English Windows FAQs 2003

Raccolta di tutti gli e-mail ricevuti nel 2003 da http://email.winnetmag.com/winnetmag/winnetmag_prefctr.asp

Valid HTML 4.01!



What domain group types are available in Windows 2000 and later?
Three types of groups are available in Win2K and later domains:

  • global--This group type can contain user and computer accounts from the group's domain. If you set the domain level to Win2K native or later, global groups can contain other global groups from the local  domain.

  • domain local--This group type exists only on domain controllers (DCs) and is used to assign permissions to a DC's resources (for member servers, you'd use the standard local group type). Domain local groups can contain users and global groups from any domain in the forest. If you set the domain level to Win2K native or later, domain local groups can contain other domain local groups and universal  groups.

  • universal--This group type is available only in Win2K native mode and later and belongs to the forest rather than to a specific domain. As a result, universal groups can contain users and global groups from any domain and other universal groups. You can give universal groups access to any resource in any domain.

Take care when using universal groups because Active Directory (AD) stores them in the Global Catalog (GC). Any change that you make to a universal group requires replicating the entire contents of the group to all GCs in the forest (in Windows Server 2003 forest mode, only the changes replicate to the GCs, which requires less replication traffic). Therefore, the best policy is to place global groups only in a universal group to minimize any changes to the universal group membership.
Top

What's the best way of assigning permissions to users and groups in Windows 2000 and later?
In general, the best way to assign permissions is by performing the following steps:

  1. Assign user accounts to global groups within the user's domain.

  2. Place global groups from any domain into universal groups.

  3. Place universal groups into domain local groups on the domain controllers (DCs), and place local groups on member servers and workstations.

  4. Assign permissions to the domain local groups or local groups as necessary to access the network resources.

One advantage of establishing this hierarchy is that universal group memberships are unlikely to change because they contain only global groups. A good way to remember this hierarchy is to use the following mnemonic device:
All Good Users Do Love Permissions
All -- Accounts are placed in global groups.
Good -- Global groups are placed in universal groups.
Users -- Universal groups are placed in domain local groups.
Do Love Permissions -- Domain Local groups are assigned Permissions.
Top

How can I change the default container in which Active Directory (AD) creates new users in Windows Server 2003?
By default, when you add a new user, AD adds that user to the Users container. For example, typing
net user paul Pa55word! /add /domain
creates a new user account called Paul in the Users container. If you set the domain level to Windows 2003, you can use the Redirusr command to change the default container. The command syntax is
redirusr <distinguished name (DN) of the new default container>
Top

How can I change the default container in which Active Directory (AD) creates new computers in Windows Server 2003?
By default, when you add a new computer, AD adds that computer to the Computers container. For example, typing
net computer \\testmachine /add
creates a new computer account called testmachine in the Computers container. If you set the domain level to Windows 2003, you can use the Redirusr command to change the default container. The command syntax is
redirusr <distinguished name (DN) of new default container>
Top

How can I view the contents of the DNS resolution cache in Windows 2000 and later?
If you've configured the DNS server to forward requests for other zone resolutions, the server will cache the requests it finds so that it can speed other requests for the same DNS lookup. To view the contents of the DNS cache, perform the following steps:

  1. Start the Microsoft Management Console (MMC) DNS snap-in (go to Start, Programs, Administrative Tools, and click DNS).

  2. From the View menu, select Advanced.

  3. Select the Cached Lookups tree node from the left-hand pane to display the top-level domains (e.g., com, net) under ".(root)". Expand any of these domains to view the cached DNS information (the actual records will appear in the right-hand pane).

The figure at http://www.winnetmag.com/article/articleid/41228/41228.html shows several second-level domains under com, including Microsoft, that show three alias records (e.g., www.microsoft.com actually points to www.microsoft.akadns.net).
Top

How can I clear the contents of the DNS resolution cache in Windows 2000 and later?
To clear the DNS cache, perform the following steps:

  1. Start the Microsoft Management Console (MMC) DNS snap-in (go to Start, Programs, Administrative Tools, and click DNS).

  2. From the View menu, select Advanced.

  3. Select and right-click the Cached Lookups tree node from the left-hand pane.

  4. Select Clear Cache from the context menu.

You can also use the Dnscmd command in Windows Server 2003 to clear the cache. From the command prompt, type
dnscmd /clearcache
Top

Why do I receive 601 errors related to the SMS_SQL_MONITOR process in Microsoft Systems Management Server (SMS) 2.0?
SMS uses several component processes. One such process, SMS_SQL_MONITOR, monitors the SMS 2.0 site database on a Microsoft SQL Server computer for changes and notifies affected components when a change occurs. When a change to the database occurs, SMS_SQL_MONITOR writes a file to the related SMS Inbox or notifies the component by named pipe. SMS_SQL_MONITOR also performs periodic database maintenance.
After you install and configure SMS in some installations, the SMS_SQL_MONITOR process can end up in an error state that can result in the system displaying many 601 error messages. To work around this error state, you should manually run the SQL command described in the error message by performing the following steps:

  1. Start the SQL Query Analyzer (go to Start, Programs, Microsoft SQL Server, and click Query Analyzer).

  2. Select the database server that SMS is using, enter any needed logon credentials, then click OK.

  3. In the query window, type
    exec sp_addextendedproc 'xp_SMS_notification','smsxp.dll'
    to resolve the SMS_SQL_MONITOR error.

After you resolve the error, you'll want to ensure that the account that SMS uses for database connectivity has execute (exec) permissions for the extended procedure that you just created by performing the following steps:

  1. Start the SQL Server Enterprise Manager (go to Start, Programs, Microsoft SQL Server, and click Enterprise Manager).

  2. Select the Extended Stored Procedures for the master database (from within Enterprise Manager, go to Microsoft SQL Server, SQL Server Group; select the name of the database server; select Databases, "master", Extended Stored Procedures).

  3. Scroll down to xp_SMS_notification, then right-click its entry and select Properties from the context menu.

  4. Click Permissions, ensure that the account that SMS uses for database connectivity has the exec permission, then click OK.

Top

How can I use Group Policy to disable the Windows Server 2003 Shutdown Event Tracker?
Like Windows 2000, Windows 2003 has an event tracker that prompts you to enter a reason for shutting down a server. To disable this feature, perform the following steps:

  1. Open the Microsoft Management Console (MMC) Group Policy Editor (GPE) snap-in or use Windows 2003 Group Policy Management Console (GPMC) to load the Group Policy Object (GPO) that you want to modify (e.g., the Default Domain Controllers policy).

  2. Navigate to Computer Configuration, Administrative Templates, System.

  3. Double-click Display Shutdown Event Tracker.

  4. Select Disabled, then click OK.

  5. Use the Gpupdate command to force the policy to refresh.

After the policy refreshes, the server will no longer prompt you for event tracker details at shutdown.
Top

What's the difference between an Active Directory (AD) authoritative and nonauthoritative restoration?
Although you might have several domain controllers (DCs) providing fault tolerance for your domain, you still need to perform regular backups. Windows backs up AD as part of the system state and restores the directory by booting a DC into the Directory Services (DSs) restore mode.
The default DSs restore mode is a nonauthoritative restoration. In this mode, Windows restores a DC's directory from the backup. Then, the DC receives from its replication partners new information that's been processed since the backup. For example, let's say we restore a DC by using a 2-day-old backup. After the DC starts, its replication partners send it all updates that have occurred in the past 2 days. This type of restore is typically used if a DC fails for hardware or software reasons.
An authoritative restoration restores the DC's directory to the state it was in when the backup was made, then overwrites all other DCs to match the restored DC, thereby removing any changes made since the backup. You don't have to perform an authoritative restoration of the entire directory--you can choose to make only certain objects authoritative. When you restore only parts of the directory, Windows updates the rest of the restored database by using information from the other DCs to bring the directory up-to-date, then replicates the objects that you mark as authoritative to the other DCs. This type of restore is most useful if you deleted, for example, an organizational unit (OU). In this case, you could restore an AD backup to a DC, mark the OU as authoritative, then start the DCs as usual. Because you marked the OU as authoritative, Windows will ignore the fact that the OU was previously deleted, replicate the OU to the other DCs, and apply all other changes made since the backup to the restored DC from its replication partners.
Top

How can I perform an authoritative restoration of Active Directory (AD) in Windows Server 2003?
To perform an authoritative restoration, you must first recover AD from a backup by performing the following steps:

  1. Restart the domain controller (DC) of interest.

  2. When you see the menu to select the OS, press F8.

  3. From the Windows Advanced Options menu, select Directory Services Restore Mode, then press Enter.

  4. Select the Windows 2003 OS, then press Enter.

  5. Use the restore mode password and log on as the administrator.

  6. Click OK to the confirmation that Windows is running in Safe mode.

  7. Start the Windows Backup application (go to Start, Programs, Accessories, System Tools, and click Backup).

  8. Select the Restore option, then select the media in which the backup is stored and ensure that the System State is selected.

  9. Click OK to close any warning dialog boxes.

  10. After the AD recovery is finished, click Close in the displayed dialog box and click Yes to restart the computer.

When the machine restarts, you need to specify which parts of the restoration will be authoritative by performing the following steps:

  1. When you see the menu to select the OS, press F8.

  2. From the Windows Advanced Options Menu, select Directory Services Restore Mode, then press Enter.

  3. Select the Windows 2003 OS, then press Enter.

  4. Use the restore mode password to log on as the administrator.

  5. Click OK to the confirmation that Windows is running in Safe mode.

  6. Open a command prompt--go to Start, Run, and type
    cmd

  7. Start the Ntdsutil utility.

  8. To access the authoritative restore mode, type
    ntdsutil: authoritative restore

  9. If you want to mark the entire database as authoritative, type
    authoritative restore: restore database
    If you want to mark only a certain object as authoritative (e.g., an organizational unit--OU), type
    authoritative restore: restore subtree <distinguished name--DN--of subtree, e.g. OU=sales,DC=savilltech,DC=com>

  10. To exit Ntdsutil, type
    quit

  11. Restart the DC as usual.

If you perform an authoritative restoration of a backup that's more than 14 days old, some trust relationships might be broken because the passwords that the trust used would have been changed twice (the directory stores both the current and previous password, which change every 7 days). So, for example, when restoring Windows NT LAN Manager (NTLM) trusts, you would have to break the trust, then recreate it. Top

How can I rename a Windows Server 2003 domain controller (DC)?
If the DC's domain level is set to Windows Server 2003, you can use the Netdom tool to rename the DC. Microsoft supplies Netdom as part of the Windows Support Tools, which are available from the Windows 2003 installation CD-ROM. To rename the DC by using Netdom, perform the following steps:

  1. Start a command-prompt session.

  2. Add the new name to the current server (it will now have two names) by typing
    netdom computername <current full computer name/IP address> /add:<new full name>
    For example, when I typed
    netdom computername gotham.savilltech.com /add:omega.savilltech.com
    my computer displayed the following message:
    Successfully added omega.savilltech.com as an alternate name for the computer.
    The command completed successfully.

  3. If multiple DNS servers are used, you must wait until the new name replicates to all authoritative DCs. After the new name has replicated, continue to the next step.

  4. Make the new name the primary name for the machine by typing
    netdom computername <current full computer name/IP address> /makeprimary:<new full name>
    For example, when I typed
    netdom computername gotham.savilltech.com /makeprimary:omega.savilltech.com
    my computer displayed the following message:
    Successfully made omega.savilltech.com the primary name for the computer. The computer must be rebooted for this name change to take effect. Until then this computer may not be able to authenticate users and other computers, and may not be authenticated by other computers in the forest. The specified new name was removed from the list of alternate computer names. The primary computer name will be set to the specified new name after the reboot.
    The command completed successfully.

  5. Reboot the computer.

  6. After you reboot the machine, wait until all the domain locator records replicate to all authoritative DNS servers. After the replication is finished, check to ensure that the rename worked successfully by checking the name on the Computer Name tab of the Control Panel System applet. You can also view all computer names by typing
    netdom computername <new full name> /enumerate
    For example, when I typed
    netdom computername omega.savilltech.com /enum
    my computer displayed the following:
    All of the names for the computer are: omega.savilltech.com
    gotham.savilltech.com
    The command completed successfully.

  7. You can now remove the old name by typing
    netdom computername <new full name> /remove:<old full name>
    For example, when I typed
    netdom computername omega.savilltech.com /remove:gotham.savilltech.com
    my computer displayed the following:
    Successfully removed gotham.savilltech.com as an alternate name for the computer.
    The command completed successfully.
    You can enumerate the names again to show the old name has been removed.

Top

How can I install NetBEUI in Windows Server 2003?
Microsoft doesn't ship Windows 2003 with NetBEUI and doesn't support the protocol in the OS. However, if you require NetBEUI, you can install the version supplied on the Windows XP installation CD-ROM in the \valueadd\msft\net\netbeui subfolder. Copy the nbf.sys file into the \%systemroot%\system32\drivers directory, copy netnbf.inf into the \%systemroot%\inf\ directory, then open the network connection properties and click Install to add NetBEUI.
Top

How can I keep certain subfolders in a directory but remove all other subfolders?
I maintain my own documents area, and I point My Documents to this location. Many software applications automatically create their own folders in this area that I don't want to maintain. The best method I've found for deleting all folders except for the ones that I've created is to create and run the following script:
@echo off
REM -- Delete everything from a folder except those subfolders listed.
D:
cd \Documents
dir /ad /b > %temp%\folders.list
REM -- Remove from the file those folders that you want to keep.
findstr /x /v "Books" %temp%\folders.list > %temp%\folders1.list
findstr /x /v "Fitness" %temp%\folders1.list > %temp%\folders.list
findstr /x /v "Personal" %temp%\folders.list > %temp%\folders1.list
findstr /x /v "SavillTech" %temp%\folders1.list > %temp%\folders.list
findstr /x /v "Seminars" %temp%\folders.list > %temp%\folders1.list
findstr /x /v "Technical" %temp%\folders1.list > %temp%\folders.list
REM -- Delete all remaining subfolders.
For /f "delims=" %%i in (%temp%\folders.list) do rmdir /s /q "%%i"
 The script outputs the names of all subfolders to a file. Next, it uses Findstr to output all lines in that first file that don't match the passed text to a second file that the script uses as input on the next line. Notice that the filenames alternate between folders.list and folders1.list. The reason the filenames alternate is because if you try to use Findstr from within a file to search the file for a certain string and output the names of the subfolders to the same file, you get a blank file. Finally, the script uses the second file as input to a For loop that removes each subdirectory left in the first file.
Be aware that in my example, the final file that the script creates is folders.list. However, if you want to keep an odd number of folders, your final file would be folders1.list, which you would then use instead of folders.list as the input to the For loop. Failure to specify the correct output file will remove subfolders that you didn't intend to remove.
Top

Does Windows support Serial ATA (SATA) drives?
SATA is a new hard disk standard that does away with the standard 40-pin IDE cable in favor of a new thin 7-pin cable. SATA uses only one cable per device to connect the drive to the controller, which eliminates the master drive and slave drive concept. The power connector is also different, although some SATA drives also provide an old-style power connector.
Out of the box, no current Windows version, including Windows Server 2003, supports SATA drives. However, just as you can add a SCSI controller to Windows, you just need to add the correct SATA driver that ships with the motherboard or SATA host adapter. After you've installed the driver, Windows will be able to see the SATA controller and any attached devices. For more information about SATA, visit the SATA Working Group Web site at http://www.serialata.org
Top

What actions occur when I click Repair on a network connection in Windows XP and later?
If you right-click a network connection and select Status, Windows displays information about the connection's speed, duration of connection, and packet activity. For XP and later, a Repair option appears on the Support tab. When you click Repair, Windows attempts to resolve a range of problems. Specifically, the OS

  • attempts to renew the DHCP lease, if the connection obtains its IP address through DHCP, by using a broadcast message

  • flushes the Address Resolution Protocol (ARP) cache by using the command
    arp -d *

  • flushes the NetBIOS cache by using the command
    nbtstat -R

  • flushes the DNS cache by using the command
    ipconfig /flushdns

  • reregisters the NetBIOS name and IP address with WINS by using the command nbtstat -RR

  • reregisters the computer name and IP address with DNS by using the command
    ipconfig /registerdns

Top

When should I log on using the Administrator account?
A security best practice dictates that you shouldn't use the Administrator account to perform everyday tasks because of the risks associated with accidentally introducing problems as a result of using elevated privileges. To steer clear of such problems, you should create a regular user account for day-to-day use. Then, when you need to perform a task that requires local or domain administrative privileges, use the Runas command to perform such tasks. This command restricts the administrative abilities to the task that you're performing. For example, to open a command prompt with local administrative privileges, enter the command
runas /user:<local machine>\administrator cmd
To open a command prompt with domain administrative privileges, enter the command
runas /user:administrator@<domain name> cmd
Be aware that you can use the NetBIOS naming format with this command. For example, to open a command prompt with domain administrative privileges on my network, I typed
runas /user:savilltech\administrator cmd
Any commands that you enter at the new command prompt will run as the user that you entered in the Runas command with that user's associated privileges.
You can replace "cmd" with any command. For example, to start the Microsoft Management Console (MMC) Computer Management snap-in, type
runas /user:<computer/domain>\<account> "mmc %windir%\system32\compmgmt.msc"
To start the MMC Active Directory Users and Computers snap-in, type
runas /user:<computer/domain>\<account> "mmc %windir%\system32\dsa.msc"
For example, to open this snap-in on my computer, I typed
runas /user:administrator@savilltech.com "mmc %windir%\system32\dsa.msc"
Be aware that if you run the Runas command on a client computer (e.g., running Windows XP or Windows 2000 Professional), the command will fail unless you've installed the administration tools. Although using the Runas command is slightly more work, you can create shortcuts for each command that you routinely run and make your system much safer. If you experience problems, ensure the Secondary Logon service is running--the Runas command requires this service for operation.
Top

How can I stop my system from prompting me for a product ID during a Microsoft Remote Installation Services (RIS) installation?
Because the default RIS answer file (i.e., the ristndrd.sif file in the i386\templates folder of the RIS image) doesn't include a product ID, the system will prompt you for the product ID during installation. To avoid having to provide this information every time, perform the following steps:

  1. Open the ristndrd.sif file in the i386\templates folder of the RIS image location for which you want to set the CD-ROM key.

  2. Locate the [UserData] section of the file.

  3. Add the line
    ProductID = "XXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
    and replace the text in quotes with the product ID.

  4. Save the file.

For example, the [UserData] section of my ristndrd.sif file looks like
[UserData]
FullName = "%USERFIRSTNAME% %USERLASTNAME%"
OrgName = "%ORGNAME%"
ComputerName = %MACHINENAME%
ProductID = "32J4A-P07TY-86RE2-8U3H1-XXXXX"
 Top

How can I stop Microsoft Remote Installation Services (RIS) from repartioning the client disk?
By default, RIS repartitions the entire disk and uses all available space. However, if the disk is already partitioned and you want RIS to use only the existing partitions, perform the following steps:

  1. Open the ristndrd.sif file in the i386\templates folder of the RIS image location for which you want to set the CD-ROM key.

  2. Locate the [RemoteInstall] section of the file.

  3. The Repartition and UseWholeDisk lines will both be set to Yes; change both lines to No.
    [RemoteInstall]
    Repartition = No
    UseWholeDisk = No

  4. Save the file.

Top

How can I prestage a Microsoft Remote Installation Services (RIS) client?
You can preconfigure a computer account for the client computer that you're installing through RIS, including specifying which RIS server will service the installation request. By prestaging RIS clients, only known client machines can install from the RIS server, instead of any machine on the network, which prevents unwanted machines from joining the domain and installing software. To a lesser extent, this approach also lets you perform a certain level of load balancing by spreading the clients over multiple RIS servers.
To prestage a client, you need to know the machine's globally unique identifier (GUID). If you're booting the machine from the RIS boot disk, the GUID is the computer's media access control (MAC) address prefixed with 20 zeros to make a 32-character GUID (e.g., 00000000-0000-0000-0000-000C2912404E}. If the machine is Preboot Execution Environment (PXE) compliant, its GUID should be available from the BIOS and is sometimes available on a sticker on or in the actual machine.
After you obtain the GUID, you can prestage the client by performing the following steps:

  1. Start the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in (go to Start, Programs, Administrative Tools, then click Active Directory Users and Computers).

  2. Right-click the container in which you want to create the computer account, then from the context menu select New, Computer.

  3. Enter a name for the computer, then click Next.

  4. Select the "This is a managed computer" check box, enter the machine's GUID (without any dashes), then click Next.

  5. Select whether you want any RIS server or a specific RIS server to service the client, then click Next.

  6. Click Finish to close the summary window.

Top

What permissions does a user need at the Microsoft Remote Installation Services (RIS) client machine if the machine is prestaged?
If you've prestaged a client machine for RIS, you must enter a domain account at the start of the RIS process. However, the user at the client machine won't need to have the rights to add computers to the domain because the computer account has been created in advance; instead, the user needs only the ability to read the computer account and the ability to reset the account password. To verify or add these settings, perform the following steps:

  1. Start the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in (go to Start, Programs, Administrative ools, then click Active Directory Users and Computers).

  2. Open the View menu and select Advanced Features to select the Advanced view.

  3. Right-click the prestaged computer account, then select Properties from the context menu.

  4. Select the Security tab, then click Add.

  5. Select the user, or a group that the user belongs to, who will be entering his or her logon information at the start of the RIS process, then click OK.

  6. Select the user or group that you added in Step 5 and verify that the user or group has read and reset password permissions; if not, select the Allow check box under the read permission and select the Allow check box under the reset password permission.

  7. Click OK.

Top

How can I configure my Microsoft Remote Installation Services (RIS) server to respond only to known clients?
By default, RIS servers respond to any client. To configure an RIS server to respond only to known computers, open the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, right-click the RIS server, and select Properties from the context menu, then select the Remote Install tab. Select the "Do not respond to unknown client computers" check box, then click OK.
Top

How can I create different answer files for one Microsoft Remote Installation Services (RIS) image?
You can specify alternative answer files for an RIS image by performing the following steps:

  1. Start the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in (go to Start, Programs, Administrative Tools, then click Active Directory Users and Computers).

  2. Right-click the RIS server, then select Properties.

  3. Select the Remote Install tab.

  4. Click Advanced Settings.

  5. Select the Images tab, then click Add.

  6. Select the "Associate a new answer file to an existing image" check box, then click Next.

  7. Select "An alternate location" to select the folder from which you want to copy the answer file from, then click Next.

  8. Select the installation image that you want to use for the new answer file, then click Next.

  9. Enter the location of the answer file that you want to copy, then click Next.

  10. If the file already exists on the target server, you'll need to enter a new name for the new answer file, then click Next.

  11. Enter a friendly description and name for the new installation option, then click Next.

  12. Click Finish.

The system will copy the new answer file to the i386\templates folder of the RIS image.
Top

How can I back up the Microsoft IIS metabase in Windows 2000 and later?
IIS configuration information resides in a metabase that consists of an XML document. If you're hosting several Web sites that have separate configurations, backing up the metabase is vital. To back up the IIS metabase, perform the following steps:

  1. Start the Microsoft Management Console (MMC) Internet Information Services (IIS) snap-in (go to Start, Programs, Administrative Tools, then click Internet Information Services Manager).

  2. Right-click the name of the machine that hosts the IIS services, then select Backup/Restore Configuration from the All Tasks menu.

  3. Click Create Backup.

  4. Enter a name for the backup.

  5. Optionally select the "Encrypt backup using password" check box and enter a password to protect the backup.

  6. Click OK.

  7. Click Close on the main Backup/Restore Configuration window.

The OS will create a metabase backup in the \%windir%\system32\inetsrv\metaback folder. The backup consists of two files: "name of backup".MDx and "name of backup".SCx. You should ensure that you back up this folder as part of your routine system backups. The .MDx file contains the actual metabase information, and the .SCx file contains the schema. In both cases, "x" is the version of the backup.
Top

How can I restore the Microsoft IIS metabase backup in Windows 2000 and later?
You should be aware that you can't restore an IIS metabase backup from another computer; however, Microsoft provides utilities for copying IIS configuration information between machines. To restore an IIS metabase backup, perform the following steps:

  1. Start the Microsoft Management Console (MMC) Internet Information Services (IIS) snap-in (go to Start, Programs, Administrative Tools, then click Internet Information Services Manager).

  2. Right-click the name of the machine that hosts the IIS services, then select Backup/Restore Configuration from the All Tasks menu.

