Tips & Tricks occuring to Windows NT / 101 - 200

 

Overview
This is a summary of Tips occuring to the Topic Windows - NT Server and Windows - NT Workstation. All Tips coming in this week
we marked with the sign

Total number of tips: 100


ACCESS HIDDEN SHARES
ACCESS PRINTERS IN ANOTHER DOMAIN
ADD NOTEPAD TO RIGHT-CLICK MENU FOR EVERY FILE
AUDITING REGISTRY CHANGES
AUTO-COMPLETE LONG FILE NAMES
Can't create new printer with the Add Printer wizard
Can I rename a site? - Windows 2000
Changing appearance of scoll bar
Changing default icon view in explorer
Changing Icon Spacing
Changing explaining the icons use
CHANGE A USER'S PASSWORD
Change your wallpaper using Internet Explorer
CLEAR SYSTEM PAGEFILE AT SHUTDOWN
CREATE A SHARED DIRECTORY ON A REMOTE MACHINE
Creating Newsgroups using Exchange Server 5.5
Create a network Favorites folder
CUSTOMIZING WINDOWS NT TIP SCREENS
DETERMINE A COMPUTER NAME OR LOGGED-ON USERNAME
DISABLE CACHING LOGON CREDENTIALS
Disable the Save Password option
Disabling the "Logon Using Dial-Up Networking" at logon time
DISCONNECT IDLE USERS
DISPLAY A DROP-DOWN LIST OF PRINTERS
DISPLAY THE NT TASK MANAGER
Drop to an command prompt from any given folder
EASILY SET PRINTER SETTINGS
Enable DVD functionality in Windows Media Player
Enabling Hi-Colour icons?
ENABLE SNAP TO DEFAULT BUTTON
Enable X Windows style mouse
Enabling strong protection on shared system objects?
Enabling fast reboot on 4.0 SP4 and above
FAILING LOGON IF MANDATORY USER PROFILES ARE NOT AVAILABLE
FORCE WINDOWS NT TO REBOOT AFTER A CRASH
IE5 Start Menu
KILL HUNG PROCESSES WHEN LOGGING OFF
Handling more than 1048 fonts
How can I create a domain trust through a firewall?
How can I stop print jobs writing to the System Log?
How can I compress the registry?
How can I show the context menu without the right mouse button?
How can I change the short date format from yy to yyyy?
How can I remove the Scheduled Tasks icon from My Computer?
How can I make NT see more than 8 units on SCSI?
How can I save the BSOD information?
How can I stop a user closing the login script before it completes?
How can I remove the dial-up networking icon from My Computer?
How can I stop users accessing local drives via Internet Explorer?
How can you send a programs output to a NULL device?
How do I switch my 2000 domain to native mode?
How can I check the browse masters for a domain?
HOW TO DETERMINE WHO HAS A FILE OPEN
HOW TO INSTALL SP4 AND POST-SP4 HOTFIXES IN ONE PASS
How to Obtain BIOS Information from the Registry
How to Run Control Panel Tools by Typing a Command
IDENTIFYING THE SECURITY ID (SID) OF A USER
I have lost my executable association
LiveScrolling for Word 97
Logging off at the command prompt
MORE MEMORY PLEASE
Open new Browser windows, when following up links
PRE-SP4 HOTFIX REFERENCES NOT REMOVED
Prevent creating admin shares on system startup
Prevent users from changing video resolution
Procedure to install DOS on a running Windows NT 4.0
PROFILE MANAGEMENT
Quick and easy access to all applets in Control Panel
Quick way to bookmark the current web page
REBUILDING THE LICENSE MANAGER DATABASE
RESTRICT ANONYMOUS LOOKUP
Restricting access to objects from Anonymous accounts?
Setting NUMLOCK ON
Send alerts during a crash
Sharing my clipbook with other machines
Shortcut for "right click" to see context menue
Some hidden features of notepad
SPEED UP THE TASKBAR
Start Menu extension: Control Panel
Start Menu extension: My Computer
Start Menu extension: DialUpNetwork
Start Menu extension: InBox
STOP NT EXECUTIVE FROM PAGING TO DISK
Stopping playing files before giving you the option to 'Save as.' with Media Player
Stopping certain folders being replicated as part of the user profile?
SHUT DOWN MULTIPLE COMPUTERS QUICKLY
Tip for "wheel mouse" and Internet Explorer
Tip, when Explorer crashes
Tracking down failed logons
UPDATE A PROGRAM WITH A NEW DLL
USE ALL OF YOUR L2 CACHE
User statistics at a glance
Using FTP with your browser
Using the NET command to add or delete computer accounts
Using the SMTP server from the NT 4.0 Option Pack
What additional restrictions are available in Internet Explorer IE4.01 SP2 and above?
What are the problems with workstations having the same SID?
Where did I archive that file?
WHY YOUR NOTEBOOK DISK WON'T SPIN DOWN AFTER SP4
Wiping the Master Boot Record

SHUT DOWN MULTIPLE COMPUTERS QUICKLY

(contributed by Shalom Crown, SHALOM@realvision.co.il)
I usually have three computers running by the end of the day: my main
system, my development target, and my laptop. I almost always want to
shut them down as fast as possible when it's time to go home. The
target machine has two possible names, depending on whether it's
running free or checked build. I wrote a batch file that uses the
NTRESKIT's SHUTDOWN command. I use the START command to open different
windows for the two possible computer names, so if the names don't
work, that won't hold up the main computer's shutdown.
REM *** SHUT.BAT
%1 \\yona_laptop
start shutdown %1 \\shalom-target-d
start shutdown %1 \\shalom-target
shutdown %1 /l /y

ACCESS HIDDEN SHARES

(contributed by Mark Bernier, Bernier@security-card.com)
I have a great timesaving tip. In the secure environment that I am
responsible for, all our shares are hidden. A quick and easy way to
access hidden or built-in shares in an Explorer view is to open the
Start menu, select Run, then type \\server\sharename. Almost instantly,
an Explorer view pops up containing the contents of the share. This is
particularly useful for hidden shares when you cannot browse them
within Explorer.

Disable the Save Password option

The Dial-Up Networking (DUN) program allows you to save a user name and
password for each of your dial-up connection. While this is convenient,
it's very insecure, especially when most dial-up networking is done using
laptops, which are easily stolen.
To prevent users from saving passwords, launch RegEdit and add the
REG_DWORD value DisableSavePassword value to the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters key
and set it to 1. Once this is done, DUN will no longer display the Save
Password checkbox and it will forget all the passwords it had been told to
remember. Remember to backup your Registry before making any manual
changes to it.

Start Menu extension: Control Panel

Who's really in control? Here's another nifty folder shortcut for Windows 98 & IE4 users:
Right-click on the Start button, choose Explore, then in the Explorer window which
pops up, create a New Folder. Rename the folder to the following and hit enter:
Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}

ACCESS PRINTERS IN ANOTHER DOMAIN

(contributed by David Liell, lielld@ozemail.com.au)
Access to printers in another domain requires that the other domain is
a trusted domain or requires a user ID and password. Sometimes neither
solution is convenient. A solution that we use on a university campus
is to add the network printer in Domain B to a server in Domain A as a
shared printer. We give the Domain A server a user ID and password in
Domain B. Then, all users in Domain A can connect to the shared printer
in Domain B without a user ID.

Tracking down failed logons

If your network consists of a number of Windows95 users, you may run into a
common problem. A user will complain that they can no longer access a
resource on an NT Server. Most commonly, the user changing their Windows
network logon name causes this problem. To see what user name is being
used to access the resource, you will need to enable security auditing for
failed logons. To do this, launch User Manager or User Manager for Domains
and select Policies | Audit from the menu bar to launch the Audit Policy
dialog box. Configure the dialog as we have in Figure C and click OK. The
next time the user fails to access a resource, launch Event Viewer and
select Log | Security from the menu bar. A list of failed log on attempts
will be displayed. Double click on one to see the username that failed, it
will probably not be the same as their NT username.

Start Menu extension: My Computer

Here's another nifty folder shortcut for Windows 98 & IE4 users: Right-click on the
Start button, choose Explore, then in the Explorer window which pops up, create
a New Folder. Rename the folder to the following and hit enter:
My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}

Start Menu extension: DialUpNetwork

Dial-Up Networking got you down? Here's another nifty folder shortcut for
Windows 98 & IE4 users: Right-click on the Start button, choose Explore,
then in the Explorer window which pops up, create a New Folder. Rename the
folder to the following and hit enter:
DUN.{992CFFA0-F557-101A-88EC-00DD010CCC48}
If you now want to start DialUpNetwork select Start, DUN, right mouse click
and choose open. It only works fine, if you have installed DialUpNetworking.

Start Menu extension: InBox

Exchange users, rejoice! Here's another nifty folder shortcut for
Windows 98 & IE4 users: Right-click on the Start button, choose Explore,
then in the Explorer window which pops up, create a New Folder. Rename the
folder to the following and hit enter:
Inbox.{00020D75-0000-0000-C000-000000000046}
If you now want to start Exchange, select Start, Inbox, right mouse click
and choose open.

