Scribd Logo
Upload

Welcome to Scribd!

  • 2 K 3

    Uploaded by

    rprapu
    23 views35 pages
    Microsoft XP Microsoft Windows Server 2003 LINUX Tips and Tricks Smart Linux MISC Tips and Tricks WHITE PAPERS Upgrading to Windows XP How to Upgrade Windows 98 or Windows ME Profiles to Windows XP domain User profiles Speed up your browsing of Windows 2000 and XP machines NTFS vs. FAT Make your Folders Private IP address of your connection Fix your Slow XP and 98 Network Copy Files and Folders to CD Create a Password Reset

    Original Description:

    Original Title

    2k3

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Microsoft XP Microsoft Windows Server 2003 LINUX Tips and Tricks Smart Linux MISC Tips and Tricks WHITE PAPERS Upgrading to Windows XP How to Upgrade Windows 98 or Windows ME Profiles to Windows XP domain User profiles Speed up your browsing of Windows 2000 and XP machines NTFS vs. FAT Make your Folders Private IP address of your connection Fix your Slow XP and 98 Network Copy Files and Folders to CD Create a Password Reset

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views35 pages

    2 K 3

    Uploaded by

    rprapu
    Microsoft XP Microsoft Windows Server 2003 LINUX Tips and Tricks Smart Linux MISC Tips and Tricks WHITE PAPERS Upgrading to Windows XP How to Upgrade Windows 98 or Windows ME Profiles to Windows XP domain User profiles Speed up your browsing of Windows 2000 and XP machines NTFS vs. FAT Make your Folders Private IP address of your connection Fix your Slow XP and 98 Network Copy Files and Folders to CD Create a Password Reset

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 35

    Monday, September 05, 2011

    Tips & Tricks

    |Home| |Sitemap| |Contact Us| MICROSOFT TIPS & TRICKS Microsoft XP Microsoft Windows Server 2003 LINUX TIPS & TRICKS Smart Linux MISC TIPS & TRICKS WHITE PAPERS
    How to make your Desktop Icons Transparent Set the Search Screen to the Classic Look Upgrading to Windows XP How to Upgrade Windows 98 or Windows ME Profiles to Windows XP Domain User Profiles Speed up your browsing of Windows 2000 & XP machines Set up and Use Internet Connection Sharing Set Processes Priority Set Permissions for Shared Files and Folders Search For Hidden Or System Files In Windows XP Restricting Logon Access Remove the Bin from the Desktop How to Rename the Recycle Bin Provide Remote Assistance When Using a NAT Device Ports That Are Used by Windows Product Activation NTFS vs. FAT Make your Folders Private IP address of your connection How to use Windows Update Properly Install/Enable NetBEUI Under WinXP How to remove the Default Picture and Fax Preview Action Converting FAT to NTFS file system AVI File Fix in Windows XP

    How do I enable advanced security settings like found in Windows 2000 Hide 'User Accounts' from users Force users to press Ctrl-Alt-Delete to Logon Fix your Slow XP and 98 Network Copy Files and Folders to CD Create a Password Reset Disk Disable CD Autorun Adding Programs To Stay On The Start Menu Boot Defragment For a Safer, faster XP Close Unwanted Services Getting an Older Program to Run on Windows XP Changing The Internet Time Update Synchronization Slow Shutdown Rename a Series of Files Licensing Issues To change drive letters My Computer Won't Shut Down Itself After Installing XP Never Re-Activate After Installation On Screen Keyboard How To Enable Hibernation How to create a boot disk Music and Audio with XP How to make My Computer' open in Explore mode with folder list XP to directly access WebDAV "internet disks" Get rid of Windows Messenger Remove Shared Documents Change the text in Internet Explorers title bar to anything you want Reduce Temporary Internet File Space Enable / Disable Firewall Win XP Wont Completely Shutdown Clear Page file on shutdown Adjust various visual effects Disable Error Reporting Remove shortcut arrow from desktop icons Easy sendto menu modification Enable Clear Type Getting MP3 ripping to work in Windows Media Player 8 in XP Where has Scan Disk Gone

    Hibernate Option Computer management console XP Animations Turn off Welcome screen Speed up viewing shared files across a network Setup XP from a Network drive Use a Shortcut to Local Area Network Connection Information Speed up your Windows 2000/XP system and save resources at the same time Use Windows Update to Keep Your Computer Current Unlocking WinXP's setupp.ini Ping Function Use PostScript Type 1 fonts in XP

    Windows XP Tips & Tricks


    How to make your Desktop Icons Transparent X Go to control Panel > System, > Advanced > Performance area > Settings button Visual Effects tab "Use drop shadows for icon labels on the Desktop" Set the Search Screen to the Classic Look X When I first saw the default search pane in Windows XP, my instinct was to return it to its classic look; that puppy had to go. Of course, I later discovered that a doggie door is built into the applet. Click "Change preferences" then "Without an animated screen character." If you'd rather give it a bare-bones "Windows 2000" look and feel, fire up your Registry editor and navigate to: HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ CabinetState. You may need to create a new string value labeled "Use Search Asst" and set it to "no". Upgrading to Windows XP X You can upgrade a computer that runs Windows 98, 98SE, or Me to Windows XP Home Edition. Those same versions, along with Windows NT Workstation 4.0 and Windows 2000 Professional, can be upgraded to Windows XP Professional. (1) To ensure a smooth upgrade and avoid networking problems, follow these tips before starting the upgrade: (2) Install all network cards. XP will detect them and automatically install the right drivers. (3) Have your Internet connection available. The XP setup process will connect to a Microsoft server to download the latest setup files, including changes that have been made since XP was released. Some programs are incompatible with XP and can cause networking problems. Un-install these programs. After the upgrade is complete and the network is working, re-install XP-compatible versions of these programs: Internet Connection Sharing, NAT, Proxy Server Anti-Virus Firewall. X How to Upgrade Windows 98 or Windows ME Profiles to Windows XP Domain User Profiles How to Upgrade Windows 98 or Windows Millennium Edition Profiles to Windows XP Domain User Profiles This guide describes how to upgrade a Microsoft Microsoft Windows 98-based, or Microsoft Windows Millennium Edition-based client that has user profiles to a Microsoft Windows XP-based client.

    The following steps enable the Windows 98 and Windows Millennium Edition (Me) profiles to be retained throughout the process. Your best method to retain the profiles is to join the domain during the upgrade installation process. Otherwise, you must use a workaround method to transfer the profile information over to the Windows XP profile. During the upgrade installation process, at the networking section, the administrator is offered the choice to join a domain or a workgroup. If you join the domain at this juncture, you ensure that all the existing profiles are migrated successfully to the Windows XP-based installation. If you did not join the computer to the domain during the upgrade process, you must use the following workaround method: Join the upgraded computer to the target domain. All applicable users must log on and log off (which generates a profile). Copy the appropriate Application Data folder from the Windows 95, Windows 98, and Windows Me profiles to the newly created user profiles. X Speed up your browsing of Windows 2000 & XP machines
    Here's a great tip to speed up your browsing of Windows XP machines. Its actually a fix to a bug installed as default in Windows 2000 that scans shared files for Scheduled Tasks. And it turns out that you can experience a delay as long as 30 seconds when you try to view shared files across a network because Windows 2000 is using the extra time to search the remote computer for any Scheduled Tasks. Note that though the fix is originally intended for only those affected, Windows 2000 users will experience that the actual browsing speed of both the Internet & Windows Explorers improve significantly after applying it since it doesn't search for Scheduled Tasks anymore. Here's how : Open up the Registry and go to : HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Explorer/RemoteComputer/NameSpace Under that branch, select the key : {D6277990-4C6A-11CF-8D87-00AA0060F5BF} and delete it. This is key that instructs Windows to search for Scheduled Tasks. If you like you may want to export the exact branch so that you can restore the key if necessary. This fix is so effective that it doesn't require a reboot and you can almost immediately determine yourself how much it speeds up your browsing processes.

    X Set up and Use Internet Connection Sharing With Internet Connection Sharing (ICS) in Windows XP, you can connect one computer to the Internet, then share the Internet service with several computers on your home or small office network. The Network Setup Wizard in Windows XP Professional will automatically provide all of the network settings you need to share one Internet connection with all the computers in your network. Each computer can use programs such as Internet Explorer and Outlook Express as if they were directly connected to the Internet. You should not use this feature in an existing network with Windows 2000 Server domain controllers, DNS servers, gateways, DHCP servers, or systems configured for static IP addresses.
    Enabling ICS

    The ICS host computer needs two network connections. The local area network connection, automatically created by installing a network adapter, connects to the computers on your home or small office network. The other connection, using a 56k modem, ISDN, DSL, or cable modem, connects the home or small office network to the Internet. You need to ensure that ICS is enabled on the connection that has the Internet

    connection. By doing this, the shared connection can connect your home or small office network to the Internet, and users outside your network are not at risk of receiving inappropriate addresses from your network. When you enable ICS, the local area network connection to the home or small office network is given a new static IP address and configuration. Consequently, TCP/IP connections established between any home or small office computer and the ICS host computer at the time of enabling ICS are lost and need to be reestablished. For example, if Internet Explorer is connecting to a Web site when Internet Connection Sharing is enabled, refresh the browser to reestablish the connection. You must configure client machines on your home or small office network so TCP/IP on the local area connection obtains an IP address automatically. Home or small office network users must also configure Internet options for Internet Connection Sharing. To enable Internet Connection Sharing (ICS) Discovery and Control on Windows 98, Windows 98 Second Edition, and Windows Millennium Edition computers, run the Network Setup Wizard from the CD or floppy disk on these computers. For ICS Discovery and Control to work on Windows 98, Windows 98 Second Edition, and Windows Millennium Edition computers, Internet Explorer version 5.0 or later must be installed. To enable Internet Connection Sharing on a network connection You must be logged on to your computer with an owner account in order to complete this procedure. Open Network Connections. (Click Start, click Control Panel, and then double-click Network Connections.) Click the dial-up, local area network, PPPoE, or VPN connection you want to share, and then, under Network Tasks, click Change settings of this connection. On the Advanced tab, select the Allow other network users to connect through this computer's Internet connection check box. If you want this connection to dial automatically when another computer on your home or small office network attempts to access external resources, select the Establish a dial-up connection whenever a computer on my network attempts to access the Internet check box. If you want other network users to enable or disable the shared Internet connection, select the Allow other network users to control or disable the shared Internet connection check box. Under Internet Connection Sharing, in Home networking connection, select any adapter that connects the computer sharing its Internet connection to the other computers on your network. The Home networking connection is only present when two or more network adapters are installed on the computer. To configure Internet options on your client computers for Internet Connection Sharing Open Internet Explorer. Click Start, point to All Programs, and then click Internet Explorer.) On the Tools menu, click Internet Options. On the Connections tab, click Never dial a connection, and then click LAN Settings. In Automatic configuration, clear the Automatically detect settings and Use automatic configuration script check boxes. In Proxy Server, clear the Use a proxy server check box.