  3. Select the backup you want to restore, then click Restore.

  4. When the system asks whether you're sure that you want to continue, click Yes.

  5. If the backup is password protected, you'll need to enter the password.

  6. After the backup restoration is finished, click OK to close the confirmation window.

Top

How can I back up the Microsoft IIS metabase from the command line in Windows 2000 and later?
Win2K includes a Visual Basic (VB) script called metaback.vbs for performing a command-line backup of the IIS metabase. The script resides in the \inetpub\iissamples\sdk\admin folder. To run the script, open a command prompt and type
cscript metaback.vbs <backup name>
where "backup name" is the name of the backup file you want to create.
Windows Server 2003 includes a VB script called iisback.vbs that resides in the system32 folder for performing a command-line backup of the IIS metabase. To run the script, open a command prompt and type
cscript iisback.vbs /backup /b <backup name>
The /b switch specifies the backup name. Type
cscript /iisback.vbs /backup /?
to see other available options (e.g., automatic versioning) for the iisback.vbs script.
Top

How can I use the Windows 2000 and later Netdom command to specify an organizational unit (OU) when I join my computer to a domain?
If you add a computer to a domain from the Computer Name tab of the Control Panel System applet, Active Directory (AD) will put the computer in the default Computers container. However, the most recent versions of Netdom (version 2.0 and later) let you specify an OU when joining a computer to a domain. To specify an OU and the OU's distinguished name (DN) when using the Netdom command, type
netdom join <computer name> /domain:<domain name> /userd:<domain user> /passwordd:<domain password> /OU:<DN for OU>
For example,
netdom join neutron /domain:savilltech.com /userd:john /passwordd:youwish /OU:"OU=LONDON,DC=SAVILLTECH,DC=COM"
joins computer neutron to domain savilltech.com in the London OU. (Although I've included quotes in my example, you need to use quotes only if the OU's DN contains spaces; however, adding the quotes doesn't hurt.)
Two optional switches, /UserO and /PasswordO, are necessary only if the logged-on user doesn't have administrative rights on the computer that's joining the domain. In such a scenario, you can add these switches to specify a local administrative account to use while running the command.
Top

How can I create a file of a certain size in Windows XP and later?
If you need to create a file of a certain size and the file contents don't matter, you can use the Fsutil command as follows:
fsutil file createnew <name of file> <size in bytes>
For example,
fsutil file createnew d:\temp\1mbfile.txt 1000000
creates a 1MB file named 1mbfile.txt in the d:\temp folder. I've successfully used this command to create a large file to reduce the amount of free space that a buggy installation program had problems addressing.
Top

How can I stop Windows Server 2003 from automatically mounting new volumes?
By default, Windows 2003 automatically mounts and assigns a drive letter to any new volume introduced to the OS. (If the new volume is a dynamic volume, the OS attempts to assign the current drive letter unless that letter is already in use.) You can prevent Windows 2003 from automatically mounting new volumes by using either of two methods.
The first method is to use the Mountvol command with the /n switch; go to the command prompt and type
mountvol /n
The second method is to use the Diskpart command with the automount disable option; go to the command prompt and type
diskpart
When the utility starts, you'll see the DISKPART> command prompt. At the prompt, type
automount disable
Your computer will display the message "Automatic mounting of new volumes disabled." To exit the utility, type
exit
Top

How can I resolve Device Manager errors in Windows 2000 and later?
The Microsoft Management Console (MMC) Device Manager snap-in contains information about the devices on your system. If a device isn't working correctly, you'll see a yellow icon with an exclamation point (!) next to the device. If you right-click the device and select Properties, Windows will display the actual error message with an error code. The most common error codes and a suggested approach for resolving each problem are as follows:

  • code 1--Select the Driver tab, click Update Driver, then install an updated driver for the device (you should obtain the new driver from the manufacturer's Web site and ensure that your version of Windows supports the hardware).

  • code 3--This error can result from a lack of system resources. Check Task Manager to ensure that the system isn't low on memory. If the system has adequate memory available, the device driver might be corrupt, which might cause the device to think it needs more memory than it actually requires. Follow the steps for code 1 to replace the driver.

  • code 10--Select the Driver tab, click Update Driver, then select "Install from a list or specific location (Advanced)" and manually select the correct driver.

  • code 12--This error occurs because the hardware conflicts with another device. From the device Properties dialog box, select the Resources tab to view the conflicting device in the "Conflicting device list" at the bottom of the screen. Remove the conflicting device, then re-add the device to see whether that device requests a different, nonconflicting resource. If these steps don't resolve the error, you'll need to manually assign resources for the two conflicting devices.

  • code 14--Restart the computer.

  • code 16--From the device Properties dialog box, select the Resources tab. If you see a question mark (?) next to one of the resources assigned to the device, select that resource to assign. If you can't change the resource, click Change Settings. If Change Settings is unavailable, try clearing the "Use automatic settings" check box to make Change Settings available. If the device isn't Plug and Play (PnP), check the hardware documentation for more information installing and configuring the device.

  • code 22--The device is disabled; from the device Properties dialog box, click Enable Device.

For any code not listed, the best approach is to follow the steps for code 1 to update the driver.
Top

How can I display all drivers on a Windows XP or later system from the command line?
XP and later OSs come with a utility called Driverquery that lets you display information about all drivers on the system. From the command prompt, type
driverquery
To see a list of all applicable options, type
driverquery /?
To have the utility return more information about the drivers, enable verbose mode by typing
driverquery /v You can also display the information in various formats. For example, to output the driver details in comma-separated value (CSV) format to ease the process of importing the data into a spreadsheet, type
driverquery /fo csv
When I run this command, my system displays
"Module Name","Display Name","Driver Type","Link Date"
"ac97intc","Intel(r) 82801 Audio Driver Install Service (WDM)","Kernel ","19/07/2001 23:43:40"
"ACPI","Microsoft ACPI Driver","Kernel ","29/08/2002 09:09:03"
"ACPIEC","ACPIEC","Kernel ","17/08/2001 21:57:55"
"adpu160m","adpu160m","Kernel ","30/05/2001 10:18:22"
"aec","Microsoft Kernel Acoustic Echo Canceller","Kernel ","12/08/2002 18:54:24"

"AFD","AFD Networking Support Environment","Kernel ","29/08/2002 10:01:13"
"agp440","Intel AGP Bus Filter","Kernel ","17/08/2001 21:57:59"

Also, be aware that several of the switches (i.e., /s, /u, and /p) let you execute the command against a remote system.
Top

How can I easily construct the command-line syntax for a backup job in Windows XP and later?
Because several switches and commands are available when performing a backup from the command line, keeping track of your backup configuration can get complex. Fortunately, you can use the Backup Wizard to construct a dummy backup job that lets you see the equivalent command-line options. To do so, perform the following steps:

  1. Start Windows Backup.

  2. Select the Schedule Jobs tab.

  3. Select a day, then click Add Job.

  4. Click Next on the first screen of the Backup Wizard page that appears.

  5. Select the files, folders, or drives that you want to back up, then click Next. (Depending on which options you select, you might have to navigate through additional screens to manually select the items you want to back up.)

  6. Select the destination for the backup, then click Next.

  7. Select the type of backup that you want to perform, then click Next.

  8. Select any options you want performed during the backup (e.g., "Verify data after backup"), then click Next.

  9. Select the backup overwrite options, then click Next.

  10. Select when to run the backup, give it a job name, then click Next.

  11. Enter the user account information necessary to perform the backup, then click OK.

  12. Click Finish.

  13. Windows Backup will create a new backup job. Right-click the new job to display the Properties dialog box, then click the Properties button. Select the Task tab to view the NTBackup command that will be used to run the backup job. For example, the Backup Wizard constructed the following NTBackup command for my job:
    G:\WINDOWS\system32\ntbackup.exe backup "@G:\Documents and Settings\savijo\Local Settings\Application Data\Microsoft\WindowsNT\NTBackup\data\Full system normal backup.bks" /n "backup.bkf created 13/11/2003 at 13:50" /d "Set created 13/11/2003 at 13:50" /v:no /r:no /rs:no /hc:off /m normal /j "Full system normal backup" /l:s /f "E:\backup.bkf"

  14. Click Delete to remove the backup job. Easy!

Top

How can I create an Automated System Recovery (ASR) set if my PC doesn't have a 3.5" disk drive?
An ASR set consists of a system backup and a 3.5" disk that lists the system files that are installed on the PC. If you don't have a 3.5" disk drive on your machine, you won't be able to create the ASR disk. However, you can still create an ASR disk by performing the following steps:

  1. Run the ASR Wizard, which is part of Windows Backup.

  2. After you run the ASR Wizard, start Windows Explorer.

  3. Navigate to the \%windir%\repair folder (e.g., C:\windows\repair).

  4. Copy the asr.sif and asrpnp.sif files to a network location.

  5. On a different networked computer that has a 3.5" disk drive, copy these files to a 3.5" disk and label the disk as your ASR disk.

Top

What's the Windows Installer rollback functionality?
When you install a Windows Installer (.msi) file, a script in the file specifies the actions that Windows Installer will perform. As each action is performed, the process that calls the .msi file into action updates a rollback script and, if files are to be deleted, backs up those files. Then, if the installation fails, Windows Installer can use the rollback script to undo any actions that have been performed and use the file backups to restore any deleted files. After the installation finishes successfully or is rolled back, Windows Installer deletes the file backups because they're no longer needed.
You can define custom actions to be performed during a .msi file installation. For example, you can

  • launch an executable during installation from the user's machine

  • call special functions from a DLL

  • call functions written in a scripted language (such as JScript or VBScript)

  • perform nested installations

Windows Installer doesn't roll back these custom actions by default. Rather, the author of the .msi file is responsible for ensuring that custom actions are rolled back. By default, no additional action is needed to roll back an installation that fails.
The files that Windows Installer temporarily backs up are stored in the \%systemdrive%\config.msi file in a system/hidden state. However, be aware that users can access these files and perhaps gain information about your system that you might otherwise prefer to restrict.
Top

How can I use Group Policy to disable the Windows Installer rollback functionality?
Depending on the actions that the Windows Installer (.msi) file performs, the space required to store temporary rollback information about the installation, as described in the FAQ "What's the Windows Installer rollback functionality?," might be very large. If the installation is interrupted, these temporary files remain on the system, and a user could access them to gain information about your computer. Keep in mind that if you apply a Group Policy Object (GPO) to disable the rollback functionality and an installation fails, your computer could be left in a compromised state.
To use Group Policy to prevent Windows Installer from creating the rollback information, perform the following steps:

  1. Open the relevant GPO. For example, open the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, right-click the organizational unit (OU) or domain, select Properties, select the Group Policy tab, select the GPO, then click Edit.

  2. Expand Computer Configuration, Administrative Templates, Windows Components, Windows Installer.

  3. Double-click "Prohibit rollback."

  4. Select Enabled.

  5. Click OK.

You can also configure this setting on a per-use basis by navigating to User Configuration, Administrative Templates, Windows Components, Windows Installer in Step 2 above. When you enable the setting in either area, it overrides any Disabled setting.
Top

How can I use the registry to disable the Windows Installer rollback functionality?
To use the registry to prevent Windows Installer from creating the rollback information described in the FAQ "What's the Windows Installer rollback functionality?," perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer registry subkey to make the change for all users on that machine, or navigate to the HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer registry subkey to make the change for the current user.

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name DisableRollback, then press Enter.

  5. Double-click the new value, set it to 1, then click OK.

  6. Close the registry editor.

  7. Log off and log on for the change to take effect.

Top

When does Windows Installer use elevated privileges?
You can use a tool such as Group Policy to perform a managed installation of a Windows Installer (.msi) file or you can manually install a .msi file. Some applications that you install with a .msi file require elevated privileges to access file-system areas or registry keys. When you use a tool such as Group Policy to install a .msi file that deploys an application to a user's system, the application runs with elevated privileges (e.g., system permissions) that bypass the user's limited permissions. However, when a user uses a .msi file to install an application manually, the installation is limited by that user's current privilege level, which might cause some installations to fail.
You can configure a system to run all Windows Installer installations, including manual installations, with elevated privileges. However, doing so carries the risk that a skilled user could use the elevated privileges to access areas of the system that would otherwise be protected. For information about how to configure all Windows Installer installations to use elevated privileges, see the FAQ "How can I configure all Windows Installer installations to run with elevated privileges?" below.
If you enable a Group Policy Object (GPO) to let all installations run with elevated privileges, be aware that if you install an application on a per-machine basis (i.e., all users on that machine can use it), any repair operations performed for that application will run with elevated privileges, even if you remove the GPO. If, however, you install an application on a per-user basis, then remove the GPO, any attempts to repair that application might fail because the elevated privileges no longer apply.
Top

How can I configure all Windows Installer installations to run with elevated privileges?
To run all Windows Installer installations with elevated privileges, perform the following steps:

  1. Open the relevant Group Policy Object (GPO). For example, open the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, right-click the organizational unit (OU) or domain, select Properties, select the Group Policy tab, select the GPO, then click Edit.

  2. Expand Computer Configuration, Administrative Templates, Windows Components, Windows Installer.

  3. Double-click "Always install with elevated privileges."

  4. Set to Enabled, then click OK.

  5. Expand User Configuration, Administrative Templates, Windows Components, Windows Installer.

  6. Double-click "Always install with elevated privileges."

  7. Set to Enabled, then click OK (you must enable this GPO under both the User Configuration and Computer Configuration sections for it to take effect).

You can also use the registry to enable all Windows Installer installations to run with elevated privileges by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer registry subkey.

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name AlwaysInstallElevated, then press Enter.

  5. Double-click the new value, set it to 1, then click OK.

  6. Navigate to the HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer registry subkey.

  7. From the Edit menu, select New, DWORD Value.

  8. Enter the name AlwaysInstallElevated, then press Enter.

  9. Double-click the new value, set it to 1, then click OK.

  10. Close the registry editor.

Top

How can I force Group Policy to refresh on a Windows Server 2003 or Windows XP machine?
To manually force Group Policy to refresh under Windows 2000, you use the command
secedit /refreshpolicy
Microsoft has replaced this command in Windows 2003 and XP with the command
gpupdate
You can run this command without any switches to update both machine and user policies. When you run Gpupdate on Windows 2003, the machine will display the following text:

  Refreshing Policy...

  User Policy Refresh has completed.
  Computer Policy Refresh has completed.

  To check for errors in policy processing, review the event log.

The last line doesn't appear on XP machines. To update only the user command components, type
gpupdate /target:user
To load only the computer command components, type
gpupdate /target:computer
The optional switches that you can use with the Gpupdate command are

  • /force--This switch loads all policy settings rather than just those that have changed.

  • /wait:<time>--This switch specifies the amount of time to wait for the policy processing to finish before returning to the command prompt.

  • /logoff--This switch causes the user to log off after Group Policy refreshes.

  • /boot--This switch causes a reboot after Group Policy refreshes.

  • /sync--This switch synchronously (i.e., in the background) applies the next boot or user logon policy (the system will prompt you to log off or reboot, depending on the /target setting).

Top

How can I modify Group Policy's refresh interval?
By default, Group Policy refreshes every 90 minutes for typical machines and users and every 5 minutes for domain controllers (DCs). To change these intervals, perform the following steps:

  1. Open the relevant Group Policy Object (GPO). For example, open the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, right-click the organizational unit (OU) or domain, select Properties, select the Group Policy tab, select the GPO, then click Edit.

  2. Expand Computer Configuration, Administrative Templates, System, Group Policy.

  3. Double-click "Group Policy refresh interval for computers," then select Enabled. Enter the new refresh rate and the maximum random time to wait for the refresh (to avoid all machines updating at the same time), then click OK.

  4. If required, double-click "Group Policy refresh interval for domain controllers," then select Enabled. Enter the new refresh rate, which should be significantly less than the average computer policy refresh rate, and the maximum random time to wait for the refresh (to avoid all machines updating at the same time), then click OK.

  5. Expand User Configuration, Administrative Templates, System, Group Policy.

  6. Double-click "Group Policy refresh interval for users."

  7. Again, select Enabled, set the necessary values, then click OK.

  8. Close Group Policy Editor (GPE).

You don't have to configure both the user and computer value--you can modify just one of them. You shouldn't set these values too low: Every update requires processing and adds to the network traffic, and short refresh rates can quickly cause larger network problems. For example, setting the update frequency to 0 would result in Group Policy attempting a refresh every 7 seconds, which probably isn't good for anyone.
Top Top

Why can't I view the content of a downloaded Windows product-update package?
Many third-party applications (e.g., WinZip) let you open and view the contents of Windows product-update packages. However, one type of update package, called an Intra-Package Deltas-aware (IPD-aware) package, compresses the files to binary deltas (i.e., the _p files that you see when you view the package in WinZip). When you execute the update package, the binary deltas recreate the files. However, when you view the update package by using a third-party application, you'll see only the binary deltas. To view the contents of the update package, you must use the -x switch to extract the files. For example, typing
WindowsXP-KB824146-x86-ENU.exe -x:d:\temp\package
at the command prompt extracts the files to the d:\temp\package folder. If you just use the -x switch without specifying a path, the system will prompt you to provide a location to which you want to extract the files.
Top

When I try to install the Microsoft Office Live Communications Server 2003 Administration Tools, why does the installer ask me to insert the Office 2003 CD-ROM, even though it's already in the drive?
This is a known problem that appears when you install the Live Communications Server 2003 Administration Tools on a Windows XP or Windows 2000 machine that already has the prerelease version of the tools installed. This problem occurs because the prerelease CD-ROM has a different name from the final version. To resolve the problem, remove the prerelease version before you install the final version from the final release CD-ROM.
Top

I want to install both Windows XP Professional Edition and XP Home Edition on one partition, but the XP installer doesn't prompt me for an installation folder. How can I install this configuration?
If you attempt to install both OSs, the second OS will typically overwrite the first OS because the installer doesn't prompt you to enter an installation folder name and instead uses the default Windows folder. To work around this limitation, you must perform an advanced installation by performing the following steps:

  1. Install and boot to your first XP installation.

  2. Insert the XP installation CD-ROM for the secondary XP version that you want to install.

  3. On the Welcome dialog box, click Install Windows XP.

  4. Select New Installation (Advanced), then click Next.

  5. Select "I accept this agreement," then click Next.

  6. Enter the product key, then click Next.

  7. On the Setup Options page, click Advanced Options.

  8. In the Advanced Options dialog box in the "To this folder on my hard drive" field, enter the name of the folder in which you want to install this version of XP, then click OK.

  9. On the Setup Options page, click Next.

  10. Complete the installation as usual.

Top

What permissions do I need to install the Windows 2000 Server Terminal Services client on Windows Server 2003 and Windows XP?
Windows 2003 and XP both ship with the Remote Desktop Connection software, which is the latest Terminal Services client. However, times might exist when you want to use a previous version of the client. To be able to install previous versions of the client, you must be a local administrator or have Write and Modify permissions on the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing\Store registry subkey's MSLicensing value.
Top

I upgraded my Windows Me or Windows 98 installation to Windows XP. Why won't my original installation start after I remove XP?
This problem can occur if any of the Windows Me and Win98 startup files are missing and will result in any of the following errors:

  • The C:\windows\ifshlp.sys file is missing or corrupted.

  • The C:\windows\system\vmm32.vxd file is missing or corrupted.

  • The Windows Me or Win98 splash screen is displayed, then the computer stops responding.

To resolve these errors, perform the following steps:

  1. Insert a Windows Me or Win98 startup disk and boot the machine.

  2. Replace the boot sector and overwrite the startup files by using the Sys command by typing
    sys c:
    at the command prompt.

  3. Remove the startup disk and reboot the machine by pressing Ctrl+Alt+Del.

Top

The apmstat.exe file is missing from my machine. Where can I get this file?
The Apmstat command lets you view a machine's Advanced Power Management (APM) status. This file isn't installed by default on Windows XP and Windows 2000. Instead, the file installs when you install the XP and Win2K support tools, which are in the support\tools folder of your installation CD-ROM. To install these tools, you run the setup program that's in the support\tools folder. If you don't want to install all the support tools, you can manually extract Apmstat from the support.cab file and move it to a location of your choice (no other files are necessary to run the Apmstat command).
Top

How can I use the command line to rename a user account in Windows Server 2003?
You can use the Dsmove command with the -newname switch to rename Active Directory (AD) objects. For example, to change user savillj to user johnsavill, type
C:\>dsmove CN=savillj,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com    -newname johnsavill
The machine will return the following result:
dsmove succeeded:CN=savillj,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com
Top

How can I use the command line to move a user account in Windows Server 2003?
You can use the Dsmove command with the -newparent switch to assign new containers to Active Directory (AD) objects. For example, to move user johnsavill from the Users container to an organizational unit (OU) called Sales, type
C:\>dsmove "CN=johnsavill,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com"    -newparent OU=Sales,DC=it,DC=uk,DC=savilltech,DC=com The machine will return the following result:
dsmove succeeded:CN=johnsavill,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com
Top

How can I remove the Network tab from Windows Media Player WMP) 8 and later?
On WMP 8 and later, the Network tab of the Options dialog box, which appears when you select Options from the Tools menu, lets you configure which protocols to use to stream media. To remove this option, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_CURRENT_USER\Software\Policies\Microsoft registry subkey.

  3. From the Edit menu, select New, Key.

  4. Enter the name WindowsMediaPlayer, then press Enter.

  5. From the Edit menu, select New, DWORD Value.

  6. Enter the name HideNetworkTab, then press Enter.

  7. Double-click the new value, set it to 1, then click OK.

  8. Close the registry editor.

No reboot or logout is required; the next time you start WMP, the Network tab won't be visible.
Top

How can I stop users from installing Windows Installer (.msi) files for removable media?
With Windows Installer 1.1 and later, you can restrict users from browsing .msi files on removable media such as CD-ROMs and DVDs by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer registry subkey (create this subkey if it doesn't exist).

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name DisableMedia, then press Enter.

  5. Double-click the new value, set it to 1, then click OK.

  6. Close the registry editor.

  7. Log off and log on for the change to take effect.

Top

When I view the Owner column in Windows Explorer, Windows XP takes a long time to display the folder contents. How can I remove this column?
XP has difficulty displaying an object's owner in Windows Explorer. To remove the Owner column so that Windows Explorer no longer displays it on any folder, perform the following steps:

  1. Right-click the column headings to display a list of all available column options.

  2. Clear the check mark next to Owner.

  3. From the Tools menu, select Folder Options.

  4. Select the View tab, then click Apply To All Folders.

  5. Click Yes, then click OK.

Top

When I try to promote a Windows Server 2003 domain controller (DC) into a Windows 2000 forest, the action fails with a schema error. How can I resolve this problem?
A. Windows 2003 contains an updated schema that isn't compatible with the basic schema present in Win2K-based domains and forests. To resolve the problem, you must run the Adprep command from the Windows 2003 installation CD-ROM to update the Win2K-based domain and forest schemas. Before you perform the following actions, ensure that you've installed Win2K Service Pack 2 (SP2) or later on all Win2K DCs:

  1. Identify the Schema master for the forest and the Infrastructure master for the domain. For information about how to do this, see other FAQs in the Active Directory (AD) section on the "FAQs for Windows" Web site, including the FAQ titled "How can I find the current FSMO role holders in a domain/forest?" ( http://www.windows2000faq.com/articles/index.cfm?articleid=15668 ).

  2. Disconnect the Schema master from the network.

  3. From the Schema master, insert the Windows 2003 installation CD-ROM, open a command session, then type <cd-rom drive>:
    cd \i386
    adprep /forestprep

  4. Ensure that no errors were displayed or written to the event log and that domain functions such as Dcdiag still work. If everything is OK, reconnect the Schema master to the network.

  5. If the Infrastructure master is on a different machine than the Schema master, wait 15 minutes for the forest change to take effect (or up to half a day if the machines are in different sites).

  6. From the Infrastructure master, insert the Windows 2003 installation CD-ROM, open a command session, then type <cd-rom drive>:
    cd \i386
    adprep /domainprep

The changes will then replicate across the domain (this process can take just 15 minutes if the Schema master and Infrastructure master are in the same site or as long as half a day if the machines are located in different sites). After the changes replicate, you'll be able to promote the Windows 2003 server to the desired domain as a DC.
Top

I recently joined a computer to a domain after restoring its system state. Why can't users log on to this computer?
The secure channel between the client computer and the domain was lost when you rolled back the system state to a state before the client computer was part of the domain. To fix this problem, remove the client computer from the domain, then add it again.
Top

How can I stop Web sites from accessing my local clipboard?
The dynamic HTML component in Microsoft Internet Explorer (IE) 5.0 and later lets Web sites access and write to the clipboard unless you use the High security setting. To avoid having to use the High security setting, perform the following steps:

  1. Start IE.

  2. From the Tools menu, select Internet Options.

  3. Select the Security tab.

  4. Select Internet, then click Custom Level.

  5. Scroll down to the Scripting section.

  6. Under "Allow paste operations via script," set to Disable or Prompt, then click OK.

  7. Close all dialog boxes.

You should perform the same steps for the "Restricted sites" zone and any other security zones you think you might need (e.g., the "Local intranet" zone).
Top

I've noticed that Windows Server 2003 doesn't display keyboard shortcuts when I run winnt32.exe. How can I display these shortcuts?
Windows 2003 no longer displays keyboard shortcuts by default. To display the shortcuts, you must press Alt when you run winnt32.exe.
Top

Why do I receive an error involving pending file operations while installing Microsoft SQL Server 2000, even after I reboot the system?
An erroneous pending file copy operation in the registry is causing your SQL Server installation to believe another installation is underway, which is preventing you from continuing the installation. To resolve this error, perform the following steps:

  1. Start a registry editor (i.e., regedit.exe).

  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager registry subkey.

