Windows 2000 Tips & Tricks

 

Note:
S-Plus Systems Consultancy will not be responsible for any undesirable results that may occur if you choose to follow the tips and tricks listed in this page. Tips and Tricks listed here may require that you use your system registry editor to change certain registry settings. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. S-Plus Systems Consultancy cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
 

 

#Tip 1 - How to backup default recovery keys to a floppy disk

  1. Click Start, click Run, type mmc /a, and then click OK.

  2. On the Console menu, click Add/Remove Snap-in, and then click Add.

  3. Under Snap-in, click Certificates, and then click Add.

  4. Click My user account, and then click Finish.

  5. Click Close, and then click OK.

  6. Double-click Certificates - User (Administrator), double-click Personal, and then double-click Certificates.

  7. Click the certificate that displays the words File Recovery in the Intended Purposes column.

  8. Right-click the certificate, point to All Tasks, and then click Export.

Follow the instructions in the Certificate Manager Export wizard to export the certificate and associated private key to a .pfx file format. When the wizard asks for a file name, you can click the Browse button to point to a location on a floppy disk where you want to save the file. Be sure to store the floppy disk in a secure location.

<Top>
 
#Tip 2 - How to restrict access to author mode in MMC for a domain
  1. Open Active Directory Users and Computers.
  2. In the console tree, right-click the organizational unit for which you want to configure policy, and then click Properties.
  3. On the Group Policy tab, click Edit.

The Group Policy console appears.

  1. In the console tree, click Microsoft Management Console.
    • PolicyName Policy
    • User Configuration
    • Administrative Templates
    • Windows Components
    • Microsoft Management Console
  2. In the details pane, double-click Restrict the user from entering author mode.
  3. On the Policy tab, do one of the following:
    • To allow the user to use author mode in MMC, click Not Configured or Disabled.
    • To restrict the user from using author mode in MMC, click Enabled.

<Top>
 
# Tip 3 - How to Enable Automatic Logon in Windows 2000

To prevent the password prompt in a non-domain system:
 

  1. In Control Panel , double-click Users and Passwords .

  2. Click to clear the Users must enter a user name and password to use this computer check box .
    NOTE: This option does not appear on a system that is a member of a domain.

  3. Click the Advanced tab.

  4. Click to clear the Require users to press Ctrl-Alt-Del before logging on check box.

Automatic logon is not supported when you are logging on to a domain. You will need to join a workgroup if you want the automatic logon feature.
This can also be turned on in a Windows 2000 Professional domain system by editing the registry.
WARNING: This procedure will allow the user to log on automatically to the domain. This could cause a serious security problem. Anyone booting this system with this registry modification will be logged on to the system with the user's security credentials.
 

  1. Start Regedt32.exe and locate the following registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

  2. Establish your domain name, account name, and password, using the values you would normally type when logging on. You should assign the following values: DefaultDomainName, DefaultUserName, and DefaultPassword.
    NOTE: The DefaultDomainName and DefaultUserName values may already exist. The DefaultPassword value may not. If it does not, create it:

    • On the Edit menu, click Add Value .

    • In the Value Name box, type DefaultPassword .

    • In the Data Type box, click REG_SZ .

    • Click OK .

    • In the String Editor box, type your password. Click OK and save your changes.

    NOTE : If no DefaultPassword string is specified, Windows automatically changes the value of the AutoAdminLogon key from 1 (true) to 0 (false). This disables the AutoAdminLogon feature.
     

  3. On the Edit menu, click Add Value . Type AutoAdminLogon in the Value Name box. Click REG_SZ in the Data Type box. Enter 1 in the String box. Save your changes.

  4. Quit Regedt32.exe.

  5. Shut down Windows and turn off the computer.

  6. Restart your computer and Windows 2000. You should be able to log on automatically now.

NOTE: To bypass the AutoAdminLogon process and log on on as a different user, hold down the SHIFT key after a logoff or after a Windows restart.

<Top>
 
# Tip 4 - Use Device Manager to Switch from Uniprocessor to Multiprocessor Support

You can easily go from uniprocessor (UP) to multiprocessor (MP) support in Windows 2000 by using the Device Manager.
Here's how to do this in Windows 2000:

  1. In Control Panel, open System, choose the Hardware tab, then click the Device Manager button.

  2. Select the Computer node and expand it.

  3. Double-click the first object listed below the computer node—on some systems, it is called "Standard PC". It might have a different name on your particular system.

  4. Choose the Driver tab, and then click the Update Driver button.

  5. On the Upgrade Device Driver Wizard, click the Next button, then select "Display a known list of drivers for this device so that I can choose a specific driver." Click the Next button.