    X Set Processes Priority

    Follow this tip to increase the priority of active processes, this will result in prioritisation of processes using the CPU. CTRL-SHIFT-ESC 1.Go to the second tab called Processes, right click on one of the active processes, you will see the Set Priority option 2.For example, your Run your CDwriter program , set the priority higher, and guess what, no crashed CDs X Remove XP Messenger

    Theoretically, you can get rid of it (as well as a few other things). Windows 2000 power users should already be familiar with this tweak. Fire up the Windows Explorer and navigate your way to the %SYSTEMROOT% \ INF folder. What the heck is that thingy with the percentage signs? It's a variable. For most people, %SYSTEMROOT% is C:\Windows. For others, it may be E:\WinXP. Get it? Okay, on with the hack! In the INF folder, open sysoc.inf (but not before making a BACKUP copy first). Before your eyes glaze over, look for the line containing "msmsgs" in it. Near the end of that particular line, you'll notice that the word "hide" is not so hidden. Go ahead and delete "hide" (so that the flanking commas are left sitting next to one another). Save the file and close it. Now, open the Add and Remove Programs applet in the Control Panel. Click the Add / Remove Windows Components icon. You should see "Windows Messenger" in that list. Remove the checkmark from its box, and you should be set. NOTE: there are other hidden system components in that sysoc.inf file, too. Remove "hide" and the subsequent programs at your own risk. X Set Permissions for Shared Files and Folders Sharing of files and folders can be managed in two ways. If you chose simplified file sharing, your folders can be shared with everyone on your network or workgroup, or you can make your folders private. (This is how folders are shared in Windows 2000.) However, in Windows XP Professional, you can also set folder permissions for specific users or groups. To do this, you must first change the default setting, which is simple file sharing. To change this setting, follow these steps: Open Control Panel, click Tools, and then click Folder Options. Click the View tab, and scroll to the bottom of the Advanced Settings list. Clear the Use simple file sharing (Recommended) check box. To manage folder permissions, browse to the folder in Windows Explorer, right-click the folder, and then click Properties. Click the Security tab, and assign permissions, such as Full Control, Modify, Read, and/or Write, to specific users. You can set file and folder permissions only on drives formatted to use NTFS, and you must be the owner or have been granted permission to do so by the owner. X Search For Hidden Or System Files In Windows XP The Search companion in Windows XP searches for hidden and system files differently than in earlier versions of Windows. This guide describes how to search for hidden or system files in Windows XP. Search for Hidden or System Files By default, the Search companion does not search for hidden or system files. Because of this, you may be unable to find files, even though they exist on the drive. To search for hidden or system files in Windows XP: Click Start, click Search, click All files and folders, and then click More advanced options. Click to select the Search system folders and Search hidden files and folders check boxes. NOTE: You do not need to configure your computer to show hidden files in the Folder Options dialog box in Windows Explorer to find files with either the hidden or system attributes, but you need to configure your computer not to hide protected operating system files to find files with both the hidden and system attributes. Search Companion shares the Hide protected operating system files option (which hides files with both the system and hidden attributes) with the Folder Options dialog box Windows Explorer. X Restricting Logon Access If you work in a multiuser computing environment, and you have full (administrator level) access to your computer, you might want to restrict unauthorized access to your "sensitive" files under Windows 95/98. One way is to disable the Cancel button in the Logon dialog box. Just run Regedit and go to: HKEY_LOCAL_MACHINE/Network/Logon Create the "Logon" subkey if it is not present on your machine: highlight the Network key -> right-click in the left hand Regedit pane -> select New -> Key -> name it "Logon" (no quotes) -> press Enter. Then add/modify a DWORD value and call it "MustBeValidated" (don't type the quotes). Double-click it, check the Decimal box and type 1 for value.

    Now click the Start button -> Shut Down (Log off UserName) -> Log on as a different user, and you'll notice that the Logon Cancel button has been disabled. X Remove the Bin from the Desktop If you don't use the Recycle Bin to store deleted files , you can get rid of its desktop icon all together. Run Regedit and go to: HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/explorer/Desktop/NameSpace Click on the "Recycle Bin" string in the right hand pane. Hit Del, click OK. X How to Rename the Recycle Bin To change the name of the Recycle Bin desktop icon, open Regedit and go to: HKEY_CLASSES_ROOT/CLSID/{645FF040-5081-101B-9F08-00AA002F954E} and change the name "Recycle Bin" to whatever you want (don't type any quotes). X Provide Remote Assistance When Using a NAT Device You can provide Remote Assistance to a friend who uses a Network Address Translation (NAT) device by modifying the Remote Assistance invitation using XML. Network Address Translation is used to allow multiple computers to share the same outbound Internet connection. To open a Remote Assistance session with a friend who uses a NAT device: 1. Ask your friend to send you a Remote Assistance invitation by e-mail. 2. Save the invitation file to your desktop. 3. Right-click the file, and then click Open With Notepad. You'll see that the file is a simple XML file. 4.Under the RCTICKET attribute is a private IP address, such as 192.168.1.100. 5. Over-write this IP address with your friend's public IP address. Your friend must send you his or her public IP address: they can find out what it is by going to a Web site that will return the public IP address, such as <http://www.dslreports.com/ip>. 6. Save the file, and then double-click it to open the Remote Assistance session. Now, you'll be able to connect and provide them with the help they need. So that your inbound IP connection is routed to the correct computer, the NAT must be configured to route that inbound traffic. To do so, make sure your friend forwards port 3389 to the computer they want help from.

    X Ports That Are Used by Windows Product Activation Windows Product Activation uses the following ports: 80 - HTTP 443 - HTTPS X Make your Folders Private Open My Computer Double-click the drive where Windows is installed (usually drive (C:), unless you have more than one drive on your computer). If the contents of the drive are hidden, under System Tasks, click Show the contents of this drive. Double-click the Documents and Settings folder. Double-click your user folder. Right-click any folder in your user profile, and then click Properties. On the Sharing tab, select the Make this folder private so that only I have access to it check box. Note To open My Computer, click Start, and then click My Computer.

    This option is only available for folders included in your user profile. Folders in your user profile include My Documents and its subfolders, Desktop, Start Menu, Cookies, and Favorites. If you do not make these folders private, they are available to everyone who uses your computer. When you make a folder private, all of its subfolders are private as well. For example, when you make My Documents private, you also make My Music and My Pictures private. When you share a folder, you also share all of its subfolders unless you make them private. You cannot make your folders private if your drive is not formatted as NTFS For information about converting your drive to NTFS X NTFS vs. FAT To NTFS or not to NTFS-that is the question. But unlike the deeper questions of life, this one isn't really all that hard to answer. For most users running Windows XP, NTFS is the obvious choice. It's more powerful and offers security advantages not found in the other file systems. But let's go over the differences among the files systems so we're all clear about the choice. There are essentially three different file systems available in Windows XP: FAT16, short for File Allocation Table, FAT32, and NTFS, short for NT File System. FAT16 The FAT16 file system was introduced way back with MS-DOS in 1981, and it's showing its age. It was designed originally to handle files on a floppy drive, and has had minor modifications over the years so it can handle hard disks, and even file names longer than the original limitation of 8.3 characters, but it's still the lowest common denominator. The biggest advantage of FAT16 is that it is compatible across a wide variety of operating systems, including Windows 95/98/Me, OS/2, Linux, and some versions of UNIX. The biggest problem of FAT16 is that it has a fixed maximum number of clusters per partition, so as hard disks get bigger and bigger, the size of each cluster has to get larger. In a 2-GB partition, each cluster is 32 kilobytes, meaning that even the smallest file on the partition will take up 32 KB of space. FAT16 also doesn't support compression, encryption, or advanced security using access control lists. FAT32 The FAT32 file system, originally introduced in Windows 95 Service Pack 2, is really just an extension of the original FAT16 file system that provides for a much larger number of clusters per partition. As such, it greatly improves the overall disk utilization when compared to a FAT16 file system. However, FAT32 shares all of the other limitations of FAT16, and adds an important additional limitation-many operating systems that can recognize FAT16 will not work with FAT32-most notably Windows NT, but also Linux and UNIX as well. Now this isn't a problem if you're running FAT32 on a Windows XP computer and sharing your drive out to other computers on your network-they don't need to know (and generally don't really care) what your underlying file system is. The Advantages of NTFS The NTFS file system, introduced with first version of Windows NT, is a completely different file system from FAT. It provides for greatly increased security, file-by-file compression, quotas, and even encryption. It is the default file system for new installations of Windows XP, and if you're doing an upgrade from a previous version of Windows, you'll be asked if you want to convert your existing file systems to NTFS. Don't worry. If you've already upgraded to Windows XP and didn't do the conversion then, it's not a problem. You can convert FAT16 or FAT32 volumes to NTFS at any point. Just remember that you can't easily go back to FAT or FAT32 (without reformatting the drive or partition), not that I think you'll want to. The NTFS file system is generally not compatible with other operating systems installed on the same computer, nor is it available when you've booted a computer from a floppy disk. For this reason, many system administrators, myself included, used to recommend that users format at least a small partition at the beginning of their main hard disk as FAT. This partition provided a place to store emergency recovery tools or special drivers needed for reinstallation, and was a mechanism for digging yourself out of the hole you'd just dug into. But with the enhanced recovery abilities built into Windows XP (more on that in a future column), I don't think it's necessary or desirable to create that initial FAT partition. When to Use FAT or FAT32 If you're running more than one operating system on a single computer , you will definitely need to format some of your volumes as FAT. Any programs or data that need to be accessed by more than one operating system on that computer should be stored on a FAT16 or possibly FAT32 volume. But keep in mind that you