  3. Double-click PendingFileRenameOperations.

  4. Remove any entries for this registry value, then click OK.

  5. Close the registry editor.

You'll then be able to complete the SQL Server 2000 installation.
Top

How can I change a domain user's password from the command line in Windows Server 2003?
You can use the Dsmod command to modify Directory Service (DS) objects' attributes from the command line. More specific to your question, you can use Dsmod User to change the attributes of a user object. To modify a user's password, use the following syntax:
dsmod user <user's distinguished name (DN)> -pwd <user's new password>
For example, to change the password for user John in domain it.uk.savilltech.com, I typed
dsmod user CN=John,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com -pwd Pa55word
The system returned
dsmon succeeded:CN=John,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com
Top

How do I enable or disable a domain user from the command line in Windows Server 2003?
You can use the Dsmod User command with the -disabled switch to enable a user account
dsmod user <user's distinguished name (DN)> -disabled no
or disable a user account
dsmod user <user's DN> -disabled yes
For example, to enable user John in domain it.uk.savilltech.com, I typed
dsmod user CN=John,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com -disabled no
The system returned
dsmon succeeded:CN=John,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com
Top

How can I use the Windows Server 2003 command line to find all users in a domain who match certain criteria?
The Dsquery command lets you query Active Directory (AD) for most types of objects according to passed attributes. To see the full list of options, type
dsquery user /?
The basic command syntax is
dsquery user <distinguished name (DN) of root to search> <parameters to match>
For example, to find all users whose name starts with the letter J in domain it.uk.savilltech.com, I typed
dsquery user DC=it,DC=uk,DC=savilltech,DC=com -name J*
and the system returned
"CN=John,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com"
"CN=James,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com"
"CN=Jim,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com"

To find all users who hadn't changed their password in more than 10 days, I typed
dsquery user DC=it,DC=uk,DC=savilltech,DC=com -stalepwd 10
To find all users who hadn't logged on using their password in the past week, I typed
dsquery user DC=it,DC=uk,DC=savilltech,DC=com -inactive 1
You can also combine switches, if necessary. For example, to find all users whose name starts with the letter J and who hadn't changed their passwords in more than 10 days, I typed
dsquery user DC=it,DC=uk,DC=savilltech,DC=com -name J* -stalepwd 10
Top

Can I obtain more information from the Dsquery User command than just the user's name?
You can't obtain additional information directly from the Dsquery User command, but you can pipe (i.e., send) the command output to the Dsget command with a list of attributes to fetch. For example, to display the distinguished name (DN) and description of the users matching the Dsquery User command (specifically, those users whose names start with the letter J and who hadn't changed their passwords in more than 10 days), I typed
dsquery user DC=it,DC=uk,DC=savilltech,DC=com -name J* -stalepwd    10 | dsget user -desc -dn
You can type
dsget user /?
to view a list of all attributes that Dsget can fetch.
Top

Why do I receive a file-copy error when I perform an in-place upgrade of Windows Server 2003?
If you install Windows 2003 over an existing Windows 2003 installation, you might receive any of the following errors:

  • "Setup Cannot Copy the File Cmprops.dl_"

  • "Setup Cannot Copy the File Licwmi.dl_"

  • "Setup Cannot Copy the File Mmfutil.dl_"

  • "Setup Cannot Copy the File Servereps.dl_"

You might also notice errors in the scssetup.log file in the \%systemroot%\security folder. These errors are the result of a corrupted secedit.sdb file. This file corruption often occurs when a computer suddenly stops rather than completing a controlled shutdown.
To resolve these errors, you must use the esentutl.exe file to repair the database by performing the following steps:

  1. Start a command session.

  2. Run Esentutl's repair option by typing
    esentutl /p %windir%\security\database\secedit.sdb

  3. Click OK in the displayed dialog box. Esentutl will confirm the repair by displaying a log file similar to the following example:

    Microsoft(R) Windows(R) Database Utilities
Version 5.2
Copyright (C) Microsoft Corporation. All Rights Reserved.

Initiating REPAIR mode...
Database: C:\WINDOWS\security\database\secedit.sdb
Temp. Database: TEMPREPAIR4072.EDB

Checking database integrity.

Scanning Status (% complete)


0 10 20 30 40 50 60 70 80 90 100
|----|----|----|----|----|----|----|----|----|----|
...................................................
Integrity check successful.

    Note:
    It is recommended that you immediately perform a full backup of this database. If you restore a backup made before the repair, the database will be rolled back to the state it was in at the time of that backup.
    Operation completed successfully in 129.176 seconds.

  4. Navigate to the \%windir%\security folder by typing
    cd %windir%\security

  5. Remove the edb0000x.log file by typing
    del edb0000*.log

You'll then be able to perform the in-place upgrade.
Top

Why does my Windows XP machine's CPU usage climb to 100 percent when I right-click a file or folder within Windows Explorer?
XP contains a known bug that causes the CPU usage to spike to 100 percent when you access the context menu under certain configurations. This bug causes file-copy operations to halt, network connections to slow, and streaming media (e.g., audio, video) to become distorted. To work around this bug, you need to disable the GUI's transition effects by performing the following steps:

  1. Start the Control Panel Display applet.

  2. Select the Appearance tab.

  3. Click Effects, then clear the "Use the following transition effect for menus and tooltips" check box.

  4. Click OK to close all dialog boxes.

Another solution that often works is to left-click the file or folder before right-clicking to display the context menu.
Top

Why does the Advanced Power Management (APM) tab appear in the Control Panel Power Options applet on only some of my machines?
Windows uses APM when Advanced Configuration and Power Interface (ACPI) isn't available because of hardware limitations. For APM to be available, the computer must support APM 1.2 and not be listed in the Disable APM list in the biosinfo.inf file that the system checks during installation. Also, keep in mind that

  • APM isn't available on multiprocessor machines.

  • Server products don't support APM.

  • You must enable APM in the computer BIOS before APM will appear as an option in Windows.

You can check the APM status of your Windows XP and later machine by performing the following steps:

  1. Start a command session.

  2. Enter the command
    apmstat -v

Your computer will display its APM status. For example, when you type this command on an ACPI-enabled machine, the command will return the following result:
This is an ACPI machine, APM is NOT relevant on this machine
Top

Where can I get the Windows Server 2003 domain rename tool?
The latest version of the domain rename tool for Windows 2003 is available at http://download.microsoft.com/download/5/6/d/56df978b-9a76-487e-80b7-0250289f2579/domainrename.exe . After you download the utility, open the file to automatically unzip the two included files (gpfixup.exe and random.exe). Before you can run the random.exe utility, you must raise the forest functionality level to "Windows Server 2003" level.
Top

How can I add a user to Active Directory (AD) from the command line without using a script?
Windows Server 2003 provides the Dsadd command, which lets you add objects (e.g., computers, contacts, groups, organizational units--OUs, quotas, users) to AD. The basic command syntax is
dsadd user <users's distinguished name (DN)> -samid <username> -pwd <new password>
For example, to add user John to AD, I typed
C:\< dsadd user CN=John,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com -samid John -pwd Pa55word
The system returned
dsadd succeeded:CN=John,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com
For a full list of options, type
C:\< dsadd user /?
The options let you set the user's full name details, email address, group ownership, and Web page as well as set the password to never expire. The following example shows the use of several of these options:
C:\<dsadd user CN=John,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com
-samid John -pwd Pa55word -fn John -ln Savill -display "John Savill"
-email john@savilltech.com -webpg http://www.savilltech.com
-pwdneverexpires yes -memberof "CN=Domain
Admins,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com"

dsadd succeeded:CN=John,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com

Notice that the "-memberof" option, which specifies the user's group ownership, is in quotes because the DN contains spaces.
Top

How can I remove a user from Active Directory (AD) from the command line without using a script?
Windows Server 2003's Dsrm command lets you remove objects from AD. The command syntax is
dsrm <distinguished name (DN) of object to delete>
For example, to delete a user named piggy, you'd type
C:\<dsrm CN=piggy,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com
The computer will ask you to confirm the deletion:
Are you sure you wish to delete
CN=piggy,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com (Y/N)? y
If you answer "y", the computer will return the following response:
dsrm succeeded:CN=piggy,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com
To avoid being prompted to confirm the deletion, you can append "-noprompt" (without the quotes) to the end of the command string.
Top

How can I use Microsoft Internet Explorer (IE) to pass a username and password to an FTP site?
If you access an FTP site that doesn't allow anonymous access, you must provide a username and password. To access an FTP site anonymously from IE, use the syntax
ftp://ftp.<site name>.com
To pass a username and password, the syntax is
ftp://<username>:<password>@<ftp site>
For example, to access the Internet Software Consortium (ISC) ftp site, you might type
ftp://john:john@ibm.com@ftp.isc.org
where "john" is the username and "john@ibm.com" is the password.
Similarly, to pass just a username, you can use the syntax
ftp://<username>@<ftp site>
Top

I've upgraded or repaired my Windows XP installation, but now data is missing from the All Users folder. What caused this to happen, and how can I retrieve this information?
Data can disappear from the All Users folder if you've performed an in-place upgrade of XP (i.e., installed XP over an existing XP installation), used the XP installation CD-ROM and selected R to repair the XP installation, or upgraded XP Home Edition to XP Professional Edition. To recover the missing data, you must restore the information from a backup copy.
To prevent this problem from happening in the future, delete the undo_guimode.txt file. This file is typically in the \%windir%\system32 folder. The undo_guimode.txt file often appears on systems in which the manufacturer has preinstalled XP. The first time you start such a system, the system often calls a wizard that creates the file.
Top

How can I remove the Properties item from the Recycle Bin's context menu?
To remove the Recycle Bin's Properties context menu item and restrict users from changing the configuration, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer registry subkey.

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name NoPropertiesRecycleBin, then press Enter.

  5. Double-click the new value, set it to 1, then click OK.

  6. Close the registry editor.

  7. Log off and log on for the change to take effect.

You can set this registry entry for all users of a machine by navigating to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer registry subkey and following Steps 3 through 7.
Top

What's the Google Toolbar 2.0?
Google has released an add-on for Microsoft Internet Explorer (IE) that provides fast access for performing Google searches and enhances your browser functionality. Some of the toolbar's features include

  • blocking pop-up advertising

  • automatically completing Web forms according to information you provide

  • performing searches within a specified site

  • highlighting search terms on matching pages

The toolbar is free and is available at http://toolbar.google.com . The pop-up suppression alone is well worth the download.
Top

How can I clear the Google Toolbar search history in the registry?
The Google Toolbar is an add-on search tool for Microsoft Internet Explorer (IE). To clear the toolbar's search history, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_CURRENT_USER\Software\Google\NavClient\1.1 registry subkey (the registry subkey is 1.1, even though you might have installed version 2.0 of the toolbar).

  3. Select the History subkey, press the Del key on your keyboard, then click Yes to the confirmation.

  4. Close the registry editor.

You'll need to log off and log on to clear the cache of previous searches within IE.
Top

Why does my PC keep rebooting with the message "This system is being shut down in 60 seconds by NT Authority/System due to an interrupted Remote Procedure Call (RPC)"?
The error you've encountered is a symptom of the MSBlaster (LoveSan) worm, which has been around since August 2003. To resolve this error, you first need to use the command
shutdown -a
to stop the system from shutting down so that you can patch the computer and remove the virus. Next, download and install the patch, which is available on Microsoft's Web site at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-026.asp .
To remove running versions of the virus from your PC, open Task Manager, select the Processes tab, then click End Process for all of the following processes:

  • MSBLAST.EXE

  • PENIS32.EXE

  • TEEKIDS.EXE

  • MSPATCH.EXE

  • MSLAUGH.EXE

  • ENBIEI.EXE

To prevent the virus from starting again, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry subkey.

  3. Remove any value that mentions any of the executables listed above.

  4. Close the registry editor.

  5. Open Windows Explorer, search your Windows folder for any of the executables listed above, then remove those files.

  6. If you're running Windows XP, enable the Internet Connection Firewall (ICF) and use Windows Update to keep your system up-to-date.

An automated virus-removal tool that replaces the steps above is available at http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html. (If you use this tool, you'll still need to download and install the patch from the Microsoft Web site.)
Top

How can we prevent Windows XP from logging off the current user when we activate the XP installation?
If XP informs you that the grace period has expired and that you must click Yes to activate the software, the OS can sometimes log off the current user when you click Yes. To resolve this problem, perform the following steps:

  1. Insert the XP installation CD-ROM, then reboot your computer.

  2. When the system prompts you to "Press any key to boot from CD," press a key.

  3. At the main menu, press Enter to set up XP.

  4. Press F8 to accept the license agreement.

  5. Select your current installation location, then press R to repair your installation.

  6. Follow the instructions on screen to perform the repair.

Top

When I attempt to install a program on a Windows XP system that I upgraded from Windows Me or Windows 98 Second Edition (Win98SE), I receive an error. How can I resolve this error?
The full error that you're referring to is
Error 1606. Could not access network location <Common Administrative Tools>.All users\.
To resolve this error, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders registry subkey.

  3. Double-click the Common Administrative Tools registry entry.

  4. Change the value to %USERPROFILE%\Start Menu\Programs\Administrative Tools.

  5. Click OK.

  6. Close the registry editor.

Top

Why does my Windows XP computer crash when I press Ctrl+Alt+Del to unlock the computer?
When you unlock your computer by pressing Ctrl+Alt+Del, XP can crash if both of the following conditions are true:

  • You've installed the Multilingual User Interface Pack.

  • The Language bar was positioned in the upper left area of the screen when you locked the computer.

To work around this problem, move the Language bar away from the upper left corner of the screen before you lock the computer.
Top

Why do I receive an error when I access hardware computer information from the Help and Support application?
The full error that you're referring to is
all.part2 is null or not an object
Corrupt information in the Windows Management Instrumentation (WMI) repository causes this error. To resolve it, perform the following steps:

  1. Start a command-line session.

  2. Stop the WMI service (also known as WinMgmt) by typing
    net stop winmgmt

  3. Delete the Repository folder by typing
    del %windir%\system32\wbem\repository

  4. Press Y to the confirmation.

  5. Restart the WMI service by typing
    net start winmgmt

Top

The Windows Management Instrumentation (WMI) service is returning an error related to initialization of core parts. How can I resolve this error?
The full error that appears in the Windows NT Event Viewer is
WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.
To resolve this error and recreate any missing or corrupt registry entries, perform the following steps:

  1. Start a command-line session.

  2. Unregister any WMI service (also known as WinMgmt) performance libraries by typing
    winmgmt /clearadap

  3. Stop all running copies of the WMI service by typing
    winmgmt /kill

  4. Unregister the WMI service by typing
    winmgmt /unregserver

  5. Register the WMI service by typing
    winmgmt /regserver

  6. Register any WMI service performance libraries by typing
    winmgmt /resyncperf

Top

After I install Microsoft Office 2003, the software prompts me to debug script errors in Microsoft Internet Explorer (IE). How can I turn off this behavior?
The Office 2003 installation can enable IE's script debugging during installation, which can result in dialog boxes that prompt you to debug errors in scripts. To turn off this behavior, perform the following steps:

  1. Open the Control Panel Internet Options applet.

  2. Select the Advanced tab.

  3. Under the Browsing section, select the "Disable script debugging" check box and clear the "Display a notification about every script error" check box.

  4. Click OK.

Top

Why does the system prompt me for a username and password when I use Microsoft Internet Explorer (IE) to open a Microsoft Word document on a computer that has Microsoft Office 2003 installed?
When you open the Word document, IE tries to write the document name to the list of most recently used files. However, before IE can add the document name to the list, it attempts to obtain read/write access to the document, which can result in the username and password request. To resolve this problem, you must configure your system to not add Word documents to the most recently used files list by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Options registry subkey.

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name DontAddToMRUIfURL, then press Enter.

  5. Double-click the new value, then set it to 1.

  6. Click OK.

  7. Close the registry editor.

This problem also exists with Office XP. The solution is the same, except you navigate to the HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Word\Options registry subkey in Step 2 and you must request a patch from Microsoft Product Support Services (PSS--make sure you reference Microsoft article "WD2002: Password Prompt When You Close a Word Document You Opened in a Web Browser," http://support.microsoft.com/?kbid=324328 ). No patch is needed for Office 2003.
Top

Why do I receive the error message "The add-in 'C:\WINDOWS\SYSTEM\Xcolext' could not be installed" when I start Microsoft Outlook 2000?
If you upgrade from Windows 98 to Windows XP, you might receive an error message when you start Outlook 2000. To resolve this problem, perform the following steps:

  1. Start Outlook.

  2. From the Tools menu, select Options.

  3. Select the Other tab.

  4. Click Advanced Options.

  5. Click Add-In Manager.

  6. Clear the XTNDConnectPC check box, then click OK to close all dialog boxes.

  7. Restart Outlook.

If you continue to receive the error message, close Outlook, delete the extend.dat file from your profile (e.g., C:\documents and settings\<user name>\local settings\application data\microsoft\outlook), then restart Outlook.
Top

Windows Movie Maker 1 continues to start on my machine, even after I've installed Windows Movie Maker 2. How can I repair my system so that version 2 always starts?
If version 1 starts after you install Windows Movie Maker 2, perform the following steps:

  1. Start Windows Explorer.

  2. Navigate to the \%systemroot%\registeredpackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9} folder (where %systemroot% is the root of your Windows installation). The folder contains three files.

  3. Copy the three files to the \%programfiles%\movie maker folder (where %programfiles% is your Program Files folder).

  4. Click Yes to overwrite the files.

  5. Navigate to the \%programfiles%\movie maker folder.

  6. Right-click mm20ex.inf, then select Install from the context  menu.

  7. Run moviemk.exe to start Windows Movie Maker 2.

  Top

I'm having problems installing Windows XP. How can I get more information about debugging the installation?
The winnt32.exe executable includes a /debug switch that you can use to configure the amount of logging during setup. The switch lets you specify any of the following debugging levels:

  • 0--only severe errors logged

  • 1--errors

  • 2--warnings

  • 3--information

  • 4--detailed information useful for debugging

Each level logs information about that level plus information about the previous level in the list. So, for example, level 2 would log warnings and errors. By default, the executable writes the debugging information to C:\winnt32.log (the default level used with the switch is level 2). To use the /debug switch, type
winnt32 /debug<level>
where <level> is the level number you want to use. You can change the name of the log file by adding :<file name> to the end of the command. For example,
winnt32 /debug4:C:\setupxp.log
would debug the installation at level 4 and log the information to the setupxp.log file in the root directory.
Top

What log files does Windows XP create during installation?
XP creates the following log files:

  • setupact.log--This log file contains a list of actions in chronological order that occurred during the graphical installation phase, such as file copies and registry changes. The OS also stores setup error log entries in this file. XP writes the setupact.log file to the %systemroot% folder (e.g., c:\windows).

  • setuperr.log--This log file contains a list of errors that occurred during installation and their severity (this log file should be 0 bytes in size if no errors occurred during installation). XP writes the setuperr.log file to the %systemroot% folder.

  • comsetup.log--This log file contains installation information about Optional Component Manager and COM+ components. XP writes the comsetup.log file to the %systemroot% folder.

  • setupapi.log--This log file contains information that XP writes each time a .inf file executes, including any errors. XP writes the setupapi.log file to the %systemroot% folder.

  • netsetup.log--This log file contains information about workgroup and domain membership. XP writes the netsetup.log file to the \%systemroot%\debug folder.

  • setup.log--This log file contains information about the Windows installation that the Recovery Console (RC) uses during repair operations. XP writes the setup.log file to the \%systemroot%\repair folder.

Top

How can I determine which ports a specific process is using on Windows XP and later?
If you want to find out which ports a process is using and you know the process name, you must first determine the process identifier (PID). For example, to identify the PID for the pop3svc.exe process running on my system, I went to the command prompt and typed
c:\< tasklist /fi "IMAGENAME eq pop3svc.exe"
This command returned the following information: 

Image Name   PID    Session Name   Session#    Mem Usage
POP3Svc.exe  3044   RDP-Tcp#9      0           2,072 K
The second column shows the PID, which I can then use with the Netstat command to search all in-use ports. For example, if I type
c:\< netstat -ano | findstr 3044
my system returns the following information: 
TCP     0.0.0.0:110     0.0.0.0:0     LISTENING     3044
This result shows that the POP3 service was using TCP port 110 on all addresses.
You can also perform a reverse operation to find out which process is associated with a port. For example, to identify which process is using port 25, I could go to the command prompt and type
c:\< netstat -ano | findstr :25
On my system, this command returns the following information: 
TCP     0.0.0.0:25     0.0.0.0:0     LISTENING     2500
After I identify the process (in this case, 2500), I can determine the process name by typing
c:\< tasklist /fi "PID eq 2500"
which returns the following information on my system: 
Image Name   PID    Session Name   Session#    Mem Usage
inetinfo.exe 2500   RDP-Tcp#9      0           5,584 K
This information tells me that port 25 is being used by the inetinfo.exe process.
Top

Why can't I see any system updates when I access Windows Update after I perform a clean OS installation?
If no updates are available from the Windows Update Web site, the problem probably relates to the user not having defined a language for use in Microsoft Internet Explorer (IE). To resolve this problem, perform the following steps:

  1. Start IE.

  2. From the Tools menu, select Internet Options.

  3. Select the General tab, then click Languages.

  4. If no languages are listed, click Add.

  5. Select your language from the displayed list, then click OK.

  6. Click OK to close the Language Preference dialog box, then click OK to close the Internet Options dialog box.

You should now be able to see updates on the Windows Update Web site at http://windowsupdate.microsoft.com .
Top

When I use a limited user account in Windows XP to run a program that wasn't written for XP, I experience problems. What's causing these problems?
When you use a limited account, you might encounter any of the following problems:

  • The program doesn't run.

  • The program hangs.

  • You receive notification of runtime error 7 or runtime error 3446.

  • The program doesn't recognize that a CD-ROM is in the CD-ROM drive.

  • The program doesn't let you save, open, or edit files.

  • The program displays a blank error message.

  • You can't remove the program.

  • You can't open the Help file.

These problems occur because the limited user account prevents certain functions from executing. To resolve this problem, contact the program manufacturer for an updated XP version of the program. As a workaround, you can use an Administrator account to run the program by performing the following steps:

  1. Right-click the program shortcut, then select Properties.

  2. From the Shortcut tab, click Advanced.

  3. Select the "Run with different credentials" check box, then click OK.

  4. Click OK to close the Properties dialog box.

Now, when you execute the program shortcut, XP will prompt you to enter the user context in which you want to run the program. Select "The following user" and specify a nonlimited account.

How can I perform a batch action on a list of files from the command line?
You can use the built-in For command to loop through a list of files. If you type the command
for /f "tokens=*" %a in ('dir /b *.*') do echo %a
the command outputs only the name of each file in the current folder, which the 'dir /b *.*' component can do all by itself. However, you can edit the "do" portion of the command to perform a secondary task. For example, you can add the name of a batch file and the %a parameter to call the batch file on each .msg file:
for /f "tokens=*" %a in ('dir /b *.msg') do datetime.bat %a
In addition to outputting the name of each file in the specified folder, this command adds the current date and time to the end of each .msg filename. If you use the command in a batch file, you need to add two percent (%) signs instead of one to access the parameters. For example, if you incorporate the above command into a batch file, you would type it as
for /f "tokens=*" %%a in ('dir /b *.msg') do datetime.bat %%a
Top

How can I move the Active Directory (AD) Global Catalog (GC) to another domain controller (DC)?
You don't actually move the GC between servers. Instead, you simply enable the GC on a new server, then disable the current GC. I explain how to configure a new server as a GC in the FAQ "How do I configure a server as a Global Catalog?" ( http://www.windows2000faq.com/articles/index.cfm?articleid=13375 ).
Keep in mind that if you already have one GC in the domain, you won't want to disable that GC until after your new one has received all the existing GC content. You can check this progress by using Windows NT Event Viewer to view the Directory Services log. Specifically, you'll want to look for event ID 1119, which tells you that the new server is now advertising itself as a GC server. Before event ID 1119 appears, you should see event ID 1110, which is the new server advising you of a delay (typically 5 minutes) before the new server will start advertising.
In summary, enabling a new GC is a three-step process:

  1. Enable the GC on the new server (open the Microsoft Management Console--MMC--Active Directory Sites and Services snap-in, navigate to Sites, select the name of the site that will contain the new GC server, navigate to Servers, select and expand the name of the new GC server, right-click NTDS Settings in the left-hand pane, select Properties, then select the Global Catalog check box).

