTI() syntax will work for up to the four drives maximum on the primary and secondary channels of a dual-channel controller.
In a pure SCSI system, the MULTI() syntax will work for the first two drives on the first SCSI controller (that is, the controller whose BIOS loads first).
In a mixed SCSI and IDE system, the MULTI() syntax will work only for the IDE drives on the first controller.
Q. How can I execute a batch file using WINAT with Administrator Permissions?
A. From the Services Control Panel Applet (Start - Settings - Control Panel) double click Scheduler. Change the account/password to that of a user in the Administrative group. It may be wise to create a new account just for this use which would require the following attributes:
After changing the Scheduler information you will need to stop and start the service.
Q. I have 95 and NT installed, how can I configure the applications to run on both?
A. While it is possible to add the windows95 system directory to the NT path (which would mean you would find any .dll's etc. associated with applications), many applications write a large amount of information to the registry which would be missing. The best approach, and one I have tested, is to just install the application twice to the same directory, once when you are booted into NT, and once when you are booted into 95. This has the effect of only having one set of exe's, but duplicates both .dll's and registry settings to both machines. Obviously the applications cannot be on an NTFS or FAT32 partition.
Q. How can I stop and start services from the command line?
A. This can be accomplished using the
net stop
<service name>
net start <service name>
A full list
of the exact services is found in the registry (run regedit.exe) under the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services key.
Alternatively, you can perform the stop and start using the name that is
showed in the Services Control Panel applet by putting the name in quotes,
i.e.
net stop "<service>"
net start
"<service>"
A. To delete a service that has not been automatically removed by a software uninstall you need to edit the registry:
There is also a utility that is supplied with the NT resource kit called INSTSRV.EXE that can be used to install and remove services
instsrv <service name> remove
Alternatively, also with the resource kit is a utility SRVINSTW.EXE that again installs and removes services, but with a GUI wizard format allowing you to select the service either locally or remotely.
A. USER.DMP is created by Dr. Watson when a program crashes, and is there to help you fix the problem. It can be examined using \support\debug\i386\dumpexam.exe or using windbg -z user.dmp. You can delete this file without any worries. The syntax for dumpexam.exe is
dumpexam -y <symbol file location> <dumpfile name and
location>, e.g.
dumpexan -y d:\winnt\symbols
d:\winnt\memory.dmp
The output from dumpexam will be placed at %SystemRoot%\MEMORY.TXT.
To stop this file being created execute DRWTSN32.EXE and unselect the option "Create Crash Dump File".
Q. How in Notepad can I save a file without the .txt extension?
A. When you save the file, just put the file name in double quotes, e.g. "johns.bat" will save the file as johns.bat with no .txt extension.
Q. How can I move shares and their contents from one machine to another?
A. Moving the actual files and directories is simple, however share information is not contained in the directories, but rather is contained in the registry (under LanmanServer), it is therefore necessary to copy this registry information from the machine currently containing the shares, to the machine that will host the shares:
Q. How do I create a shortcut on the desktop to a directory/disk?
A. The procedure below works for and file/directory/disk (even the a: drive).
Q. How can I create a spare set of Windows95 disks?
A. Microsoft distributed Windows 95 using a new method, storing 1.68 MB of data on a normal disk, this makes copying impossible using normal methods, however there is a piece of software called CopyQM which can be downloaded from http://www.sydex.com/ which performs an image copy and using the command below can duplicate a windows 95 installation disk
copyqm a: bios blind silent tracks=80 sides=2 convert=1.68m
You will be prompted to insert the master disk and it will then read in the information and ask you to insert the target disk.
Q. What FAX software is available for Windows NT?
A. There is an excellent site at http://www.ntfax-faq.com/ which has a full list of FAX servers for Windows NT.
Q. How can I delete files that are over x days old?
A. There is a utility called DELOLD which is used in the form of
delold <location>\*.* n
where n is the number of days old the files need to be for them to be deleted. This utility can be downloaded from ACI Software (http://www.michna.com/software.htm)
Q. How can I speed up the performance of my OS/2 applications?
A. Many applications written for OS/2 will run faster under a Virtual DOS Machine (VDM), this is because NT allocates more resources to a VDM than to the OS/2 subsystem. You should therefore disable the OS/2 subsystem as follows:
Q. How can I install a font from the command line/batch file?
A. When you install a font all it does is copy the .ttf file to the %systemroot%\fonts and add an entry in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts. This can be automated with a batch file as follows
Rem fontinst.bat
copy akbar.ttf %systemroot%\fonts
regedit /s
font.reg
The font.reg would contain the following:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Fonts]
"Akbar Plain (TrueType)"="akbar.ttf"
In this example it copies akbar.ttf which is called "Akbar Plain (TrueType)" (yes its the Simpsons font ;-) ). The reg scipt actually creates a value called "Akbar Plain (TrueType)" under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts with its contents "akbar.ttf". The new font would be visable once the machine has been rebooted.