    have no security for data on a FAT16 or FAT32 volume-any one with access to the computer can read, change, or even delete any file that is stored on a FAT16 or FAT32 partition. In many cases, this is even possible over a network. So do not store sensitive files on drives or partitions formatted with FAT file systems. X IP address of your connection Go to start/run type 'cmd' then type 'ipconfig' Add the '/all' switch for more info. X How to use Windows Update Properly If you want to save your files to your hard drive, so after a format you don't have to download them all again, here's How: - Logon to Windows Update - Choose Windows Update Catalogue (left hand pane) - Choose Find updates for Microsoft Windows operating systems (right hand pane) - Choose your version and language then Search - Choose one the following: - Critical Updates and Service Packs - Service Packs and Recommended Downloads - Multi-Language Features (0) - Once chosen simply click on what you want to download and then back at the top click Review Download Basket - You are taken to the next page where at the top you can specify where downloads are to be saved. - Click Download now. Each patch will make a directory under the root of the folder you saved them to. Once finished you need to go to where you saved the file (s) to and then simply install all your patches. X Install/Enable NetBEUI Under WinXP If for some reason you need to install NetBEUI then follow these instructions. **Note - You will need the WinXP CD in order to to this! Support for the NetBIOS Extended User Interface protocols (also called NetBEUI or NBF) in Windows XP has been discontinued. If your configuration requires temporary use of NetBEUI for Windows XP, follow these steps: To install the NETBEUI protocol: - Locate the Valueadd/msft/net/netbeui directory on your Windows XP CD.Copy nbf.sys into the %SYSTEMROOT%SYSTEM32DRIVERS directory. - Copy netnbf.inf into the %SYSTEMROOT%INF directory. - In Control Panel, click Network and Internet Connections and then click Network Connections.

    - Right-click the connection you want to configure, and then click Properties. - On the General tab, click the INSTALL button to add the NetBEUI protocol. X How to remove the Default Picture and Fax Preview Action Go To Start > Run and type `Regedit` and press `OK` Navigate to: HKEY_LOCAL_MACHINE/SOFTWARE/Classes/CLSID/{e84fda7c-1d6a-45f6-b725-cb260c236066}/shellex Deleted the MayChangeDefaultMenu key. X How to Convert FAT to NTFS file system To convert a FAT partition to NTFS, perform the following steps. Click Start, click Programs, and then click Command Prompt. In Windows XP, click Start, click Run, type cmd and then click OK. At the command prompt, type CONVERT [driveletter]: /FS:NTFS. Convert.exe will attempt to convert the partition to NTFS. NOTE: Although the chance of corruption or data loss during the conversion from FAT to NTFS is minimal, it is best to perform a full backup of the data on the drive that it is to be converted prior to executing the convert command. It is also recommended to verify the integrity of the backup before proceeding, as well as to run RDISK and update the emergency repair disk (ERD). X AVI File Fix in Windows XP If you have any AVI files that you saved in Windows 9x, which have interference when opened in Windows XP, there is an easy fix to get rid of the interference: Open Windows Movie Maker. Click View and then click Options. Click in the box to remove the check mark beside Automatically create clips. Now, import the movie file that has interference and drag it onto the timeline. Then save the movie, and during the re-rendering, the interference will be removed. X How do I enable advanced security settings like found in Windows 2000 Open windows explorer then click on Tools->Folder Options Click on the View Tab. Scroll to the bottom and deselect (uncheck) the option that reads 'use simple file sharing' This will allow you to see the security tab when viewing the properties of a file/folder. X Hide 'User Accounts' from users Go to Start/Run, and type: GPEDIT.MSC Open the path User Config > Admin Templates > Control Panel doubleclick "Hide specified Control Panel applets" put a dot in 'enabled', then click 'Show"

    click Add button, type "nusrmgt.cpl" into the add box

    X Force users to press Ctrl-Alt-Delete to Logon (XPPro only) Go to start/run, and type control userpasswords2

    X Fix your Slow XP and 98 Network You can run "wmiprvse.exe" as a process for quick shared network access to Win98/ME machines. Stick it in Startup or make it a service. "On the PC running XP, log in as you normally would, go to users, manage network passwords. Here is where the problem lies. In this dialog box remove any win98 passwords or computer-assigned names for the win98 PCs. In my case , I had two computer-assigned win98 pc names in this box (example G4k8e6). I deleted these names (you may have passwords instead). Then go to My Network Places and -there you go! -- no more delay! Now, after I did this and went to My Network Places to browse the first Win98 PC, I was presented with a password/logon box that looked like this: logon: G4k8e6/guest (lightly grayed out) and a place to enter a password. I entered the password that I had previously used to share drives on the Win98 PCs long before I installed XP. I have the guest account enabled in XP. This solves the problem for Win98 & XP machines on a LAN; I can't guarantee it will work for Win2K/ME machines as well, but the whole secret lies in the passwords. If this doesn't solve your slow WinXP>Win98 access problems, then you probably have other things wrong. Don't forget to uncheck 'simple file sharing,' turn off your ICS firewall, enable NetBIOS over TCP/IP and install proper protocols, services & permissions."

    X Copy Files and Folders to CD To copy files and folders to a CD Insert a blank, writable CD into the CD recorder. Open My Computer. Click the files or folders you want to copy to the CD. To select more than one file, hold down the CTRL key while you click the files you want. Then, under File and Folder Tasks, click Copy this file, Copy this folder, or Copy the selected items. If the files are located in My Pictures, under Picture Tasks, click Copy to CD or Copy all items to CD, and then skip to step 5. In the Copy Items dialog box, click the CD recording drive, and then click Copy.

    In My Computer, double-click the CD recording drive. Windows displays a temporary area where the files are held before they are copied to the CD. Verify that the files and folders that you intend to copy to the CD appear under Files Ready to be Written to the CD. Under CD Writing Tasks, click Write these files to CD. Windows displays the CD Writing Wizard. Follow the instructions in the wizard. Notes: Do not copy more files to the CD than it will hold. Standard CDs hold up to 650 megabytes (MB). Highcapacity CDs hold up to 850 MB. Be sure that you have enough disk space on your hard disk to store the temporary files that are created during the CD writing process. For a standard CD, Windows reserves up to 700 MB of the available free space. For a high-capacity CD, Windows reserves up to 1 gigabyte (GB) of the available free space. After you copy files or folders to the CD, it is useful to view the CD to confirm that the files are copied. For more information, click Related Topics. To stop the CD recorder from automatically ejecting the CD Open My Computer. Right-click the CD recording drive, and then click Properties. On the Recording tab, clear the Automatically eject the CD after writing check box.

    X Create a Password Reset Disk If youre running Windows XP Professional as a local user in a workgroup environment, you can create a password reset disk to log onto your computer when you forget your password. To create the disk: 1.Click Start, click Control Panel, and then click User Accounts. 2.Click your account name. 3.Under Related Tasks, click Prevent a forgotten password. 4.Follow the directions in the Forgotten Password Wizard to create a password reset disk. 5.Store the disk in a secure location, because anyone using it can access your local user account. X Disable CD Autorun 1) Click Start, Run and enter GPEDIT.MSC 2) Go to Computer Configuration, Administrative Templates, System. 3) Locate the entry for Turn autoplay off and modify it as you desire. X Adding Programs To Stay On The Start Menu Right click on any .exe file in Explorer, My Computer, Desktop and select 'Pin to Start Menu', the program is then displayed on the start menu, above the separator line. To remove it, click the file on the start menu and select 'Unpin from Start Menu'. Below you can check the before and after shots.

    X Boot Defragment A very important new feature in Microsoft Windows XP is the ability to do a boot defragment. This basically means that all boot files are placed next to each other on the disk drive to allow for faster booting. By default this option is enabled but some upgrade users have reported that it isn't on their setup. 1. 2. 3. 4. 5. 6. Start Regedit. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction Select Enable from the list on the right. Right on it and select Modify. Change the value to Y to enable and N to disable. Reboot your computer.

