Favorite Tips of IT Professionals (December 1999, NT)
|Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.|
Archived content - No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
T-Shirts for Tipsters
We were very impressed by the Windows NT tips submitted by IT Professionals for the T-Shirts for Tipsters contest. The Windows NT product support team combed through them all and selected the very best to share with you.
Congratulations to the December winners!
Information Systems Manage
In creating user names in Windows NT and SMTP e-mail address designations, I have found a simple, efficient way of naming users. Simply use the first six letters of their first name followed by their first initial. In the case of two or more users with the same ID, append a numeric digit (such as DoeJ1). If a user has fewer than six letters in their last name, just use what they have. This method keeps IDs short, easy to remember, and easy to type. There is nothing worse than having to send mail to users such as email@example.com because you really never know if you are even close in getting to the right person. But this method solves that problem.
NT Server Administrator
There are several command-line commands in Windows NT Server to administer security. One of my favorites is net localgroup.
I use net localgroup in batch format when I have to add or remove several users from a local group, or groups. I build my script in Microsoft Excel, then export the spreadsheet as a text file. Then I tweak the text file to remove commas or spaces, and run the batch file from a prompt command interface.
Works great! For information, type net localgroup /? at a server command prompt.
Editor's Note This works for local workgroups, not global workgroups.
EDS-Sr Infrastructure Specialist
I was called to determine why IIS was suddenly reporting the obscure 80004005 error on a previously working Web application.
Based on the message
OLE DB Provider eror ODBC Drivers error... Data Source Name not found...
I first verified that indeed the System DSN was in place.
Since it was, I suspected a registry permission problem. I installed SysInternals' NTRegMon (http://www.sysinternals.com/ntw2k/source/regmon.shtml) and traced the registry calls while attempting to start the Web-based application.
Sure enough, I found Access Denied on three particular registry keys, modified them, and the application successfuly launched.
Editor's Note If you would like further information on this topic, see KB articles 238971 http://support.microsoft.com/default.aspx?scid=kb;en-us;238971&sd=tech and 183060 http://support.microsoft.com/default.aspx?scid=kb;en-us;171781&sd=tech.
Jim Hart, MCSE
Senior Technology Specialist
MCV Global Systems, Inc.
Add Register / Unregister (using regsvr32) to the right-click shortcut menu for .dlls.
This tip is especially helpful for developers. Many times you would like to be able to quickly register or unregister a dll when you make changes to it. This tip will help you do so.
Using Regedit, browse to the key:
Add one key called Register and one called Unregister.
Under each of these keys add another key called Command.
Double click on the (default) in the right-hand pane.
For Register, enter the value regsvr32 %1.
For unregister, enter the value regsvr32 %1 /U.
Note: As always, editing the registry can be dangerous. Be sure to back it up, and have a current Emergency Repair Disk (ERD) available.
Editor's Note Microsoft also recommends that you always back up your registry before altering it.
Van Leeuwen Pipe & Tube
Systems and Telecommunications
For Windows NT, an icon to lock the workstation. I'm sure you guys already know this, but I gotta try to get one of those T-shirts!!! Create a shortcut to %windir%\System32\rundll32.exeuser32.dll,LockWorkStation.
You can then go to the properties of the shortcut and pick the groovy lock. Click this shortcut to lock the workstation.
Assistant Vice President
Changing the "My Documents" Location
Several applications such as the Microsoft Office suite utilize a directory known as My Documents. Such applications will load and save documents to this directory by default. Under Windows NT, the location of this directory is <d:>\Winnt\Profiles\<username>\Personal, where <d:> is the drive on which NT is installed and <username> is the login ID of the current user.
However, if you're like me, you may save your Office documents in another location. For example, for the last few years I have been saving my documents in the directory D:\My Documents. For convenience's sake, I would like applications using the My Documents directory to point to my own directory instead of the default one.
The answer involves a simple registry change. Using the Registry Editor (REGEDIT.EXE), open the key HKEY_CURRENT_USER \Software \Microsoft \Windows \CurrentVersion \Explorer \User Shell Folders. Under this key, you will see a value named Personal with the default value of %USERPROFILE%\Personal. Simply double-click the value name and change the value data field to the directory of your own choosing (e.g., D:\My Documents). The setting will not take effect until you've rebooted.
Editor's Note As always, altering the registry can be dangerous. Always create a backup before proceeding and have an ERD on hand.
Do you know that you can install printer driver remotely for Windows NT 4.0 Workstation? YES, you can.
How do you do it?
Make sure you have Administrator rights to the machine.
Log on to your local workstation.
Click Start, Find, and your computer name (for example, PAR1234)
Once it finds the computer, double-click it. By default all Windows NT 4.0 Workstations share the Printer folder, so you will see it automatically if it's not logged on to a local machine.
Double-click the Printer folder.
Double-click Add Printer.
The Add Printer Wizard will open. Then choose the default, which is Remote Print Server \\computer name , and click Next.
Choose your port. Is it going to be a local or network printer ? Then click Next.
Choose correct printer driver, manufacturer, and printer model. Then click Next.
Type in the printer name, and click Next.
Specify whether you want this printer to share or not share. Click Next.
Specify whether you want to do a test page. Then click Next.
Insert or locate the i386 folder for printer, or if you have the printer driver on diskette you can specify it; for example: C:\i386 or a:\*.inf.
Once the driver is installed, you will see the icon.
You are done with installing a printer driver remotely.
This saves me a lot of trips and time.
Russell G. Fifer, MCSE, MCP+I
Solution Quest, Inc.
Hide that Administrator Account!
Everyone knows the security risks involved with a Web server on the Internet. The last thing you need is someone with your Administrator username and password. Here's an easy way to protect your server:
Rename the Administrator account to a more obscure name and give it a good password.
Create a "dummy" Administrator account, also with a good password.
Delete this dummy user from the User group and add it to the Guest group. Now this account only has guest privileges.
In Policies/User Rights, remove the Access computer from the network right. Now a person must physically be at the computer's console to log on to this account.
Now a would-be attacker will waste their time with your fake Administrator account, and you would hopefully monitor this activity in your logs and take further security actions.
When programming or performing hardware repairs, you reboot a lot.
One of my favorite timesavers is: On the Shutdown screen, move the radio button to Restart The Computer, but before you hit return (or whatever) hold the SHIFT key down. This reboots Windows only, and doesn't restart the hardware devices.
A pretty good time saver for lots of rebooting :)
Independent Web Infrastructure Consultant (Rey & Associates)
Using CACLS to Secure Web Sites
In many situations, NTFS security on Web sites can be set on either an individual directory or sometimes an individual file. Use CACLS to modify the ACLs/ACEs on directories and files. This command allows you to add the anonymous account with no access (which will secure a Web site to the NTFS permissions along with the settings from the MMC), secure a particular account to access an entire Web site without disturbing permissions that already exist, etc.
Computer Systems Administrator
Windows NT Tip:
Do you frequently copy files to a particular drive or folder? You can speed up this process by adding the destination to your Send To list. Your Send To folder is located in your profile folder -- generally %systemroot%\profiles\your username . To add a folder or drive, simply drag the folder or drive icon using the right mouse button to the Send To folder and select Create Shortcut.
Now when you want to copy a file to the drive or folder, right-click the file, select Send To and select the appropriate location.