The Mole #14: Technical Answers from Inside Microsoft - Upgrades & Active Desktops, Proxy Server, DCHP Scope

  • Article

August 2, 1999

Editors Note The questions and answers below are from the Inside Microsoft column that appears regularly on the TechNet Web site at the following location: https://www.microsoft.com/technet/community/columns/insider/default.mspx. To find out how to submit questions of your own, see the end of this article or go to https://www.microsoft.com/technet/community/columns/insider/default.mspx.

The TechNet Mole provides expert answers from deep within Microsoft to questions from IT professionals. This installment focuses on these issues:

  • Active Desktop and the Upgrade from Internet Explorer 4 to Internet Explorer 5

  • Monitoring Internet Use with Proxy Server

  • Changing DCHP Scopes (Gadzooks!)

On This Page

Including Active Desktop in Browser Upgrade
How to Monitor Internet Use
How can I change my subnet mask? A: Very carefully indeed.
Got Questions? Mail the Mole

Including Active Desktop in Browser Upgrade

Dear Mole,

We are upgrading about 20 workstations from Internet Explorer 4 to 5. Several users wanted to either retain their Active Desktop from Internet Explorer 4.0 or have it installed once Internet Explorer 5.0 was deployed. There was a problem in which I need your counsel. I will also provide the workaround that we used to "solve" it.

Active Desktop does not transfer from Internet Explorer 4 to 5 if it wasn't first activated in 4 prior to the upgrade. For instance, on two identical Dell Optiplexes running NT Workstation 4, the upgrade was made from Internet Explorer 4 to 5. One unit had the Active Desktop initialized and active in 4. It transferred that option to the Internet Explorer 5 desktop. The other one did not have the Active Desktop chosen in 4 but wanted it once the upgrade to 5 was complete. That did not work. In fact, when right clicking on the desktop of the second unit after the upgrade, there was no such AD option on the shortcut bar as expected. Was this by design (I doubt it) or mistake.

Our workaround was a bit ugly. We had to Uninstall Internet Explorer 5, find a copy of Internet Explorer 4, reinstall that, set the AD as the desktop scheme, reinstall Internet Explorer 5 and reset the now available option for AD. Is there an easier way to do this??

Keith Johnson, MCP

Hi Keith,

First, congratulate yourself on that klugey but effective workaround! Retaining your Active Desktop through a browser upgrade from Internet Explorer 4.0 to Internet Explorer 5.0 ain't easy, nor was it meant to be. For a couple of persuasive reasons, security high among them, the Explorer team chose not to burden the browser upgrade with Windows® Desktop components, known collectively as the Windows Desktop Update. Instead, they concentrated on improvements to browser and email functionality, which is exactly what both home and corporate users said they wanted most.

For those individual users who must have their Active Desktops, here's recommended procedure for retaining/installing them (courtesy of the Internet Explorer 5 IE.TXT File):

To install or upgrade the Windows Desktop Update, you must install Internet Explorer 4.01 SP1 before you install Internet Explorer 5.

If you have already installed Internet Explorer 5 and would like to install the Windows Desktop Update, carry out the following steps:

  1. Uninstall Internet Explorer 5.

  2. If Internet Explorer 4.01 SP1 is not already installed on your computer, install it.

  3. Install the Windows Desktop Update.

  4. Reinstall Internet Explorer 5.

Now, if your entire organization wants to standardize on the Active Desktop, things get a lot easier. In this case, your administrator can deploy a stand-alone installation of Internet Explorer 5 with a custom Internet Explorer Administration Kit (IEAK) package that includes the option of installing the Windows Desktop Update. Check out Internet Explorer 5 Administration Kit and Internet Explorer 5.5 Administration Kit to download the kit. It's about 3.6 MB.

How to Monitor Internet Use

Dear Mole:

I am a Network Administrator for a small, 75-user LAN. We are, however, expanding to a 20-location WAN with approximately 200 Win 9x PC's. At the same time, we are going to establish a permanent connection to the Internet.

One of the main drawbacks of permanent Internet access is, of course, monitoring it for, let's just say, "inappropriate use". I am looking for a way to monitor the sites that users have accessed.

Is there any way to quickly and easily do this? I have tried to remotely view a user's Temporary Internet Files, but when I try to open the folder, it shows me MY Temporary Internet Files folder instead.

Jeremy Shelley, MCSE, MCP+I. Network Administrator, West Central Cooperative

P.S. Great column.