  2. Wait until event ID 1119 appears in the new GC Directory Services event log.

  3. Disable the GC on the old server (in the Active Directory Sites and Services snap-in, navigate to Sites, select the name of the site containing the old GC server, select and expand the name of the old GC server, right-click NTDS Settings in the left-hand pane, select Properties, then clear the Global Catalog check box).

If you add or remove GCs and you use Microsoft Exchange Server, you must reboot the Exchange servers to let them update the DSAccess topology report and begin using the new GCs--otherwise Exchange won't discover the GCs and use them for DSAccess. To create its AD topology view, DSAccess

  1. calls the Directory Service (DS) Locator service

  2. retrieves a list of all DCs and GCs from the local AD site

  3. contacts each server in the list

  4. caches as many as 10 active DCs and 10 active GCs

  5. reorders the active-GC list so that domain-local GCs are at the top of the list

  6. uses the cached DC and GC server list on a simple round-robin basis for global information lookups.

Top

How can I let users log on to the domain when they can't contact the Global Catalog (GC)?
When a native-mode user logs on to the domain, a GC checks for Universal group memberships. If the user can't contact a GC, the logon will fail. To let users log on even though they can't contact the GC, perform the following steps on the servers that service the client logons:

  1. Start a registry editor (e.g., regedit.exe) on each domain controller (DC).

  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters registry subkey.

  3. From the Edit menu, select New, Key.

  4. Enter the name IgnoreGCFailures, then press Enter.

  5. Close the registry editor.

  6. Restart the DC.

Be aware that performing these steps can cause security problems. For example, imagine that you're a member of the Universal group that's denied access to a particular network resource. If your system can't contact the GC when you log on, your user token won't have the SID of the Universal group. In that case, you might be able to access the denied resource just as if you weren't a member of the Universal group.
Top

How can I configure Windows Server 2003 domain controllers (DCs) to cache Universal group memberships?
During a native-mode domain logon, the logon process reads the Universal group membership from the Global Catalog (GC). You can cache these memberships locally on the DC by performing the following steps:

  1. Start the Microsoft Management Console (MMC) Active Directory Sites and Services snap-in (go to Start, Programs, Administrative Tools, and click "Active Directory Sites and Services").

  2. Select the site for which you want to enable caching.

  3. Right-click NTDS Site Settings, then click Properties.

  4. Select the Enable Universal Group Membership Caching check box, then click OK.

 

Windows 2003 will populate the cache the first time the user logs on and use that cache for future logons. The system will refresh the cache periodically.
Top

How can I remove the Windows 2000 or later Recovery Console (RC)?
To remove a locally installed RC, perform the following steps:

  1. Open Windows Explorer.

  2. Ensure that you can view hidden files (go to Tools, Folder Options; select the View tab; select "Show hidden files and folders"; then clear the "Hide protected operating system files" check box).

  3. Select the root of the partition on which the RC is installed, then delete the Cmdcons folder and the Cmldr file.

  4. Right-click boot.ini on the system partition, select Properties from the context menu, then clear the "Read-only" check box.

  5. Open boot.ini in Notepad.

  6. Remove the line
    C:\cmdcons\bootsect.dat="Microsoft Windows 2000 Recovery Console" /cmdcons

  7. Save the boot.ini file, then close it.

  8. Open Windows Explorer, right-click boot.ini again, select Properties from the context menu, then select the "Read-only" check box.

Top

What's the Windows Server 2003 domain controller (DC) install-from-media function?
When you add a new DC to an existing domain, the new DC typically receives all Active Directory (AD) content from an existing DC on the network. This process can take some time, especially over slow network connections or on very large domains.
With Windows 2003, you can optionally install a new DC to an existing domain by using a system-state backup of an existing DC from the same domain. (You can't use this method to create new domains, however.) The DC backup can reside on CD-ROM, DVD, or a local disk.
Keep in mind that the DC backup must be within the tombstone lifetime of the domain (typically 60 days) and that some replication with DCs will still take place (i.e., to get updates since the backup was taken and updates to the SYSVOL share content).
Top

When I use the Windows Server 2003 domain controller (DC)install-from-media function, how can I back up information from an existing DC to copy to the new DC?
When you use NTBackup to create a system-state backup of the existing DC information, the DC backup will contain the Active Directory (AD) information for the domain. If you back up the system state from a Global Catalog (GC) server, the new DC that you create from the DC backup can also become a GC. To create the DC backup, perform the following steps:

  1. Start NTBackup (go to Start, Programs, Accessories, System Tools, then click Backup).

  2. When NTBackup starts, click Next.

  3. Select "Back up files and settings," then click Next.

  4. Select "Let me choose what to back up," then click Next.

  5. Expand My Computer, select System State, then click Next.

  6. Select a location and a name for the backup, then click Next.

  7. Click Finish to begin creating the DC backup.

  8. After NTBackup finishes creating the backup, click Close.

You'll then have a .bkf file that you can use to create a new DC.

Top

When I use the Windows Server 2003 domain controller (DC) install-from-media function, how can I restore information from the DC backup?
Assuming you've created a .bkf file from a DC in the same domain as the server that you want to promote, perform the following steps:

  1. Log on to the Windows 2003 server that you want to promote to a DC.

  2. Start NTBackup (go to Start, Programs, Accessories, System Tools, then click Backup).

  3. When NTBackup starts, click Next.

  4. Select "Restore files and settings," then click Next.

  5. Click Browse, select the backed up file, then click OK.

  6. Select the System State check box, then click Next.

  7. Click Advanced.

  8. Under "Restore files to:," select "Alternate location," specify the new location (e.g., C:\temp\sysstate), then click Next.

  9. Click Next until the final dialog box appears, then click Finish.

  10. Click Close once to complete the restore.

After the restore is complete, you'll see an Active Directory (AD) folder in the restore location. The AD folder contains the ntds.dit file, which is the storage file for the AD content, and a corresponding log file. The only folders you need to promote a DC are the AD and Registry folders. Top

How can I use the Windows Server 2003 domain controller (DC) install-from-media function to promote a Windows 2003 server to a DC?
After you create a system-state backup of an existing DC in the same domain as the server you want to promote and restore that backup to a location accessible to the server (e.g., local hard disk, CD-ROM, DVD) that you're promoting, perform the following steps:

  1. Start Dcpromo in advanced mode--go to Start, Run, then type
    dcpromo /adv

  2. When the introduction screen appears, click Next.

  3. When the compatibility screen appears, click Next.

  4. Select "Additional domain controller for an existing domain," then click Next.

  5. Select "From these restored backup files," browse to the location of the system-state restoration, then click Next.

  6. If the restoration was from a DC that served as a Global Catalog (GC) server, Dcpromo will ask you whether the new DC should be a DC. Make your selection, then click Next.

  7. Enter the name of a domain administrator account in the new DC's domain, then click Next.

  8. Enter the locations in which you want to store the Active Directory (AD) information, then click Next.

  9. Enter a location in which you want to store SYSVOL, then click Next.

  10. Enter a restore mode password in both boxes, then click Next.

  11. On the summary screen, click Next to begin the promotion process.

  12. After the DC promotion is complete, click Finish.

  13. Click Restart Now.

Top

How can I configure an answer file to use with the Windows Server 2003 domain controller (DC) install-from-media function to promote a Windows 2003 server to a DC?
To use an answer file when promoting a DC by using the install-from-media function, you must add the following two lines to your answer file:
ReplicateFromMedia=yes ReplicationSourcePath=c:\NTDSRestore
The second line must contain the path to the location of the DC backup restored files. For example, an answer file might look like 

[Unattended]
Unattendmode=fullunattended

[DCINSTALL]
UserName=<domain admin account>
Password=<password for domain account>
UserDomain=<domain name>
DatabasePath=c:\windows\ntds
LogPath=c:\windows\ntds
SYSVOLPath=c:\windows\sysvol
SafeModeAdminPassword=<new password for safe mode>
CriticalReplicationOnly=No
SiteName=<name of site for the domain controller>
ReplicaOrNewDomain=Replica
ReplicaDomainDNSName=<existing DNS domain name>
ReplicationSourceDC=<existing domain controller in domain>
ReplicateFromMedia=yes
ReplicationSourcePath=c:\NTDSrestore
RebootOnSuccess=yes

To use this answer file, enter the command
dcpromo /adv /answer:<filename>
Be aware that if you use an answer file for a second time to perform another unattended installation, the passwords will be blank and you'll be prompted to reenter them. The Dcpromo process removes the passwords from the file each time for security reasons.
Top

How can I stop Microsoft Internet Explorer (IE) from creating the Links folder under the Favorites menu?
If you delete the Links folder under Favorites, IE will recreate the folder when you restart the browser. To permanently delete this folder and prevent IE from recreating it, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar registry subkey.

  3. Double-click the LinksFolderName value.

  4. Clear the value data, then click OK.

  5. Start IE and delete the Links folder from the Favorites menu.

or

  1. Start Windows Explorer.

  2. Go to your user profile area (e.g., C:\documents and settings\john).

  3. Open the Favorites folder.

  4. Right-click the Links folder, then select Properties from the context menu.

  5. Select the Hidden check box, then click OK.

  6. Start IE and delete the Links folder from the Favorites menu.

Top

How can I stop Internet page links from opening in my Microsoft Internet Explorer (IE) session?
If IE is open on your system and you click a hyperlink to a Web page from another application in Windows (e.g., from an email message, from the Run command), Windows will attempt to open the Web page in your existing IE session. To prevent this behavior and force Windows to open a new IE session, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main registry subkey.

  3. Double-click the AllowWindowReuse value.

  4. Set the value data to 0 to force Windows to open a new IE session, then click OK (setting the value to 1 will let Windows use an existing IE session).

  5. Close the registry editor.

  6. Log off and log on for the change to take effect.

Top

How can I change the default ActiveX component download location?
By default, when Microsoft Internet Explorer (IE) installs an ActiveX control on your machine, Windows stores the component in the \%systemroot%\downloaded program files folder (e.g., C:\windows\downloaded program files). To change this location, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings registry subkey.

  3. Double-click the ActiveXCache value, change the path in the value data to a new location, then click OK.

  4. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache registry subkey.

  5. Double-click the 0 value, change the path in the value data to the same location you specified in Step 3, then click OK.

  6. Restart IE for the changes to take effect.

Valid registry values can be a folder on the local hard disk, a Universal Naming Convention (UNC) location, or a mapped network drive. However, be aware that running the ActiveX cache from a network location can degrade performance.
Top

How can I disable the Microsoft Internet Explorer (IE) script debugger?
If you run a script in IE that results in an error, IE gives you the option to debug the script. To disable this option, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main registry subkey.

  3. Double-click the Disable Script Debugger value.

  4. Set the value data to "yes" to disable the script debugger, then click OK (setting the value to "no" enables the script debugger).

  5. Restart IE for the change to take effect.

Top

How can I replace the background image in Windows Messenger?
Windows Messenger includes a background image of two bobble men. You can replace this .gif image with any image that will fit in the display. To replace the .gif image, perform the following steps:

  1. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService registry subkey, then double-click the InstallationDirectory value to verify the location of your Windows Messenger installation (by default, this location is C:\program files\messenger).

  2. Use an imaging program, create the background image that you want to use.

  3. Save the image you created as a .gif file named ivback.gif, and put the file in the Windows Messenger folder.

  4. Restart Windows Messenger for the change to take effect.

Top

Why can't I successfully deploy a Sysprep image containing the Recovery Console (RC) on my client computers?
If you install the RC as part of a Sysprep image, then deploy the image to client computers, the RC might fail to start on those client machines. The RC doesn't rely on the standard NT Loader (NTLDR) boot file or the standard boot sector. Instead, Sysprep uses a virtual boot sector in the bootsect.dat file, which is a copy of the boot section of the system partition. Because the bootsect.dat file is unique to each computer and is based on the machine's hard disk structure, the RC will most likely fail because you haven't configured bootsect.dat for that particular client. To resolve this error, reinstall the RC on each machine. For future installations, you can put the
winnt32 /cmdcons /unattend
command in the [GuiRunOnce] section of your unattend.txt file to automate installation of the RC.
Top

Why does System File Checker overwrite hotfixes on my Windows 2000 installation?
System File Checker replaces corrupt or missing protected files and refreshes corrupt or missing DLL cache components with the latest files from the installation media, service packs, or hotfix and patch locations, whichever was registered most recently. Because System File Checker overwrites existing hotfixes and patches, you have to reapply them after you run the
sfc /scannow
command. Microsoft has corrected this behavior in all Win2K Service Pack 4 (SP4) and later hotfixes and patches, which now register themselves in such a way that System File Checker can "see" them during file-restoration operations.
Top

What's Network Address Translation (NAT)?
NAT lets organizations hide their internal IP addresses and provides a means for connecting many more computers over TCP/IP than would be possible if every computer that accessed the Internet needed its own IP address. An organization or a site within an organization that uses NAT can use almost any IP address internally for any purpose, with the exception of a few IP address ranges that are reserved for internal network use (for information about these IP ranges, see the FAQ at http://www.windows2000faq.com/articles/index.cfm?articleid=14985 ).
Unlike machines on your internal network that can use just about any IP address, machines that connect to the Internet must use allocated (i.e., registered) IP addresses. However, you can use a NAT gateway to connect any machine on your internal network to the Internet. The gateway will communicate with the outside world on the internal machine's behalf and forward responses from the Internet to the originating machine on your internal network.
For example, if a company has 20 computers that all need Internet connectivity, you'd need to register 20 different IP addresses. However, if you used a NAT gateway, you'd need to register only one IP address for the gateway machine that connects to the Internet. (In practice, you'd probably establish several NAT gateways for fault tolerance and load-balancing purposes.) Then, you'd simply channel the other 19 machines through the gateway server. The figure at http://www.windows2000faq.com/articles/index.cfm?articleid=39743 illustrates how the three components (the internal network using an internal IP address subnet, the NAT with a registered Internet IP address, and the Internet) fit together.
The use of NAT has grown in popularity because the use of TCP/IP has grown in popularity. The original TCP/IP address format is based on a 32-bit structure, which provides 4,294,967,296 possible IP addresses. (Fewer addresses are actually available because certain classes or sets of addresses are allocated and reserved for specific purposes.) Because the need for new IP addresses is constant, we'll eventually run out of available addresses based on the original 32-bit format. In recognition of this shortcoming, the Internet Engineering Task Force (IETF) has prepared IPv6, which is the next-generation Internet protocol and will use a 128-bit format to provide an astronomical number of addresses (i.e., 3.4 x 10^38). The new protocol also does a better job than the current addressing scheme of concealing your internal IP address structure.
Top

What types of Network Address Translation (NAT) exist?
Three main types of NAT exist. In order of complexity (from simple to complex), they are

  • static NAT--With this type of NAT, a NAT router maintains a table that associates each internal IP address with a corresponding external allocated (i.e., registered) Internet IP address. With static NAT, you must register an IP address for every machine that connects to the Internet. This approach isn't used very often because it doesn't save on registering IP addresses. However, static NAT can be useful for making devices accessible from the Internet--the external IP address will always point to the internal address stored on the NAT router.

  • dynamic NAT--With dynamic NAT, a NAT router maintains a list of registered Internet IP addresses. Every time an internal client tries to access the Internet, the router maps it to one of the registered IP addresses that isn't currently in use. As a result, you need registered IP addresses only for the number of concurrent Internet  users.

  • single-address NAT/overloading/masquerading/Network Address Port Translation (NAPT)--With this type of NAT, a NAT router has only one registered IP address. The NAT router maps each internal client that needs to communicate with the Internet to a different port from the registered IP address. The router writes the address request in the form x.x.x.x:y--for example, 10.0.0.1:100 would be IP address 10.0.0.1, port 100. Responses from the Internet include the originating port so that the router knows which internal IP address to map the response to.

The figure at http://www.windows2000faq.com/articles/index.cfm?articleid=39744 illustrates the use of single-address NAT. The NAT router in the figure maintains a translation table that specifies the port that each internal IP address uses for external communication, as follows: 

Internal Address   External Address
================   ================
10.0.0.1           14.1.23.5:62450
10.0.0.2           14.1.23.5:62451
10.0.0.3           14.1.23.5:62452
10.0.0.4           14.1.23.5:62453
This type of NAT is the most popular form used.
Top

What's the IPSec/L2TP NAT-T update for Windows XP and Windows 2000?
The IPSec/L2TP NAT-T update is a Microsoft update for Layer Two Tunneling Protocol (L2TP) and IP Security (IPSec) for XP and Win2K. This update lets you operate VPN clients behind Network Address Translation (NAT) software or hardware. The update is available from the Windows Update Web site and requires XP Service Pack 1 (SP1) or later or Win2K SP3 or later.
After you install the update, clients behind the NAT device will be able to create IPSec connections and monitor those connections through the updated monitoring tool that installs as part of the update. For more information, see the Microsoft article "L2TP/IPSec NAT-T Update for Windows XP and Windows 2000" ( http://support.microsoft.com/?kbid=818043 ).
Top

After I upgraded my hard disk to NTFS under Windows XP, my computer displays an ntfs.sys "missing or corrupt" error and fails to start. How can I resolve this error?
The full error you receive on start-up is
Windows could not start because the following file is missing or corrupt: System32\Drivers\Ntfs.sys
To resolve this error, you need to use the Recovery Console (RC) to replace the ntfs.sys file by performing the following steps:

  1. Insert the XP installation CD-ROM and reboot your machine.

  2. When the installation menu appears, press the R key to start an RC session.

  3. When prompted, select the installation and enter the Administrator password.

  4. At the console, navigate to the system32\drivers folder, assuming your Windows folder is called "windows," by typing
    cd \windows\system32\drivers

  5. Rename the current ntfs.sys file by typing
    ren ntfs.sys ntfs.bad

  6. Copy the ntfs.sys file from your installation CD-ROM to your current location by tying
    copy <drive letter>:\i386\ntfs.sys .
    Be sure you include the period at the end of the command to instruct your system to use the current location.

  7. Remove the XP installation CD-ROM, then restart your machine.

Top

Why does the Disk Cleanup tool in Windows XP and Windows 2000 hang when I try to start it?
A corrupt temporary file can often cause the Disk Cleanup utility to hang. To resolve this problem, try deleting all temporary files on your computer by performing the following steps:

  1. Close all running applications.

  2. From the Start menu, click Run and type
    %temp%
    to open the Temp folder on your computer.

  3. Type Ctrl+A or from the Edit menu click Select All to select all the files, press Delete, then click Yes to the confirmation.

  4. Close Windows Explorer.

  5. Open the Control Panel Internet Options applet.

  6. Select the General tab, then click Delete Files.

  7. Select the "Delete all offline content" check box, then click OK.

You should now be able to run the Disk Cleanup tool.
Top

How can I use the registry to change the amount of disk space that Microsoft Internet Explorer (IE) uses to store temporary files in the Temporary Internet Files folder?
To change the amount of space that IE uses to store temporary Internet files, you typically open the IE Tools menu, select Internet Options, select the General tab, then click Settings under the "Temporary Internet files" section. However, you can also adjust this setting in the registry by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content registry subkey.

  3. Double-click CacheLimit, change the Base to Decimal, enter the amount of space you want to use for temporary Internet files (in kilobytes) in the "Value data" field, then click OK.

  4. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Content registry subkey.

  5. Double-click CacheLimit, change the Base to Decimal, enter the same value you entered in Step 3, then click OK.

  6. Close the registry editor.

The next time that IE starts, it will use the new size for the Temporary Internet Files folder. Top

How can I configure Microsoft Internet Explorer (IE) to empty the Temporary Internet Files folder when I close the browser?
Temporary Internet files are essentially a log of everything you've viewed on the Web. To clear the Temporary Internet Files folder when you close the browser, perform the following steps:

  1. Open the IE Tools menu, then select Internet Options.

  2. Select the Advanced tab.

  3. Scroll down to the Security section.

  4. Select the "Empty Temporary Internet Files folder when browser is closed" check box, then click OK.

You can also use the registry to configure IE to empty the Temporary Internet Files folder upon exiting the browser by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache registry subkey.

  3. Double-click Persistent, set its value to 0, then click OK.

  4. Close the registry editor, then start IE for the change to take effect.

Remember that although you can configure IE to automatically empty the Temporary Internet Files folder each time you close the browser, your History log will still list the sites you've visited, so you might want to also manually clear this setting each time (go to the Tools menu, select Internet Options, select the General tab, then click Clear History).
Top

What's the Trinity Rescue Kit?
The Trinity Rescue Kit is a Linux distribution on a bootable CD-ROM that contains everything that you need to rescue or repair dead or damaged Linux or Windows systems. The kit, which you can download for free at http://trinityhome.org/trk , is based on Mandrake Linux 9.1 binaries.
When you start the CD-ROM, you'll see a splash-screen Linux Loader (LiLo) boot menu with a few options to specify how the startup procedure should behave. The default configuration will work in most cases, but the rescue kit also gives you the option to specifically search for PC Card network adapters or USB Ethernet adapters, run extra scripts from a 3.5" disk, or even customize the way the CD-ROM boots (e.g., load a Belgian keyboard, detect all USB Ethernet adapters, use DHCP to locate an IP address, mount all file systems found on the local computer). After you boot the rescue kit, you can access tools to help you address the most common problem scenarios.
The rescue kit will typically attempt to detect onboard network adapters and use DHCP to obtain an IP address. If the rescue kit is successful at both tasks, you can then transfer files to an FTP, Secure Shell (SSH), or Windows server. For example, if you need to rescue files from a crashed Windows 2000 system, you'll be able to mount the partition, read the files, and copy them somewhere safe on your LAN.
If you accidentally delete files from an NTFS partition, you can use the included Ntfsundelete utility to recover those files. You can use the Winpass shell script, which uses a GNU Windows registry editor called Chntpw, to reset Windows passwords without having to know Linux. The script searches for any available local Windows installations, asks you which installation you want to reset the password for, then starts Chntpw.
You can use the included Virusscan shell script to scan for viruses. The script calls a free version of FRISK Software International's F-Prot Antivirus and scans every local disk; the script also presents you with the option to first fetch the latest antivirus definitions from ftp://ftp.f-prot.com .
Top

What alternatives do I have to Windows 2000 Server Terminal Services?
SourceForge has released Thinstation, a free Linux distribution that runs on any x86 box that has at least 16MB of RAM. Thinstation supports the following protocols:

  • Windows 2000 Server Terminal Services (RDP)

  • Citrix Systems' Citrix ICA

  • X-Terminal (XDM)

  • TightVNC

  • Secure Shell (SSH)

  • Telnet

  • Tarantella

The software lets you run thin-client sessions on older systems, giving your users access to the latest applications and helping you get a few more years of service out of your machines. Additional information about Thinstation is available at http://sourceforge.net/projects/thinstation .
Top

How can I prevent users from disabling the Remote Desktop Sharing settings in Microsoft Windows NetMeeting?
NetMeeting's Remote Desktop Sharing feature lets you gain control of another person's desktop, which is useful for Help desk personnel who need to see what's happening on a user's computer. However, users can easily turn off this feature. To prevent users from turning off Remote Desktop Sharing, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Conferencing\Mcpt registry subkey.