Setting NUMLOCK ON

A Lockergnome Subscriber let me in on a little-known secret for turning on the
NUM LOCK key in NT4. In Control Panel -> System -> Environment, add a user
variable "NUMLOCK" with the value of "ON". Whenever you log on to the workstation,
the NUM LOCK key will come on. NT4 ignores the BIOS 'NUM LOCK' state. Show that
key who's boss!

Changing appearance of scoll bar

Take a look at your scroll bar. Is it too fat? Rather, is it bigger than it needs to be?
If you're using a smaller resolution, then you need all the screen real estate
you can get! Right-click on the Desktop, choose Properties, click the Appearance
tab, left-click on the scroll bar, and adjust the size at will. You can also adjust
other UI items within this dialog box as well!

PRE-SP4 HOTFIX REFERENCES NOT REMOVED

If you have already installed Service Pack 4 (SP4), you have a new
maintenance task at the top of your list. SP4 doesn't delete Registry
references to previously installed hotfixes. This means you can run
hotfix-l to list the fixes installed prior to SP4, and you can also run
hotfix-y to remove an old hotfix. If you accidentally remove a hotfix,
the SP4 files that replaced the hotfix files are deleted. This leaves
your system in a very unpredictable state.
To correct this problem, you must delete all references to hotfixes
installed prior to SP4. These references appear in the Registry and in
the system root. Run the Registry Editor and delete the hotfix Registry
keys located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\Current Version\Hotfix\<KBArticle#>, where <KBArticleNumber> is the
Q number of a Microsoft article associated with a particular hotfix.
To finish the cleanup, delete the hotfix uninstall directories in the
system root (folders named $NTUninstall<KBArticle#>). See Microsoft
article "SP4 Installation Doesn't Delete References to Previous
Hotfixes" for more information (if you can find it-see below).
http://support.microsoft.com/support/kb/articles/Q194/3/34.asp

DISPLAY A DROP-DOWN LIST OF PRINTERS

(contributed by Michael James Miller, mjm89@IDT.NET)
To display a drop-down list of printers installed on your PC, right-
click the Start button and select Explore All Users (or whatever
name you used to log on), then right-click in the file-listing
pane and select New Folder. Name the folder by typing the following:
Printers.{2227A280-3AEA-1069-A2DE-08002B30309D}.
Click OK. This procedure results in a new folder named Printers,
which lists all your installed printers. You can create this folder
from any location in the C:\WINNT\PROFILES section, and you can make
the folder available to either everyone on your network or only
administrators. Before your newly installed printers appear in your
Start list, you might need to log off and log on or open the Printers
window the old-fashioned way once.

REBUILDING THE LICENSE MANAGER DATABASE

License Manager is an administrative tool that tracks client licenses
for Windows NT, BackOffice products, and other license-aware
applications. When you install license-aware software, you must select
one of two client-licensing modes: per server or per seat. When you
select per-server mode, you establish the maximum number of concurrent
connections for that product. When you choose the per-seat option, you
must purchase one client license for every computer (by computer name)
that connects to the server or application. In both cases, when you
exceed the number of licenses you've defined, products refuse
connections and commonly write a message to the Application Log noting
that the product is out of licenses.
License Manager does not update the database when you rename servers
or remove servers from a network, which means the database can get out
of sync. The database can also be incorrect because we enter bad
information. Here are some tips for clearing out all or part of the
database.
%Systemroot%\System32\cpl.cfg contains the purchase history
%Systemroot%\System32\Lls\Llsuser.lls contains user specific connection data
%Systemroot%\System32\Lls\Llsmap.lls contains license group information
First, stop the License Manager service. Second, rename or delete the
file containing the data you want to reenter or rebuild. Third, restart
the License Manager service. So, for example, to clear the server and
computer (client) connections, delete Llsuser.lls. To clear the
purchase history, delete cpl.cfg. You can delete one, two, or all three
of these files, depending upon the required cleanup. This information
is documented in Microsoft articles "Removing Deleted or Renamed
Servers from License Manager"

CREATE A SHARED DIRECTORY ON A REMOTE MACHINE

(contributed by Larry Diffey, ldiffey@hotmail.com)
I occasionally need to create a shared directory on a Windows NT machine that I
don't have physical access to. NT Explorer doesn't let you create or remove
shares on a remote machine, but File Manager does. First, map a drive to the
hidden share at the root of the logical drive on the target machine (i.e., net
use x: \\NTmachine\c$). Go to Start, Run, and type Winfile to start File
Manager. Click Disk, Share As, and set permissions and share name. This
technique also works on any existing share's subdirectory on an NT, Windows 95,
or Win3.x machine. You can also manage remote shares with the Stop Sharing
command in File Manager.

CLEAR SYSTEM PAGEFILE AT SHUTDOWN

A few of the publicly available attacks on Windows NT security rely on the fact that
the NT pagefile is left intact on shutdown, and can subsequently be scanned for
useful information. To clear the pagefile at shutdown, add the REG_DWORD value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
Memory Management\ClearPageFileAtShutdown value and set it to 1.
This value causes NT to clear the pagefile when it shuts down. Remember to back
up your Registry before making any manual changes. After you are satisfied that
your Registry changes have done what you wanted them to, update your
Emergency Repair disk.

UPDATE A PROGRAM WITH A NEW DLL

I was recently at a client site that needed to update its virus program with a
new DLL that ran as part of a Windows NT service. We wanted to update the service
by copying the new file using a logon routine, but the desktop was locked down
with a policy that did not let users stop a service. Because we couldn't stop
the service, we couldn't delete the old file in preparation for the new file
copy. We got around the problem by renaming the DLL with a different extension
and copying the new DLL. Because the old DLL was already loaded in memory, the
service did not change and did not appear to behave strangely-the system scanned
and disinfected files as expected. Later, we restarted the machine, which loaded
the new DLL. I have done this with other services and, unless the directory
where the file is also has NTFS permission restrictions, it appears to work
just fine. I hope this tip makes someone's job a little easier.

How to Obtain BIOS Information from the Registry

"Using Registry Editor, view the BIOSDate, BIOSName, and BIOSVersion string values
in the following registry key:
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\SYSTEM".
Again, fussing with the Registry should only be done by expert users
(or experienced troubleshooters).

SPEED UP THE TASKBAR

In Windows NT 4.0, the user interface has been enhanced with the taskbar. If
you have a small screen, you can configure the taskbar to disappear when you're
not on it and reappear when you slide your mouse to the bottom of the screen.
Depending on the speed of your computer, it may take too long for the taskbar
to appear. You can speed up this appearance, as well as the appearance of other
taskbar menus by adding a REG_SZ value named
HKEY_CURRENT_USER\ControlPanel\Desktop\MenuShowDelay. This value expresses the
number of milliseconds the operating system will pause before displaying the
taskbar. In other words, if you want the taskbar to wait 1 second before
appearing, you would set the value to 1000. Remember to back up your Registry
before making any manual changes. After you are satisfied that your Registry
changes have done what you want them to, update your Emergency Repair disk.

WHY YOUR NOTEBOOK DISK WON'T SPIN DOWN AFTER SP4

The Event Log service in Service Pack 4 (SP4) writes a timestamp on the
hard disk every 5 minutes. The Event Log uses the timestamp to estimate
when Windows NT performs an abnormal shutdown or crashes. If you set
your notebook disk to spin down after 5 minutes, the timestamp activity
interferes with the spin down. According to Microsoft's Support Online
article Q194749
(http://support.microsoft.com/support/kb/articles/q194/7/49.asp?FR=0),
the timestamp is for NT servers, but in SP4 the timestamp is also for
NT workstation. Perform the Registry edit below to disable this
activity on your NT workstation. You must add a new key to the Registry
(Reliability) and then add the TimeStampInterval value to this key.
Path:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
Add a new key:
Reliability: REG_DWORD:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability
Add a new value:
TimeStampInterval: REG_DWORD: 0.
You must reboot your system to activate the change.

Changing default icon view in explorer

First, open the Explorer window, arrange the icons the way you'd like them viewed
everywhere, then hold onto the SHIFT+CTRL+ALT keys while clicking on the "X" (close)
button.