If you have some older 16bit applications you may want to add the font to win.ini as well in the [fonts] section. This could be accomplished using a .inf file, e.g.
[UpdateInis]
"E:\WINNT\WIN.INI","Fonts",,"Akbar Plain
(TrueType)=akbar.ttf"
Q. Information about Time Zones and daylight saving.
A. The following is some useful notes.
User crosses various timezones; uses Control Panel to change the timezone upon arrival.
Windows 95 - System will alter the offset from UTC. System clock is
unchanged. Displayed time will NOT be changed.
Windows NT - System will alter
the offset from UTC. System clock is unchanged. Displayed date/time WILL change.
Daylight Saving and the "Automatically Adjust for Daylight Saving Time" checkbox
A user arrives the morning of a Daylight Savings Period transition.
If the
"Automatically Adjust For Daylight Saving Time" checkbox HAS been enabled
Windows 95 - System will alter the offset from UTC. System clock will be
changed. Displayed clock time will change.
Windows NT - System will alter the
offset from UTC. System clock is unchanged. Displayed clock time will
change.
If the "Automatically Adjust for Daylight Saving Time" checkbox has NOT been enabled
Windows 95 - System WILL alter the offset from UTC. System clock is
unchanged. Displayed clock time will NOT be changed.
Windows NT - System will
NOT alter the offset from UTC. System clock is unchanged. Displayed clock time
will NOT be changed. If an NT user now manually alters the system clock to show
the 'true' time, the UTC time is incorrect and any 'export' of time-data from
this system will be incorrect.
At some time/day within a Daylight Savings Period, if the user alters the "Automatically Adjust For Daylight Saving Time"
Windows 95 - System will NOT alter the UTC offset. System clock is unchanged.
Displayed clock time will NOT be changed.
Windows NT - System WILL alter the
UTC offset. System clock is unchanged. Displayed clock time WILL be changed.
Q. What are the ErrorControl, Start and Type values under the Services subkeys?
A. Each of the main 3 values and their contents are described below.
ErrorControl
This is used if the service fails to startup upon boot.
| Value | Meaning |
| 0x00 | If this driver can't be loaded or started ignore the problem and display no error |
| 0x01 | If the driver fails produce a warning but let bootup continue |
| 0x02 | Panic. If the current config is last known good continue, if not switch to last known good |
| 0x03 | Record the current startup as a failure. If this is last known good run diagnostic, if not switch to last known good and reboot |
Start
This defines when in the boot sequence the service should be started. You can also set these by using the Services control panel applet.
| Value | Start Type | Meaning |
| 0x00 | Boot | The kernel loaded will load this driver first as its needed to use the boot volume device |
| 0x01 | System | This is loaded by the I/O subsystem |
| 0x02 | Autoload | The service is always loaded and run |
| 0x03 | Manual | This service does not start automatically and must be manually started by the user |
| 0x04 | Disabled | The service is disabled and should not be started |
Type
This defines the kind of service or driver. They are loaded in the following order down the list.
| Value | Meaning |
| 0x01 | Kernel-mode device driver |
| 0x02 | Kernel-mode device driver that implements the file system |
| 0x04 | Information used by the Network Adapter |
| 0x10 | A Win32 service that should be run as a stand-alone process |
| 0x20 | A Win32 service that can share address space with other services of the same type |
Q. How do I type the Euro (€) symbol?
A. If in the above question you see the Euro symbol you have either Service Pack 4 installed, the Euro hotix for Service Pack 3 or Windows 2000, if you see something else you need to install either of the aforementioned fixes or you are not using Internet Explorer. Netscape does not seem to understand the Euro symbol. Also the fix also applies to True Type fonts and not Postscript.
Once installed to type the Euro symbol just press <Ctrl + Alt + 4> at the same time.
