Peer-to-Peer Questions #11: Partitioning Windows 98 & NT, Promoting a BDC to PDC, Enforcing Passwords

  • Article

September 3, 1999

Editors Note This article, culled from the TechNet Web site (https://www.microsoft.com/technet), answers the most interesting questions received on the peer -to-peer discussion groups over the past few weeks. To post your own questions, visit the TechNet discussion groups at https://www.microsoft.com/technet/community/newsgroups/default.mspx.

On This Page

Q: How do I partition a Windows 98 OS physical hard drive so that I can install and Dual Boot Windows NT Server?

Q: Say you've determined that you need to beef-up your PDC. So you acquire a new machine with more hard disk space and maybe a faster processor and install Windows NT Server, choosing to make this a BDC. Now you want to replace the current PDC with new, faster machine (currently a BDC). What's the most reliable and timely way to do this?

Q: How do I partition a Windows 98 OS physical hard drive so that I can install and Dual Boot Windows NT Server?

A: What it boils down to is you put in the Windows NT CD and run the Windows NT setup program WINNT.EXE. Windows NT will recognize that you already have Windows installed and you just need to specify where to install the Windows NT files.

During installation, specify either a different hard drive or at least a directory other than where Windows 98 is installed. Don't format the C drive (which should be formatted as FAT-16 if you want to dual boot). During installation you can format the D drive as NTFS if you want, but partition it before you install Windows NT by using FDISK.

A good document to read before you start is the Windows 98 "Setup.txt" file. It is either on your Windows 98 CD or on your current Win98 installation on the hard disk. Open this in Notepad and search for "DUAL-BOOT CONFIGURATION"—it should be the second occurrence. Note that where it says to edit the boot.ini file and specify the location of Windows NT—the example below, copied from the setup.txt document, has NT installed on the C drive in the Winnt directory. If you choose to install Windows NT on the D drive, \Winnt directory, then the line would read:

D:\Winnt="Windows NT 4.0"

[operating systems]

C:\Winnt="Windows NT 4.0"

And now a few suggestions:

  • Backup your data files (Word docs, Excel, email messages, etc.—don't have to backup the program files like Word or Excel—just your own files you can't afford to lose.)

  • The C: drive should NOT be compressed. It should be formatted for FAT16 , not FAT 32, because Windows NT doesn't support FAT 32.

  • If you haven't done so already, create a second partition on your hard drive (this would be drive D.)

  • Before you install Windows NT, it is highly recommended that you have a Windows 98 Emergency Startup Disk. If you haven't created one, here's how:

    Click Start, point to Settings, and then click Control Panel.

    Double-click Add/Remove Programs.

    On the Start Disk tab, click Create Disk.

  • Install Windows NT and specify the D drive as the drive. You can choose to format D: as NTFS to experiment with that functionality. A reminder: You can't read that partition from Windows 98. Windows 98 cannot read an NTFS partition and Windows NT is not designed to read a FAT32 partition.

Q: Say you've determined that you need to beef-up your PDC. So you acquire a new machine with more hard disk space and maybe a faster processor and install Windows NT Server, choosing to make this a BDC. Now you want to replace the current PDC with new, faster machine (currently a BDC). What's the most reliable and timely way to do this?

A: In Windows NT, this is called "Promoting a BDC to PDC." There are some things to consider when promoting a BDC.

  • The first thing to do is to backup the PDC—and this includes the registry. When you run NTBACKUP, specify to backup the Windows NT registry files.

  • When you say "copy all of the info off the PDC," I am assuming that you are referring to copying all account information including user accounts, computer accounts, trust relationships, etc. Anything that has to do with what a PDC is there for—from the PDC to the BDC (which will become the new PDC).

  • To make everything work smoothly, it is best to ensure that the PDC is available, on the network, when you promote the BDC.

Have the same Windows NT Version AND Service Pack version installed on both the current PDC and on the BDC that will be promoted. If they are not running the same Service Pack, install it on the BDC and then the PDC—after performing appropriate testing for your environment. If the Service Pack version is not the same, then the following problem will occur (from Knowledge Base article Q197488): Access Denied When Attempting to Promote a BDC to PDC.

  • You receive an "Access Denied" message you when attempt to promote a backup domain controller (BDC) to primary domain controller (PDC) after you apply Service Pack 4 to one or more domain controllers. This message occurs if you attempt to perform the promotion from a domain controller running Windows NT 4.0 Service Pack 3.

  • Service Pack 4 upgrades Windows NT 4.0 security making domain controller promotion from a computer running Windows NT 4.0 Service Pack 3 impossible.

  • To resolve this problem, perform the promotion from a domain controller running Windows NT 4.0 Service Pack 4.

A Side Note Before installing any Service Pack, you should make sure that you have a working backup of your system.

Another article worth reading:

  • Q139056: Promoting Windows NT BDC Does Not Close Client Connections

This article describes a misleading warning message that occurs when you promote a Windows NT BDC to a PDC. So, to promote a backup domain controller to primary domain controller:

  • Select a backup domain controller from the list of computers in the Server Manager window. Choose a computer that is capable of reliably handling high network traffic loads.

  • On the Computer menu, click "Promote To Primary Domain Controller". If it is available, the former primary domain controller is demoted to backup domain controller status.

Q: How to enforce strong passwords? Is there a registry hack or some magic that can be applied to Windows NT to enforce the use of strong passwords? What exactly are the requirements for strong passwords, anyway?

A: Windows NT 4.0 Service Pack 2 introduces a new DLL file (Passfilt.dll) that lets you to enforce stronger password requirements for users. Passfilt.dll provides enhanced security against "password guessing" or "dictionary attacks" by outside intruders. Please review Knowledge Base article Q161990: How to Enable Strong Password Functionality in Windows NT for additional information. Service Pack fixes are cumulative, so this DLL is included in Service Pack 2 and above.

Passfilt.dll implements the following password policy:

  • Passwords must be at least six (6) characters long.

  • Passwords must contain characters from at least three (3) of the following four (4) classes:

Description

Examples

English upper case letters

A, B, C, ... Z

English lower case letters

a, b, c, ... z

Westernized Arabic numerals

0, 1, 2, ... 9

Non-alphanumeric ("special characters") such as punctuation symbols

 
  • Passwords may not contain your user name or any part of your full name.

Something else to look at:

There is a utility in the MS Windows NT 4.0 Resource Kit, Supplement 4 Utilities called "Passprop.exe", and this is what it does:

Provides functionality not available in User Manager. Allows policies to force complex passwords that contain a mix of upper and lowercase letters and numbers or symbols, and the ability to lock out an administrator's account over the network, but still allowing an administrator to log on interactively on domain controllers.

That is it for now.

We at Microsoft Corporation hope that the information in this work is valuable to you. Your use of the information contained in this work, however, is at your sole risk. All information in this work is provided "as -is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Microsoft Corporation. Microsoft Corporation shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.