Prevent creating admin shares on system startup

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
"AutoShareWks"=dword:00000001
00000001 creating hidden and ADMIN$-share on system startup
00000000 prevent creating admin shares on system startup

How to Run Control Panel Tools by Typing a Command

To run a Control Panel tool in Windows, type the appropriate command in the Open box or
at a command prompt.
NOTE: If you want to run a command from a command prompt, you must do so from the
Windows folder. Also, note that your computer may not have all of the tools listed
in this article, as your Windows installation may not include all of these components.
Control panel tool Command
---------------------------------------------------------------
Accessibility Options control access.cpl
Add New Hardware control sysdm.cpl add new hardware
Add/Remove Programs control appwiz.cpl
Date/Time Properties control timedate.cpl
Display Properties control desk.cpl
FindFast control findfast.cpl
Internet Properties control inetcpl.cpl
Joystick Properties control joy.cpl
Keyboard Properties control main.cpl keyboard
Microsoft Exchange control mlcfg32.cpl
(or Windows Messaging)
Microsoft Mail Post Office control wgpocpl.cpl
Modem Properties control modem.cpl
Mouse Properties control main.cpl
Multimedia Properties control mmsys.cpl
Network Properties control netcpl.cpl
Password Properties control password.cpl
Power Management (Windows 95) control main.cpl power
Power Management (Windows 98) control powercfg.cpl
Printers Properties control main.cpl printers
Regional Settings control intl.cpl
Sound Properties control mmsys.cpl sounds
System Properties control sysdm.cpl

Change your wallpaper using Internet Explorer

A handy way to change your desktop wallpaper is by finding an image
on the Internet. Using IE 4.0, you simply have to right-click on
any image and choose the Set as Wallpaper option from the pop-up
menu. Once you have selected your image, you can right-click on the
desktop and select Properties from that pop-up menu to further customize
your wallpaper.

ENABLE SNAP TO DEFAULT BUTTON

There is a useful feature of the X Windows interface that gives you the ability
to have your mouse pointer jump to the default button of any dialog box or alert
that appears. As each dialog appears, you don't have to drag your mouse to the
OK button or the Next button, because it will jump there all by itself. By
changing an entry in the Registry, your NT 4.0 interface can act the same way.
To enable this feature, set the value of HKEY_CURRENT_USER\Control
Panel\Mouse\SnapToDefaultButton to 1. Although it may take a while to get
used to this feature, it can be extremely helpful on a high-resolution monitor,
or when using a control device that makes it hard to move the pointer quickly.

Creating Newsgroups using Exchange Server 5.5

You can create your own Usenet newsgroups even if you don't have a news
feed using Microsoft Exchange Server 5.5. Make sure the NNTP protocol is
enabled by checking the properties of the NNTP node of the Protocol sub-node
under Configuration. Make sure the Enable Protocol and Enable Client Access
boxes are checked. You will probably also want to allow anonymous access
to the newsgroups. Next, select Tools | Newsgroup Hierarchies from the
menu bar to launch the dialog box shown in Figure B. Click Add and select
a Public Folder to turn into a newsgroup (or news group hierarchy). All you
have to do now is set up a newsreader, such as Outlook Express, to point to
your server and you can use your new newsgroup.

PROFILE MANAGEMENT

Users get confused when they see the dialog box asking whether to use a
local or server-based profile. This prompt occurs in two situations:
when the profile server is unavailable, and when the locally cached
profile is more recent than the server version. Service Pack 4 (SP4)
lets us define a default response to the profile prompt, specifically
when the local profile is newer than the server copy. Look for a new
check box in the System Policy Editor (SPE) under Default
Computer/Windows NT User Profiles. These improvements are documented in
Microsoft Support Online Article Q196284.
http://support.microsoft.com/support/kb/articles/q196/2/84.asp?FR=0

FORCE WINDOWS NT TO REBOOT AFTER A CRASH

If you spend any time administering Windows NT, you're far too familiar with
the Blue Screen of Death (BSOD) that displays the cause of the crash and
gives some information about the state of the system when it crashed.
The BSOD will sit on the screen until someone reboots the system, which
could be very bad for a system that should be running 24 hours a day,
like an Exchange server. You can force NT to automatically reboot after
a crash by setting the value of
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CrashControl\AutoReboot to 1.
Once you've changed this value, NT will reboot after writing the crash
log file.

Using the SMTP server from the NT 4.0 Option Pack

If you installed Microsoft Internet Information Server (IIS) 4.0, and you
do not have Exchange Server, chances are you also installed the SMTP server.
Using this server, you can send mail from your NT Server to any E-mail
address, as long as you are on the Internet and have a valid DNS.
To configure your SMTP server to send mail from your local machine, you will
have to change the Relay Restrictions. Launch the Internet Service Manager
and expand the Internet Information Server node. Double-click on the
Default SMTP Site node to display the Default SMTP Site dialog box.
Next, select the Directory Security tab and click on Edit in the
Relay Restrictions section to launch the dialog box. Select the
Allowed To Relay radio button and click OK. Apply the configuration
changes and your SMTP server is ready to send E-mail.
You will need to configure your mail reader to use the localhost IP
address of 127.0.0.1 as the outgoing mail server.

LiveScrolling for Word 97

Lockergnomie Galah Nuga (from Indonesia) has solved a long-time annoyance of
mine! If you use Microsoft Word 97, you may have noticed that when you
peruse a document using the scroll bar, the visible page doesn't "change"
until you let go of the scroll bar button. Well, if you apply this registry
tweak, you can click & hold the scroll bar button and get "live updating" in
the document window! WARNING: Registry hacking is NOT for novices (proceed
with caution). Open Regedit, navigate to HKEY_CURRENT_USER > Software >
Microsoft > Office > 8.0 > Word > Options. Create a new String value and
name it "LiveScrolling" (without the quotes or any spaces). Then, modify
it and enter "1" (without the quotes) as a value. The next time you use
Word 97, it should work!

Where did I archive that file?

Where did I archive that file? You can use the Windows Find tool to locate
files contained within "ZIP" files on your computer. Windows 95 users can
hit F3, enter "*.ZIP" (without the quotes) in the 'Named' field, and then
type the whole or partial file name in the 'Containing text' field under
the Advanced tab. Windows 98 (or IE4) users do the same, except the
'Containing text' field is underneath the 'Named' field. Your search results
should contain a list of ZIP files containing the file(s) for which you were
looking.

Send alerts during a crash

In addition to the crash log file, you can also enable two
other methods of crash notification and logging. You can
enable an administrative alert by changing the value of
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CrashControl\SendAlert to 1.
The next time the system crashes, an administrative alert
will be sent that may provide the first sign of the crash.
You can also make NT log the crash in the event log by changing the
value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CrashControl\LogEvent
to 1 instead of its default 0. Now, the exact time of the crash will be
permanently recorded.

HOW TO DETERMINE WHO HAS A FILE OPEN

In Windows NT Server 3.51, you could find out who had a file open (on the file
server) by going to File Manager, Properties, Open By. With Windows NT Explorer
in NT 4.0, that option is no longer available. But you can still use the good
old File Manager (WINFILE.EXE) in NT 4.0. To do so, create a shortcut on the
server desktop. Then use the Properties, Open By method to find out who has
that file open on the server.

USE ALL OF YOUR L2 CACHE
(contributed by Barry Flanagan, Bflanagan@bigfoot.com)

If you have more than 256KB of L2 cache, Windows NT might not be using
all of it. To correct this:
1. Make an Emergency Repair Disk (rdisk /s).
2. Run Regedt32.exe.
3. Under HKEY_LOCAL_MACHINE, select
System\CurrentControlSet\Control\SessionManager\MemoryManagement.
On the right side of the window you will find SecondLevelDataCache.
This defaults to 0, which is the correct value for 256KB of L2 cache.
Double-click SecondLevelDataCache to bring up the D_WORD Editor. Click
the Decimal radio button, enter the amount of L2 cache you have, and
click OK. Exit RegEdt32.
I have found significant performance increase when using this tip!

Procedure to install DOS on a running Windows NT 4.0
If you want to install DOS on a plan Windows NT 4.0 system, see Knowledge Base Articel Q101789
(http://support.microsoft.com/support/kb/articles/q101/7/89.asp?FR=0)
Note, that you are only able to install DOS on FAT partitions.
In some cases, the DOS command sys c: get an error: Not enough space for operating system.
To fix this situation do following:
- Create a DOS boot disk with debug.exe, sys.com, format.com and getbs.exe (from WIN-NT Ressouce-Kit).
- Create an image of your disk using "Disk Image 2.0"
- Boot with the boot floppy, format c: /s
- Use getbs.exe to rescue the current DOS boot sector.
- Recover disk image using "Disk Image 2.0"
- Boot with the boot floppy, and recover the boot sector using the command "debug" as follows:
debug a:\bootsect -n (where "a:\bootsect" is the file containing the DOS boot sector)
- l 100
- w 100 2 0 1
- q
- Use NT Bootdisks and start Recovery Option. Choose "Recoverying boot sector" - without using emergency disk
- boot NT and copy IO.SYS, MSDOS.SYS and command.com from boot floppy to c:\
- add MS-DOS entry in c:\boot.ini

Changing Icon Spacing

There's a lot of white and wasted space in Windows 9x/NT4. Part of that has to do
with the default icon spacing settings. One of the FIRST things I do after
reinstalling Windows is set my icon spacing to a more appropriate level.
Right-click on the Desktop, select Properties, click the Appearance tab,
click on the Item drop-down list, look for Icon Spacing (Horizontal) and Icon
Spacing (Vertical). NOTE: write down the original settings in case you want
to reverse this later. I've (personally) found that setting both of these
numbers to 32 works best. Be sure to refresh (or re-line up) your explorer
windows, including the Desktop. It'll save some space.