    X For a Safer, faster XP Close Unwanted Services To disable unneeded startup services for a safer, faster XP, use the "Services" Admin Tool (Control Panel > Administrative Tools > Services). If you are a single user of a non-networked machine, you can disable the following items, with no ill effect. Alerter Clipbook Computer Browser Fast User Switching Human Interface Access Devices Indexing Service (Slows the hard drive down) Messenger Net Logon (unnecessary unless networked on a Domain) Netmeeting Remote Desktop Sharing (disabled for extra security) Remote Desktop Help Session Manager (disabled for extra security) Remote Procedure Call Locator Remote Registry (disabled for extra security) Routing & Remote Access (disabled for extra security) Server SSDP Discovery Service (this is for the utterly pointless "Universal P'n'P", & leaves TCP Port 5000 wide open) TCP/IP NetBIOS Helper Telnet (disabled for extra security) Universal Plug and Play Device Host Upload Manager Windows Time Wireless Zero Configuration (for wireless networks) Workstation X Getting an Older Program to Run on Windows XP 1.Right-click the executable or the program shortcut to the executable, and then click Properties. 2.Select the Run this program in compatibility mode check box. 3.From the list, select an operating system that the program runs in comfortably. If necessary, also change the display settings and/or resolution, or disable the Windows XP visual themes. Run the program again when youre finished changing the settings. Adjust the compatibility settings again if the program is still not running smoothly: a program thats unhappy on Windows 2000 may flourish on Windows 98. X Changing The Internet Time Update Synchronization

    To change the interval that Windows updates the time using the internet time servers via regedit, navigate to: 1. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services \W32Time\TimeProviders\NtpClient 2. Select "SpecialPollInterval" 3. Change decimal value from 604800 to a different value in seconds. i.e.: 172800 (2 Days) or 86400 (1 Day) and so on. We don't recommend changing this unless you are on a broadband connection. X Slow Shutdown Some people have noticed that they are experiencing a really slow shutdown after installing Windows XP Home or Professional. Although this can be caused a number of ways, the most clear cut one so far is happening on systems with an NVidia card installed with the latest set of drivers. A service called NVIDIA Driver Helper Service is loading up on start up and for whatever reason doesn't shut itself down properly. The service isn't needed and can also increase the amount of memory available to your system. Here is how to disable it. 1: Go into your Control Panel 2: Select Administrative Tools and then click on Services 3: Right click on the file "NVIDIA Driver Helper Service" and then select STOP. 4: To stop this loading up every time you boot up your PC Right click it again and select properties - then where the option "Startup Type" is shown - make sure it is set at Manual. X Rename a Series of Files When you download photos from your digital camera, they often have unrecognizable names. You can rename several similar files at once with the following procedure. This also works for renaming other types of files. 1.Open the My Pictures folder. (Click Start, and then click My Pictures.) Or open another folder containing files that you want to rename. 2.Select the files you want to rename. If the files you want are not adjacent in the file list, press and hold CTRL, and then click each item to select it. 3.On the File menu, click Rename. 4.Type the new name, and then press ENTER. All of the files in the series will be named in sequence using the new name you type. For example, if you type Birthday, the first will be named Birthday and subsequent files in the series will be named Birthday (1), Birthday (2), and so on. To specify the starting number for the series, type the starting number in parentheses after the new file name. The files in the series will be numbered in sequence starting with the number you type. For example, if you type Birthday (10), the other files will be named Birthday (11), Birthday (12), and so on. X Licensing Issues Here you can find a Description of the things which are done by the Program or you can manually change the following settings to have the same effect:

    - MediaPlayer: Don't Acquire licenses automatically - Open the MediaPlayer-Extras - Options... Click the tab
    'Player', look at the groupbox 'Internetsettings' and uncheck 'Acquire licenses automatically'.

    - MediaPlayer: No identification by internetsites - Open the MediaPlayer-Extras-Options... Click the tab


    Player, look at the groupbox 'Internet settings' and uncheck 'Allow identification by internet sites'

    - MediaPlayer: don't download codecs automatically - Open the MediaPlayer-Extras-Options... Click the tab
    'Player', look at the groupbox 'Automatic Updates' and uncheck 'Download Codecs Automatically'

    - Error report: Don't report errors - Open the Explorer, right-click on 'My Computer' and select 'Properties',
    click on the Tab 'Advanced' and click the button 'Errorreports', in the upcoming dialog uncheck all 3 items and select 'Disable Errorreports' X To change drive letters To change drive letters (useful if you have two drives and have partitioned the boot drive, but the secondary drive shows up as "D") Go to Start > Control Panel > Administrative Tools > Computer Management, Disk Management, then rightclick the partition whose name you want to change (click in the white area just below the word "Volume") and select "change drive letter and paths." From here you can add, remove or change drive letters and paths to the partition. X My Computer Won't Shut Down Itself After Installing XP There are a number of users who are noticing that their PC will no longer automatically power down/shut off without pressing the power off button on the computers unlike in Windows Me/95/2000. There could be a number of reasons for this - but the main one seems to be that ACPI is not enabled on the computer or in Windows XP. Here is how to try that out: 1. Click - Start - Control Panel - Performance and Maintenance - Power Options Tab 2. Then click APM - Enable Advanced Power Management Support X Never Re-Activate After Installation If you have to reinstall Windows XP you normally will have to reactivate too. Well not anymore. Just copy wpa.dbl after you activated the first time. It is located in the WINDOWS\system32 folder. Now if you reinstall Windows XP just copy the file back and you're up and running again.

    X On Screen Keyboard Want to use an on screen keyboard? Well it is this simple - Click on the start button and select run. Then type in osk in the box and click OK.

    X How To Enable Hibernation Under Windows 98, Me, or 2000 there was an option in the shutdown dialog box to enter the computer into hibernation (where all the content of the RAM is copied to the hard disk). The shutdown dialog box of Windows XP doesn't offer any longer the hibernation button. Some users may get confused about how to enable the hibernation mode. If this mode is supported by your motherboard (ACPI) you have to do the following: 1. Click Start and Shut Down, 2. Point the standby button and maintain the shift key pushed,

    3. A new hibernation button appears: click it while still holding the shift key: voila your PC will hibernate. X How to create a boot disk This is quite simple. 1: Go into MY COMPUTER 2: Have a floppy disk in your drive and then RIGHT click on on the floppy drive and then click on FORMAT 3: You will be greeted with a number of options. The one you need to select is "Create an MS-DOS start up disk". 4: Click OK Note: This requires up to 5 floppy disks and DOES NOT contain ANY CD-ROM drivers to boot from. A proper CD-ROM boot up disk is going to be release by Microsoft after the Windows XP public release. You can however use you old Windows Me start-up disk if you would prefer, as long as you have not upgraded to an NTFS drive. X Music and Audio with XP Great Digital Media with Windows XP includes everything you need to know to play digital music stored on your PC, on audio CDs, Internet radio stations, and through Web-based streaming audio. But it doesn't end there: With Windows XP, you can almost endlessly configure Microsoft Media Player for Windows XP (MPXP), manage digital music directly from the Windows shell and through MPXP, copy music from audio CDs to your PC, and create your own audio "mix" CDs and data CD backups. And best of all, these capabilities are all built into Windows XP... for free! Here are some tips for working with digital music and audio in Windows XP. Copy CD Audio in MP3 format with an MP3 Encoding Add-on Pack Microsoft Media Player for Windows XP (MPXP) can record CD audio in Windows Media Audio (WMA) 8 format natively, but if you want to use the more common MP3 format, you will need one of several MP3 Encoding Add-on Packs, which will be available for download by the time Windows XP is widely released on October 25. The add-on packs will cost less than $10, and will be available from Cyberlink, InterVideo, and Ravisent. Use transcoding to save space on portable audio devices. When copying music from an audio CD to your hard drive, you will probably want to use a decent encoding rate (128 Kbps WMA or 160 Kbps MP3 format) to ensure that the resulting files are as close to CD-quality as possible. But such files are pretty large, and if you're going to be copying them to a portable audio device-such as an Iomega HipZip or a Pocket PC--you won't be able to bring very many songs with you on the road. To overcome this problem, Media Player for Windows XP (MPXP) supports a feature called transcoding, which will let you downsize files on the file as you copy them to a portable device. So you might transcode 128 Kbps WMA files down to 64 Kbps, for example, to fit twice as many songs in the same amount of space, with only a small loss in sound quality. To configure this feature, open MPXP and navigate to Tools, Options, Devices. Then, choose the appropriate device and click Properties. This dialog will allow you to set a custom quality level for music copied to that device. Use audio CD artwork in your digital media folders. One of the coolest new features in Windows XP is its album thumbnail generator, which automatically places the appropriate album cover art on the folder to which you are copying music (WMA 8 format by default). But what about those people that have already copied their CDs to the hard drive using MP3 format? You can download album cover art from sites such as cdnow.com or amguide.com, and then use the new Windows XP folder customize feature to display the proper image for each folder. But this takes time--you have to manually edit the folder properties for every single folder--and you will lose customizations if you have to reinstall the OS. There's an excellent fix, however. When you download the album cover art from the Web, just save the images as folder.jpg each time and place them in the appropriate folder. Then,

    Windows XP will automatically use that image as the thumbnail for that folder and, best of all, will use that image in Windows Media Player for Windows XP (MPXP) if you choose to display album cover art instead of a visualization. And the folder customization is automatic, so it survives an OS reinstallation as well. Your music folders never looked so good! Also, you can save a smaller-sized image albumartsmall.jpg if you'd like: This file is used to store the album art thumbnails you see in folder icons.

    X How to make My Computer open in Explore mode with folder list In My Computer click Tools menu, and then click Options. Click the File Types tab.In the list of file types, highlight "(NONE) Folders" Click Advanced button, In the Actions box, highlight "Explore" Click "Set Default"

    X XP to directly access WebDAV "internet disks" Windows XP can directly access WebDAV "internet disks" such as Apple's iDisk. In Internet Explorer, use the "Open..." command, type the name of the WebDAV server you want to access (e.g., http://orbit.midasinfotech.com/username) and select the "Open as Web Folder" checkbox. Enter the password when prompted and you're in! This trick also works on Windows Me and Windows 2000. Interestingly, Windows XP doesn't seem to support iDisk via the "Add a Network Place" command, possible with these other operating systems. Once set up using the "Open" command, however, the idisk can be accessed by simply double-clicking its icon in the Network Places folder.