The keys used may be different in other European countries, e.g. its <Ctrl + Alt + 5> on a Swedish keyboard (so I'm informed) or <Alt Gr + E>
For NT4 Terminal Server edition, with only service pack 3 installed one could download from Microsoft a patch name EUROFIXI.exe, This patch is included in service pack 4 for the Terminal Server Edition.
Under the Terminal Server / Citrix Environment one could use also ALT 0128 for the € sign (US keyboard layout & settings)
More information can be found at :
Q. What is the Melissa/Papa virus?
A. On Friday, 26th March 1999 a new virus called Melissa was discovered and has all ready caused major problems for many top companies including Microsoft and Intel.
The new virus is a Word macro virus which is spread via e-mail and attacks users of Microsoft Word 97 and Microsoft Word 2000.
If you receive an e-mail with the subject line "Important message from ... ," it may indicate you have been sent the virus. If that message comes with a Word document attached called "list.doc," (but it's not always called that) you've likely been sent the Word/Melissa macro virus. If you open the document, it will send copies of itself to 50 e-mail addresses it gleans from your personal e-mail. The most common method of infection seems to be via Outlook.
The body of the message begins "Here is that document you asked for ... don't show anyone else ;-)" with a document of pornographic Web sites named "list.doc". Once the .doc file is opened with either Word 97 or Word 2000, the virus is immediately executed if macros are enabled. It modifies the Word setting by infecting the warning template and the current open file.
In addition, if the minute of the hour matches the date (for example, 3:31 p.m. on 31st March), Melissa will insert a Bart Simpson quote into the current document:
"Twenty-two points, plus triple-word score, plus fifty points for using all my letters. Game's over. I'm outta here"
A new strain of the Melissa virus has already been reported (30/03/1999) which defeats the current Melissa anti-virus measures and the subject line is now blank and this variant is known as W97M_MELISSA.A. Check your anti-virus vendors website for an updated fix.
The source for Melissa can be seen here.
A second virus has been reported called Papa which behaves in the same way but sends mail to the first 60 names in your Outlook address book and affects Excel instead of Word.
This time the subject line claims the message is from "all.net and Fred Cohen." The body of the e-mail, which contains an attached document titled "path.xls," then instructs the user not to disable the macros, which is how the virus is activated.
Current technology does not allow a virus to be activated by just opening a mail message, you have to open an attachment so warnings about virus's by opening a mail message are hoax's and there have been a large number of these circulating recently.
This could change in the near future with the integration of mail with HTML and ActiveX components.You just need one Trojan enhancement (most are client side ActiveX DLLs) and then even opening an HTML e-mail could be dangerous.
In order to prevent Macro virus's attacking office make sure make sure macro virus protection is turned on:
In Word 97 and Excel 97
In Word 2000 and Excel 2000
Q. How can I show the context menu without the right mouse button?
A. Pressing Shift-F10 will bring up the context menu for any selected item. Just pressing F10 shifts the cursor focus to the first menu item (normally File).
Q. How can I check if a Virus warning is real or a hoax?
A. More and more warnings are being sent to people from ill-informed people trying to help regarding viruses which don't actually exist. The originators of these messages just try to see how many people it can be distributed to and cause panic.
Some of the best known hoaxes include:
A number of sources exist that list these hoaxes so if you receive a message always check before forwarding to others (as you just make it worse). If you find it is a hoax message reply to the sender informing them of the fact to avoid future distribution.
Q. What DO those smileys mean :-)?
A. In newsgroups and other online media you will often see smileys which are used to portray various moods of the author. Below are the meanings of them:
| :-|| | Angry |
| :-) | Basic happy |
| :-( | Basic sad |
| (:-) | Bald |
| :-)> | Bearded |
| %+( | Beaten up |
| R^) | Broken glasses |
| :^) | Broken nose |
| |:-) | Bushy eyebrows |
| X-) | Cross-eyed |
| :-e | Disappointed |
| :-)' | Drooling |
| {:V | Duck |
| >:-) | Evil grin |
| :'''-( | Floods of tears |
| 8) | Frog |
| 8:) | Gorilla |
| :-') | Gas a cold |
| :-| | Hmmmph! |
| :-C | Jaw hitting the floor |
| .-) | Keeping an eye out |
| :-# | Kiss |
| :+) | Large nose |
| :-D | Laughing out loud |
| :-} | Leering |
| (-: | Left-handed |
| :-9 | Licking lips |
| :- | | Monkey |
| (-) | Needs haircut |
| :8) | Pig |
| =:-) | Punk |
| O:-) | Saint |
| :-@ | Screaming |
| :-O | Shocked |
| :-V | Shouting |
| |-) | Sleeping |
| :-p | Tongue-in-cheek |
| :-&t | Tongue-tied |
| :-/ | Undecided |
| :-[ | Vampire |
| :-)) | Very happy |
| :-(( | Very sad |
| :-(#) | Wears teeth braces |
| ;-) | Winking |
| |-O | Yawning |
Q. What DO those acronyms mean in mail messages <NIFOC> <HHOJ>?
A. In newsgroups and other online media you will often see acronyms which can be puzzling, lets remove the mystery:
| AFAIK | As Far As I Know | NRN | No Reply Necessary |
| BRB | Be Right Back | OBTW | Oh, By The Way |
| BTDT | Been There Done That | OMG | Oh My God |
| BTW | By The Way | OTOH | On The Other Hand |
| GAL | Get A Life | OTT | Over The Top |
| HHOJ | Ha Ha, Only Joking | PITA | Pain In The Arse |
| MOTOS | Member Of The Opposite Sex | POD | Piece Of Data |
| IMHO | In My Humble Opinion | ROFL | Rolls On Floor Laughing |
| IWBNI | It Would Be Nice If | RTFM | Read The Flipping Manual |
| JAM | Just A Minute | RUOK | Are You OK |
| NIFOC | Nude In Front Of Computer | TIA | Thanks In Advance |
| STFW | Search The Flipping Web |
Q. How do you edit the list of local and toll numbers for a dialing location?
A. If you have Microsoft Personal Fax for Windows you can edit local numbers for a dialing location using the "Dialing" tab of the "Fax" control panel applet.
Q. What is ExploreZip.worm and what should I do?
A. A new virus was discovered on 10/06/1999 with the following text in
as the body:
"I received your email and I shall send you a reply
ASAP.
Till then, take a look at the attached zipped docs."
The subject
line is not constant as the message is a reply. The worm (named
"zipped_files.exe") is attached, with a file size of 210,432 bytes. The file has
a Winzip icon which is designed to fool unsuspecting users to run it as a
self-extracting file. User who run this attachment will be presented with a fake
error message that says
"Cannot open file: it does not appear to be a
valid archive. If this file is part of a ZIP format backup set, insert the last
disk of the backup set and try again. Please press F1 for help."
The
virus then searches for the following files and replaces them with 0 block
files:
.c
.cpp
.h
.asm
.doc
.xls
.ppt
Check you anti-virus software sites for a fix, http://www.nai.com/ has one. To manually repair:
Remove the line run=C:\WINDOWS\SYSTEM\Explore.exe from the WIN.INI file
Edit the registry (using regedit.exe or regedt32.exe) and check the value HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\run does not call explore.exe. If it does clear the value.
Delete the file "C:\WINDOWS\SYSTEM\EXPLORE.EXE". You may need to
reboot first,
if the file is currently in use (or stop the process using
task manager).
I've had first hand experience and it is VERY nasty. There are two variants are named TROJ_EXPLORE.ZIP and I-Worm.ZippedFiles.
Q. How can I move a dialog/window using just the keyboard?
A. Sometimes due to a video or other problem its useful to be able to move a dialog using the keyboard as the outside's may be off of the screen.
To move a dialog using just the keyboard:
Q. How can I extract files from a CAB file?
A. The new method of packaging files is to store them in a CAB file, what is a non-proprietary format based on Lempel-Ziv compression. Both DriveSpace and DoubleSpace also used Lempel Ziv based compression algorithms.
A common way of extracting files is to use a tool such as WinZIP which supports extraction of CAB files but new to the Windows NT Resource Kit is Extract.exe (as of supplement 4) which can also extract files from a CAB file.
Q. Where is USRMGR.EXE in NT Workstation?
A. Windows NT Workstation does have a User Manager tool use for managing local machine users and groups however its not the same tool that is used on domain controllers.
The User Manager that workstations use is called MUSRMGR.EXE however you could copy over USRMGR.EXE from a domain controller to enable domain user/group management from a workstation.
Q. What are the Event Viewer login codes?
A. In the Event Log you sometimes see Login codes for certain events and their meaning is explained below:
LogonTypes:
0 and 1 are not valid.
2 = Interactive
3 = Network
4
= Batch
5 = Service
6 = Proxy