Shortcut for "right click" to see context menue

I'm always telling you guys (and gals) to right-click on objects. But what if
your mouse isn't handy? Never fear, there are a couple of keyboard shortcuts
you could use to bring up the ever-popular context menu. Most newer keyboards
have two extra keys on them (one is the WinKey, and the other is the "right click"
key). Well, duh... you could use the right-click key if you have one. Or, try
using SHIFT+F10. Either will work. Just be sure you've selected an object
(or group of objects) before you "right-click".

EASILY SET PRINTER SETTINGS
(contributed by Mark Manna, m.manna@tref.nl)

Here is a tip that lets you quickly and reliably set printer settings
on Windows NT machines without going into the Registry.
- Open the Printers folder.
- Right-click anywhere except on a printer.
- Choose Server Properties.
You can change the Spooler location, and also configure Forms, event
logging information, Notification, and local ports. This process will
not work on NT 3.51 servers or non-NT machines. I find it odd that
Microsoft still says that you must edit the Registry to change the
printer spooler. Maybe to remain backward compatible with NT 3.x.

Tip for "wheel mouse" and Internet Explorer

Lockergnomie Jason Derikozis has an awesome tip for "wheel mouse" users who use
Internet Explorer: press & hold the SHIFT key while you scroll your mouse wheel
up or down. Scrolling up will move you forward and scrolling down will move you
back through the pages you've visited during that IE session. It's like clicking
the buttons in the icon menu or selecting "Back" or "Forward" from the right-click
context menu. Cool shortcut!

KILL HUNG PROCESSES WHEN LOGGING OFF

When you tell Windows NT to shut down, it first sends shutdown requests to any
running processes. Most 32-bit applications honor these requests and shut down,
but older 16-bit apps running in the Virtual DOS Machine often won't. When this
occurs, the operating system prompts you with a dialog box asking if you want
to kill the task, wait for the task to die on its own, or cancel the shutdown.
By modifying the Registry, you can automate this process. You can force NT to
kill all running processes on shutdown by adding a REG_SZ value named
HKEY_USER\<SID>\ControlPanel\Desktop\AutoEndTasks and set the value to 1.
You can also add this value to HKEY_USERS\.DEFAULT so that all new accounts
will shut down the same way.

Prevent users from changing video resolution

One of the most useful features of NT is the ability to change video
resolution and color depth on the fly. Unfortunately, some users will try
to push their systems beyond the configuration's capabilities.

You can prevent users from changing the video settings by changing the
permissions on the settings key for the video card. The exact location of
this key will vary, depending on the specific type of video card, but our
key was located at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware
Profiles\Current\System\CurrentControlSet\Services\mga_mil\Device0. You
should be able to find your card type in place of mga_mil, and you may
have more than one device listed. Change the permissions for each device
you wish to restrict.

Some hidden features of notepad

Notepad isn't as bad as everyone thinks it is. It's small, fast, and (for the
most part) efficient. It also has a few hidden tricks up its sleeve. For
instance, if you want to insert the time and date, simply hit F5. Or, if
you want to "log" the times you edit a particular text file, be sure to
type: ".LOG" (without the quotes) as the first line of that file and save
it. Now every time you open it up, the current date/time will be automatically
stamped into it. Lockergnomie "Ap.Muthu" also brings up a great tip for when
you're trying to save textual files without the .TXT extension: when you
'Save' or 'Save As', be sure to put the filename in quotes with the extension
you want it to have. Example: "thisdoc.html" (with the quotes).

Handling more than 1048 fonts

A Lockergnomie asks: "I have Windows 98 an d have 1048 fonts in my font folder.
I have been trying to add additional fonts and it keeps telling me that my
font folder is full."
Well, that's because your Font folder *is* full, and there's really nothing you
can do about it. However, there's a workaround which I think everybody should
pay attention to and employ immediately. You're wasting memory by installing
more than 200 fonts, unless you're a professional graphic artist. Time to fake
out the Fonts folder!
Move all the fonts you hardly use (novelty, dingbats, etc) out of your Fonts
folder and into a separate one (name it "Other Fonts"). When you want to use
one of those "other fonts" you just open that font by double clicking its icon
(and keeping it open), then launch whatever application in which you want to
use it. That "open" font should appear in the listing with your already
installed fonts. Windows won't know the difference, and you'll wind up saving
memory for other (more important) tasks. You can also save disk space by
ZIPping up those "other fonts".

How can I change the short date format from yy to yyyy?

Due to Year 2000 concerns you may want the NT short date format to show 4
digit years as opposed to the short 2 digit version. The normal method is as
follows:
Start the Regional Control Panel Applet (Start - Settings - Control Panel -
Regional)
Select the Date tab
Select 'M/d/yyyy' and click Apply
Click OK
Close the dialog
All this actually does is set the registry entry HKEY_CURRENT_USER\Control
Panel\International\sShortDate and so you can use this to automate the
update. For example using the REG.EXE utility, e.g.
C:\> reg update "HKCU\Control Panel\International\sShortDate=M/d/yyyy"
This could be incorporated in a login script or even a custom system policy.
You will also notice under the registry key the long date format can be set
by changing sLongDate.
An alternate solution to set for new systems is by using an unattended
installation, make the sShortDate change as part of the CMDLINES.TXT setup.
This is then adopted by admin and any new accounts created on the
workstation. Sample code:
***** CMDLINES.TXT *****
"rundll32 setupapi InstallHinfSection DefaultInstall 128 .\y2k.inf"
*** y2k.inf ***
[Version]
Signature="$Windows NT$"
[DefaultInstall]
AddReg=AddReg
[AddReg]
HKU,".DEFAULT\Control Panel\International","sShortDate",,"M/d/yyyy"

How can I stop print jobs writing to the System Log?

By default, Windows NT and Windows NT Advanced Server log every print job
processed by the server in the System Log.
To stop this perform the following:
Select Printers from the Settings Start menu folder (Start - Settings -
Printers)
From the File menu select Server Properties
Select the Advanced Tab
You can then select the events to log:
- Log spooler error events
- Log spooler warning events
- Log spooler information events
You have to restart the computer for the change to take effect.
Setting these values actually updates the registry entry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\EventLog
which is a DWORD value. Each option has a value
Log spooler error events is 1
Log spooler warning events is 2
Log spooler information events is 4
You then add these numbers up for the combination you want, for example:
A value of 7 means log information, error and warning events.
A value of 3 means only log error and warning events.
You have probably noticed the 1, 2 and 4 is because it is just setting the
relevant bit in the DWORD, so bit 1 is error, bit 2 warning and bit 3
information.

How can I compress the registry?

The following procedure can be used to compact the registry files, but
also to restore the 'repair disk data' when you messed up the registry:
1) As always, make sure you have a backup of you're system, including the
registry
2) Run Start: "RDISK /S-". This automatically updates the repair info
located under %systemroot%\repair. The registry data are reorganized and
compressed.
3) Next step is to expand these files to a temporary location.
EXPAND %systemroot%\REPAIR\DEFAULT._ %temp%\DEFAULT
EXPAND %systemroot%\REPAIR\SAM._ %temp%\SAM
EXPAND %systemroot%\REPAIR\SECURITY._ %temp%\SECURITY
EXPAND %systemroot%\REPAIR\SOFTWARE._ %temp%\SOFTWARE
EXPAND %systemroot%\REPAIR\SYSTEM._ %temp%\SYSTEM
4) Check your %temp% folder and %systemroot%\system32\config to find the
difference in size between the different files that make up the registry.
Probably the SOFTWARE hive will have a remarkable difference. In my case it
shrinked from over 10Mb to 3.5Mb.
5) The registry files in %systemroot%\system32\config should be replaced by
the reorganized ones in your %temp% folder. You can do this by:
Booting to DOS or Win3.x/95/98 and simply replace the files (in case your
system files are on a FAT partition).
Replacing these files while booting from a second Windows NT installation.
Or by using the MV command (move) from the Resource Kit to move these files
at boot-time:
MV /X /D %temp%\DEFAULT %systemroot%\SYSTEM32\CONFIG\DEFAULT
MV /X /D %temp%\SAM %systemroot%\SYSTEM32\CONFIG\SAM
MV /X /D %temp%\SECURITY %systemroot%\SYSTEM32\CONFIG\SECURITY
MV /X /D %temp%\SOFTWARE %systemroot%\SYSTEM32\CONFIG\SOFTWARE
MV /X /D %temp%\SYSTEM %systemroot%\SYSTEM32\CONFIG\SYSTEM
When I performed these steps I notices a serious performance gain during
system startup.