  3. From the Edit menu, select New, String Value.

  4. Enter the name Nx, then press Enter.

  5. Double-click the new value, set it to 1, then click OK.

Users with typical access privileges will no longer be able to access the Remote Desktop Sharing option under the NetMeeting Tools menu. This setting doesn't affect an administrator's ability to turn off Remote Desktop Sharing.
Top

How can I print to a USB printer from the command prompt?
You typically print to a parallel-port printer by copying a file to the lpt1: device. Because USB devices don't connect through an LPT device, you can't take the same approach to print to a USB printer from the command prompt. However, you have several options that will work.
If a network adapter is connected to your network, you can share the printer with another machine on the network and map the printer to LPT2 or LPT3. For example,
net use LPT2 \\<machine>\<printer share> /yes
shares the printer on LPT2. By sharing the printer, you can copy files from the command prompt to the printer on that port.
If you don't have a network adapter, you can install the Microsoft loopback adapter, which emulates a network adapter, create a printer share on your machine, then use the Net Use command to print to the printer share.
Alternatively, if the USB printer is your machine's default printer, you can use Microsoft Notepad to print an ASCII file to the printer. For example,
start /min notepad /P <filename>
prints the file from Notepad to the printer, where "filename" is the name of any file that you can open in Notepad that you want to print. You don't have to include "start /min" for this technique to work, but you'll want to include this command if you're printing from a batch file to minimize the command window while the batch file runs. Otherwise, the Notepad executable will steal focus away from the batch file that issues this command and could stall the batch file after printing is finished. To continue processing the batch file, you'd need to click the command window.
If none of the above techniques are suitable for your particular situation, check out the DOSPRN shareware utility available at http://www.dosprn.com . DOSPRN lets you print to any printer from the command line.
Top

What's Mozilla?
Mozilla is an alternative to Microsoft Internet Explorer (IE) that's recently undergone some big enhancements. You can download the latest version (Mozilla 1.4) or get the lean version (Mozilla Firebird 0.6) at http://www.mozilla.org . Mozilla Firebird doesn't require installation--you just unzip the downloaded package to a folder and run the software from there.
Some of Mozilla's features include

  • tabs to load multiple Web sites instead of opening separate instances of the application for each Web site

  • a built-in pop-up ad blocker

  • tools to better control information that the browser receives, such as a tool that prevents Web sites from modifying the Web browser status bar, which typically displays the Web site address

  • a search box for searching public search engines, such as Google

  • automatic import of IE bookmarks

  • support for all leading standards (e.g., HTML) and plugins

After using Mozilla for a day, I was impressed by its clean interface, speed, and flexibility. I particularly liked the tabbed browsing feature. Give it a look.
Top

What keyboard shortcuts can I use with Microsoft Internet Explorer (IE) 6 and Mozilla Firebird 0.6?
For a list of the most popular keyboard shortcuts for both browsers, see the table at http://www.windows2000faq.com/articles/index.cfm?articleid=39608 .
Top

Why do I receive an error on start-up that says the system can't find system32.exe in my system32 folder?
More than likely, your machine was infected by the system32.exe virus, which your antivirus software removed without removing the startup entry in the registry. To resolve this error, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry subkey.

  3. Select the "Explorer.exe C:\Windows\system32\system32.exe" entry, then click Delete (the path for this registry entry might be slightly different on your machine, depending on the folder in which you installed Windows).

  4. If you see a registry entry for cmd32.exe, remove it as well.

  5. Click Yes in the confirmation dialog box.

If you can't find the registry entry I describe in Step 2, review the FAQ at http://www.windows2000faq.com/articles/index.cfm?articleid=14554 for a list of other registry locations you can search.
Top

Why do I receive a warning in the event log that a provider has registered in the Windows Management Instrumentation (WMI) namespace?
The message you describe reads
A provider, <name>, has been registered in the WMI namespace, <namespace>, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
A sample <name> would be OffProv (for Microsoft Office) and a sample <namespace> would be Root\MSAPPS. Although this warning sounds serious, it's an informational message letting you know that WMI has received a registration for a new provider that will run with elevated privileges (SYSTEM). If you're satisfied that this component can run safely with these privileges, you can ignore this message. Otherwise, you might want to uninstall the provider component or contact the provider's manufacturer.
Top

How can I retrieve core Windows files that I've deleted?
Although you can manually copy the files from the Windows installation media, you're probably better off using the System File Checker utility that ships with Windows 2000 and later. If you've changed your configuration since you installed Windows and your installation media is now available at another location, you'll need to perform the following steps before you run System File Checker:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion registry subkey.

  3. Change the Sourcepath value to point to the installation media's new location (e.g., D:\i386).

  4. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup registry subkey.

  5. If the Sourcepath value is listed, change the value here also to point to the installation media's new location.

To use System File Checker, perform the following steps:

  1. Insert the Windows CD-ROM installation media.

  2. From the Start menu, select Run.

  3. Enter
    sfc /scannow
    to start the System File Checker process and check all core files. The utility will replace any missing core files and make sure all the files are up-to-date.

Top

How can I quickly determine whether a domain controller (DC) is available for a specific domain?
To quickly check for a DC in a specific domain, go to the command prompt and type
nltest /dsgetdc:<domain name>
If your search is successful, the system will display information about that DC. For example,
C:\>nltest /dsgetdc:savilltech DC: \\TITANIC
Address: \\200.200.200.1
Dom Guid: 9819e7e4-7beb-41d9-9923-dac38b1d342a
Dom Name: SAVILLTECH
Forest Name: ADS.SAVILLTECH
Dc Site Name: UK
Our Site Name: UK
Flags: DS LDAP KDC TIMESERV WRITABLE DNS_FOREST CLOSE_SITE
The command completed successfully
If your search fails, you'll receive a failure notice, such as
C:\>nltest /dsgetdc:test1
DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
Top

Why does Microsoft Outlook take several minutes to start on my machine?
Several factors can delay Outlook's start time. To troubleshoot this problem, begin by starting Outlook in Safe mode. Go to Start, Run, then  type
outlook /safe
If Outlook starts quickly in Safe mode, the problem is most likely one of the following:

  • The outcmd.dat file in the application data\microsoft\outlook folder is corrupt. Rename or delete this file while Outlook is closed. When you restart Outlook, the folder will be recreated.

  • The view is corrupt. Start Outlook from the command prompt by typing
    outlook /cleanview
    to fix this problem.

  • A message in the Inbox is corrupt. Start Outlook in Safe mode, then move the Inbox messages to another folder. Be aware that you'll lose your mailbox contents.

  • An Outlook add-in is causing the problem. Open the Tools menu; select Options, Other, Advanced Options; click COM Add-Ins; click Add-In Manager; then clear all add-in check boxes.

If Outlook doesn't start quickly in Safe mode, you can also try to disable Windows Messenger integration. To do so, open the Tools menu; select Options, Other; then clear the "Enable Instant Messaging in Microsoft Outlook" check box.
Top

How can I request a read receipt from Microsoft Outlook?
A message sender can configure Outlook to receive a read receipt, which is a message sent to the sender when the recipient opens the message. To request a read receipt, perform the following steps:

  1. Create a new message as usual.

  2. From the View menu, select Options.

  3. Under "Voting and Tracking options," select the "Request a read receipt for this message" check box.

  4. Click Close.

Top

Why didn't I receive a read receipt after I sent a message that requested one in Microsoft Outlook?
You might not receive a read receipt for several reasons. When you send a message in Outlook that requests a read receipt, the message recipient can decide whether to confirm receipt of the message; if the recipient chooses No, you won't receive a read receipt. If the recipient used a preview pane to read the message, then deleted the message without actually opening it, the recipient's email client won't prompt the recipient to send the read receipt. Finally, you won't receive a read receipt if the recipient doesn't read the message or if the recipient's email client doesn't support read receipts.
Top

What's Windows XP's MS-DOS command prompt?
XP, Windows 2000, and Windows NT don't contain DOS, although XP can create DOS-bootable disks. All three OSs support the cmd.exe command shell, which lets you run NT-equivalent DOS commands. In XP, go to Start, Programs, Accessories or click Start, Run, then type
cmd.exe
to start the command shell. For earlier application support, you might want to try the command.com shell, which is more compatible with MS-DOS than cmd.exe is. In XP, click Start, Run, then type
command.com
to start the command.com shell. Command.com can call autoexec.bat and config.nt, both of which are in the \windows\system32 directory, just as MS-DOS calls autoexec.bat and config.sys. If you're having trouble running your old DOS command-line programs from the cmd.exe environment, try running them inside a command.com shell.
Top

I printed a document to a file. How do I output the file to a printer?
When you printed your document to a file, you created either a .prn file or .ps file, depending on whether you used a Printer CL (PCL) or PostScript print driver. To print the file, go to Start, Run, then type
copy <file> lpt1: /b
to copy the file to the "lpt1:" device in binary mode. For information about checking the state of your "lpt1:" device, see "How can I print from the command window /use lpt1 etc?" ( http://www.windows2000faq.com/articles/index.cfm?articleid=14541 ).
Top

How can I make available to all users a program that I installed in Windows XP or Windows 2000 to be accessed only by myself?
Some software installations will ask you whether the software you're installing should be accessible only by you or available to all users. If you initially configure the software to be accessible only to you, you can usually make it available to all users by taking several steps. First, look at the Start menu items. The Start menu items for each user are in that user's profile menu (e.g., C:\documents and settings\savill\start menu\programs). The Start menu items for all users are at C:\documents and settings\all users\start menu\programs. As a result, you can open Windows Explorer and drag the program's link folder from your Start Menu folder to the All Users\Start Menu folder. Be aware that although moving the folder to the All Users\Start Menu folder will let other users view the Start Menu item, they might not be able to actually start the program. You might be able to rectify this problem by adjusting the file Write permissions.
If the program needs to write files to the program's file system area, which typically resides at \%systemdrive%\program files\<vendor>\<application>, you might need to adjust the file Write permissions for all users so that they have access to this file-system area. To configure file Write permissions, right-click the appropriate folder in Windows Explorer, select "Sharing and Security" (or the equivalent for your OS), then change the permissions to grant Full Control access for the other users. Alternatively, go to the command line and type
cacls "%systemdrive%\program files\<vendor>\<application>" /e /t /p <user>:c
to set file Write permissions for a particular program. (To undo these permissions, run the command again but replace "<user>:c" with "<user>:r".)
If other users still can't access your program, open the registry, navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\<vendor>\<application> registry subkey, then use Edit, Permissions to grant full control to the other users. In most cases, just moving the program to the All Users\Start Menu folder should be enough.
Top

I have so many updates to install from Windows Update that I can't accept the licensing agreement because it doesn't appear on screen. How can I click Accept?
After you select the updates that you want to install, click Install Now to display a dialog box in which you can click Accept to proceed. If too many updates are available for installation, the Accept button might not appear on screen. If that's the case, you can press Tab once, then press Enter. Alternatively, you can close the dialog box and select fewer updates to install at a time.
Top

Why does the dluca.exe process appear to be using a large amount of resources on my computer?
Dluca.exe is an adult material dialer process that can use a large amount of resources. You can safely remove this process, and after you do, your system resource use should drop. To remove dluca.exe under Windows XP, delete the \%systemroot%\system32\msinstall\dlu32\dluca\ folder, then open Msconfig and navigate to the Startup tab to remove any dluca.exe startups. For other OSs, use the registry editor and delete any entries under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run registry subkeys.
Top

Why do I receive an error that reads "WJVIEW error, Could not execute Main"?
Wjview lets you view window-based Java applications. You might receive an error message if Wjview attempts to start an application on your system that no longer exists. To check this under Windows XP, perform the following steps:

  1. Start Msconfig.

  2. Select the Startup tab.

  3. Scan the list for any entries that contain "wjview."

  4. If you find any "wjview" entries, try disabling the Wjview startup component and locate any associated folders identified in Msconfig that you might need to delete to determine whether that solves the problem.

To delete the "wjview" entries rather than disabling them (and to check under non-XP OSs), perform the following steps:

  1. Open a registy editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    and
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    registry subkeys.
    Remove the invalid "wjview" entries.

Top

How can I clear the temporary Internet files in Microsoft Internet Explorer (IE)?
When you visit a Web page, IE caches the page contents to disk so that the next time you visit the page, IE can read certain elements (e.g., images) from the local disk instead of having to download them again. This functionality also lets you view pages you've looked at before, even if you're not connected to the Web.
IE stores the files in the \%userprofile%\Local Settings\Temporary Internet Files folder (e.g., C:\Documents and Settings\john\Local Settings\Temporary Internet Files). Although you can delete the content directly, which also removes all your cookies, the Microsoft-supported method is as follows:

  1. Go to the Control Panel Internet Options applet (or open IE, then select Internet Options from the Tools menu).

  2. Under the "Temporary Internet files" section on the General tab, click Delete Files. You can also select the "Delete all offline content" check box on the Delete Files dialog box to delete offline files.

  3. Click OK to return to the main dialog box.

If you haven't previously deleted the temporary files, the delete process might be time consuming because it might need to delete thousands of small files.
Top

How can I adjust the amount of space that Microsoft Internet Explorer (IE) reserves for temporary Internet files?
To modify the amount of space that IE uses for temporary files, perform the following steps:

  1. Go to the Control Panel Internet Options applet (or open IE, then select Internet Options from the Tools menu).

  2. Under the "Temporary Internet files" section, click Settings.

  3. Under the "Temporary Internet files folder" area, move the slider or enter the amount of space to use (in megabytes), then click OK.

  4. Click OK to return to the main dialog box.

Top

How can I modify the date format on a Windows machine for new users?
New users inherit the date format values that were established for the default user when Windows was installed on the machine. To modify the date format (e.g., so that the date appears as day/month/year instead of month/day/year), perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_USERS\.DEFAULT\Control Panel\International registry subkey.

  3. Double-click sShortDate.

  4. Set the value to the date format desired (e.g., dd/mm/yyyy), then click OK. You can also modify the sLongDate value to change the long date format (e.g., dd/mmmm/yyyy), then click OK.

  5. Close the registry editor.

Top

How can I defragment the hiberfil.sys file in Windows 2000 and later?
Windows uses the hiberfil.sys file for system hibernation. By design, the OS's built-in disk defragmenter utility and most third-party products, such as Executive Software's Diskeeper, won't defragment hiberfil.sys when you attempt to optimize the disk that contains the file. However, Sysinternals' free PageDefrag tool does defragment the file. If you don't want to use a third-party product to defragment hiberfil.sys, you can delete the hibernation file, defragment the disk, then recreate the hibernation file by performing the following steps:

  1. Start the Control Panel Power Options applet.

  2. Select the Hibernate tab.

  3. Clear the "Enable hibernation" check box, then click OK to delete the hiberfil.sys file.

  4. Start your defragmentation program to defragment the disk.

  5. After defragmentation is finished, start the Power Options applet.

  6. Select the Hibernate tab.

  7. Select the "Enable hibernation" check box, then click OK to create the hiberfil.sys file.

Other files that the Windows disk defragmenter utility doesn't defragment are

  • Bootsect.dos

  • Safeboot.fs

  • Safeboot.csv

  • Safeboot.rsv

  • Memory.dmp

  • Files in the Recycle Bin (so it's a good idea to empty the Recycle Bin before you defragment a disk)

  • Pagefile.sys (third-party products can defragment this file)

  • Files that are in use when you run the disk defragmenter utility (so it's a good idea to shut down all running programs and any unneeded services before you run the utility)

If the disk that you're defragmenting has less than 15 percent free space available, the disk defragmenter won't completely defragment the volume; instead, the utility will complete only a partial defragmentation. Also, you can't defragment a drive that's marked as possibly having errors (run
chkdsk <drive>: /f
to resolve this problem).
Top

Can I use Microsoft's Bluetooth keyboard and mouse adapter to connect other Bluetooth devices?
No, the type of adapter on Microsoft's Bluetooth keyboard and mouse is suitable only for mouse and keyboard connectivity. Additional information about this type of Bluetooth adapter (i.e., TDK Systems' USB Bluetooth Adaptor) is available at http://www.tdksystems.com (follow the links to "products," Bluetooth).
Top

Why did the volume control icon disappear from my taskbar notification area in Windows XP?
To display the volume icon in the taskbar notification area, you must select the "Place volume icon in the taskbar" check box in Control Panel Sounds and Audio Devices applet. If, when you try to select this check box, you receive the error
Error
Windows cannot display the volume control on the taskbar because the
Volume Control program has not been installed. To install it, use
Add/Remove Programs in Control Panel.
 you need to copy the sndvol32.exe image from your commercial XP installation media (not a vendor-supplied "recovery" CD-ROM) to the system32 folder by performing the following steps:

  1. Start a command session.

  2. Navigate to the CD-ROM drive by typing
    <cd drive>:

  3. Navigate to the i386 folder by typing
    cd i386

  4. Expand the sndvol32.ex_ file by typing
    expand -r sndvol32.ex_ %systemroot%\system32

Top

How can I display seconds as part of the current time displayed in the taskbar?
The taskbar displays only the hour and minutes for the current time. This behavior dates back to the days of Windows 95, when displaying the seconds was deemed to be too CPU intensive. You can't use Windows to display seconds, but you can use one of several third-party utilities, such as Tclock2 ( http://home.inreach.com/2tone/tclock2/tclock2.htm ), which adds the date and seconds and is fully configurable.
Top

Why does Windows's Disk Cleanup utility freeze when I start it?
The Disk Cleanup utility frees up space on a volume. To access the utility, open My Computer, right-click the drive you want to work on, click Properties, then select Disk Cleanup from the General tab. If the program hangs the system, the problem is most likely caused by the Disk Cleanup Wizard checking for all files older than 50 days that it can compress. Disabling this behavior might improve the performance. To disable the behavior, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Compress
    old files registry subkey, then select it.

  3. From the File menu, select Export.

  4. Enter a filename and location, then click Save.

  5. Delete the "Compress old files" registry subkey.

  6. Close the registry editor.

Alternatively, you can paste the following text in a file named nodiskchkcompress.reg and double-click the filename to run it:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Compress old files]
To enable the compressible-file check, you can run the .reg file you created in Step 4. If you didn't save the file in Step 4, you can paste the following text into a file to recreate the original .reg file:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Compress old files]
@="{B50F5260-0C21-11D2-AB56-00A0C9082678}"
"Priority"=dword:0000012c
"StateFlags"=dword:00000000
 Top

When I ran disk defragmentation on a volume containing Microsoft Volume Shadow Copy Service (VSS) snapshots, some of my old VSS snapshots were lost. Can I restore them?
The VSS snapshot (aka Shadow Copy) creation process copies 16KB blocks as it writes the data to the Shadow Copy storage area (this process is independent of the file system's cluster size). You might encounter a problem if the file system's cluster size is less than 16KB, which can confuse the VSS creation process into not being able to tell the difference between disk defragmentation I/O and typical write I/O. As a result, the VSS creation process performs a copy operation that causes the Shadow Copy storage area to grow very quickly. After the VSS creation process reaches the user-defined limit set for the Shadow Copy storage area, the oldest Shadow Copies will be lost. To resolve this problem, reformat the volumes and use a cluster size of 16KB or larger.
Top

How can I start a new Windows Explorer instance that displays My Computer?
You can create a shortcut for Windows Explorer that will display My Computer. When you create the shortcut, you can include the command path
explorer.exe /n,/e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
to display My Computer with the various drives visible. Alternatively, you can include the command path
explorer.exe /n,/e,/root,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
to display just the root of My Computer. To display My Network Places, include the command path
explorer.exe /n,/e,::{208D2C60-3AEA-1069-A2D7-08002B30309D}
If you want to start Microsoft Internet Explorer (IE) but don't want to type "iexplorer.exe", you can include the command path
explorer.exe /n,/e,::{871C5380-42A0-1069-A2EA-08002B30309D}
Top

What's ERD Commander 2003?
In the early days of Windows NT, the OS let you create an Emergency Repair Disk (ERD) to store copies of crucial registry files and startup parameters. Microsoft has since replaced this functionality with new features and options, such as Automated System Recovery (ASR) and the Recovery Console (RC). ERD Commander 2003 is an ERD-creation tool from Winternals Software and might be the best tool for creating an ERD.
Upon start-up, ERD Commander scans the computer. If it detects multiple OS installations (i.e., a multiboot machine), it lets you select which Windows installation you want to work on. After you select an installation, the software performs some initial tests and fixes any problems that it modifies (e.g., a corrupted registry or other problems that might affect the installation).
ERD Commander then presents a Windows XP-like environment with a Start menu and some desktop icons. The Start menu contains links to

  • Administration Tools (System Information, Service and Driver Manager, Locksmith, Event Log Viewer, Disk Management, TCP/IP Configuration, File Sharing, System Compare, System Restore)

  • FileRestore

  • Explorer

  • Search

  • Registry Editor

  • Notepad

  • Console

The Locksmith tool lets you change the password for any account on the machine. Service and Driver Manager is great for stopping any services that might be preventing your machine from booting. The Explorer tool lets you access all disks and can map drives to remote shares if your machine has IP connectivity. FileRestore lets you restore deleted files from systems. New functionality in ERD Commander 2003 includes built-in support for .zip and .cab files and the ability to partition and format disks. ERD Commander also lets you apply XP System Restore points on unbootable systems and compare an unbootable machine's systems files, services, and drivers with those on a working machine to ascertain the cause of the problem.
Top

What's the Windows Server 2003 Volume Shadow Copy Service (VSS)?
Windows 2003 includes several new file-system features, such as enhanced DFS closest-site selection, the Virtual Disk Service, and Automated System Recovery (ASR). The most useful new feature is VSS.
Local Windows file systems include the Recycle Bin, which you can recover a deleted file from, on the desktop. However, you can't recover deleted files on network shares unless you install third-party software. One thing VSS does is replicate the Recycle Bin for the network.
At configurable intervals, VSS takes a snapshot (aka Shadow Copy) of the state of content stored on selected volume shares. VSS stores only the changes for the shares, not the entire share content. For example, if you make a small change to a 5GB file, VSS stores only information about the change. The service stores as many as 64 versions of a share, depending on disk space. When the service creates the 65th Shadow Copy (or if you've used all the disk space allotted for Shadow Copies), the service deletes the oldest snapshot to make space for the newest snapshot. You can enable Shadow Copies only on NTFS volumes; you can't enable them for FAT volumes.
To enable Shadow Copies, clients install a software component that adds a Previous Versions tab to the Properties dialog box for the shares you want to Shadow Copy. Uses can select this tab to obtain a point-in-time view of the share and access its content. This functionality is great for users and administrators. If a user deletes a file or a file becomes corrupted, the user can simply view a version of the share that precedes the deletion or corruption and recover the file without troubling the administrator.
VSS doesn't replace backups because the service stores only file changes--if you lose your file systems, the Shadow Copy information would be of no use. Microsoft also has stated that during times of exceptionally high I/O, Shadow Copies might be lost, so you shouldn't rely on VSS during crucial-use times.
The amount of disk space required for Shadow Copies is based on the size and frequency of the file changes, which are driven by the applications used. For example, if an application writes only changes to a file when the file is modified, that application's changes will require far less Shadow Copy space than will an application that rewrites the entire file.
When you access a Shadow Copy, the file and folder ACLs still apply. Therefore, if you didn't have access to a particular file before, you won't have access to the file when you view the Shadow Copy. Windows 2003 stores information about the actual Shadow Copy file or folder in the System Volume Information of the volume that holds the Shadow Copy information, and this information isn't accessible.
Finally, although VSS protects the entire contents of a particular volume, you must use the share properties to view previous states of each volume share. Therefore, if you need to recover a file that isn't listed under a share, you must create a new share that contains the file, then connect to that share. (If you create a new share, you'll see a full history of the entire drive because VSS logs the entire file system, not just existing shares.)
Top

How can I enable Volume Shadow Copy Service (VSS) snapshots in Windows Server 2003?
To enable VSS snapshots (aka Shadow Copies) for a particular drive, perform the following steps:

  1. Open Windows Explorer or the Microsoft Management Console (MMC) Disk Management snap-in, then right-click the drive.

  2. Select Properties from the context menu.

  3. Select the Shadow Copies tab.

  4. Under "Select a volume," select the volume for which you want to enable Shadow Copies.

  5. Click Settings to configure VSS. (If you don't configure the default settings, Windows 2003 will use a default configuration that creates a Shadow Copy on the selected drive at 07:00 a.m. and 12:00 p.m. every weekday).

  6. In the displayed dialog box, configure the settings to tell Windows 2003 the drive on which you want VSS to store the Shadow Copies (you can specify only the drive--you can't specify a folder) and the maximum amount of space to use for the Shadow Copies (at least 100MB), then click Schedule.

  7. From the drop-down list in the Schedule dialog box, select a time to make a scheduled Shadow Copy. After you select a time, you can use the options in the dialog box to specify when VSS runs (i.e., the date and time). You can also click New to create a new schedule. For example, you might want to schedule the system to make a Volume Copy on Saturday at 7:00 a.m. and on Sunday at 7:00 a.m. Click OK after you finish selecting the scheduling options.