    X Get rid of Windows Messenger Start->Run->"gpedit.msc" -Computer Configuration -Administrative Templates -Windows Components -Windows Messenger Here you can enable "Do not allow Windows Messenger to be run" and "Do not automatically start Windows Messenger initially"

    X Remove Shared Documents Open Regedit(Start- Run- Regedit) and navigate to HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer My Computer NameSpace DelegateFolders There will see a sub-key named {59031a47-3f72-44a7-89c5-5595fe6b30ee}. By Deleting this you can remove the 'Other Files stored on This Computer' group.

    X Change the text in Internet Explorers title bar to anything you want In regedit navigate to this key: HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain Change the value of the string "Window Title" to whatever you want on the title bar of Internet Explorer - to have no title except the title of the web pages you are browsing do not enter anything for a value.

    X Reduce Temporary Internet File Space The temporary internet files clutter your hard drive with copies of each page visited. These can build up over time and take up disk space. Even more bothersome is that instead of getting new pages each time IE often takes the page out the temp internet files. This can be a problem if you are viewing a website that is updated all the time. If you are on a slow connection such as a 56K or lower then this can be good but if you are on a fast broadband connection, like me, then you can get away with decreasing the size of your temp internet files to just one meg without any performance decrease. Launch Internet Explorer. Select the Tools from the menu bar. Then select Internet Options... from the drop down menu. Once the internet options has loaded click on the general tab. Under the temporary internet files section clicks the settings button. A settings window will load. Slide the slider all the way to the left so the size indicated in the text box on the right is one. Click OK Click Ok X Enable / Disable Firewall Open Control Panel and double click on Network Connections. In the new box that appears right click on the Connection and click on the Advanced tab. Check or uncheck the box according to your desire. X Win XP Wont Completely Shutdown - Goto Control Panel, then goto Power Options.

    - Click on the APM Tab, then check the "Enable Advanced Power Management support." - Shut down your PC. It should now successfully complete the Shut Down process. X Clear Page file on shutdown Go to Control panel Administrative tools, local security policy. then goto local policies ---> security options. Then change the option for "Shutdown: Clear Virtual Memory Pagefile"

    X Adjust various visual effects 1. 2. 3. 4. Open up the control panel Go under system and click on the advanced tab Click settings under Performance options You can now change various graphical effects (mainly animations and shadows)

    X Disable Error Reporting 1. 2. 3. 4. 5. 6. 7. 8. Open Control Panel Click on Performance and Maintenance. Click on System. Then click on the Advanced tab Click on the error-reporting button on the bottom of the windows. Select Disable error reporting. Click OK Click OK

    X Remove shortcut arrow from desktop icons Here's how you can remove those shortcut arrows from your desktop icons in Windows XP. 1. Start regedit. 2. Navigate to HKEY_CLASSES_ROOTlnkfile 3. Delete the IsShortcut registry value. You may need to restart Windows XP.

    X Easy sendto menu modification first open - X:\Documents and Settings\username\SendTo (it is hidden) where X is your drive letter and username is your username make and delete shortcuts to folders and devices at will X Enable Clear Type Easy way- Click on or cut and paste link below: http://www.microsoft.com/typography/cleartype/cleartypeactivate.htm?fname=%20&fsize= or

    - Right click on a blank area of the Desktop and choose Properties - Click on the Appearance Tab; Click effects - Check the box: Use the following method to smooth edges of screen fonts - In the drop down box select: Clear Type X Getting MP3 ripping to work in Windows Media Player 8 in XP Enter the following in the registry : [HKEY_LOCAL_MACHINESOFTWAREMicrosoftMediaPlayerSettingsMP3Encoding] "LowRate"=dword:0000dac0 "MediumRate"=dword:0000fa00 "MediumHighRate"=dword:0001f400 "HighRate"=dword:0002ee00 This corresponds to 56, 64, 128 and 192 Kbps. You can change this to your liking using the following dword hex values : 320 Kbps = dword:0004e200 256 Kbps = dword:0003e800 224 Kbps = dword:00036b00 192 Kbps = dword:0002ee00 160 Kbps = dword:00027100 128 Kbps = dword:0001f400 112 Kbps = dword:0001b580 64 Kbps = dword:0000fa00 56 Kbps = dword:0000dac0

    X Getting MP3 ripping to work in Windows Media Player 8 in XP Enter the following in the registry : [HKEY_LOCAL_MACHINESOFTWAREMicrosoftMediaPlayerSettingsMP3Encoding] "LowRate"=dword:0000dac0 "MediumRate"=dword:0000fa00 "MediumHighRate"=dword:0001f400 "HighRate"=dword:0002ee00 This corresponds to 56, 64, 128 and 192 Kbps. You can change this to your liking using the following dword hex values : 320 Kbps = dword:0004e200 256 Kbps = dword:0003e800 224 Kbps = dword:00036b00 192 Kbps = dword:0002ee00 160 Kbps = dword:00027100 128 Kbps = dword:0001f400 112 Kbps = dword:0001b580 64 Kbps = dword:0000fa00 56 Kbps = dword:0000dac0

    X Where has Scan Disk Gone Scandisk is not a part of Windows XP - instead you get the improved CHKDSK. You can use the Errorchecking tool to check for file system errors and bad sectors on your hard disk. 1: Open My Computer, and then select the local disk you want to check. 2: On the File menu, click Properties. 3: On the Tools tab, under Error-checking, click Check Now. 4: Under Check disk options, select the Scan for and attempt recovery of bad sectors check box. All files must be closed for this process to run. If the volume is currently in use, a message box will appear prompting you to indicate whether or not you want to reschedule the disk checking for the next time you restart your system. Then, the next time you restart your system, disk checking will run. Your volume will not be available to perform other tasks while this process is running. If your volume is formatted as NTFS, Windows automatically logs all file transactions, replaces bad clusters, and stores copies of key information for all files on the NTFS volume. X Hibernate Option Whenever you want to logoff, shut down or reboot your Windows XP machine you have only 3 choices (1) Standby ONLY IF the ACPI/APM function is properly enabled BOTH in your motherboard's BIOS AND in WinXP! (2) Restart (3) Shutdown. To properly enable Hibernation in WinXP: Start button -> Control Panel -> Power Options -> Hibernate tab -> check Enable hibernate support box -> Apply/OK -> reboot. NOTE: If the Hibernate tab is unavailable your computer does NOT support it! For some reason Microsoft did NOT enable the 4th option: (4) Hibernate, which should be available on power saving (ACPI) enabled PCs and laptops. But you CAN bring it back: just hold the Shift key while the Shut down menu is displayed on your screen, and notice the Standby button being replaced by a new, fully functional Hibernate button, which can be clicked with the left button of your mouse. If you release the Shift key, the Hibernate option will disappear once again, to be replaced by Standby. X Computer management console To quickly access the computer management console, where you can see event logs (to see what's causing a problem, for example), right-click My Computer and choose Manage . Then, select the Event viewer and double-click highlighted events in the Applications or System areas to view detailed explanations of what went wrong. X XP Animations You can turn off window animation ("exploding" windows), displayed when you play around with minimizing/maximizing open windows. This makes navigating Windows 95/98/ME/NT4/2000/XP a lot quicker, especially if you don't have a fast video controller, or if you got tired of seeing it all the time (like I

    did). :) To do this, run Regedit (or Regedt32) and go to: HKEY_CURRENT_USER | Control Panel | Desktop | WindowMetrics or if you are the only user of your Windows computer go to: HKEY_USERS | .Default | Control Panel | Desktop | WindowMetrics Right-click on an empty spot in the right hand pane. Select New -> String [REG_SZ] Value. Name it MinAnimate. Click OK. Double-click on "MinAnimate" and type 0 to turn OFF window animation or 1 to turn it ON. Click OK. Close the Registry Editor and restart Windows. Done. TweakUI, the famous Microsoft Power Toy [110 KB, free, unsupported] can also turn off animated windows. Just remove the check mark from the "Window Animation" box under the General tab.

    X Turn off Welcome screen Open User Accounts in Control Panel. Click Change the way users log on or off X Speed up viewing shared files across a network Windows 2000 & XP machines delay as long as 30 seconds when you try to view shared files across a network because Windows is using the extra time to search the remote computer for any Scheduled Tasks. Here's how to prevent this remote search for Scheduled Tasks: Open up the Registry and go to : HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Explorer/RemoteComputer/NameSpac e Under that branch, select the key : {D6277990-4C6A-11CF-8D87-00AA0060F5BF} and delete it. If you like you may want to export the exact branch so that you can restore the key if necessary. This fix is so effective that it doesn't require a reboot and you can almost immediately determine yourself how much it speeds up your browsing processes. X Setup XP from a Network drive You use three switches. If D: is the target, and G: is the net drive. G:i386winnt32 /tempdrive:D /makelocalsource /s:G:i386 X Use a Shortcut to Local Area Network Connection Information Something new in Windows XP-instead of using the command line program and typing ipconfig to find local area network information, you can use the following shortcut: 1.Click Start, point to Connect to, and then click Show All Connections. 2.Right-click the connection you want information about, and then click Status. 3.In the connection Properties dialog box, click the Support tab.