FAILING LOGON IF MANDATORY USER PROFILES ARE NOT AVAILABLE

By default, users of Windows NT Workstation 4.0 can log into the domain with
their local profiles if the mandatory user profile is not available. If you do
not want them to be able to do this, change the user's profile folder from
profile_folder_name (where profile_folder_name equals the name of the user's
profile folder which equals the user's NT user name) to profile_folder_name.man
(by adding .man to the folder name). Then make the same change in the profile
path in User Manager for Domains. The user will now be unable to log into the
domain unless mandatory profiles are available.

Using FTP with your browser

FTP isn't a new kind of motor oil; it's the easiest way to transfer files from one
site to another. Of course, you probably already knew that (if you didn't, then
you've learned something new today). Lockergnomie Joshua Rolfe brings up a great
tip for Netscape or IE4 users: you can use your browser to log into an FTP site!
Simply type "ftp://username@ftpsite.com" (without the quotes). Of course, change
'username' to whatever it should be (typically "anonymous" works) and 'ftpsite.com'
to whatever the FTP site's address is. If you have an account which requires a
password, you can type "ftp://username:password@ftpsite.com" -- Be very careful
when doing this, though, as the address will remain in the drop-down menu.
Netscape will prompt you for a password, whereas IE will pop up with an error
message. See, I'm more than happy to show Netscape in a positive light!

Enabling fast reboot on 4.0 SP4 and above

Service Pack 4 introduces a new ability to reboot the machine by pressing <Shift>-<Ctrl>-<Alt>-<Delete> at the same time (basically the normal three finger plus shift). This will then shutdown all applications and reboot the machine. To enable this perform the following:
Start the registry editor (regedit.exe). Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
From the Edit menu select New - String Value, enter a name of EnableQuickReboot, double click the new value and set to 1. Click OK.
Close the registry editor, reboot the machine for the change to take effect
An event will also be written to the System Event Log (viewable using the Event Viewer):
Event ID - 6008
The previous system shutdown at <time> on <date> was unexpected.

Disabling the "Logon Using Dial-Up Networking" at logon time

It is possible to disable the "Logon Using Dial-Up Networking" check box when logging on by performing the following: Start the registry editor (regedit.exe). Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
From the Edit menu select New - String Value, Enter a name of RASDisable, double click the new value and set to 1. Click OK, Close the registry editor. The change will take effect at next reboot and the logon using dial-up networking box will be greyed out.

How can you send a programs output to a NULL device?

If you wish to suppress a programs output you can use the NULL device (as you would use UNIX's /dev/null). For example to make a program output to the NULL device instead of the screen use:
C:\> program.exe > nul
If you wanted to blank a file you can also use NUL
C:\> copy nul file.name

Enabling strong protection on shared system objects?

It is possible to tighten security on shared system resource attributes, such as the attributes of COM1: or of printers. By tightening base security, these shared resources will be administered only by system administrators. To enable this perform the following:
Start the registry editor (regedit.exe) Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
From the Edit menu select New - DWORD value and enter a name of ProtectionMode if it does not already exist
Double click the value and set to 1. Click OK, Reboot the computer. After performing this change you should update your Emergency Repair Disk using RDISK.EXE.

Restricting access to objects from Anonymous accounts?

It is possible to restrict the ability to list domain user names and enumerate share names available to anonymous logon users (also known as NULL session connections). If you feel this is a security risk Service Pack 3 for Windows NT 4.0 introduces a new option to stop anonymous users listing users and shares. To enable this perform the following:
Start the registry editor (regedit.exe), move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
From the Edit menu select New - DWORD value and enter a name of RestrictAnonymous if it does not already exist, double click the value and set to 1. Click OK, reboot the computer. After performing this change you should update your Emergency Repair Disk
using RDISK.EXE.

I have lost my executable association

If your computer configuration has been corrupted and executable files no longer behave correctly perform the following from the command prompt (cmd.exe)
C:\> assoc .exe=exefile
C:\> ftype exefile="%1" %*
Executables should now work as per normal.

Enabling Hi-Colour icons?

If you run the Desktop control panel applet (Start - Settings - Control Panel - Desktop) and select the Plus! tab you can check the box "Show icons using all possible colors" to get better resolution icons, however this can also be done by directly editing the registry (if you don't have the Plus! tab or if you wish to perform via a logon script etc.) Start the registry editor (regedit.exe)
Move to HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics
From the Edit menu select New - String Value Enter a name of "Shell Icon BPP" (don't type the quotes) and press enter. Double click the new value and set to 16 if you have a 16 bit graphic card or 24 for 24 bit graphics cards. Click OK. Close the registry editor
Pressing F5 to refresh your screen should make the change take effect, if not reboot.

ADD NOTEPAD TO RIGHT-CLICK MENU FOR EVERY FILE
(contributed by Matt Broadstock, BroadstM@kochind.com)

This tip will set Notepad as the default application for any extensions that are not associated with another application. It also will add Notepad to the right-click menu for every file. This feature lets you open any file in Notepad without navigating to Send-To and lets you double-click a file that doesn't have an association established, such as Config.sys, to open it in Notepad. If the file is too big for Notepad, you will get a prompt to open the file in Wordpad instead.
1. Run REGEDIT.
2. Navigate to HKEY_CLASSES_ROOT\*. (This should be the very first subtree.)
3. A key called "shellex" should already be here. Add a new key called "Shell" at the same tree level as "shellex."
4. Under the "Shell" key, create another key called "Notepad."
5. Create another key under the "Notepad" key called "Command."
6. You'll see a string value named Default when you highlight the "Command" key. Double-click Default and enter "NOTEPAD %1" (without the quotes). Click OK.
7. Exit Regedit and test it out.
Note: Here is the full path to the correct Registry key: HKEY_CLASSES_ROOT\*\Shell\Notepad\Command

Can't create new printer with the Add Printer wizard

If you're using the Add Printer wizard to create a new printer and you're getting an error that the operation couldn't be completed and that the RPC Server is unavailable, what happened is that the Spooler Service failed or didn't start. Go to Control Panel, Services and click on Startup. You can also specify to start the service automatically when the computer is started. If this doesn't resolve the problem, got to Start, Run and type NET START SPOOLER.

User statistics at a glance

If you ever need to see when users have last logged into the network, you can use a utility called USRSTAT.EXE, which is available in the Windows NT 4.0 Resource Kit. When you execute this utility, you will see the user name, full name and the date and time of the last logon of every user on every domain controller. This can be useful, for example, if you want to identify accounts that have not been used in a long time and might need to be deleted.

Quick way to bookmark the current web page

Want a quick way to bookmark the current web page you're visiting (in Netscape or IE)? Hit CTRL+D and the page should automatically be added to your Bookmarks or Favorites list. Of course, you can organize and categorize it at a later time, but this is a quick & dirty way to get the sucker stored. Plus, if you have a website, you can encourage your visitors to bookmark it by using the same keyboard combination--might as well encourage them to come back!

How can I stop a user closing the login script before it completes?

Jobst Schmalenbach has written an updated Gina.dll which can be configured to log the user off is they attempt to close the login script before it completes execution. It can be downloaded from http://senna.eng.monash.edu.au/~jobst/WindowsNT/index.html and contains full configuration instructions. An alternative is to hide it. This can be done by creating DWORD value HKEY_USERS\<user>\Console\WindowSize and set to 050005 in Hex and HKEY_USERS\<user>\Console\WindowPosition set it to 04FF06FF in Hex. This makes the Window very small and positions it off the screen.

Sharing my clipbook with other machines

Windows NT machines have a built-in Clipbook server service which allows other machines to use its clipbook and this is enabled as follows: Start the Services Control Panel Applet (Start - Settings - Control Panel - Services). Select ClipBook Server and click Start. You can also click Startup and set to Automatic so the service will start at each reboot.
Click Close, you can also start the service from the command line by entering the command C:\> net start clipsrvr or C:\> net start "clipbook server". You can then copy your data to the clipboard as normal by pressing Ctrl + C, PrtScn or Alt + PrtScn (to only copy the current window). Start the clipboard viewer (Start - Programs - Accessories - Clipboard viewer). From the Edit menu select Paste and enter a name that this data will be known as (for example Cat, though not if its a picture of a dog :-) ) and check the "Share Item Now" box. Just click OK to the next dialog which is about starting an application. From the client perform the following: Start the clipboard viewer (Start - Programs - Accessories - Clipboard viewer). From the File menu select Connect; Enter the machine running the Clipbook server service. A window showing the machines list of clips will be shown; Double click on one to display the data. You can then select Copy from the Edit menu to copy into the clients local clipboard

Logging off at the command prompt

Have you ever wanted or needed to log off the network at the command prompt but didn't know if this was possible? If yes, here's how to do it. You can use a utility called Logoff.exe, which is available in the Windows NT 4.0 Server Resource Kit (it's not available in any other Resource Kit, though).

How can I save the BSOD information?

System Internals have a utility called BlueSave which can be downloaded from http://www.sysinternals.com which will save up to 3 BSOD's before expiring and at that point you should purchase the commercial version from
http://wininternals.com. Once installed the BSOD will be saved in file %systemroot%\BLUESCRN.TXT to help you diagnose problems. A sample BLUESCRN.EXE can be seen here.