  6. On the Select Device Driver page, select "Show all hardware of this device class."

  7. Select the HAL that matches your new configuration, multiprocessor or uniprocessor. Click the Next button. Check that the wizard is showing the configuration you want.

  8. To install the driver, click the Next button.

  9. To complete the wizard, click the Finish button.

Note: To switch from uniprocessor (UP) to multiprocessor (MP) support in Windows NT 4.0, use a Resource Kit utility called uptomp, or reinstall the operating system.

<Top>
 

 # Tip 5 - Use System File Checker to Solve Problems

Sometimes, in the course of installing a program in Windows 2000, the program will overwrite or modify Win 2000's system files i.e. ".dll's" with their own version. If Windows 2000 misbehaves after a program installation, read the following and run "sfc" with the Command Prompt.
System File Checker (sfc.exe) is a command line utility that scans and verifies the versions of all protected system files after you restart your computer. If System File Checker discovers that a protected file has been overwritten, it retrieves the correct version of the file from the %systemroot%\system32\dllcache folder, and then replaces the incorrect file.          

Syntax:
sfc [/scannow] [/scanonce] [/scanboot] [/cancel] [/quiet] [/enable] [/purgecache] [/cachesize=x]
 

Parameters:
/scannow
Scans all protected system files immediately.
/scanonce
Scans all protected system files once.
/scanboot
Scans all protected system files every time the computer is restarted.
/cancel
Cancels all pending scans of protected system files.
/quiet
Replaces all incorrect file versions without prompting the user.
/enable
Returns Windows File Protection to default operation, prompting the user to restore protected system files when files with incorrect versions are detected.
/purgecache
Purges the Windows File Protection file cache and scans all protected system files immediately.
/cachesize=x
Sets the size, in MB, of the Windows File Protection file cache.
You must be logged on as an administrator or as a member of the Administrators group to run System File Checker. If the %systemroot%\system32\dllcache folder becomes corrupt or unusable, use Sfc /scannow, Sfc /scanonce, or Sfc /scanboot to repair the contents of the Dllcache directory.

<Top>

 # Tip 6 - Find out what processes have a port open

To find out which processes are holding a port open (although it doesn't
tell you which port) use the following command:
OH -t file | FINDSTR /l "\Endpoint \AsyncConnectHlp \AsyncSelectHlp"

then you can kill processes to identify which port they were using.
<Top>
# Tip 7 - How to block DNS Spoofing

Problem, you are running NT's DNS service and it's failing to resolve some domains but everything else works fine. Restarting the DNS service seems to cure it for a while but later you notice that there are again domains that don't resolve. Normally you see this in your email server because mail gets returned with a "cannot resolve" error. Well folks here is the solution. Do the registry edit then stop and start the dns service.

A Windows 2000-based DNS server can filter out the responses for these non-secure
records.

To enable this feature:

1. Start Registry Editor (Regedt32.exe).

2. Locate the following key in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters

3. On the Edit menu, click Add Value, and then add the following registry value:

Value Name: Secure Responses
Data Type: REG_DWORD
Value: 1 (To eliminate non-secure data)

4. Quit Registry Editor.

By default, this key does not exist and non-secure data is not eliminated from
responses.
 

<Top>

# Tip 8 - Mounting a Drive in a Windows 2000 Folder

"I have a small (5.2 GB) drive that I would like to add to my
    Windows 2000 installation. I would prefer to add the extra 5.2 GB to
    my existing Drive C. Is there an easy way to do this?"

You can assign an NTFS drive to a folder on another NTFS drive. When you
do this, the contents of the added drive appear in this new folder. For
example, if you add your 5.2 GB drive and assign it to a folder in Drive
C named \Extra Data, then you have effectively added the contents of the
new drive to your C drive.

After you install and format your new drive, right-click My Computer and
choose Manage. When the Computer Management dialog box opens, click Disk
Management. Now, in the right pane of the dialog box, right-click your
new drive and choose 'Change Drive Letter and Path'. If there is already
a drive letter assigned, click Remove. Next, click Add. When the Add New
Drive Letter or Path dialog box opens, select the 'Mount in this NTFS
folder' radio button and click Browse. Click Drive C to select it and
then click New Folder. Name the folder and click OK.

Back in the Add New Drive Letter or Path dialog box, click OK to close
the dialog box and apply your folder selection. Your new drive will now
appear in your newly created Drive C folder.

You can use the same procedure in Windows XP.

<Top>