    For even more information, click the Advanced tab. To automatically enable the status monitor each time the connection is active, in the connection Properties dialog box, select the Show icon in taskbar notification area when connected check box. X Speed up your Windows 2000/XP system and save resources at the same time You can improve performance of your Windows 2000/XP and reclaim memory by simply disabling the services that is also known as "System Services" you don't need which Windows 2000 or XP automatically provide by default. What Are System Services in the 1st place System services are actually small helper programs that provide support for other larger programs in Windows 2000. Many of the services are set up to run automatically each time you start Windows 2000. However, if you're not using the larger programs that these services are designed to support, these services are simply wasting RAM that could be put to better use by your applications. While the word "Disable" is used here to describe the idea that you'll remove these services from memory, what you'll really be doing is changing the startup setting from Automatic to Manual. When you do, the services won't automatically start each time you launch Windows 2000 Professional. However, Windows 2000 will be able to manually start the services if they're needed. That way you won't be unnecessarily wasting RAM, but you won't be crippling your system either. Note: If you're running Windows 2000 Professional on a corporate network, you may not be able to adjust system services. Regardless of whether you can or not, you should check with your system administrator before attempting the make these changes. Changing the startup type of a service from Automatic to Manual is a relatively simple operation. To begin, open the Control Panel, open the Administrative Tools folder, and then double click the Services tool. When you see the Services window, set the View to Detail if it isn't already. Then click the Startup Type column header to sort the services by Startup Type. When you do, all the Services that start automatically will appear at the top of the list. As you scan through the list of services on your system whose Startup Type setting is set to Automatic, look for the services in listed in the Table below. These are some of the services are good candidates to be set to a Manual Startup Type. Examples of services that can be safely changed to Manual :DHCP Client -- You're not connecting to a specific DHCP server on your local network Distributed Link Tracking Client -- You're not connected to a Windows 2000 domain DNS Client -- You're not connecting to a specific DNS server on your local network FTP Publishing Service -- You don't need your system to act as an FTP server IIS Admin Service -- You don't need your system to act as an WWW server IPSEC Policy Agent -- You're not connected to a Windows 2000 domain Messenger -- You're not connected to a Windows 2000 domain Remote Registry Service -- You don't remotely access the Registry of other systems on your local network RIP Service -- You don't need your system to act as a router Run As Service -- You don't use any applications that run as an alias World Wide Web Publishing Service You don't need your system to act as an WWW server If you find a match and think that your system doesn't need that particular service, right-click on the service and choose the Properties command from the shortcut menu. When you see the Properties dialog box for that service, click the Startup Type drop down list and select Manual. Then click OK. As you change the

    Startup Type for any service, take note of the service's name. That way you'll have a record of which services you changed and can change them back if you need to, as I'll explain in a moment. Using the Windows Task Manager Trick : To determine the amount of RAM you'll regain by disabling unnecessary system services, use the Windows Task Manager. Here's how: Before you disable any system services, reboot your system and don't launch any applications. If you have applications that automatically load when you start Windows, hold down the [Shift] key to bypass the Startup folder. Then, right click on the task bar and select Task Manager from the shortcut menu. When you see the Windows Task Manager dialog box, select the Performance tab. Now take note of the Available value in the Physical Memory panel. After you disable those system services you deem unnecessary, reboot your system in the same manner and compare the Available value in the Physical Memory panel to the one that you noted earlier. Final thoughts Keep in mind that you may not find all the services listed in the Table set to Automatic on your system. In fact, you might not even see some of the services listed present on your system. If that's the case, don't worry about it. Each Windows 2000/XP installation is unique depending on the system and installed software, and different sets of services may be installed and set to start automatically. On the other hand, you may find services other than those listed in Table set to Automatic that you may think are unnecessary. If so, you can find out what each service does by hovering your mouse pointer over the service's description. When you do, a tool tip window will pop up and display the entire description of the service. You can then better determine if the service is unnecessary. Remember, by changing the Startup Type to Manual, Windows 2000 can still start the service if it's needed. If you decide to experiment with changing the Startup Types of certain services, you can monitor the services over time by launching the Services utility and checking the list of running services. If you consistently find one of the services you set to Manual running, you may decide to change the Startup Type back to Automatic. X Use Windows Update to Keep Your Computer Current Windows XP takes the chore out of keeping your software updated with the newest and best code for device drivers, security, reliability, and performance. Windows Update is the online extension of Windows. Its a Web site where you find the most recent updates for your operating system, software programs, and hardware. Windows Update scans your computer and lists the code updates needed on your system. Then you can choose whether to download and install them. To find available updates 1. Open Windows Update. 2. Click Scan for updates to find out about recent releases for your system. 3. Click Yes when prompted to install any required software or device drivers. Notes:

    To open Windows Update, click Start, then click Help and Support. Under Pick a task, click Keep your
    computer up-to-date with Windows Update.

    The first time you go to the Windows Update Web site, click Yes when prompted to install any required
    software or controls.

    To use Windows Update, you need to establish a connection to the Internet. You might need to be logged on as an administrator or a member of the Administrators group in order to
    perform some tasks. X Unlocking WinXP's setupp.ini WinXP's setupp.ini controls how the CD acts. IE is it an OEM version or retail? First, find your setupp.ini file in the i386 directory on your WinXP CD. Open it up, it'll look something like this: ExtraData=707A667567736F696F697911AE7E05 Pid=55034000

    The Pid value is what we're interested in. What's there now looks like a standard default. There are special numbers that determine if it's a retail, oem, or volume license edition. First, we break down that number into two parts. The first five digits determines how the CD will behave, ie is it a retail cd that lets you clean install or upgrade, or an oem cd that only lets you perform a clean install? The last three digits determines what CD key it will accept. You are able to mix and match these values. For example you could make a WinXP cd that acted like a retail cd, yet accepted OEM keys. Now, for the actual values. Remember the first and last values are interchangable, but usually you'd keep them as a pair: Retail = 51882335 Volume License = 51883 270 OEM = 82503 OEM So if you wanted a retail CD that took retail keys, the last line of your setupp.ini file would read: Pid=51882335 And if you wanted a retail CD that took OEM keys, you'd use: Pid=51882OEM Note that this does NOT get rid of WinXP's activation. Changing the Pid to a Volume License will not bypass activation. You must have a volume license (corporate) key to do so.

    X Ping Function In a previous tip, it was revealed how to continuously ping a host until stopped. Here are all of the ping options: example .. In DOS .. c:>ping 192.168.0.1 -t -t Ping the specifed host until interrupted -a Resolve addresses to hostnames -n count Number of echo requests to send -l size Send buffer size -f Set Don't Fragment flag in packet -i TTL Time To Live -v TOS Type Of Service -r count Record route for count hops -s count Timestamp for count hops -j host-list Loose source route along host-list -k host-list Strict source route along host-list -w timeout Timeout in milliseconds to wait for each reply Experiment to see how helpful these can be! X Use PostScript Type 1 fonts in XP

    You don't need Adobe Type Manager to use PostScript Type 1 fonts under Windows XP. Just drag the Type 1 font files to your fonts folder; XP automatically installs and activates the font. This works for TrueType and OpenType fonts, too.

    Tips and tricks to securing Windows Server 2003


    Security is a top concern for network administrators. Deploying a new operating system like Windows Server 2003 requires learning some new security tricks. Security is an increasingly important topic for network administrators. It's an ongoing battle to make sure you've installed all of the latest updates along with keeping up to date with all of the developing threats. Properly securing server begins with planning. When you're deploying Windows Server 2003, you can use these tips to make sure you've done so while properly securing it.

    Protect your authentication mechanisms

    There's an old proverb stating that a chain is only as strong as its weakest link. That saying is especially true when you are talking about a network's chain of security mechanisms. I know a lot of people who spend countless hours making sure that every packet flowing across the network is authenticated and encrypted, and that all of the files on the server's hard disk have the proper permissions assigned to them. Such measures are important, but the fact is that the vast majority of hacks are perpetrated by using legitimate user accounts.

    User IDs and passwords


    In most networks, the user accounts themselves are by far the weakest part of the network's entire security infrastructure. A hacker only needs to know two pieces of information (a user name and a password) to be able to access anything on your entire network. Sure, encrypting all of the packets as they flow across the wire will help to prevent a hacker from sniffing passwords, but there are plenty of other ways that hackers can acquire passwords. One of the oldest password acquisition methods still works to this day. That's a brute force crack. Like I said, a hacker must have a username and a password in order to gain full access to your network resources. Of course, Microsoft was kind enough to provide the hackers with the user name for you; Administrator. That means that hackers only need to figure out the Administrator's password in order to gain access to your network. Microsoft has long recommended that you change the name of the Administrator account so that hackers won't know what it is. The problem is that even if you change the account name, the account's SID remains the same. Since Microsoft uses a specific SID for the Administrator account, it's fairly easy to figure out what the account has been renamed to, just by examining the SIDs. In fact, there are even GUI utilities that can automatically tell you what name the Administrator's account is using. Although this is the case, I still recommend renaming the Administrator account, because doing so may deter less sophisticated hackers. Besides, your other security mechanisms, such as your firewall, and packet level encryption, may help prevent such utilities from functioning correctly. Let's assume for a moment that a hacker knows what they are doing and they are able to quickly determine the name of your Administrator account. They would then simply need to figure out the password. This is where the brute force crack that I mentioned earlier comes into play. Windows is designed so that the Administrator account can't be locked out. This means that a hacker is free to perform a brute force crack against the password without fear of locking out the account. Normally, your defenses against such an attack are frequent password changes and reviews of the audit logs. The idea is that it takes so long to crack a complex password that you change the password before the hacker has the chance to try every possible password. If you've got auditing enabled, you would also notice a very high number of unsuccessful login attempts.

    Renaming Administrator
    What a lot of people don't realize though is that there is another way of defending yourself against this type of attack. However, the method that I am about to show you can be very dangerous, and you need to carefully consider its impact before attempting this. Unlike other versions of Windows Server, Windows Server 2003 allows you to manually disable the Administrator account. You can therefore set other users up with administrative privileges and then disable the Administrator account. That way, if a hacker does figure out the name of the Administrator's account, it is useless because the account is disabled. The reason why this technique is so dangerous is because if you don't set up your alternate administrative accounts just right, you may find yourself permanently unable to perform essential tasks. You must also keep in mind that your alternate accounts can be locked out by incorrect password attempts. Someone could lock you completely out of your network by purposely entering incorrect passwords for your alternate administrative accounts. If that happened, the only way that you could get back into your network would be to perform an authoritative Active Directory restore, and you might not even be able to do that if your backup software requires authentication.