STOP NT EXECUTIVE FROM PAGING TO DISK
(contributed by Barry Flanagan, bflanaga@mediaone.net)

User-mode and kernel-mode drivers and kernel-mode system code is usually either pageable or non-pageable. In cases where drivers or system code are pageable, you can use the following Registry entry to keep this pageable code in RAM. This modification is advisable only on systems with extremely large amounts of RAM, or you can cause the server to be unstable. - Make an Emergency Repair Disk (rdisk /s). - Start Registry Editor (Regedt32.exe), and go to the following subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management - Change the entry, DisablePagingExecutive, to 1: Value Name: DisablePagingExecutive Data Type: REG_DWORD Data: 0 or 1 Default: 0 This entry specifies whether user-mode and kernel-mode drivers and kernel-mode system code can be paged to disk when not in use. If the value of this entry is 1, the drivers and kernel must remain in physical memory. If it is set to 0, they can be paged to disk as needed.

DISPLAY THE NT TASK MANAGER
(contributed by Adam Wilburn, AWilburn@FirstEdge.com)

This is a simple tip, but great to know. In Windows NT 4.0, an easy way to display the NT Task Manager is to press Ctrl-Shift-Esc (an easy one-handed move). I've yet to talk to someone who knew this convenient shortcut exists.

DISCONNECT IDLE USERS
(contributed by John W. Schulze, jschulze@mindspring.com)

Here is a Registry entry that will help systems administrators with users who don't log off when they are supposed to. To disconnect idle users after a certain length of time, try this Registry entry. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters Look for the value name "AutoDisconnect" of type REG_DWORD. The default value is 15 minutes. You can set this value from 0 to 0Xfffffff in minutes.

IE5 Start Menu

IE5 Start Menu trick: "Click on the Start button, select 'Programs,' then double-click on any one of the Program Group folders!" Doing this should open up an Explorer window for that folder.

CUSTOMIZING WINDOWS NT TIP SCREENS

If you use Ghost or a similar program to create a standard build for new PCs, why not customize the Welcome to Windows NT tip screens that are shown each time a user logs on? The tips are located in the registry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Tips. The tips are stored as REG_SZ entries. For each tip, simply double-click on the tip and replace the text in the String field with the messages that you want to appear. If your users are already experienced in using Windows NT, you could provide general company information, technical support contact numbers or even a motivational thought for the day.

How do I switch my 2000 domain to native mode?

Windows 2000 domains have two modes, mixed and native. Mixed mode domains allow Windows NT 4.0 Backup Domain Controllers to participate in a Windows 2000 domain. In native mode only 2000 based domain controllers can participate in the domain and 4.0 based Backup Domain Controllers will no longer be able to act as domain controllers. Also the switch to native mode allows use of the new "Universal" groups which unlike global groups can be nested inside each other. Older NetBIOS based clients will still be able to logon using the NetBIOS domain name even in native mode. To perform the switch perform the following:
1, Start the Active Directory Domains and Trusts MMC snap-in
2, Right click on the domain you want to convert to native mode and select Properties
3, Select the General tab
4, Click the 'Change Mode' button
5, Click Yes to the confirmation
6, Click Apply to the main dialog
7, A success message will be displayed. Click OK
Reboot the machine (although I have been told a reboot is not needed). You will need to check all other domain controllers in the domain and when the domain operation mode says "Native Mode" (instead of mixed mode) reboot them. This can take 15 minutes (or more if contact is not able to be made). If a domain controller cannot be contacted (if on a remote site and only connects periodically) when you make the change the remote DC will switch mode the next time replication occurs.

How can I remove the dial-up networking icon from My Computer?

The dial-up networking icon can be removed by editing the registry as follows:
1, Start the registry editor (regedit.exe)
2, Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace
3, Select {a4d92740-67cd-11cf-96f2-00aa00a11dd9}
4, This step is optional but from the Registry menu select "Export Registry File". Enter a name for the reg file which will be created. This file will allow you to automatically undo this if you wish.
5, Press the Del key to delete the key.
6, Click Yes to the deletion confirmation dialog
7, Dial-up networking will no longer be visible from My Computer
To restore it using your reg file just double click on the reg file from Explorer and dial-up networking will be restored.

How can I remove the Scheduled Tasks icon from My Computer?

The Scheduled Tasks icon can be removed by editing the registry as follows:
1, Start the registry editor (regedit.exe)
2, Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace
3, Select {D6277990-4C6A-11CF-8D87-00AA0060F5BF}
4, This step is optional but from the Registry menu select "Export Registry File". Enter a name for the reg file which will be created. This file will allow you to automatically undo this if you wish.
5, Press the Del key to delete the key.
6, Click Yes to the deletion confirmation dialog
7, Scheduled Tasks will no longer be visible from My Computer
To restore it using your reg file just double click on the reg file from Explorer and scheduled tasks will be restored.

Using the NET command to add or delete computer accounts

You can use the command line to add or delete computer accounts. In the following examples, computername is the name of the computer account that you want to add or delete. To add a computer account, type NET COMPUTER \\computername /ADD . To delete a computer account, type NET COMPUTER \\computername /DEL

MORE MEMORY PLEASE

This note is pretty interesting and will no doubt raise a few eyebrows among big server users. Windows NTServer, Enterprise Edition is installed with the boot switch /maxmem=256 to avoid installation problems on large memory systems. However, if you load NTS/E on a system with 512MB, the switch prevents the OS from using the other 256MB after you complete the install. To correct the problem, remove the switch from the boot.ini file. Boot.ini is a hidden system read-only file at the root of your boot partition. Before you edit boot.ini, make a backup copy. Then remove the read-only attribute so you can save the edited version. The line in boot.ini will look similar to this one:multi(0)disk(0)rdisk(0)partition(2)\WINNT="BDC 4.00 /maxmem=256".
You need to delete the text "/maxmem=256". See article Q222974 (http://support.microsoft.com/support/kb/articles/q222/9/74.asp) for details.

AUTO-COMPLETE LONG FILE NAMES
(contributed by Jonathan Hatchuel jonathan@sts.co.za)

Have you ever wanted to use the UNIX feature that lets you auto-
complete long file or folder names on Windows NT? Here's how.
Open REGEDT32.EXE and open the following key:
HKEY_CURRENT_USER\Software\Microsoft\Command Processor.
Change the value of "CompletionChar" to 9.
Open a Command prompt, type in "CD W", and press the tab key. I think
you'll find this feature useful.

Do you have a great tip for using Windows NT? Let the UPDATE staff know
about it at updatetips@winntmag.com. We will edit all submissions for
style, grammar, length, and technical accuracy. Please include your
full name and an email address where other UPDATE readers can reach
you.

How can I stop users accessing local drives via Internet Explorer?

A. If you type "C:" (or any other drive) in the Microsoft Internet Explorer address box you will be shown the contents and if proper NTFS file permissions are not in place users will be able to delete, rename, read any files on the disk. This is usually a problem if you have a locked down environment where users do not normally have access to Explorer etc (such as an Internet Cafe).
To stop the ability to view local drives from Internet Explorer perform the following:
1, Start the registry editor (regedit.exe)
2, Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
3, From the Edit menu select New > DWORD value.
4, Enter a name of NoRun and press Enter
5, Double click the new value and set to 1. Click OK to close the value edit dialog.
6, From the Edit menu select New > DWORD value.
7, Enter a name of NoDrives and press Enter
8, Double click the new value and set to a number representing the drives you wish to hide (explained below). Click OK to close the value edit dialog.
9, For IE 4.01 SP1 and above perform the following steps:
1. From the Edit menu select New > DWORD value.
2. Enter a name of NoFileUrl and press Enter
3. Double click the new value and set to 1. Click OK to close the value edit dialog.
10,Close the registry editor
The NoRun setting disables viewing local files by typing a file address or URL (for example, "file://d:\") in the Address box, and also disables the Run command on the Start menu. The NoDrives setting disables the selected drives. It is explained in 'Q. How can I hide drive x from users?'. Basically drive A is 1, B is 2, C is 4, D is 8 etc. and you add the values together. So to hide drive C and D, you would add 4 and 8 which is twelve or C in hexadecimal and set NoDrives to C (selecting Hex mode).

What additional restrictions are available in Internet Explorer IE4.01 SP2 and above?

A. Additional restrictions can be applied to IE 4.01 Service Pack 2 and IE 5.0 which have an updated Shdocvw.dll. The restrictions below should be added to HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions of type DWORD value. Set to 1 to be enable, 0 to disable.
NoFileOpen Disables Open command on File menu, CTRL+O, and CTRL+L.
NoFileNew Disables CTRL+N NoBrowserSaveAs Disables Save and Save As on the File menu.
NoBrowserOptions Disables Internet Options on the View menu (disables changing browser settings).
NoFavorites No Favorites menu, adding to favorites, or organizing favorites.
NoSelectDownloadDir Prevents user from being able to select download folder by not displaying the Save As dialog box when a file is downloaded.
NoBrowserContextMenu Disables HTML context menu.
NoBrowserClose Disable ALT+F4.
NoFindFiles Disables the F3 key.
NoTheaterMode Disables the F11 key.
NoFindFiles and NoTheaterMode are created by default during the installation of Service Pack 2 but are of type BINARY due to limitations of .inf files. You can, if you wish, delete and recreate these as DWORD values. Also HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions\NoToolbarOptions can be created which disables adding, removing, or moving toolbars.