  8. Click OK to exit the main Settings dialog box.

VSS will now be enabled (you don't need to click Enable). You can optionally click Create Now to create a starting snapshot.
Top

How can I install the Shadow Copies of Shared Folders client software to view Volume Shadow Copy Service (VSS) snapshots?
For a client to be able to view VSS snapshots (aka Shadow Copies) of a share and access previous states of the share, the client must be running the Shadow Copies of Shared Folders client software. The client also must be running Windows XP, Windows 2000 Service Pack 3 (SP3) or later, or Windows 98 (the client software doesn't support Windows NT 4.0 or Windows Me).
The client software is in the \%systemroot%\system32\clients\twclient folder on the Windows Server 2003 machine. The client software is available for the x86, IA-64, and AMD64 platforms; each client version resides in its own folder. (Depending on which version of Windows 2003 you're running, you might not see all the clients.) You'll want to create a network share that contains the client software so that users can connect to the share and install the software on their machines. To install the Shadow Copies of Shared Folders client software on a client PC, perform the following steps:

  1. Connect to the network share that contains the client software.

  2. Navigate to the appropriate client software folder, then execute the twcli32.msi file.

  3. Depending on which OS the PC is running, the system might warn you that the client software could cause harm because you're running a program from a network share. Disregard this warning and click Open.

  4. The installation will run. After installation is finished, click Finish.

After you install the client software, if you right-click a connection to a Shadow Copy-enabled share or any folder that's under the connection to such a share, then select Properties, you'll see a Previous Versions tab that provides details about the various folder versions available.
If you click the View button, you'll see the folder in Windows Explorer as it existed at a previous point in time. You can copy files from the folder to another location or open them for viewing. The Copy button lets you copy the earlier version of the folder to a new location, and the Restore button restores the earlier version of the folder and its contents. The Shadow Copies of Shared Folders client software is available on the Microsoft Web site at http://www.microsoft.com/windowsserver2003/downloads/shadowcopyclient.mspx .
Top

Why can't I access previous Volume Shadow Copy Service (VSS) snapshots from the Windows Server 2003 server that hosts the Shadow Copied share?
If you right-click the shared folder and select Properties, you won't see the Previous Versions tab associated with VSS. Instead, you must connect to the share to access the previous snapshots. For a quick solution, connect to \\localhost\<drive letter>$ to open a Windows Explorer window at the root of the drive or connect to \\localhost\<share name%> to open a Windows Explorer window at the share. From either location, you can right-click any folder or subfolder on the drive and select Properties to view the Previous Versions tab.
Top

How can I manually trigger Windows Server 2003 to take a Volume Shadow Copy Service (VSS) snapshot?
If you have Administrator privileges, you can manually create a new point-in-time view of a share in addition to the scheduled views. To manually trigger Windows 2003 to make a VSS snapshot (aka Shadow Copy), perform the following steps:

  1. From Windows Explorer, right-click the drive for which you want to enable VSS.

  2. From the context menu, select Properties.

  3. Select the Shadow Copies tab.

  4. Under "Select a volume," select the volume that you want a Shadow Copy of.

  5. Click Create Now to create the snapshot.

  6. Click OK to exit.

Top

How can I modify the Server Message Block (SMB) connection failure time under Windows NT 4.0?
If a server can't accept a new SMB session request from a client because of insufficient resources or server problems, the server will send a negative response to the client after 10 seconds. To modify this response time, perform the following steps on the server:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters
    registry subkey.

  3. Double-click the FailedConnectTimeout value (of type REG_DWORD), enter the number of seconds you want to use for the timeout period, then click OK.

  4. Restart the server.

For Windows 2000 and later, a hardcoded value of 10 seconds is used.
Top

How can I remove the Manage context-menu option for My Computer in Windows 2000?
By default, when you right-click My Computer, you'll see a Manage option on the context menu. Selecting this option starts the Microsoft Management Console (MMC) Computer Management snap-in. If you don't want the OS to display this option, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    registry subkey.

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name NoManageMyComputerVerb, then press Enter.

  5. Double-click the new value, then set it to 1.

  6. Log off and log back on for the change to take effect.

Even after you remove the Manage option from the My Computer context menu, you can still use the Administrative Tools folder under the Start menu to access the Computer Management snap-in.
Top

How can I change the label name that Windows Explorer displays for a removable drive in Windows 2000 or later?
In the FAQ titled "How can I change the icon for drive letters?" ( http://www.windows2000faq.com/articles/index.cfm?articleid=39291 ), I explain how to modify the icons for drives that appear in Windows Explorer. To change the description that appears for removable drives when no media is present in the drive, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
    registry subkey.

  3. From the Edit menu, select New, Key, then enter the name DriveIcons.

  4. Select the new key; from the Edit menu, select New, Key; then enter the drive name (e.g., B).

  5. Select the created key; from the Edit menu, select New, Key; then enter the name DefaultLabel.

  6. Navigate to DefaultLabel, then double-click the (default) value.

  7. Enter the text you want to appear for the drive, then click OK.

  8. Close the registry editor.

  9. Restart the computer for the change to take effect.

The figure at http://www.windows2000faq.com/articles/index.cfm?articleid=39294 shows a sample label for the B drive with and without media present in the drive. Notice at the top of the figure that the B drive is labeled ZIP250 Drive but the disk label changes to DATA when I insert a disk, as shown at the bottom of the figure. The registry file that I created for this example is
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\B]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\B\DefaultIcon] @="%systemroot%\\system32\\shell32.dll,189"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\B\DefaultLabel] @="ZIP250 Drive"

You can use this registry setting only on removable media drives. If you attempt to change the label for a fixed drive (e.g., the C drive), the new setting won't have any effect because the physical drive has a volume label in the registry that overrides the disk-label setting.
Top Top

How can I enable advanced file-system and sharing security for a Windows XP machine in a workgroup?
When an XP machine belongs to a domain with shared resources, a Security tab appears on the Properties dialog box for the file, folder, or share. You can use this tab to assign advanced sharing permissions. However, this tab is missing for XP machines that belong to a workgroup.
A new feature in XP effectively logs all remote logons in a workgroup as Guest, regardless of the account and password credentials that the remote computer passes. (This approach avoids the need for different machines in a workgroup to replicate local accounts, which is the method Windows 2000 uses to enable transparent sharing.) XP locks down the Everyone group (of which Guest belongs) permissions, which cuts down on the security problems that existed in Win2K as a result of enabling the Guest account. Because all machines in a workgroup are effectively Guest connections, the advanced security features aren't very useful, which is why Microsoft disabled them in XP.
If you want to enable advanced file-system and sharing security, you must disable the ForceGuest registry setting by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    registry subkey.

  3. Double-click "forceguest," set it to 0, then click OK.

  4. Restart the computer for the change to take effect.  

If you disable the Guest account but enable the ForceGuest setting, remote connections will fail, regardless of what username and password the user passes in--even if these credentials are valid.
Top

What's causing my Windows XP Service Pack 1 (SP1) machine to ignore the connection order of my wireless networking devices and connect to an Access Point (AP) that broadcasts its Service Set Identifier (SSID)?
For computers connecting to multiple wireless networks, you can use XP's Preferred Network list to establish an order in which the computer will connect to those networks. Each wireless AP can optionally broadcast its SSID, which identifies the network name. Many security guides advise you to turn off the SSID broadcast because hackers can use this information to see your network.
Imagine that you want to connect to a wireless network in XP's Preferred Network list that isn't broadcasting its SSID. If you're in a location serviced by that network as well as another network that does publish its SSID but is lower down on the Preferred Network list, XP will connect to the SSID-broadcasting network instead of the network that isn't broadcasting. Microsoft says this behavior is by design and that all APs should publish their SSIDs, despite what many manufactures advise. Currently no workaround exists to overcome this behavior.
Top

How can I prevent Windows XP from reminding me to enter Microsoft .NET Passport details?
After you install XP, the OS prompts you to enter a .NET Passport account to enable access to certain Internet communication features. To turn off this reminder, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_CURRENT_USER\Software\Microsoft\MessengerService
    registry subkey.

  3. If the PassportBalloon registry value doesn't already exist, go to the Edit menu; select New, Binary Value; enter a name of PassportBalloon; then press Enter.

  4. Double-click the PassportBalloon value, set it to 0A 00 00 00, then click OK.

  5. Close the registry editor.

Top

How can I reset the numeric value directory list order in Windows XP Service Pack 1 (SP1) and later to match Windows 2000?
XP modifies the sorting algorithm that the OS uses to list files with numeric characters as a numeric value instead of a string value. For example, the following table displays the listing-order difference between XP and Win2K: 

Win2K Listing          XP Listing
--------------------   ------------------
1.txt                  1.txt
110.txt                2.txt
12.txt                 8.txt
2.txt                  12.txt
23.txt                 23.txt
8.txt                  110.txt

To force XP to use the old sorting method for the current user, you must install XP SP1 or later on the user's machine and perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer registry subkey.

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name NoStrCmpLogical, then press Enter.

  5. Double-click the new value, set it to 1, then click OK.

  6. Close the registry editor.

  7. Restart the machine for the change to take effect.

 

To make the change take effect for all users, navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer registry subkey instead of the subkey listed in Step 2.
Top

How can I access all of my ATAPI hard disk, which is larger than 137GB?
Windows XP Service Pack 1 (SP1) and Windows 2000 SP3 add support for 48-bit Logical Block Addressing (LBA), which lets you access hard disks larger than 137GB. To enable 48-bit LBA, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters registry subkey.

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name EnableBigLba, then press Enter.

  5. Double-click the new value, set it to 1, then click OK.

  6. Close the registry editor.

  7. Restart the machine for the change to take effect.

Be aware that if you multiboot your system with OSs that don't support 48-bit LBA, editing this registry setting might cause data corruption. If you still can't access hard disk space beyond the 137GB limit after you restart your system, your system BIOS might not be 48-bit LBA compatible, in which case you need to talk to your computer manufacturer.
Top

How can I change my Windows XP CD-ROM key?
o change your XP CD-ROM key, perform the following steps:

  1. Create a system restore checkpoint, in case you encounter a problem.

  2. Start a registry editor (e.g., regedit.exe).

  3. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents registry subkey.

  4. Edit the OOBETimer value, modify any one character, then click OK.

  5. Start the CD-ROM key Activation Wizard--click Start, Run and type
    \%systemroot%\system32\oobe\msoobe.exe /a
     

  6. Select the "Activate by Phone" option.

  7. At the product key screen, enter your new key, then click Update.

  8. If the wizard returns you to the previous window, click "Remind me later," then restart the machine.

  9. Repeat Step 5. XP will display the message "Windows is already activated. Click OK to exit."

    You can also use the following script that Microsoft provides to change the CD-ROM key: 

  '
  ' Windows Management Instrumentation (WMI) Script - ChangeVLKey.vbs
  '
  ' This script changes the product key on the computer. Service Pack  1
  ' must be installed.
  '
 
 '********************************************************************

  ON ERROR RESUME NEXT

  if Wscript.arguments.count<1 then
  Wscript.echo "Script can't run without VolumeProductKey argument"
  Wscript.echo "Correct usage: Cscript ChangeVLKey.vbs ABCDE-FGHIJ-
  KLMNO-PRSTU-WYQZX"
  Wscript.quit
  end if

  Dim VOL_PROD_KEY
  VOL_PROD_KEY = Wscript.arguments.Item(0)
  VOL_PROD_KEY = Replace(VOL_PROD_KEY,"-","") 'remove hyphens if any

  for each Obj in
  GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf
  ("win32_WindowsProductActivation")

  result = Obj.SetProductKey (VOL_PROD_KEY)

  if err <> 0 then
  WScript.Echo Err.Description, "0x" & Hex(Err.Number)
  Err.Clear
  end if

  Next

To use this script, go to the command prompt and run
changevlkey.vbs <new key>
where "new key" is the name of the new key that you want to activate (e.g., ab123-ab123-ab123-ab123-ab123).
Top

How can I power down on shutdown in Windows NT 4.0 without changing hal.dll?
In a previous FAQ ( http://www.windows2000faq.com/articles/index.cfm?articleid=14830 ), I describe how to change hal.dll.softex to let the machine power down on shutdown. The method I describe uses the ppntapm.sys file that comes with NT 4.0 Service Pack 4 (SP4) and later. To power down NT 4.0 without modifying hal.dll, perform the following steps:

  1. Run the service pack installer with the /X parameter to extract only files. The service pack will prompt you to provide the location for the extracted files; provide a location and continue.

  2. After you extract the service pack files, copy ppntapm.sys from the extracted files directory to your drivers directory (usually \%systemroot%\winnt\system32\drivers).

  3. Copy the following lines between the "-- begin" and "-- end" lines to Notepad 

    -- begin PPNTAPM.REG
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ppntapm]
"Group"="Power Management"
"Start"=dword:00000000
"Error Control"=dword:00000001
"Tag"=dword:000000a1
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ppntapm\Parameters]
"UseDefaultSegmentLimits"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon] "PowerdownAfterShutdown"="1"
-- end PPNTAPM.REG
    and save the file as ppntapm.reg.

  4. Double-click the ppntapm.reg file to import the appropriate registry settings.

  5. Reboot your system for the change to take effect.

Top

How can I reset the "Always ask before opening this type of file" functionality in Microsoft Outlook for a particular file type?
When you open attachments, Outlook displays a dialog box that prompts you to either "Open it" or "Save it to disk." The dialog box also includes an "Always ask before opening this type of file" check box. If you clear this check box, Outlook will in the future always open that file type without prompting you. To reset the default behavior so that Outlook will prompt you to open or save the file type, perform the following steps:

  1. Open the Control Panel Folder Options applet.

  2. Select the File Types tab.

  3. Scroll down to the extension type that you want to reset.

  4. Select the extension type, then click Advanced.

  5. Check the "Confirm open after download" check box, then click OK.

  6. Click Close to the Folder Options dialog box.

Outlook will now prompt you every time you open that particular file type.
Top

What's the maximum number of arguments that I can pass to a batch file?
You can pass as many as nine arguments (%1 to %9) to a batch file. For example, if I run test.bat

@rem test.bat
@echo off
echo %1 %2 %3 %4 %5 %6 %7 %8 %9

by typing

C:\>test a b c d e f g h i

the batch file accepts all nine arguments and displays the following output on screen:

a b c d e f g h i

Argument 0 (%0) is the name of the program or batch file. If you attempt to pass an argument numbered higher than 9 (e.g., 11), the batch file will use only the first digit of the argument number--for example, %11 would become parameter 1 (i.e., %1) and %543 would become parameter 5 (i.e., %5). If I include a few two-digit arguments in test.bat

@rem test.bat
@echo off
echo %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 %10 %21 %32

and run the batch file by typing

C:\>test a b c d e f g h i j k l

the batch file displays the following output on screen:

test a b c d e f g h i a0 b1 c2

Notice that the batch processor amends a number to the parameters that it displays for the two-digit arguments. For example, for parameter 10 (%10), the batch processor used parameter 1 (value a) and added 0 to the end to display a0.
Top

How can I output all of a batch file's arguments?
Although you can typically output only nine parameters from a batch file, you can use a percent symbol (%) followed by an asterisk (*) to output all parameters for all arguments passed into a batch file. For example, if I run test.bat

@rem test.bat
@echo off
echo %*

by typing

C:\>test a b c d e f g h i j k l m n o p

 the batch file will display the following output onscreen:

a b c d e f g h i j k l m n o p

Top

How can I shift down by one all of a batch file's arguments?
You can use the Shift command to move all the arguments in a batch file down by one. If the batch file calls this command once, then argument %1 would become the second argument instead of the first and argument %0 would become the first argument instead of the name of the program or batch file. For example, when I run test.bat

@rem test.bat
@echo off
:next
if "%0" == "" goto end
        echo %0
        shift
        goto next
:end
by typing

C:\>test a b c d e f g h i j k

 the batch file will display the following output on screen:

test
a
b
c
d
e
f
g
h
i
j
k

 You can optionally add /n to the end of the shift command where n is the argument to start from. For example, if you used

shift /2

%3 would become %2, %4 would become %3, but %0 and %1 would be unchanged. Obviously, you shouldn't use the /n switch in the above example because doing so will cause the list of parameters to never run out, thus causing a never-ending loop.
Top

How can I configure the Recovery Console (RC) in Windows 2000 and later to not require me to enter the administrator password?
To configure the RC to not require you to enter the administrator password, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole
    registry subkey.

  3. Double-click SecurityLevel, set its value to 1 to not require password entry (or 0 to require the user to enter the password), then click OK.

  4. Close the registry editor.

You can also use the Microsoft Management Console (MMC) Local Security Settings snap-in (go to Local Policies, Security Options, "Recovery console: Allow automatic administrative logon") to configure this setting.
Top

Why do I receive an error when I'm previewing an image or video from My Computer under Windows XP?
The error you describe,

Video Preview Failure
Creation of the video preview failed.
Please check the device connection and make sure that the device is
not being used by another application or user.

 is a known problem that can occur if you unplug and reconnect an imaging device without closing My Computer. To resolve this problem, close and reopen My Computer.
Top

Where can I find my BIOS version in Windows?
When Windows starts, the OS loads information about the main computer BIOS and video BIOS and stores the following information under the HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System registry subkey:

  • SystemBiosDate

  • SystemBiosVersion

  • VideoBiosDate

  • VideoBiosVersion

This information appears in the registry for informational purposes only; changing these items' values has no effect on the system.
Top

When I use the Diskpart tool and Windows Preinstallation Environment (WinPE) to install Windows Server 2003, why do I receive an error stating that no valid system partitions were found?
You might receive an error stating "No valid system partitions were found. Setup is unable to continue," if you use Diskpart before executing the winnt32.exe file. To resolve this error, edit the installation script or batch file and add the

/syspart:<drive>:

parameter to the end of the winnt32.exe command. For example, to specify drive C as the system partition, type

winnt32.exe /syspart:c:

Top

How can I pass a double quote (") value to reg.exe?
Reg.exe is a tool that ships with Windows XP (and comes as part of the Windows 2000 resource kits) that lets you manipulate the registry from the command line. To pass a value that contains quotes, you must add a slash (\) before each quote as an escape sequence. For example,

G:\>reg add HKLM\Software\sav /v test /t REG_SZ /d "%userprofile%"

 adds the user profile value without the quotes. However,

G:\>reg add HKLM\Software\sav /v test /t REG_SZ /d "\"%userprofile%\""

maintains the quotes around the user profile value. For example, for user profile savijo, including the slashes sets the registry value to "G:\Documents and Settings\savijo" rather than just G:\Documents and Settings\savijo.
Top

How can I pass a percent sign (%) value to reg.exe?
Just as you can use a slash (\) as an escape character to pass a double quote ("), you can use a caret (^) as an escape character to pass a percent sign. For example,

G:\>reg add HKLM\Software\sav /v test /t REG_SZ /d "\"%userprofile^%\""

 maintains the user-profile value's percent sign. Without the caret, the reg.exe tool will evaluate the value between the percent signs; with the caret, reg.exe will leave the value unchanged.
Top

When users request certificates from a Windows Server 2003-based Certificate Authority (CA), why does the CA prompt them to download an ActiveX control?
Windows 2003 includes a new version of xenroll.dll (an ActiveX control that can create certificates) that prompts users of previous Windows versions to download an ActiveX control when requesting a certificate. To resolve this problem, go to the Windows 2003 certificate server and perform the following steps:

  1. Log on as an Administrator.

  2. Open \%systemroot%\system32\certsrv\certdat.inc in a text editor.

  3. Locate the sXEnrollVersion="5,131,3686,0" entry, then modify the entry to

    sXEnrollVersion="5,131,3659,0"

  4. Save the changes, then close the text editor.

Top

How can I use Windows Server 2003's Manage Your Server Wizard?
Like Windows 2000, Windows 2003 includes a Manage Your Server Wizard that loads each time an Administrator logs on. (You can also manually start the wizard by opening the Administrative Tools folder under the Start menu and selecting Manage Your Server.) You can use the wizard to add or remove the following roles from your machine:

  • File server

  • Print server

  • Application server (IIS, ASP .NET)

  • Mail server (POP3, SMTP)

  • Terminal server

  • Remote access/VPN server

  • Domain controller (Active Directory)

  • DNS server

  • DHCP server

  • Streaming media server

  • WINS server

When you add a role, the wizard guides you through all the steps to install and configure the selected role. You can perform these actions without the Manage Your Server interface, but the wizard simplifies the process.
To use the Manage Your Server Wizard to add a role, perform the following steps:

  1. Open the wizard and click "Add or remove a role."

  2. After the introduction screen appears, click Next to begin a scan of your network to identify other services and servers on your network.

  3. Select the role to add, then click Next.

  4. After the wizard displays a summary of the actions, click Next.

  5. The wizard will install the components and, depending on the service, will restart the computer (the wizard will prompt you to click OK to allow the system to reboot).

  6. After the computer restarts, the wizard will display a dialog box to confirm the installation of the new role components. Click Finish.

Windows 2003 writes changes made from the Configure Your Server Wizard to \%systemroot%\debug\configure your server.log. Whenever you use the wizard to assign a new role for your computer, the wizard appends a list of relevant tools to the .log file to help you maintain the role. For example, if you configure the system to serve as a domain controller--DC, the wizard maintains links to the Microsoft Management Console--MMC--Active Directory Users and Computers snap-in, MMC Domains and Trusts snap-in, and MMC Sites and Services snap-in.
To use the wizard to remove a role, perform Steps 1 and 2 as explained above. When you reach Step 3, select a role that you've previously configured, click Next, then answer Yes when the wizard prompts you to confirm removing the role. Click Next, then proceed as instructed.
Top

How can I stop Windows Server 2003's Manage Your Server Wizard from starting each time I log on?
Select the "Don't display this page at logon" check box in the lower-left corner of the Manage Your Server Wizard. You can configure this setting on a per-user basis by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\srvWiz registry subkey.

  3. Double-click (Default), set it to 0 to not display the wizard at logon or 1 to display the wizard at logon (the default), then click OK.

  4. Close the registry editor.

Top

How can I create a new domain under Windows Server 2003?
Windows 2003 includes a new wizard for installing and configuring DNS, which means you no longer have to perform these tasks before adding a new domain. If you have a new server and you want to create a new domain, perform the following steps:

  1. Start the DCPROMO wizard--go to Start, Run, then type
    DCPROMO

  2. At the introduction screen, click Next.

  3. When you see the warning that Windows 95 and Windows NT 4.0 SP3 and earlier versions won't be able to log on to Windows 2003 domain controllers (DCs), click Next.

  4. When the wizard asks you whether this domain is a new domain or an additional DC for an existing domain, select "Domain controller for a new domain," then click Next.

  5. Select the appropriate forest option (i.e., domain in a new forest, a child domain of an existing domain tree, a new domain tree in an existing forest), then click Next. (If you select anything other than "Domain in a new forest," the wizard will prompt you to enter the name of the parent/forest domain and an account for the forest.)

  6. If the wizard determines that DNS isn't correctly configured, it will ask you to either configure the DNS client or let the DCPROMO process install and configure DNS. Select "No, just install and configure DNS on this computer," then click Next.

  7. Enter the DNS name for the new domain (e.g., savilltech.com), then click Next.

  8. When the wizard asks you to supply a NetBIOS name for backward compatibility with older clients and servers, accept the default (typically the left half of the DNS domain name) or provide another NetBIOS name, then click Next.

  9. After the wizard displays the locations for the database and log files (by default, these components are located in the \%systemroot%\NTDS folder), click Next.

  10. After the wizard displays the location of the System Volume (SYSVOL) folder (by default, this folder is located under %systemroot%), click Next.

  11. When the wizard asks you to establish permissions for the new domain, you have two options: "Permissions compatible with pre-Windows 2000 server operating systems" or "Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems." Select the appropriate permissions for your domain, then click Next.

  12. When the wizard asks you to enter a Directory Services Restore Mode Administrator Password, type the password in both locations as requested, then click Next. Make sure you remember this password--Windows 2003 requires that you provide this credential if you encounter a problem and need to restore Active Directory (AD) or the system state.

  13. When the wizard presents a summary of the options you've selected, ensure that everything is as it should be, then click Next.

  14. The DCPROMO process will begin. (If you asked the wizard to install DNS, the system might prompt you for the Windows 2003 installation media.) When the process completes, the system will display a confirmation dialog box. Click Finish, then restart the machine for the changes to take effect.