    SAM
    While I am on the subject of stolen passwords, there is another technique that hackers can use to steal a password. If a server is to authenticate user's logins, the server must know the user's password so that it can compare the password that has been entered against the stored password. Any computer that's running Windows 2000, XP, or 2003 stores user's passwords within the Security Accounts Manager. Technically, the SAM doesn't contain the passwords themselves. The password is hashed, and then the hash is encrypted and stored within the SAM. When you first read about the way that Windows stores passwords, it sounds fairly secure. There are a couple of problems with the storage method. For starters, the encryption key is stored on the server right along with the hashes that the key encrypts. To make matters worse, the hashing algorithm is fairly well known. In fact, there are several utilities available off the shelf that will allow anyone who has physical access to the machine to reset a password without knowing supplying any sort of login credentials. There are also a few "password recovery utilities" that are allegedly able to retrieve passwords directly from the SAM database. Naturally, your first line of defense against such an exploit is to make sure that your servers are kept behind a locked door to prevent anyone from gaining physical access. If controlling physical access is impossible where you work, or if you just want to provide an extra level of security, then there is a technique that you can use to move the encryption key off of the server. Before I explain how to accomplish this, I need to warn you that this is another dangerous operation. When you lock down the encryption key, you have two options. Your first option is to export the encryption key to a floppy disk. The reason why this is dangerous is because when you boot the server it will ask for the floppy disk. If you lose the disk or if the disk becomes damaged or unreadable, the server will be rendered unbootable. The other down side to using this method is that you lose the ability to remotely reboot the server because you can't boot the server without physically inserting a disk. The other option that you have is to encrypt the encryption key. This method involves assigning a password to the encryption key. When you boot the server, you will be prompted to enter the password. Upon doing so, Windows decrypts the encryption key, which allows Windows to access the SAM database. In my opinion, this technique is a little safer than exporting the encryption key to a floppy disk, but the technique still has risks. If you were to forget the password, the server will be unbootable. Likewise, you could potentially lose the ability to remotely reboot the server depending on how your remote control software works. If you decide that you want to protect the encryption key, the Microsoft Knowledgebase contains an excellent article that explains how to go about doing so. One other thing that you can do to help secure the authentication process is to use multiple authentication methods. There are three things that can be used to authenticate a person's identity. You can use something that the person is, something the person has, or something that the person knows. An out of the box Windows deployment typically uses only one of the three authentication tests. The test used by

    Windows is something that the person knows, which is of course a username / password combination.

    Dual authentication
    You can achieve much greater security by using at least two authentication methods for users. Since Windows already uses something that the user knows, you might add something that the user is (biometrics) or something that the user has (such as a smart card).

    Granting privileges
    Up to this point, I have talked primarily about various techniques that you can use to enhance the security associated with user's passwords. When designing a secure network, you must also consider what a user should and should not have access to once they log in. The current standard for user rights is that users should have the lowest possible set of privileges that will permit them to do their jobs. The most effective way to assign these permissions is almost always through security groups. For example, suppose that you had some users who needed access to the company's payroll database. Rather than granting the individual users permission at the NTFS level, you should create a group for the users who will need access to the payroll database and assign permissions to that group. Doing so makes network management a lot easier. If someone were to ask you which users have access to the payroll database, you could simply check the group membership rather than tracking down a bunch of individual permissions. As you plan your network's security structure, I recommend creating groups and designing the server's folder structure in such a way that there are no overlaps. Imagine for example that everyone in the finance department needs access to the payroll database, but that there are a few people from outside of finance that also need payroll access. You could theoretically create a folder called finance and then grant the finance group permissions to it. You could then place the payroll folder beneath the finance folder and create a payroll group. By doing so, everyone in the payroll group and in the finance group would have access to the payroll. Although this arrangement would technically work, it isn't a good idea to configure your folder structure in this way because as the network grows, management becomes difficult. If someone asked you who had access to payroll, you would have to check the payroll group and the finance group, rather than being able to check one single group. It isn't always possible to avoid overlapping permissions, especially when different people need different levels of access to a folder, but your life will be a lot easier if you avoid overlapping permissions whenever possible.

    Active Directory
    There is one last security trick that I want to show you. Throughout this article, I have talked about ways that authentications can be compromised and how groups can be configured for optimal security. All of this information is maintained within the Active Directory. I'll admit that the Active Directory isn't the easiest thing in the world to hack, but the Active Directory database does make a tempting target because it consists of easily recognizable files (NTDS.DIT, EDB.LOG, and TEMP.EDB) and those files reside in a predictable location (usually C:\Windows\NTDS). What a lot of people don't realize is that you can make a hacker's job just a little bit more difficult by moving the Active Directory database to an unexpected location. If your domain controller happens to have a RAID array, then the array makes an excellent choice because the database is protected from drive failure and because array's offer better performance than a standalone hard disk. Moving the databases is simple, although it does require a server reboot. Boot the machine into Active Directory Restore mode and then enter the NTDSUTIL command followed by the Files command. Now, just use the MOVE DB TO or MOVE LOGS To command to move the database and its log files to the new location.

    Do the basics
    Although there are a lot of standard techniques for deploying a secure network, it is often better to throw

    the hackers a few curve balls than to do everything by the book. In this article, I have shown you several security techniques that you can use to make your Windows deployment more secure. How To Quickly Check If Newly Created GPO Replicated To All Domain Controllers? To Check Network and DNS Settings Before Deploying A DC or Domain. What All Ports Are Required By Domain Controllers And Client Computers? A Quick Tip To Update Group Policy Settings On Remote Computers. How To Force Users To Log On To The Domain? Tip to designate a domain controller for client authentications. Tips on troubleshooting FSMO roles Esentutl when Ntdsutil tool fails to repair the Active Directory database Using Active Directory Remote Admin Scripts Active Directory Migration Tool ( ADMT ) Active Directory Disaster Recovery Branch Office, Active Directory Branch Office Implementation Guides Securing Windows Server 2003

    Windows Server 2003 Tips & Tricks Quickly Check If Newly Created GPO Replicated To All Domain Controllers?

    A quick tip to check whether a newly created GPO replicated to all the Domain Controllers for that domain or not. When you create a new GPO, that GPO must be replicated to all other domain controllers of that domain. There is a quick way to check this using GPOTool.exe:

    gpotool.exe /gpo:GPO_Name_Here /verbose


    The above command you need to run on the domain controller on which you created this GPO. If the policy has replicated to all the domain controllers, you will see a "Policy Ok" message. If it has not replicated yet, the tool will list the names of the domain controllers who have not received this GPO yet.

    A Quick Tip To Configure Time Service In Active Directory Environment


    Windows Time is necessary for domain controllers and client computers. This is a requirement for the Kerberos protocol for authentication purpose. You should keep the following points in mind when configuring the Windows Time Service in an Active Directory environment:

    Configure your client computers to sync time from it's authentication or local domain controller in the site Configure your DC to sync time from it's PDC Emulator for that domain Configure your Child PDC to sync time from any DC in the Forest Root domain Configure your Forest PDC to sync time from an external source (time.windows.com)
    For the above things to work, you need to modify two registry entries: For all Domain Controllers and PDC in the Forest except PDC in the Forest:

    Key: HKLM\System\CurrentControlSet\Services\W32Time\Parameters Entry: Type Value: NT5DS


    For Forest PDC:

    Key: HKLM\System\CurrentControlSet\Services\W32Time\Parameters Entry: Type Value: NTP

    Entry: NTPServer Value: time.windows.com


    Configure Time Service In Active Directory Environment

    To Check Network and DNS Settings Before Deploying A DC or Domain.


    Syntax of a command you can use to check the network and DNS settings before deploying a child domain or additional domain controller in an existing forest. The command you use to verify the settings is: To deploy an additional domain controller: Dcdiag /test:dcpromo /DnsDomain:domain_name.com /ReplicaDC To deploy a child domain: Dcdiag /test:dcpromo /DnsDomain:child_domain_name.forest.com /ChildDomain Child_domain_name.forest.com is the name of your child domain+the forest root domain. For example, Example.Microsoft.com. Example is the child domain. When you run the above command look for the message: "Active Directory Test Installation Was Successful" If you don't see the above message then there is something wrong with the network or DNS settings.

    What All Ports Are Required By Domain Controllers And Client Computers?

    Active Directory communication takes place using several ports. These ports are required by both client computers and Domain Controllers. As an example, when a client computer tries to find a domain controller it always sends a DNS Query over Port 53 to find the name of the domain controller in the domain. The following is the list of services and their ports used for Active Directory communication:

    UDP Port 88 for Kerberos authentication UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller
    operations.

    TCP Port 139 and UDP 138 for File Replication Service between domain controllers. UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers. TCP and UDP Port 445 for File Replication Service TCP and UDP Port 464 for Kerberos Password Change TCP Port 3268 and 3269 for Global Catalog from client to domain controller. TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.
    Opening above ports in Firewall between client computers and domain controllers, or between domain controllers, will enable Active Directory to function properly.

    To Update Group Policy Settings On Remote Computers.

    Windows 2000 ships with a command line tool to refresh the Group Policy settings on a local computer. But what if you need to refresh Group Policy settings on 100 Windows 2000 machines? You either need to create a script to do so or visit each computer individually. To eliminate this, you can use the below steps to accomplish the task: Steps:

    Create a Text file named Servers.txt Paste all the computer names in txt file. Run the following commands from a Windows 2000 computer:
    To refresh user policy: Psexec.exe -@Servers.txt <mailto:-@Servers.txt> secedit.exe /refreshpolicy user_policy To refresh machine policy Psexec.exe -@Servers.txt <mailto:-@Servers.txt> secedit.exe /refreshpolicy machine_policy

    How To Force Users To Log On To The Domain?