How can I create a domain trust through a firewall?

A. When creating trust relationships communications between the two domains is carried out over a number of protocols with each protocol using different TCP/IP port. Below is a list of ports which need to be enabled on the firewall for a trust relationship:
PORT 135 (TCP or UDP) for Remote Procedure Call(RPC)Service
PORT 137 (UDP) for NetBIOS Name Service
PORT 138 (UDP) for NetBIOS datagram (Browsing)
PORT 139 (TCP) for NetBIOS session (NET USE)
ALL PORTS above 1024 for RPC Communication
You may use LMHOSTS for name resolution (which would have #pre #dom entries for the domain controllers) or WINS can be used which requires:
PORT 53 (TCP and UDP) for DNS
PORT 42 (TCP and UDP) for WINS Replication
Alternatively, a trust can be established through point-to-point tunnelling protocol (PPTP). For PPTP, the following ports must be enabled:
PORT (TCP) 1723 for PPTP
IP PROTOCOL 47 (GRE)
Also see the following knowledge base articles:
Q167128 SMS: Network Ports Used by Remote Helpdesk Functions
Q174395 Event ID 4202 Attempting WINS Replication across Router

Enable DVD functionality in Windows Media Player

Haven't installed a DVD drive quite yet? Well, don't worry--in time, they'll come standard on all new PCs. Lockergnomie Jim Bailey discovered a way to turn on the DVD functionality of the Windows Media Player! Open Regedit, navigate to HKEY_CURRENT_USER > Software > Microsoft > MediaPlayer > Player > Settings. Right-click on the Settings key and choose New > String Value. Name that string "EnableDVDUI" (without the quotes). For the value, use "yes" (again, without the quotes). Next time you start Windows Media Player, you should have DVD viewing abilities. Keep in mind, this won't read DVD-ROMs unless you have a DVD drive installed.

DISABLE CACHING LOGON CREDENTIALS

By default, Windows NT caches the logon credentials for the last user that logged on interactively to an NT system. One reason this feature is provided is so that a user can still log on to the system, even if their system is disconnected from the network or none of the domain controllers are available.The credential cache is protected, but you may want to disable this credential caching completely if your environment requires a high level of security. To disable credential caching, change the following entry:
Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: CachedLogonsCount
Data Type: REG_DWORD
Value: 0

Enable X Windows style mouse

If you've ever worked on a UNIX workstation using X Windows, you probably remember being able to bring a window to the front just by placing your mouse pointer on it. You can enable a similar feature in NT by setting the value of HKEY_CURRENT_USER\Control Panel\Mouse\ActiveWindowTracking to 1. Changing this value will set the focus to whatever window the mouse is pointing to, although it won't bring it up to the top of the stack. You'll need to log off and back on before this change will take effect.

DETERMINE A COMPUTER NAME OR LOGGED-ON USERNAME
(contributed by Andy Holmes, andy.holmes@saint-gobain.co.uk)

Do you support users where the hardest part is trying to determine their computer name or the logged-on username? Wouldn't it be great if this information were always on the desktop? Run regedit.exe and go to HKEY_CLASSES_ROOT\CLSID\. Double-click the (Default) entry, and type the following in the string editor box: User: %USERNAME% on: %COMPUTERNAME%
Now, when each user logs on to the workstation, the My Computer icon on the desktop will have the text "User: xxxxxx on: wwwwww" in place of the text "My Computer." The usual warnings and disclaimers about editing the Registry apply. This tip works not with WIN-NT, only with WIN95, WIN98.

Drop to an command prompt from any given folder

- Start regedt32.exe and go to HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}.
- Select the <No Name> value and Delete.
- From Edit, select Add Value.
- Leave the value name blank and set the type to REG_EXPAND_SZ.
- Click OK and enter the text "User: %USERNAME% on: %COMPUTERNAME%".
- Click OK.
- Click the desktop and press F5 (refresh) for the change to take effect.
Now, when each user logs on to the workstation, the My Computer icon on the desktop will have the text "User: xxxxxx on: wwwwww" in place of the text "My Computer." The usual warnings and disclaimers about editing the Registry apply.

How can I show the context menu without the right mouse button?

Pressing Shift-F10 will bring up the context menu for any selected item. Just pressing F10 shifts the cursor focus to the first menu item (normally File).

How can I make NT see more than 8 units on SCSI?

By default Windows NT 4.0 will only detect the first eight logical units on a SCSI device.
This has been fixed in Service Pack 5 with the following action:
1, Start the registry editor (regedit.exe)
2, Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<DriverService Name>\Parameters\Device<N>
3, From the Edit menu select Add - DWORD value
4, Enter a name of LargeLuns and press Enter
5, Double-click the new value and set to 1. Click OK
6, Close the registry editor
7, Restart the machine
NT will now support up to 255 SCSI units.

Changing explaining the icons use

In Windows 2000 when you move the cursor over an icon (such as My Network
Places or My Computer) text is displayed explaining the icons use. This text is stored in a registry entry InfoTip of type String for each CLSID entry and can be changed to any text you want.
For example to change the My Network Places text:
1, Start the registry editor (regedit.exe)
2, Move to HKEY_CLASSES_ROOT\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}
3, Double click InfoTip and change. Click OK
4, Close the registry editor
5, The change take immediate effect.
Other useful entries are (all under HKEY_CLASSES_ROOT\CLSID\):
{20D04FE0-3AEA-1069-A2D8-08002B30309D} My Computer
{450D8FBA-AD25-11D0-98A8-0800361B1103} My Documents
{645FF040-5081-101B-9F08-00AA002F954E} Recylce Bin
{00020D75-0000-0000-C000-000000000046} Microsoft Outlook
{21EC2020-3AEA-1069-A2DD-08002B30309D} Control panel
{2227A280-3AEA-1069-A2DE-08002B30309D} Printers
{7007ACC7-3202-11D1-AAD2-00805FC1270E} Network and dial-up connections
{85BBD920-42A0-1069-A2E4-08002B30309D} Briefcase
{871C5380-42A0-1069-A2EA-08002B30309D} Internet Explorer
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} Web Folders

HOW TO INSTALL SP4 AND POST-SP4 HOTFIXES IN ONE PASS

Here's a great timesaver for installing a service pack and related post-service pack hotfixes in one pass. Although no hotfixes are available for SP5, this technique works with SP4 and post-SP4 hotfixes such as Rollup and Scrnsav. This method is also handy when you must reapply a service pack and hotfixes after loading Windows NT components from the original distribution media.Hotfix.exe is the utility that installs hotfixes as directed by entries in the hotfix.inf file. Microsoft claims that hotfix.exe is included in each hotfix download file, but in my experience this is not always the case. If necessary, you can download the most recent copy of this utility (it was updated April 30, 1999) from ftp://ftp.microsoft.com/bussys/utilities/hotfix/. You expand a hotfix into its individual files at the command line by entering the hotfix file name with the .exe extension, followed by /x (e.g., discfix-fix.exe /x). Now on to the installation instructions. Suppose you have a directory called SP4 that contains the full SP4 update. Create a subdirectory called Hotfix (i.e., SP4\Hotfix) and copy the files hotfix.exe and hotfix.inf into the Hotfix directory. Expand all hotfixes you want to install into the Hotfix directory, and modify the hotfix.inf file to include each fix. Editing the .inf file takes time, but it's worth it when you run the streamlined update procedure because you reboot only once after you apply the service pack and all hotfixes (instead of once after each hotfix). When you run Update.exe to install SP4, the Update file discovers the Hotfix subdirectory and prompts you to install each hotfix stored there. Voila! In one pass, you have installed SP4 and your favorite list of hotfixes with just one system restart. Microsoft Support Online article Q166839, (http://support.microsoft.com/support/kb/articles/Q166/8/39.asp) offers detailed documentation about this combination update procedure. The article also contains excellent instructions on how to modify hotfix.inf to include the desired updates.

CHANGE A USER'S PASSWORD
(contributed by Matt McCarron, Matthew.McCarron@cwcom.co.uk)
Have you ever wanted to change a user's password stored in a local directory database without having to visit the user's computer. Here's how you do it. Click Ctrl+Alt+Del and select the Change Password button. In the Username box, type the username for the local account, and in the Domain text box, type the computer name where the local account is held. Enter the appropriate Old Password, New Password, and Confirm New Password. You should receive a message indicating "Your password has been changed."This tip also applies to directory databases on domain controllers and is especially useful if you want to change a password in a directory database that is outside your domain. A trust relationship doesn't need to exist between the domains, and you don't have to be logged on with administrator rights. This tip is also useful when users need to change their password outside the allowed logon hours or when the password has expired and the user is not able to log on.