This procedure should give you a good grounding for any DCPROMO action you might need to perform.
Top

I've heard about an HTML file that can crash Microsoft Internet Explorer (IE) and Microsoft Office. What's in this HTML file?
This problem affects any program that uses shlwapi.dll to render Web code. As a result, this bug in IE 6.0 and earlier versions can cause the Web browser and applications such as Office to crash if you access an HTML file that contains the following syntax: 

<html>
 <form>
  <input type errorme>
 <form>
</html>

The value name after input type can be any invalid type. Microsoft currently offers no fix for this problem. Fortunately, the problem doesn't present a security concern; it's just annoying.
Top

Why can't I hear sound from the speakers on my Windows Server 2003 system, even though the sound device appears to be working?
To play sound from your Windows 2003 system, ensure that the Windows Audio service is running. To do so, open a command session, then type
net start
and verify that Windows Audio is listed. If Windows Audio doesn't appear in the list, start the service either from the Microsoft Management Console (MMC) Computer Management snap-in or from the command line by typing
net start "windows audio"
or
net start audiosrv
If you want to hear sound every time you start the machine, navigate to the Services branch of the Computer Management snap-in and set the service mode to Automatic start-up.
Top

How can I optimize the Server service for memory use or network throughput?
All versions of Windows NT and later include a Server service that the OS uses for several functions, including file, print, and named-pipe sharing. Depending on how you use your machine, you can optimize the Server service to either minimize memory use or maximize network throughput (which will use more memory) by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters registry subkey.

  3. Double-click the Size value and set it to 1 (minimize memory use), 2 (balance memory and network throughput), or 3 (maximize network throughput). Then, click OK.

  4. Close the registry editor.

  5. Restart the computer for the change to take effect.

Top

How can I configure my system cache setting?
Desktop machines and servers typically perform different functions. Whereas desktops typically run applications in the foreground that require only available memory, servers typically require additional memory for file or data caching. If you use a desktop or server outside its typical role (e.g., a desktop computer as a file server), you can modify the cache setting by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management registry subkey.

  3. Double-click LargeSystemCache, set it to 0 for desktop mode or 1 for server mode, then click OK.

  4. Close the registry editor.

  5. Restart the computer for the change to take effect.

Be careful when changing this registry setting. Incorrectly setting the LargeSystemCache value can degrade performance (e.g., if you're running Microsoft SQL Server and you set the cache to desktop mode).
Top

How can I enable a Network Time Protocol (NTP) server?
All versions of Windows 2000 and later can serve as an NTP server. Other machines on the network can then use the NTP server to synchronize their time. To enable an NTP server, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters registry subkey.

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name LocalNTP, then press Enter.

  5. Double-click the new value, set it to 1 to enable or 0 to disable, then click OK.

  6. Restart the computer for the change to take effect.

To configure other network computers to use the new NTP server, you must set their NtpServer registry value, which is under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parametersregistry subkey, to point to the NTP server. For more information about configuring NTP settings, see the FAQ titled "How can I configure the time service in Windows 2000?" at http://www.windows2000faq.com/articles/index.cfm?articleid=14943 .
Top

Why can't I access the encrypted data on my clustered shared disk?
If you're having trouble accessing encrypted data on a clustered shared disk, the reason might be that you're using a local profile rather than a roaming profile, and the server by which you accessed the shared disk has failed and another machine in the cluster is now hosting access. When you encrypt a file, the cluster node that provides access creates a certificate (i.e., an encryption key) and stores it in your profile. If the node fails, another node in the cluster will begin hosting the resource, and you'll no longer have the encryption key to access the data. To work around this problem, use a roaming profile or regularly export your encryption keys from the node in which you encrypted the data to the other nodes in which you might have local profiles.
Top

Why can't my users encrypt files on a Windows 2000 domain controller (DC)?
Users will be unable to encrypt files on a DC if all the following conditions are true:

  • Users have roaming profiles.

  • You configure the DCs with the "Delete cached copies of roaming profiles" setting.

  • The servers aren't running Win2K Service Pack 3 (SP3) or later.

Users can still encrypt files on member servers but will receive an error when they attempt to encrypt files on file shares hosted by DCs. To resolve this error, apply Win2K SP3 or later.
Top

How can I delete cached copies of roaming profiles in Windows 2000 and later?
When you use a roaming profile in Win2K or later, the OS typically caches a local copy of the profile. However, you can disable this caching by performing the following steps:

  1. Open the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, right-click the container that holds the group policy that you want to use to apply the change, select Properties, select the Group Policy tab, then click Edit.

  2. Navigate to Computer Configuration, Administrative Templates, System, "Logon for Windows 2000" or "Computer Configuration", Administrative Templates, System, then click "User Profiles for Windows 2003".

  3. Double-click "Delete cached copies of roaming profiles."

  4. Select Enabled, then click OK.

  5. Close the policy editor.

Don't use this policy if you enable slow-link detection for Windows XP and Win2K clients because this feature relies on cached profiles when a slow link is detected. You can also disable cached copies of roaming profiles directly in the registry by creating a registry value named DeleteRoamingCache of type REG_DWORD and setting it to 1 under the
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System registry subkey.
Top

How can I install Windows Server 2003, Standard Edition?
To install Windows 2003 Standard Edition, perform the following steps:

  1. Insert the Windows 2003 installation CD-ROM, then power on the machine. Windows Setup will check the computer's configuration, prompt you to press the F2 key to start system recovery (don't press this key), and load core files into memory.

  2. When Windows Setup prompts you to Setup Windows, Use the Recovery Console, or Exit, press Enter to continue the installation process.

  3. When you see the license agreement appear on screen, press F8 to continue.

  4. Windows Setup will display the disk partition screen. Select an existing partition, create a new one by pressing the C key, or select an unpartitioned area of space and press Enter to continue installation.

  5. When you're prompted to choose from the following options, make a selection, then press Enter:

    • "Format the partition using the NTFS file system (Quick)"

    • "Format the partition using the FAT file system (Quick)"

    • "Format the partition using the NTFS file system"

    • "Format the partition using the FAQ file system"

    • "Leave the file system intact"

    Windows Setup will format the partition (if required) and copy files to the disk from the installation CD-ROM. Your computer will then reboot (you can press Enter to avoid the 10-second delay), and the graphical phase of the installation will begin. Windows Setup will complete the various installation stages, including installing devices and configuration. After the installation has finished detecting the computer's devices, Windows Setup will begin the portion of the installation that requires user input.

  6. Windows Setup will prompt you to set regional and language options. Click the Customize and Details buttons, select the appropriate check boxes for the correct regional options, then click Next.

  7. Enter a name and organization for the installation, then click Next.

  8. Enter the product key, then click Next.

  9. When the Licensing Modes option appears on screen, select either the "per user" or "per server" option (along with the number of concurrent connections, if required, per server), then click Next.

  10. Enter a computer name for the server and an Administrator password. If you attempt to use a password that doesn't meet Windows 2003's definition for a strong password (e.g., at least six characters; doesn't contain Administrator or Admin; contains uppercase and lowercase letters, numbers, and nonalphanumeric characters), Windows Setup will warn you and you'll have to click Yes to continue with your chosen password. Click Next.

  11. When Windows Setup prompts you to enter the date and time settings, change the time zone if needed, select the automatic daylight savings setting (if appropriate), then click Next to begin the network installation phase.

  12. After the network installation phase performs several checks and detects your network settings, confirm your TCP/IP settings when prompted. The installation defaults to using DHCP (to automatically assign an IP address), but you can configure a static IP address or specify a different configuration if the DHCP server isn't available. To modify the TCP/IP settings, select "Custom settings," click Next, select Internet Protocol (TCP/IP), then click Properties. After you finish modifying the TCP/IP settings, click OK, then click Next.

  13. When Windows Setup prompts you, enter a workgroup or domain name, then click Next. The installation will continue without further user input. This final phase of the installation includes further configuration, including copying of files, creating the Start menu, registering components, and finalizing the settings. After the installation is finished, the machine will reboot.

Top

What's the Windows XP PowerToys Fun Pack?
On April 22, Microsoft released the XP PowerToys Fun Pack. The Fun Pack contains the Windows XP Desktop Wallpaper Changer PowerToy, which changes your desktop wallpaper automatically at a set interval, and the Windows XP Video Screen Saver PowerToy, which lets you play videos as your computer screen saver. You can download the complete Fun Pack or the individual PowerToys for free at
http://www.microsoft.com/windowsxp/experiences/downloads/create_powertoy.asp.
After you install the PowerToys, XP adds the Desktop Wallpaper Changer PowerToy to the Startup group so that the PowerToy will launch each time you log on. To configure the Desktop Wallpaper Changer PowerToy, right-click the PowerToy icon in the taskbar notification area, then select Configure Wallpaper.
You configure the Video Screen Saver PowerToy just as you'd configure a regular screen saver. The PowerToy is labeled XP Video Powertoy under the Screen Saver tab of the Display properties. After you select the PowerToy from the screen-saver list, click Settings to select the video clip and configure the screen-saver settings. The Video Screen Saver PowerToy options let you loop the video forever, mute the video's audio track, and select the playback size and speed. You can select multiple video files by selecting a playlist instead of a specific movie file.
If you attempt to install the XP PowerToys Fun Pack and either PowerToy isn't available on your system, you might need to install the PowerToys individually by selecting the relevant installer (go to Start, Programs, Windows XP Creativity Fun Packs, then click Windows XP PowerToys).
Top

Where can I obtain the Windows Server 2003 Resource Kit Tools?
The Windows Server 2003 Resource Kit Tools are available for free at
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en.
The tools download as one self-installing executable file called rktools.exe. After you download the tools, simply execute the file to begin the installation procedure and follow the instructions to finish the installation.
You can install the tools on all flavors of Windows 2003 and Windows XP. The package includes several utilities and scripts to speed common tasks. For example, the Dumpdsmos command-line utility uses the core Ntdsutil program to list all Flexible Single-Master Operation (FSMO) roles held by the domain controller (DC) that you pass as the argument. For example, to identify all the FSMO roles held by a DC named thunder, I type
C:\>dumpfsmos thunder
to produce the following output: 

ntdsutil: roles<
fsmo maintenance: Connections
server connections: Connect to server thunder
Binding to thunder ...
Connected to thunder using credentials of locally logged on user.
server connections: Quit
fsmo maintenance: select Operation Target
select operation target: List roles for connected server
Server "thunder" knows about 5 roles
Schema - CN=NTDS
Settings,CN=thunder,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
  CN=Configuration,DC=dev,DC=uk,DC=savilltech,DC=com
Domain - CN=NTDS
Settings,CN=thunder,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
  CN=Configuration,DC=dev,DC=uk,DC=savilltech,DC=com
PDC - CN=NTDS
Settings,CN=thunder,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
  CN=Configuration,DC=dev,DC=uk,DC=savilltech,DC=com
RID - CN=NTDS
Settings,CN=thunder,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
  CN=Configuration,DC=dev,DC=uk,DC=savilltech,DC=com
Infrastructure - CN=NTDS
Settings,CN=thunder,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
  CN=Configuration,DC=dev,DC=uk,DC=savilltech,DC=com
select operation target: Quit
fsmo maintenance: Quit
ntdsutil: Quit
Disconnecting from thunder...

To view all the tools available in the Windows Server 2003 Resource Kit Tools, review the resource kit Help file.
Top

How can I create a DVD from an International Organization for Standardization (ISO) image file under Windows Server 2003?
The Windows Server 2003 Resource Kit Tools include the Dvdburn command-line utility, which you can use to burn an image to DVD. The syntax is
dvdburn <dvd drive>: <image file>
For example, when I type
C:\>dvdburn e: d:\temp\wxpsp1plus.iso
the utility displays the following information and writes the image to DVD: 


Media type: DVD-R
Preparing media...
| 25.6% done
/ 45.2% done
- 68.9% done
\ 89.3% done
- 100.0% done
Finished Writing
Waiting for drive to finalize disc (this may take up to 30
minutes).................
Success: Finalizing media took 1325 seconds
Burn successful!
Top

How can I add or remove the Microsoft Internet Explorer (IE) Enhanced Security Configuration feature in Windows Server 2003?
Windows 2003 introduces IE Enhanced Security Configuration and enables this configuration by default for all users and groups. This locked-down configuration protects your computer from exposure on the Web by initially blocking connections to most Web sites, although you can add any Web sites that you regularly visit as part of a trusted zone. By default, IE Enhanced Security Configuration considers the Windows Update and Error Reporting Web sites, and not much else, as trusted sites.
To add or remove the IE Enhanced Security Configuration feature from Windows 2003, perform the following steps:

  1. Start the Control Panel Add/Remove Programs applet (go to Start, Settings, Control Panel, and click Add/Remove Programs).

  2. Click Add/Remove Windows Components in the left pane of the dialog box.

  3. Scroll down to Internet Explorer Enhanced Security Configuration, and select the check box to activate the locked-down configuration or clear the check box to deactivate the locked-down  configuration.

  4. If you're enabling the locked-down configuration, click Details to select which users (e.g., administrator groups, all other user groups) you want the policy to apply to.

  5. Click Next, then follow the onscreen instructions to finish configuring the settings.

Top

How can I add a site to a trusted zone in the Microsoft Internet Explorer (IE) Enhanced Security Configuration feature in Windows Server 2003?
To add a site to a trusted zone in the IE Enhanced Security Configuration, perform the following steps:

  1. In the IE address bar, enter the URL for the Web site you want to visit.

  2. IE will display an error that says "Content from the Web site listed below is being blocked by the Internet Explorer Enhanced Security Configuration."

  3. Click Add in the dialog box that appears onscreen.

  4. When IE displays the "Trusted sites" dialog box, click Add, then click Close. IE will add the site to the trusted zone.

Alternatively, if you're already viewing a Web site (e.g., a local intranet site), you can go to the IE File menu and select "Add this site to - Trusted Sites Zone" to add the site to the trusted zone. Top

How can I view or modify the content of my Microsoft Internet Explorer (IE) zones?
To access the IE zones, perform the following steps:

  1. Start IE.

  2. From the Tools menu, select Internet Options.

  3. Select the Security tab.

  4. Select either "Local intranet" or "Trusted sites," then click  Sites.

  5. If you click "Local intranet" in Step 4, click Sites, then click Advanced in the "Local intranet" dialog box to add or remove Web sites from the trusted zone. If you click "Trusted sites" in Step 4, click Sites to add or remove Web sites from the trusted zone.

  6. After you finish, click Close.

  7. Click OK to close the Internet Options dialog box.

Top

Why can't I access the Microsoft Management Console (MMC) Active Directory (AD) snap-ins in Windows 2000 and later?
When you attempt to use the MMC Active Directory Users and Computers snap-in, MMC Active Directory Sites and Services snap-in, or MMC Active Directory Domains and Trusts snap-in, you might receive one of the following errors:

  • "Naming information cannot be located because: Logon attempt failed. Contact your system administrator to verify that your domain is properly configured and is currently online."

  • "The configuration information describing this enterprise is not available. The logon attempt failed."

These errors can occur if your security settings have been corrupted. To repair these settings, perform the following steps:

  1. Start a command session--go to Start, Run, and type
    cmd

  2. Enter the commands
    secedit /configure /cfg %systemroot%\repair\secsetup.inf /db secsetup.sdb
    and
    secedit /configure /cfg %systemroot%\repair\secdc.inf /db secdc.sdb

  3. Close the command session.

The commands can take in excess of 10 minutes to process, so be patient. If you receive the following warning about a task that the system couldn't complete, you can safely ignore the warning:
"Task is completed. Some files in the configuration are not found on this system so security cannot be set/queried. It's ok to ignore. See log %windir%\security\logs\scesrv.log for detail info." Top

Why did several administrative tools stop working after I removed the Everyone group from the "Access this computer from the network" user right?
Some tools might use network API calls even though you run the tools locally. As a result, if the user doesn't have the right to access the computer from the network, the tool will fail. This problem affects the following administrative tools:

  • The Microsoft Management Console (MMC) Active Directory Sites and Services snap-in

  • The MMC Active Directory Users and Computers snap-in

  • The MMC Active Directory Domains and Trusts snap-in

  • Dcdiag

  • DNS Manager

  • Dsacls

  • Group Policy Editor (GPE)

  • Ldp

  • License Manager

  • Netdiag

  • Repadmin

  • Replmon

To resolve the problem, perform the following steps:

  1. Navigate to the
    \%systemroot%\sysvol\sysvol\domainname\policies\<policy guid>\machine\microsoft\windows nt\secedit folder
    for the policy affecting the "Access this computer from the network" user right, then locate and open the gpttmpl.inf file. To determine the correct policy, you'll need to identify the appropriate globally unique identifier (GUID) for the policy. You can determine a policy's GUID by opening the Active Directory Users and Computers snap-in, displaying the container's Properties dialog box, clicking the Group Policy tab, then viewing the policy's properties. Because the Active Directory Users and Computers snap-in might not be accessible, you'll probably have to manually view each policy's GUID to identify the correct Group Policy Object (GPO).

  2. From the gpttmpl.inf file, copy everything after "SeInteractiveLogonRight=". The string of values will look similar to
    SeInteractiveLogonRight =
    *S-1-5-32-550,*S-1-5-32-549,*S-1-5-32-548,*S-1-5-32-551,*S-1-5-32-544,*S-1-5-21-907700337-3330534744-2079332775-1003

  3. Paste the string of values you copied from the SeInteractiveLogonRight line after the equals (=) sign in the "SeNetworkLogonRight=" line in the gpttmpl.inf file.

  4. Save the changes, then close the gpttmpl.inf file.

  5. Locate and open the gpt.ini file at the following folder:
    \%systemroot%\sysvol\sysvol\domainname\policies\<policy guid>

  6. Increase the version number. For example, change
    [General]
    Version=1

    to

    [General]
    Version=2

  7. Save and close the file.

  8. Force a replication of the GPO by opening a command session and typing
    secedit /refreshpolicy machine_policy /enforce
    You'll now be able to use GPE to reset access for the "Access this computer from the network" user right, which is under Computer Configuration, Windows Settings, Security Settings, Local Policies, User Rights Assignment. The default access would typically include Administrators, Enterprise Domain Controllers, and Everyone.

Top

How can I change the product key when I activate my Windows XP installation?
When you install XP, you must enter a product key to register the software with Microsoft. However, if you want to use a different key to activate the software after installation (e.g., maybe you originally used an existing key during installation and have since purchased a new license), perform the following steps:

  1. Start the activation process as usual (go to Start, All Programs, Accessories, System Tools, then select Activate Windows).

  2. Click "Yes, I want to telephone a customer service representative to active Windows", then click Next.

  3. Click the "Change Product Key" button.

  4. Enter the new key, then click Update.

  5. Click Telephone, then continue with the activation.

Top

Why does Windows XP prompt me to change my password, even though I haven't created one?
If you upgraded to XP from an earlier Windows version, the OS can sometimes get confused and think you have a password. To resolve the problem, you can create a password, then remove it by performing the following steps:

  1. Open the Control Panel User Accounts applet.

  2. Select your account, then click "Create a password".

  3. Enter your password in both boxes, then click Create Password.

  4. Click "Remove my password", type your password when prompted, then click Remove Password.

Top

How can I increase the priority of the print spooler?
By default, the print spooler runs at the same priority as other services. However, if you have a system that you use primarily for printing, you can increase the print spooler's priority by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print registry subkey

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name SpoolerPriority, then press Enter.

  5. Double-click the new value, then set it to 1 (0 is the default value).

  6. Click OK.

  7. Reboot the machine for the change to take effect.

Top

How can I install DirectX 9.0a on Windows XP and Windows 2000?
The simplest way to install DirectX 9.0a is to navigate to the Windows Update Web site at http://windowsupdate.microsoft.com, click "Pick updates to install" from the left-hand pane, select the "DirectX 9.0a End-User Runtime" link from under the XP or Win2K section, then click Add and proceed with Windows Update as usual.
Alternatively, you can visit the DirectX Web site at http://www.microsoft.com/directx and click Downloads from the left-hand site navigation menu. Select the "Get DirectX 9.0a Now" option, then download dxwebsetup.exe. After you download the file, run the file to download the files required for installation.
Top

Why does Windows Movie Maker 2 freeze when I try to save a large movie file?
Windows Movie Maker 2 users might encounter a problem when they try to save a movie whose size is greater than the available RAM. No fix exists for this problem, but you can implement one of the following workarounds:

  • Buy more RAM.

  • Close any unnecessary programs on your computer.

  • Increase the pagefile size, which might let the computer write to disk more of the items in memory and thus free more memory.

  • Save the movie in a lower quality (on the Movie Setting page, select "Other settings," then select "High Quality Video (small)").

  • Reduce the size of your movie by removing unnecessary parts such as pictures and video transition effects.

  • Save the movie in small sections and then import the sections into a collection.

If you can't work around this problem, you might want to consider third-party production software such as Ulead Systems' MediaStudio Pro 7.
Top

How can I install the FTP service under Windows XP?
XP includes a built-in FTP service component that lets FTP clients connect to the machine and read or write files; however, this service doesn't install by default. To install the FTP service, perform the following steps:

  1. Start the Control Panel Add/Remove Programs applet (go to Start, Control Panel, then click Add/Remove Programs).

  2. Select Add/Remove Windows Components.

  3. Select Internet Information Services (IIS), then click Details.

  4. Select the File Transfer Protocol (FTP) Service check box, then click OK.

  5. Click OK to close all dialog boxes.

You can use the Microsoft Management Console (MMC) Internet Information Services snap-in to configure the FTP service (go to Start, Programs, Administrative Tools, then click Internet Information Services). After the snap-in starts, expand the computer name, then expand FTP Sites. A Default FTP Site will have been added. Right-click Default FTP Site, then select Properties from the displayed context menu to set options such as Home Directory, accounts, and anonymous access. To stop the FTP service, right-click the FTP site and select Stop from the context menu; likewise, select Start from the context menu to restart the service.
Top

How can I start and stop the FTP service from the command line?
As with all services, you can use the Net Start and Net Stop commands to start and stop the service. To specifically start and stop the FTP service, you must specify the short name for FTP, which is msftpsvc. Therefore, the command to start the FTP service is
net start msftpsvc
The command will display the following information: The FTP Publishing service is starting.
The FTP Publishing service was started successfully.

The command to stop the FTP service is
net stop msftpsvc
The command will display the following information:
The FTP Publishing service is stopping.
The FTP Publishing service was stopped successfully.

These commands are useful when you're dealing with systems that don't have FTP services running (e.g., for security reasons). In such situations, you can quickly transfer a file by enabling the service on your machine, logging on to the target system, then use the target system's client FTP program to connect to your workstation's FTP service, where you can send or receive files.
Top

How can I use the /auxsource flag in Event Viewer on Windows XP and later?
When you open an event-log file, you must tell Event Viewer the type of log to use (e.g., Application, Security, System). The computer hosting the event-log file generates this list of options.
Problems can occur if you're not in the Administrator group of the machine hosting the event file or if the Remote Registry service is disabled on the host computer. If either of these conditions are true, the event descriptions might not be available, which leaves you with a fairly useless event log.
You can use the mmc.exe command to open a Microsoft Management Console (MMC) console and specify the /auxsource flag to tell Event Viewer to use an alternate source for the descriptions. For the best results, the alternate source should be as similar to the computer that generated the event file to ensure the same components are available to provide full event descriptions.
To run the mmc.exe command, open the Run dialog box or go to the command prompt and type
mmc /a eventvwr.msc /auxsource=<server by IP address, DNS name of NetBIOS name>
Some event logs won't work from a remote computer. For example, to read Active Directory (AD) logs, you must be running Event Viewer on a domain controller (DC), even if you use the /auxsource switch. The same is true for the DNS and File Replication Service (FRS) logs.
Top

How can I remove the 15-second wait when performing unattended Windows XP and later installations?
After the text/Windows Preinstallation Environment (WinPE) portion of a typical installation, you might have noticed that the system waits 15 seconds before rebooting. To remove this wait period for unattended or automated installations, you can edit your deployment file and under the "[Unattended]" section locate the
WaitForReboot=Yes
entry. Simply change this entry to
WaitForReboot=No
and save the file. The installation will no longer wait 15 seconds before the reboot.
Top

How can I view the source of a message in Microsoft Outlook Express?
To view the message source within Outlook Express, perform the following steps:

  1. Open Outlook Express, right-click the message, then select Properties.

  2. Select the Details tab.

  3. Click Message Source.

Alternatively, you can click the message and press Ctrl+F3.
Top

How can I disable the F3 key search capability for Windows Explorer and Microsoft Internet Explorer (IE)?
You can configure a user's computer to enable or disable the ability to change file associations by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    registry subkey to configure the computer for all users, or navigate to the
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
    registry subkey to configure the computer for the current user. If either subkey doesn't exist, open the Edit menu and select New, Key to create it.

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name NoFileAssociate.

  5. Set the value to 1 to disable the user's ability to change file associations (this setting doesn't affect Power Users and Administrators); a value of 0 or a missing value enables the user's ability to change file associations.