    Usually if client computers are not able to contact a domain controller, they will be logged on to the local computer using their cached credentials stored at the registry. You can delete the Cached Credentials to force them to log on the domain: This mechanism is very useful in the following scenario:

    When you are doing capacity planning to add an additional domain controller and want all the users to log
    on the domain.

    When you want users to update their LastLogonTimeStamp value in the domain. When you want to apply an urgent Group Policy setting.
    To delete the Cached Credentials:

    Open a Command Prompt

    Run "Psexec.exe -s -i regedit.exe" without quotes Navigate to HKLM\SECURITY\Cache Delete all NL$1 through NL$10

    Tip to designate a domain controller for client authentications.


    This is useful when you have domain application which frequently requires access to one of the domain controllers. Since the domain controller is busy responding to application requests, sometimes it may fail to respond to client authentication requests. To alleviate this, you may designate a domain controller for client authentications so that clients always use this domain controller as their primary authenticator. When clients query DNS Server for the domain controllers, they get a list of domain controllers with priority. For example, query returns: _exmp1.tcp.domain.com IN SRV 10 50 389 server1.domain.com _exmp1.tcp.domain.com IN SRV 10 50 389 server2.domain.com _exmp1.tcp.domain.com IN SRV 10 50 389 server3.domain.com In above example, 10 is the priority and 50 is the weight of the server1.domain.com. Clients will always use server1.domain.com for authentication purpose if it is available on the network. If you want your client machines to always use Server2.domain.com then change the priority of Server2.domain.com in DNS management snap-in. Clients will always use the server name with lowest priority first. For example, you have changed SRV priority of Server2 from 10 to 6. After changing the priority, the DNS query will return the list of domain controllers in the following order: _exmp1.tcp.domain.com IN SRV 6 50 389 server2.domain.com _exmp1.tcp.domain.com IN SRV 10 50 389

    server1.domain.com _exmp1.tcp.domain.com IN SRV 10 50 389 server3.domain.com For more information on SRV Records, please check out here: Description of DNS SRV Records.

    Tips on troubleshooting FSMO roles

    FSMO Role presented in the form of a pop-quiz. See how you score on it, answers are at the bottom. 1. I can't add a new domain to my forest. Which FSMO role might be down? 2. I tried running adprep /domain but it failed. Which FSMO role might be down? 3. Some users changed their password but now they can't log on. Which FSMO role might be down? 4. The clocks on my servers don't seem to be synchronized properly. Which FSMO role might be down? 5. I tried upgrading a Windows 2000 domain controller to Windows Server 2003 but the DNS application partition wasn't created. Which FSMO role might be down? Move Your Cursor Here for answers... ANSWERS: 1. Domain Naming Master 2. Infrastructure Master 3. PDC Emulator 4. PDC Emulator 5. Domain Naming Master

    Esentutl when Ntdsutil tool fails to repair the Active Directory database
    Ntdsutil tool may fail to repair the Active Directory database (the Ntds.dit file) and generates one or more of the following errors: Operation failed because the database was inconsistent. Initialize jet database failed; cannot access file. Error while performing soft recovery. All is not lost. You can use the Esentutl.exe tool to resolve the problem.

    To perform an integrity check


    1. Start a command prompt 2. Type the following command (including the quotation marks), and then press ENTER: esentutl /g "path\ntds.dit"/!10240 /8 /v /x /o where path is the path to the folder that contains the Ntds.dit db file. By default, this folder is %systemRoot%\NTDS folder.

    To repair the database:

    1. Type the following command (including the quotation marks), and then press ENTER: esentutl /p "path\ntds.dit" /!10240 /8 /v /x /o Important: Delete the database log files from the Ntds folder. Do not delete or move the Ntds.dit file.

    Active Directory Remote Admin Scripts

    The Windows 2000 Resource Kits include vbs scripts to aid in Active Directory remote administration. They include:

    chkusers.vbs : searches a domain for a user with specific properties or attributes. createusers.vbs : create new users. group.vbs : returns list of the groups contained within a specific domain. groupdescription.vbs : returns description assigned to a specific group. listdcs.vbs : returns list of all domain controllers in a domain.

    listdomains.vbs : returns list of all domains in a namespace. listmembers.vbs : returns list of all members of an Active Directory group. listprinters.vbs : returns list of all printers and their properties for a specified server. modifyldap.vbs : control LDAP admin policies. modifyusers.vbs : modifies multiple user accounts on a domain or system. schemadiff.vbs : compares schema between two forests. systemaccount.vbs : returns config info for system account on a system. useraccount.vbs : returns info contained within a user account. usergroup.vbs : add or remove multiple users from a group.

    Active Directory Migration Tool ( ADMT )

    Microsoft has made available the Active DirectoryTM Migration Tool (ADMT) which provides an easy, secure, and fast way to migrate from Windows NTR to the WindowsR 2000 Server Active Directory service. You can also use ADMT to restructure your Windows 2000 Active Directory domains. This tool can help a system administrator diagnose any possible problems before starting migration operations. The task-based wizards will then allow you to migrate users, groups, and computers; set correct file permissions; and migrate Microsoft Exchange Server mailboxes. The tool's reporting feature allows you to assess the impact of the migration, both before and after move operations. In many cases, if there is a problem you can use the rollback feature to automatically restore previous structures. The tool also provides support for parallel domains, so you can maintain your existing Microsoft Windows NT 4.0 operating system domains while you deploy the Microsoft Windows 2000 operating system. ADMT provides an effective tool that simplifies the process of migrating users, computers, and groups to new domains. At the same time, ADMT is designed to be flexible so that each organization can use it to implement a migration process that is adapted to its needs. This powerful tool lets you accomplish the following: ADMT features let you manage domain migration efficiently and fine-tune the results to suit their requirements. No need to manually load software onto all those computers. When using ADMT to migrate users and groups, you install the ADMT tool, typically in the target domain into which security principals or resources are being migrated. Beyond that, ADMT requires no additional software installation on the computers in the source domain from which security principals or resources are being migrated. When migrating computers or translating security on resources, ADMT automatically installs services (called agents) on the source computers. This means you do not need to manually load software onto each source computer to perform the migration. Once the agent's task is completed, it uninstalls itself. Wizards make it easy. ADMT lets you use a series of wizards, including the User Migration wizard, Computer Migration wizard, Group Migration wizard, Service Account Migration wizard, Trust Migration wizard, and Reporting wizard to simplify various parts of the migration process. Select the appropriate options among the many provided by the various wizards when performing a migration. For example, you can choose to copy users rights assigned in the source domain to the target domain; you can copy groups along with their members to the target domain; you can leave user accounts active in both the source and target domains; you can copy roaming profiles to the target domain for selected user accounts; and so on. Restructure groups. Optionally, before migrating groups you can run the Group Mapping and Merging Wizard to map a group in the source domain to a new or existing group in the target domain. This mapping ensures that, when the group's members are migrated from the source domain into the target domain, group memberships will reflect the mapping. You can also merge multiple groups into one group. Trial run. By selecting the Test the migration settings and migrate later option, you can run a wizard without actually making any changes in your network. Review the log files and reports generated by the wizards to identify and troubleshoot any potential problems before performing the actual migration. Undo. You can undo the most recently performed user, group, or computer migration. Users maintain access to resources. During user and group migration, ADMT lets users retain their premigration access to resources such as files, shares, and applications through its sIDHistory feature or by updating those

    resources to refer to the migrated user. This capability keeps your security structure (the granting and denying of access to resources) intact but conveniently brings it into the new domain. Users retain access to Exchange resources. If you need to update security permissions on Exchange mailboxes to reflect the migration, ADMT can also handle that. Service accounts migrate too. ADMT also migrates service accounts. Many applications, such as Microsoft Exchange, use service accounts to run services with the same set of credentials on several network computers. Putting objects into OUs. In addition to consolidating Windows NT resource domains into Active Directory OUs, ADMT also lets you migrate selected users, groups, or computers to OUs in the target domain. Then, you can use Windows 2000 features to manage these OUs-for example, you can establish group policy configuration settings for a group of computers collected in a given OU. Handling trust relationships. A trust relationship connects two domains and lets users in the trusted domain access resources in the trusting domain. To maintain resource access during migration, the same trust relationships must be established in the target domain as exist in the source domain. The Trust Migration wizard does this for you-it compares the trust relationships in the source domain to the trust relationships in the target domain, and then creates in the target domain any trust relationships that exist in the source domain. Making use of the new universal group scope. In intra-forest migration (that is, when performing a migration between Windows 2000 domains in the same forest), when global groups are migrated from a native-mode source domain, the groups are created as universal groups in the target domain so that they can contain members from the source domain that have not yet been migrated.Global groups can contain only members from their own domain; universal groups can have members from any Windows 2000 domain in the forest. ADMT System Requirements Target domain. For target domains, ADMT can run on any computer capable of running the Windows 2000 Server operating system. Source domain. The source domain must be running either Windows 2000 or Windows NT 4.0. The primary domain controller (PDC) of a Windows NT 4.0 source domain must have SP4 or higher installed. The ADMT agent (installed by ADMT on the source computers) can operate on computers running Windows NT 3.51 (with SP5); Windows NT 4.0 (with SP4 or higher); or Windows 2000. To download: Windows 2000 Active Directory Migration Tool

    Active Directory Disaster Recovery

    If Active Directory gets corrupted, check these resources: WebCast: Microsoft Active Directory Disaster Recovery

    Branch Office, Active Directory Branch Office Implementation Guides


    The text of this article is placed on another server by address www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/adguide/ad deploy/addch01.mspx

    You might also like