Create a network Favorites folder
Each user has a Favorites folder used by Internet Explorer and Microsoft Office to store shortcuts and documents most often used. You might find it helpful to create a networked Favorites folder so all users can see and use these favorite files. In order to create a network Favorites directory, you must first create the directory and share it from one of your file servers. Be sure to set the appropriate share and NTFS permissions. Next, on each machine you want to use the network Favorites folder, change the value of HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites from its existing path to the Universal Naming Convention (UNC) path of the new folder. For example, the new Favorites directory could point to a shared Favorites directory on the server Jupiter, which has a UNC path of \\Jupiter\Favorites. You may also want to make this change to the HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites value so each new user will also share the network Favorites folder.

Stopping playing files before giving you the option to 'Save as.' with Media Player
There's a WIMP on the block, but it's a real bully. The Windows Media Player isn't perfect, but you can stop it from playing files before giving you the option to 'Save as.' Open the Windows Explorer, click 'View,' then 'Folder Options,' select the 'File Types' tab, find the media file you'd like to have not play automatically, select it and click the 'Edit' button. Place a checkmark in the 'Confirm open after download' box.

Open new Browser windows, when following up links
You may love following links in Lockergnome's HTML Daily newsletters (or on any
given Web page, for that matter). But, by default, links will open up in the same
browser. Lockergnomie Ran Biron came up with a solution for those of you who would
rather have clicked-upon links open up in a NEW window. If you have IE4/5 set as
your default browser, hold onto the Shift key when you click on a link. It's a
shifty way to do things, but it works.

IDENTIFYING THE SECURITY ID (SID) OF A USER
Have you ever wondered which security ID Windows NT has assigned to a specific user? You can find out by selecting the following Registry key within Registry Editor:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\ProfileList\SID
Once you've accessed this key, observe the data in the ProfileImagePath value (in the right-hand pane). You'll see the name of the profile folder for the user associated this SID. For example, if you have a user who's logged on to your server as Fred, you should see a ProfileImagePath of %SystemRoot%\Profiles\Fred associated with this user's SID.

Tip, when Explorer crashes
"When Explorer crashes, it can take away all your lovely System Tray icons. But there may be a way to prevent this from happening! Before you hit the "Close" button on the application error, load up one or two more copies of Explorer... then hit the Close button.

AUDITING REGISTRY CHANGES
You can audit changes made to specific Registry keys by using Windows NT's audit capabilities. You can also audit failed attempts to modify the Registry. Begin by enabling the Windows NT audit policy within User Manager for Domains. At a minimum, you must configure your server to audit failures for File And Object Access. Once you've enabled your server's audit policy, you can configure auditing on any Registry key by first selecting that key within Registry Editor, and then choosing Security|Auditing. In the Registry Key Auditing dialog box, specify the user or group you want to audit (use the group Everyone if you want to audit all users) and the actions you want to audit. You can audit the success and failure of the following actions: querying a Registry value, setting a value, creating a subkey, enumerating a subkey, and deleting. You can view the results of the auditing by viewing the Security log within Windows NT Event Viewer.

RESTRICT ANONYMOUS LOOKUP
Windows NT has a feature that lets users of the anonymous logon feature list domain usernames and enumerate share names. Customers who want enhanced security have asked Microsoft for help in restricting this feature as they see fit. Service Pack 3 (SP3) and SP4 for NT 4.0 (as well as a hotfix for NT 3.51) gives you this ability. To implement your restrictions, use the following Registry key and value:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Control\LSA
Name: RestrictAnonymous
Data Type: REG_DWORD
Value: 1

Can I rename a site? - Windows 2000
A. Basically yes. When you install your first domain controller it creates a default site of Default-First-Site-Name which is not very helpful and can be changed as follows:
1, Start the Active Directory Sites and Services MMC snap-in (Start -Programs - Administrative Tools - Active Directory Sites and Services)
2, Expand the Sites branch
3, Right click on the site you wish to rename (e.g. Default-First-Site-Name) and select rename (or just select the site and press F2)
4, Enter the new name and press Enter

How can I check the browse masters for a domain?
A. The resource kit has a utility BROWSTAT.EXE which allows status of the browse service to be ascertained. To check browse masters for a domain use the following command:
C:\> browstat status <domain>
To check statistics for a single server use the command
C:\> browstat stats \\<server>

Quick and easy access to all applets in Control Panel
Having quick & easy access to all the applets in your Control Panel is just a drag & drop away, gang. NOTE: this tip is only for those of you with IE4/5. Open 'My Computer' and select the 'Control Panel' folder (but don't open it). Then, drag the icon down onto a free area of your Taskbar and drop it. At that point, a new toolbar will be created; you can right-click on the leftmost handlebar and toggle 'Show Text' and 'Show Title' to tweak its appearance.

Wiping the Master Boot Record
The normal method is using the DOS FDISK command:
C:\> fdisk /mbr
however there are some cases where this does not work and a more direct method may be needed.
A program called DEBUG.EXE is supplied with DOS, Windows 9x and NT and can be used to run small Assembly language programs and just such a program can be used to wipe the MBR. Perform the following, but BE CAREFUL, this WILL wipe your MBR leaving your system unbootable and its data lost. Boot to 9x or DOS (this cannot be done from NT since direct disk access is not allowed)
Start a command prompt, enter the following commands (in bold):
C:\> debug
-F 9000:0 L 200 0
-a
0C5A:0100 Mov dx,9000
0C5A:0103 Mov es,dx
0C5A:0105 Xor bx,bx
0C5A:0107 Mov cx,0001
0C5A:0109 Mov dx,0080
0C5A:010A Mov ax,0301
0C5A:010D Int 13
0C5A:0110 Int 20
<press Enter twice>
-u 100 L 12 <check the code matches the above>
-g <executes>
Program terminated normally
-quit
You can now install a replacement MBR via a normal installation.

Stopping certain folders being replicated as part of the user profile?
Service Pack 4 introduced a new registry setting, ExcludeProfileDirs, which can be used to exclude certain directories from the replication of user profiles. To implement perform the following:
Start the registry editor (regedit.exe), move to HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
From the Edit menu select New - String value, enter a name of ExcludeProfileDirs and press Enter. Double click the new value and set to the relevant areas, separating them by semi-colons, for example Local Settings\Application Data\Microsoft\Outlook;Temporary Internet Files;Personal, click OK, close the registry editor. This can also be done via a system policy:
Start the Policy Editor (poledit.exe), create a new policy (or open an existing one providing it was created after SP4 installation), double click Default User, expand 'Windows NT User Profiles', check the 'Exclude directories in roaming profile'. In the data box type the name of the directories to be excluded, click OK. Save the policy to the netlogon share of the PDC

What are the problems with workstations having the same SID?

A. At the start of the GUI phase of installation each NT/2000 installation generates a unique Security IDentifier (SID). If you then clone a workstation each installation would have the same machine SID. This is not a problem in a Windows NT 4.0 domain as users have a SID generated by the domain controller and do not user the local workstation SID for security. It IS a problem in a Windows 2000 domain as the local machine SID is used in nearly all aspects of security and before migrating to 2000 you should resolve any duplicate SID issues which may have been caused by cloning installations. Duplicate local SID's are also a very big security risk in Workgroups, lets look further. In a workgroup the user accounts are based on the local workstation SID plus a relative identifier (RID), if all the workstations had the same SID then the first account generated (and so forth) on each workstation is the same because of the duplicate local SID. This makes it impossible to secure files and folders on a user basis since different users will have the same SID and all security is based on the user SID. An example illustrates this best:
Two workstations, wstation1 and wstation2 deployed using cloning software each have duplicated SID's. User John on wstation1 has a local machine account on wstation1 of S-1-5-34-148593445-285934854-2859284934-1010. User Kevin on wstation2 has a local machine account on wstation1 of S-1-5-34-148593445-285934854-2859284934-1010. User John saves private work on an NTFS drive and creates a share called private that only he can access. If Kevin browses the network and attempts connection he will have full access as his SID is identical to John's. There is no way to differentiate between them. Expand this to 100 machines installed via duplication all with the same local SID then you can see you have no security. Any files stored on removable media with security would also be vulnerable.
Microsoft has a tool, SYSPREP, which can be used on a workstation system BEFORE cloning which resolves the SID problem by generating a new SID when the new cloned installations are started. SYSPREP is provided as standard in Windows 2000 and a version for 4.0 can be requested from Microsoft. SYSPREP does have a few "problems" on Windows member servers as if a server with several local accounts is cloned the SID of any extra accounts are not updated, only the two primary accounts, Administrator and Guest are fixed. This means other accounts would be left with the old SID and thus considered orphaned.
Other SID fixing utilities are:
SIDchanger - http://www.powerquest.com
GHOST Walker - http://www.ghostsoft.com
NTSID -
http://www.sysinternals.com