Favorite Tips of IT Professionals (January 2000, Windows NT)

Published: January 1, 2000

By Anthony Witecki, CPA MCSE, Project Manager

T-Shirts for Tipsters

We were very impressed by the Windows NT tips submitted by IT Professionals for the T-Shirts for Tipsters contest. The Windows NT product support team combed through them all and selected the very best to share with you.

Congratulations to the January winners!

Bulk Permission Management on Home Directories

File Manager and Explorer invoke destructive permission changes (overwrite) when applying permissions to all subfolders of a top-level or parent directory. Therefore, an administrator trying to grant himself access to individual home directories without resetting the existing permissions would need to browse through each subdirectory, and individually configure the ACLs.

However, with the CACLS.EXE utility that ships with Windows NT, it is possible to grant any permissions to administrators without damaging any existing permissions. The only assumption is that all user home directories are located beneath a single share. To grant the administrator full control access to every user's home directory, type the following command at the command prompt:

CACLS C:\USERS /T /E /G administrators:F 

The above command works well if you are creating new folders in a fresh environment. Usually, however, you need a way to re-grant permissions to the original folder owner because the administrator learned about destructive updates the hard way. The following command can be used to grant full control to the owner and administrator, assuming that the name of each user's home directory is the same as their username and they are all located in the same root directory.

FOR /D %I IN (C:\USERS\*) DO CACLS %I /E /C /G %~nI:F Administrators:F

Where C:\users\* is the root directory (be sure to include the asterisk). A breakdown on the command works as follows.

'FOR /D %I IN (Path)' is merely a standard For/Next loop that finds all directory names beneath the specified path.

1. The DO CACLS commands tell the shell what action to perform for each folder name (%I) found. %I specifies the current folder name (including the full path) that is to be modified.

2. The /E /C parameters tell CACLS to edit (instead of overwrite) the current permissions and continue if any errors are generated. %~nI gets replaced with the current sub-folder name (without the full path), which should be the same as the user name.

3. The /G parameter specifies Grant <username> full control (/G %~nI:F).

4. Any additional users or groups can also be specified to grant the appropriate permissions to others in the domain (here, the Administrators group was also granted Full Control).

Editor's Note The following articles are good reading on this same topic: to 180464
https://support.microsoft.com/default.aspx?scid=kb;en-us;180464&sd=tech, 162786
https://support.microsoft.com/default.aspx?scid=kb;en-us;162786&sd=tech and 135268
https://support.microsoft.com/default.aspx?scid=kb;en-us;135268&sd=tech

Jim Devine
jimmyd48@nysnet.net

I am running Windows NT Server 4.0 SP4 as a PDC with DHCP on an Integrated PC Server on our AS/400. I have 2 BDC's both running WINS and replicating with each other. Today I loaded a CUME pack and performed the susequent IPL. The Windows NT Server reported errors after booting: duplicate name already exists on the network. My users could not log on, etc. Why this happened I still do not understand. However, the fix for this problem is to stop the WINS service on all servers, reboot the PDC, start WINS after the server completely reboots.

Dan Dvorak
dvorak@brno.autocont.cz

Do you know how to add a new SCSI driver through Windows NT 4.0 setup that was launched by booting from CD-ROM -- not from three diskettes? Just wait for first blue setup screen (not Blue Screen Of Death :-) and press F6. You then will have the choice to add a new driver for your hardware.

Tørres Kristian Brøvig, MCP
Networking manager
tkb@tkbrovig.no

Change the print spool directory

By default, Windows NT uses the system disk for all print spooling directories. If you're running out of space, or fire off a large number of print jobs, this can soon become a performance bottleneck. You can change the spool directory by adding a new REG_SZ value named

HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \Print \Printers[PrinterName]\SpoolDirectory and setting it to a local path. You should replace [PrinterName] with the name you gave the printer when you created it.

Note: You can't use a UNC path for the printer spool. You must use a fully qualified local path that exists before you make the changes.

You must stop and restart the Spooler service after making these changes to the Registry.

Editor's Note As always, back up your registry before editing it. The following article is good reading on this same topic: 123747.

Henry Rucker
Aviation Data Manager
netlord@mindspring.com

When you have a mixed network of Windows and Novell and the user logs on to the network with a Windows NT 4.0 Workstation and sends a print job to the printer, the printer will print a Novell print banner. When you attempt to turn off the print banner it will let you clear the check mark but when you log back in, the box is checked again and it prints the banner again. To resolve this, delete any local user account on the workstation (except the administrator account). Turn off the print banner and have the user log on to the Novell network and into the Windows domain with no local user account on the workstation -- and it will no longer print the Novell banner. This saves a lot of trees and when Active Directory comes out soon we can just eliminate Novell all together.

Editor's Note Successful use of this fix depends on your individual site configuration for your Novell and Windows NT system. The following article is good reading on this same topic: 130226.

Erasmo J. Medina
MCSE + Internet
emedina@cyberdude.com

Handy Admin Shortcuts

AS a Windows NT administrator I'm sure you do appreciate good tips to ease your everyday administration tasks. Recently I came up with an easy way to quickly administer a single server.

Probably you've done this a million times: when you need to check a share resource permissions or settings, or check services on a particular standalone server or BDC, you launch Server Manager for domains. But if your domain is quite large, you need to wait for Server Manager to bring the entire Server list. On a large network with many Windows NT servers this can take some minutes or couple of seconds.

If you want to administer a particular server over the LAN or WAN using Server Manager, do this:

I assume that as a Windows NT Administrator you have a lot of tools loaded on your Windows NT Workstation, including the latest and greatest Windows NT 4.0 Resource Kit Supplement 4. Create a Program Group to manage your servers:

• Create shortcuts pointing to a NT server using the following command:

  ?srvmgr.exe \\servername ?

• When you click on a particular shortcut, it will take you straight to the server without bringing all the Server List from the network.

This procedure has saved me time and makes my everyday administration a lot simpler. Enjoy it.

Tørres Kristian Brøvig, MCP
Networking manager
tkb@tkbrovig.no

Setting the Administrator Password During Unattended Install

If you want to set the administrator's password during an unattended installation of Windows NT Workstation or Server 4.0 with UNATTEND.EXE, do the following.

In the 386 directory, create a folder called $oem$. In this folder create a text file that contains the following lines:

[commands]
".\net user administrator <Password>"

Save this file as CMDLINES.TXT.

Next, copy NET.EXE into the $oem$ folder.

Finally, in UNATTEND.TXT, verify that the value for OEMPREINSTALL equals YES.

Now, if you run UNATTEND.TXT, the administrator's password will be set to the value you assigned to Password in the CMDLINES.TXT file.