  6. Click OK.

  7. Close the registry editor.

  8. Restart the computer for the changes to take effect.

Top

How can I enable or disable the user's ability to change file associations?
You can configure a user's computer to enable or disable the ability to change file associations by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    registry subkey to configure the computer for all users, or navigate to the
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
    registry subkey to configure the computer for the current user. If either subkey doesn't exist, open the Edit menu and select New, Key to create it.

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name NoFileAssociate.

  5. Set the value to 1 to disable the user's ability to change file associations (this setting doesn't affect Power Users and Administrators); a value of 0 or a missing value enables the user's ability to change file associations.

  6. Click OK.

  7. Close the registry editor.

  8. Restart the computer for the changes to take effect.

Top

How can I prevent Windows from displaying a certain file type in Windows Explorer's file types list in Windows 2000?
You can use Windows Explorer to view file types and modify file associations. To view the list of file types, open Windows Explorer; select Tools, Folder Options; then click the File Types tab. If you don't want Windows Explorer to display a certain file type (e.g., .txt), you need to modify the file-type's attributes in the registry. You can determine a file extension's file-type name by typing
assoc .<extension>
at the command prompt. For example, to determine the file-type name for the .txt extension, type
assoc .txt
and the computer will display
.txt=txtfile
To remove a file type from the Windows Explorer File Type dialog box, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_CLASSES_ROOT\ registry subkey.

  3. If a binary value doesn't exist, from the Edit menu select New, Binary Value; if a value of another data type (e.g., REG_DWORD) exists, delete the existing value, then from the Edit menu select New, Binary Value.

  4. Enter the name EditFlags, then press Enter.

  5. Double-click the value, set it to 01 00 00 00, then click OK.

The change takes effect immediately, and Windows Explorer will no longer display the file type. To make the file type reappear so that the user can once again change it, either delete the EditFlags value or set it to 00 00 00 00.
Top

Why did my USB 1.1 devices stop working after I updated a driver for a USB 2.0 device?
This problem is a known concern with Windows XP Service Pack 1 (SP1) and is caused when you use Device Manager to update the driver. To resolve the problem, restart the computer or open Device Manager, select the Action menu, then click Scan For Hardware Changes. Obviously, if you're using a USB mouse and keyboard, these devices will stop working, which might prevent you from cleanly shutting down your machine.
Top

Why can't I use the OS install-and-setup boot disks to install the Microsoft Developer Network (MSDN) files for Windows 2000?
MSDN for Win2K Server, Win2K Advanced Server, and Win2K Professional isn't designed to work with the standard Win2K boot disks. Attempting to boot from the Win2K boot disks will result in the following error:
Setup cannot find the End User Licensing Agreement (EULA).
Setup cannot continue. To quit, press F3.
MSDN for all three Win2K versions ships on one nonbootable DVD; as a result, the folder structure is different from previous versions. Suitable installation methods are to

  • boot from a disk that has real-mode CD-ROM drivers, then run winnt.exe from the desired source folder (e.g., Win2K Server, Win2K Pro)

  • boot from another OS, then run winnt32.exe from the desired source folder

Top

How can I delete an Active Directory (AD) object of an unknown type?
AD objects will occasionally have a default Windows icon and a type of Unknown when you view them in a Microsoft Management Console (MMC) AD snap-in, such as the MMC Active Directory Users and Computers snap-in, MMC Active Directory Sites and Services snap-in, or MMC Active Directory Domains and Trusts snap-in. If you attempt to delete the object, you'll receive the following error:
   Active Directory

   Windows cannot delete object <name of object> because:
   The specified directory service attribute or value does not exist.
This problem occurs when your user or group account has "list contents" permission on the parent of the object that you're viewing but you don't have rights for the object itself.
If you're a member of the local Administrators group on a domain controller (DC), you can work around this problem by taking ownership of the object, then giving yourself full permissions. To configure full permissions, perform the following steps:

  1. Start the Active Directory Users and Computers snap-in (go to Start, Programs, Administrative Tools, Active Directory Users and Computers) or the AD snap-in that listed the object that you can't delete.

  2. Navigate to the object's parent container.

  3. Right-click the object, then select Properties from the displayed context menu.

  4. Select the Security tab.

  5. Click the Advanced button.

  6. Select the Owner tab.

  7. In the Change Owner To section, select your account or the Administrators group that you belong to, then click OK.

  8. From the main Security tab, grant Full Control permission to your account or group, then click OK.

  9. Delete the object.

Top

Why am I receiving event ID errors 5737 and 7023 on my Windows 2000 Server Service Pack 2 (SP2) system?
Event ID 5737 is an unspecified Netlogon service error, and event ID 7023 is a Kerberos Key Distribution service error. Both errors prevent the concerned services from starting and are the result of a corrupt or missing rsaenh.dll file, which is the Microsoft Enhanced Cryptographic Provider. Win2K SP2 automatically upgrades the system to 128-bit encryption. In so doing, the service pack attempts to install the rsaenh.dll file. To resolve the problem, copy the rsaenh.dll file from another server or from the extracted service pack.
Top

How can I change the number of undo levels in Microsoft Access 2002?
You can change the number of undo levels in Access 2002 to any value from 1 to 20. The higher the number, the more resources the software will use to remember the previous states. To configure the number of undo levels, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Access\Settings
    registry subkey.

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name "Number of Undos" (without typing the quotes), then press Enter.

  5. Double-click the new value, set it from 1 to 20, then click OK.

  6. Close the registry editor. Top

How can I change the number of undo levels in Microsoft Excel 2000 and later?
You can change the number of undo levels in Excel to any value from 0 to 100. The higher the number, the more resources the software will use to remember the previous states. To configure the number of undo levels, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Excel\Options
    registry subkey for Excel 2002, or navigate to the
    HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Excel\Options
    registry subkey for Excel 2000.

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name UndoHistory, then press Enter.

  5. Double-click the new value, set it to a value from 0 to 100, then click OK.

  6. Close the registry editor.

Top

How can I modify the title text of Windows Media Player (WMP)?
To modify the default WMP title that displays Windows Media Player, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer
    registry subkey.

  3. From the Edit menu, select New, String Value.

  4. Enter the name TitleBar, then press Enter.

  5. Double-click the setting, enter the text you want to add to the title (e.g., SavillTech's Rock and Roll), then click OK.

  6. Close the registry editor.

The change takes effect immediately.
Top

What's the Diskpart utility?
Diskpart is similar to the MS-DOS Fdisk utility, which lets you create and view partitions from the command line. However, Diskpart does much more than Fdisk. In addition, the Diskpart UI matches the graphical interface of the Microsoft Management Console (MMC) Disk Management snap-in.
Diskpart is part of the "Microsoft Windows 2000 Server Resource Kit" and the "Microsoft Windows 2000 Professional Resource Kit." (Microsoft includes Diskpart as a core utility in Windows Server 2003 and Windows XP.) You can download the tool for free from Microsoft's Web site at http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/diskpart-o.asp .
To run Diskpart, type
diskpart
at the command prompt, then press Enter. Rather than relying on command-line execution, you actually run commands inside the Diskpart environment. When you're finished, type
exit
to leave the Diskpart environment. For example, the screen might display
   C:\Documents and Settings\john>diskpart

   Microsoft DiskPart version 1.0
   Copyright (C) 1999-2001 Microsoft Corporation.
   On computer: TRINITY

   DISKPART> exit

   Leaving DiskPart...

   C:\Documents and Settings\john>
during a Diskpart session.
Top

How can I use Diskpart to extend a volume?
You can use the Diskpart utility from the "Microsoft Windows 2000 Server Resource Kit" or the "Microsoft Windows 2000 Professional Resource Kit" to extend an existing volume by performing the following steps:

  1. Download the Diskpart utility from the Microsoft Web site at http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/diskpart-o.asp , then install it on your computer.

  2. Go to Start, Run, then type
    cmd
    to start a command-line session.

  3. Type
    diskpart
    to start a Diskpart session.

  4. Type
    list volume
    to list the current volumes. The list will look like 

    
   Volume ### Ltr Label Fs Type       Size  Status   Info
   ---------- --- ------------------- ----- -------- -------
   Volume 0   C   NTFS Partition      10 GB Healthy  System
   Volume 1   D   Data NTFS Partition  9 GB Healthy  Pagefile

  5. Type
    select volume <volume number>
    to select the volume you want to extend.

  6. Type
    extend
    to extend the selected volume. If you don't pass any parameters, Diskpart will use all unpartitioned space on the current disk. Alternatively, you can type
    extent size=<size in MB> disk=<disk number>
    to set a size and disk to use for the extension.

  7. Type
    exit
    when you're finished.

You can extend only volumes created on a dynamic disk, not volumes created on a basic disk that you've upgraded. If you try to extend volumes created on a basic disk, you'll receive the error "DiskPart failed to extend the volume. Please make sure the volume is valid for extending."
Top

How can I use Diskpart to create a mirrored disk?
You can use the Diskpart utility from the "Microsoft Windows 2000 Server Resource Kit" or the "Microsoft Windows 2000 Professional Resource Kit" to either create a new mirrored disk or mirror an existing disk. (Be aware that Windows XP doesn't support mirrored disks.) To create a new mirrored disk, perform the following steps:

  1. Download and install the Diskpart utility from the Microsoft Web site at http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/diskpart-o.asp .

  2. Go to Start, Run, then type
    cmd
    to start a command-line session.

  3. Type
    diskpart
    to start a Diskpart session.

  4. Type
    list disk
    to list the current disks. The list will look like 

    
   Disk ### Status Size  Free    Dyn  Gpt
   -------- ------ ----  ------- ---- ---
   Disk 1   Online 28 GB 6621 MB *
   Disk 2   Online 12 GB 12 GB   *
   Disk 3   Online 29 GB 29 GB   *

  5. Type
    select disk 2
    to select disk 2 as the disk on which you want to create the mirror.

  6. Type
    create volume simple size=100
    to create a new volume.

  7. Type
    add disk 3
    to add disk 3 as the new disk that will become the mirror.

To add a mirrored disk to an existing disk, perform the following steps:

  1. Download and install the Diskpart utility from the Microsoft Web  site.

  2. Go to Start, Run, then type
    cmd
    to start a command-line session.

  3. Type
    diskpart
    to start a Diskpart session.

  4. Type
    list disk
    to list the current disks. The list will look like 

    
   Disk ### Status Size  Free    Dyn  Gpt
   -------- ------ ----  ------- ---- ---
   Disk 1   Online 28 GB 6621 MB *
   Disk 2   Online 12 GB 12 GB   *
   Disk 3   Online 29 GB 29 GB   *

  5. Type
    select disk 1
    to select disk 1 as the existing disk that you want to mirror.

  6. Type
    list partition
    to list the current partitions. The list will look like 

    
   Partition ### Type         Size    Offset
   ------------- ------------ ------- ------
   Partition 1   Dynamic Data 10 GB   32 KB
   Partition 2   Dynamic Data 6001 MB 10 GB
   Partition 3   Dynamic Data 6001 MB 16 GB
   Partition 4   Dynamic Data 6621 MB 21 GB

  7. Type
    select partition <partition number> to select the partition for which you want to add a mirrored disk.

  8. Type
    add disk <disk number>
    to add a new disk, which will mirror the disk you selected in Step 5.

Top

How can I use Diskpart to create a RAID 5 set?
A RAID 5 set consists of data spread across three physical disks, of which one can fail without causing any data loss. To use the Diskpart utility from the "Microsoft Windows 2000 Server Resource Kit" or the "Microsoft Windows 2000 Professional Resource Kit" to create a RAID 5 set, perform the following steps:

  1. Download and install the Diskpart utility from the Microsoft Web site at http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/diskpart-o.asp .

  2. Go to Start, Run, then type
    cmd
    to start a command-line session.

  3. Type
    diskpart
    to start a Diskpart session.

  4. Type
    create volume raid size=<size in MB> disk=<disk numbers>
    where <size in MB> is the amount of space you want to use from each disk (in megabytes) and <disk numbers> is the numbers of the disks that you want to use in the RAID 5 configuration. For example,
    create volume raid size=6000 disk=1,2,3
    creates a RAID 5 set that's 12GB (i.e., 6000MB x 2) across three disks (one-third of the space is used for fault tolerance).

Top

How can I stop Microsoft Outlook 2002 from caching the Internet Mail Service (IMS) passwords?
Outlook typically caches all passwords for the IMS, including for the POP and IMAP services. However, if you want to disable password caching for security reasons, Outlook will prompt you for the password every time it accesses one of these services. To disable password caching, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Outlook\Security
    registry subkey, or create this subkey if it doesn't exist.

  3. From the Edit menu, select New, DWORD Value.

  4. Enter the name EnableRememberPwd, then press Enter.

  5. Double-click the new value, set it to 0, then click OK.

  6. Close the registry editor.

Top

What's the Windows Preinstallation Environment (WinPE)?
WinPE is a minimal OS, based on the Windows XP kernel, that will replace MS-DOS during the initial OS installation stages beginning with the next Windows desktop OS, which is known as Longhorn. Recent alpha builds of Longhorn use WinPE, which provides a GUI environment during the entire installation instead of the old text-based screen prompts that are common during the initial setup of earlier Windows installations. WinPE will also let the user enter the license key during the initial stage of the installation, rather than forcing the user to wait until later in the installation process.
Because WinPE is based on XP, this new minimal OS can

  • create and format disk partitions for FAT, FAT32, and NTFS

  • access file shares on an intranet and connect to as many as four file shares

  • support all mass-storage drivers for XP and Windows 2000

Top

Why do I receive event ID 529 in my Security event log?
Windows will generate event ID 529 if the machine environment meets the following criteria:

  • The machine is running Windows XP.

  • The machine is a member of a domain.

  • The machine is using a machine local account.

  • You've enabled logon failure auditing.

When the user logs off, Windows will write event ID 529 to the log file because the OS incorrectly tries to contact the domain controller (DC), despite the fact that the machine is using a local account. Microsoft currently doesn't provide a fix for this problem, but you can safely ignore this event ID.
Top

How can I save and load a new Microsoft Plus! desktop theme in Windows XP?
XP's desktop themes feature lets you customize icons, desktop wallpaper, colors, mouse pointers, visual style, and sounds. If you've created your own theme, you can save it to a .theme file by performing the following steps:

  1. Start the Control Panel Desktop applet (go to Start, Control Panel, then click Display).

  2. Select the Themes tab, then click Save As.

  3. Enter a name for your theme (by default, XP will save the theme in the My Documents folder but you can specify another location), then click Save.

XP will create a file with a .theme extension that you can back up or send to another machine.
To load a theme, perform the following steps:

  1. Start the Control Panel Desktop applet (go to Start, Control Panel, then click Display).

  2. Select the Themes tab.

  3. From the the Theme drop-down menu, click Browse.

  4. Navigate to the location of your theme, select the .theme file, then click Open.

Be aware that a .theme file contains only the name of your background picture, not the picture itself. Therefore, if you have a custom graphic and you haven't backed it up or copied it to another computer to the same location as your .theme file, XP will ignore the background picture setting when you try to load the theme. You can use a text editor to modify a .theme file.
Top

How can I tell whether my Microsoft software is legitimate?
Visit the Microsoft How To Tell Web site at http://www.microsoft.com/piracy/htt for instructions on how to verify the legitimacy of your software. However, if you bought your software down the street for $10 or if it has a photocopied cover, you can bet that it's probably not an original copy.
Top

What's Longhorn?
Longhorn is the code name for the successor client desktop OS to Windows XP. The new OS will offer several improvements and additions, including:

  • a new task-based interface, code-named Avalon

  • a new file system called Windows Future Storage (WinFS) that's based on Yukon, the next iteration of Microsoft SQL Server technology

  • an updated GUI that makes full use of 3-D rendering; early alpha builds contain a Plex visual style that Microsoft will replace in later builds

  • a new sidebar element that can contain configurable elements such as a graphical clock or a photo slideshow

  • a new breadcrumb bar in Windows Explorer that replaces the address bar and offers shortcuts to various folders based on your current selected folder

  • improved security, including the next-generation secure computing base for Windows initiative (formerly known as Palladium--for information, see http://www.microsoft.com/presspass/features/2002/jul02/07-01palladium.asp )

  • a new installation process that uses the Windows Preinstallation Environment (WinPE); for more information on WinPE, see the FAQ titled "What's the Windows Preinstallation Environment (WinPE)?"

  • a new search tool with improved abilities and a simplified  interface

  • integrated DVD recording abilities, including support for DVD+R/RW and DVD-R/RW

  • new API calls for tighter antivirus support

Top

What's Windows XP's Start menu scrolling?
If you have many different programs and program groups installed and you click Start, Programs, the list of applications might take up a large part of the screen or not all fit on screen. To configure the desktop to display the available programs in one column with a navigation bar that lets you scroll through the list, perform the following steps:

  1. Right-click the Start button, then select Properties from the displayed context menu.

  2. Click the Customize button.

  3. If you're using XP's Classic Start menu, select the Scroll Programs check box under "Advanced Start menu options". If you're not using XP's Classic Start menu, select the Advanced tab, select Scroll Programs under "Start menu items".

  4. Click OK to close all dialog boxes.

You can also configure the Scroll Programs setting directly in the registry by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    registry subkey.

  3. Double-click StartMenuScrollPrograms, set the value to Yes to scroll or No to not scroll, then click OK.

  4. Close the registry editor.

  5. Log off and log on for the change to take effect.

Top

When I right-click an NTFS volume, why can't I see the Quota tab?
If the Quota tab isn't visible, your user account or group doesn't have the Traverse Folder/Execute File right on that NTFS volume. To resolve this problem, perform the following steps:

  1. Right-click the NTFS volume in Windows Explorer or My Computer, then select Properties from the displayed context menu.

  2. Select the Security tab.

  3. Click the Advanced button.

  4. Select the Permissions tab.

  5. Select the entry that applies to your user account or group, then click Edit.

  6. Under the "Apply onto" section, ensure the "This folder, subfolders and files" check box is selected.

  7. Select the Allow check box for Traverse Folder/Execute File permissions, then click OK.

  8. Click OK to close all dialog boxes.

The Quota tab will now be available when you right-click the NTFS volume.
Top

Why do I receive a run32dll.exe error when I open Control Panel in Windows XP or Windows 2000?
You might receive such an error if the run32dll.exe file is corrupt or if a virus (e.g., W32/SirCam@MM) is present on your machine. To correct the error, begin by ensuring that you have an up-to-date virus checker and perform a full scan of your system. Next, to restore run32dll.exe, insert your XP or Win2K installation CD-ROM, then go to a command prompt and type
expand <CD-ROM:>\i386\rundll32.ex_ %Systemroot%\rundll32.exe
to extract the version of the file to your system. After you extract the file, restart your machine.
Top

Why does Windows XP sometimes fail to recognize my FireWire (IEEE 1394) hard disk after a restart?
This is a known problem in XP in which the disk fails to start on approximately every fifth attempt. No fix is currently available. The only solution is to unplug the disk, wait 15 seconds, then reconnect the device. If this solution doesn't work, try powering off the computer, wait 5 seconds, then restart the machine.
Top

How can I make the Lotus Notes Web client work in Microsoft Internet Explorer (IE)?
Just as Microsoft Exchange Server has the Microsoft Outlook Web Access (OWA) interface, Lotus Notes offers a Web-based email client that uses Java for many of its features. However, if you try to use the Lotus Notes Web client under IE, the menus might not load, which can prevent you from traversing messages and performing required actions. The problem is caused when you've configured IE to use Sun Microsystems' Java Virtual Machine (JVM). An incompatibility exists between Sun's JVM and the Lotus Notes Web client Java applets. However, you can use any version of the Microsoft JVM. To determine whether you're using Sun's JVM and to resolve the problem, perform the following steps:

  1. Start IE.

  2. From the Tools menu, select Internet Options.

  3. Select the Advanced tab.

  4. Scroll down to see whether you have a Java (Sun) section. If you have the section, clear the "Use Java 2 v<java version> for <applet> (requires restart)" check box.

  5. Click OK to close the dialog box, then close IE.

  6. Restart IE.

You should now be able to use the Lotus Notes Web client.
Top

How can I uninstall the Microsoft Java Virtual Machine (JVM) from Windows XP?
You might want to remove the Microsoft JVM, which Microsoft no longer supports, in favor of the more recent Sun Microsystems' JVM. To remove the Microsoft JVM, perform the following steps:

  1. From the Start menu, select Run.

  2. Enter the command
    RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall
    to start the uninstall process

  3. Click Yes to the confirmation, then select Reboot.

  4. After the machine restarts, delete the following items:

    • the \%systemroot%\java folder

    • java.pnf from the \%systemroot%\inf folder

    • jview.exe and wjview.exe from the \%systemroot%\system32 folder

    • the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM registry subkey

    • the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\JAVA_VM registry subkey (to remove the Microsoft Internet Explorer--IE--options)
      Microsoft JVM is now removed. You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html .

Top

How can I prevent Windows Media Player (WMP) 8.0 and later from maintaining a recent-files list?
The WMP File menu lists your most recently played files. If you don't want WMP to maintain this list, perform the following steps:

  1. Start a registry editor (regedit.exe).

  2. Navigate to the
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences
    registry subkey.

  3. From the Edit menu, select New, Binary Value.

  4. Enter a name of AddToMRU, then press Enter.

  5. Double-click the new value, set it to 00 to disable the list or 01 to enable it, then click OK.

  6. Close the registry editor.

You can clear current entries from the most recently played files list by either deleting the
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\RecentFileList
registry subkey or deleting individual entries under this subkey. To clear streamed media entries, delete the
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\RecentURLList
registry subkey.
Top

How can I add or modify Microsoft Internet Explorer (IE) command shortcuts?
Top

Why do I hear hissing through my USB speakers when I play sounds at high volume on my laptop computer?
Top

How does the site-costing feature differ between Windows Server 2003 Dfs and Windows 2000 Dfs?
Top

Why does the "The password is not valid" error message appear when I log on to Windows XP's Recovery Console (RC), even though I enter the correct password?
Top

How can I configure the keep-alive timeout registry setting for Microsoft Internet Explorer (IE)?
Top

Why can't I activate my Windows XP installation on my Dell Inspiron 8100 laptop?
Top

What's Windows Server 2003?
Top

How can I determine whether the Microsoft Java Virtual Machine (JVM) is installed on my computer?
Top

What's the difference between Windows XP Service Pack 1 (SP1) and XP SP1a?
Top

Why can't I execute programs in the application data area even after I add %APPDATA% to the path string on my Windows XP or Windows 2000 computer?
Top

Why is my Windows XP DHCP client address set to 0.0.0.0?
Top

How can I copy more than one file specification at a time from the command prompt?
Top

Why can't I use Microsoft NetMeeting to share applications?
Top

How can I configure a services startup type from the command line?
Top

How can I use Group Policy to configure the Shutdown Event Tracker?
Top

What's Rendom.exe?

What's the Windows Media Player (WMP) 9 coders/decoders (codecs) download?
Top

How can I configure my command prompt to display the machine name?
Top

How can I install the Microsoft Loopback Adapter in Windows XP?
Top

How can I use Group Policy to restrict access to the Microsoft Internet Explorer (IE) configuration tabs?
Top

How can I use the registry to restrict access to the Microsoft Internet Explorer (IE) configuration tabs?
Top

How can I prevent users from importing or exporting their Microsoft Internet Explorer (IE) Favorites?
Top

What's new in Windows Media Player (WMP) 9?
Top

How can I enable the Windows Media Player (WMP) 9 Mini-Player mode?
Top

What'ss the Internet Security and Acceleration (ISA) Server 2000 Feature Pack 1?
Top

How can I create an Automated System Recovery (ASR) backup?
Top

How can I restore my system by using an Automated System Recovery (ASR) backup?
Top

How can I specify which disk-error-checking utility I want to use in Windows 2000 and later?
Top

How can I include a specific file type in a file-system search under Windows XP?
Top

How can I use the Windows XP interface to include all file types in a file-system search?
Top

How can I use the registry to include all file types in a file-system search under Windows XP?
Top

Why does my display seem sluggish and I can't enable DirectX with Windows XP and later?
Top

How can I switch my Telnet server to use Stream mode instead of Console mode in Windows XP?
Top

How can I change which tools Windows 2000 or later uses by default for disk cleanup, backup, and defragmentation?
Top

How can I prevent Windows XP's Network Bridge feature from forwarding network packets?
Top

How can I change the "Windows Update" text that appears under the Microsoft Internet Explorer (IE) Tools menu?
Top

How can I disable the Universal Naming Convention (UNC) check for command sessions?
Top

How can I install the Network Monitor client under Windows XP?
Top

How can I connect the Microsoft Outlook 2002 client to an IBM Lotus Domino R5 server?
Top

Valid HTML 4.01!