Jeremy,

First, Mole thanks you for the pat on the back.

Your letter suggests that you've been given the job of Internet traffic cop, security force, and guardian of corporate morals along with your network administration duties. Jeremy, have we got a product for you! Just click your heels three times and repeat after Mole: Microsoft Proxy Server 2.0.

One. Proxy Server lets you log all activity from your network to outside web sites.

Two. Proxy Server acts as your firewall, protecting your network from evil outside hackers.

Three. Proxy Server lets you provide Internet access to multiple computers through a single connection.

To help you monitor your employees' Internet use, MPS 2.0 lets you log information about all Internet requests your client computers make. You can store this data in text format in log files, or, even cooler, save it to an ODBC database (like SQL Server or MS Access). This gives your network manager a complete profile of all traffic passing through the MPS 2.0 computer--including client IP address, client user name, time, destination host, destination IP address, etc. Now that you know who's going where, when, you can also specify a list of Internet addresses (IP addresses, IP address ranges, or URLs) to which access is permitted or denied to the users behind your firewall. Think of it as getting your diagnosis and your cure all in one pill.

To make your job even easier, Proxy Server includes a SQL script to create the tables in SQL Server, so it's all done for you when you set up logging in Proxy Server. For problems arising outside your org, logging now includes alert information and other new firewall-related flags. You can be notified immediately if your network is under attack. Microsoft Proxy Server 2.0 gives you a choice of alerting levels, too. If the little boy cries wolf too often, you can adjust the threshold variables to prevent false alarms.

Proxy Server pretty much is as cool as it sounds. Check these articles out for yourself on the TechNet CD:

  • MS Proxy Server 2.0 - Features At A Glance

  • Proxy Server 2.0 Reviewer's Guide

Don't even thank Mole. Just enjoy.

How can I change my subnet mask? A: Very carefully indeed.

Mr. Mole,

Installed and setup DHCP Server one year ago. I need to make only one change to my scope. The subnet mask. Cannot change it, with DCHP Manager even if the scope is deactivated. How you do it?

Gabriel Mehedinti, MCSE, Comlink Inc.

Hi Gabriel,

If it were easy to change the subnet mask, people might do it casually - tra la la, I think I'll change my scopes today! And most likely, more often than not, they'd screw things up big time. In other words, the difficulty you're experiencing is by design. For your own good, and all that.

By way of background: The subnet identifiers and address pool makes up the properties of scopes. You can change the properties of an existing scope by selecting the scope for which you want to change properties and then clicking Properties on the Scope menu. You can also double-click the scope to access its properties.

In Windows NT® 3.5x, you can extend the address range of the scope after a scope has been created, but you can't reduce it. In Windows NT 4.0, you cannot modify the scope, which, as mentioned above, includes the address range and the subnet mask.

The bottom line is that in Windows NT 4.0, you can't change the scope once it's implemented - and the subnet mask is part of the scope. That's why it 's grayed out. (Actually, Mole would prefer it if the DHCP Manager interface would display both the range and subnet mask as grayed out, so it would be clear that neither one could be changed.)

The only way that the subnet mask (or a range if you're not using super scopes) can be changed is to delete the scope and then add a new one and the new subnet mask. To configure the DHCP scope, you must log on as administrator. This is not a trivial matter, as you need to consider the other DHCP servers, which need to have the same changes made, and the impact on the DHCP clients, who retain their current DHCP assignments. Messy stuff, unless you think ahead and take measures to assure that there won't be conflicting IP addresses used on the network, and that the DHCP servers are all handing out correct addresses following a change to the scope(s).

Mole's best advice? PLAN CAREFULLY, MAN.

And for heaven's sake, read this first:

  • 139904: How to Configure Your DHCP Server Scope

Got Questions? Mail the Mole

Communicate with Mole at [closed account]. Send him your toughest questions. And if you think you have a better answer than Mole's, or a different one, send that along, as well. Please include the following:

  • Your name

  • Your title

  • Your company

  • Your e-mail address

  • Your question/solution/compliment

Credits

Mole thanks Lon Collins once again.

We at Microsoft Corporation hope that the information in this work is valuable to you. Your use of the information contained in this work, however, is at your sole risk. All information in this work is provided "as -is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Microsoft Corporation. Microsoft Corporation shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages. All prices for products mentioned in this document are subject to change without notice.