The Mole #27: Technical Answers from Inside Microsoft - Windows Shutdown, Monitoring Security, SQL Server, Server Validation

  • Article

January 31, 2000

Editors Note The questions and answers below are from the Inside Microsoft column that appears regularly on the TechNet Web site at the following location: https://www.microsoft.com/technet/community/columns/insider/default.mspx. To find out how to submit questions of your own, see the end of this article or go to https://www.microsoft.com/technet/community/columns/insider/default.mspx.

The TechNet Mole provides expert answers from deep within Microsoft to questions from IT professionals. This installment focuses on these issues:

Subterranean Windows Shutdown Blues

Big Brother wants to watch you: Monitoring security change events

SQL Server on the Internet: What about security?

Which Server do I Want to Validate Me?

Backtalk: Changing the default mail client

On This Page

Subterranean Windows Shutdown Blues

Big Brother wants to watch you: Monitoring security change events

SQL Server on the Internet: What about security?

Which Server do I Want to Validate Me?

Backtalk: Changing the default mail client

Credits

Subterranean Windows Shutdown Blues

Mole,

I have a problem with several of my Win98 ATX machines. When I shut them down, I always end at the "Closing Windows" picture, and I have to crawl down under my desk, reach around the backside of the cabinet to shut them down.

Do you have a cure for this disease??

Steen Karlshøj, Denmark

Steen,

If you're sure you don't want or need the extra exercise provided by your shutdown problem, Mole can suggest several solutions. Be advised that all are specific to Windows 98 "regular." If you're running Second Edition, stop reading now.

First scenario. Fast shutdown is disabled.

One likely diagnosis is that your computer uses Advanced Configuration and Power Interface (ACPI) and the Fast Shutdown feature is disabled. If this is the case, you have your choice between 1) a hot fix and 2) a workaround. The pros and cons? Read on.

  1. The hotfix. As with other hotfixes, this one is supported but not regression-tested, so there's a certain element of risk involved. You can get the hotfix by contacting Microsoft Product Support Services. Given that this is a known problem, not some bit of arcana you witched up yourself, the chance of being charged for a support incident is about .00001%. And a word of caution to Mole readers not currently experiencing the problem Steen describes. Leave this one alone. There's no sense taking strong medicine to treat a disease of which you exhibit no symptoms.

    The workaround. Enable Fast Shutdown, as follows.

    • Click Start, point to Programs, point to Accessories, point to System tools, and then click System Information.

    • On the Tools menu, click System Configuration Utility.

    • On the General tab, click Advanced.

    • Click the Disable Fast Shutdown check box to clear it, click OK, and then click OK again.

    • Click Yes when you are prompted to restart your computer.

Scenario two. The anti-virus theory.

A second reason for this non-shutdown anomaly might be related to anti-virus software. McAfee or Norton anti-virus programs that scan your floppy disk drive when you shut down can cause this problem. Again you have two choices, resolve or work around.

  1. Resolve: Contact the manufacturer of your anti-virus program and ask about a hotfix.

  2. Work-around: Configure your anti-virus program to not scan floppy disk drives when you shut down your computer.

And now, a word from our legal department: "The third-party products discussed in this article are manufactured by vendors independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding these products' performance or reliability." Blah blah blah. Do not use in combination with other medications. Look both ways. For authorized use only. Information is provided to you free of charge, "as is." You know.

Oh yeah, a reminder. If you disable the Standard Floppy Disk Controller device in Device Manager, your computer may hang when you shut it down. The only known workaround for this is more crawling: Turn the computer off manually after it hangs at the shutdown screen. No hotfix is available for this one.

Finally, Mole wonders just why you object to spending time on all fours. After all, you could do some yoga while you're down there. See things from a different perspective. And just think, if the protagonist of Being John Malkovich hadn't been crawling around in dusty spaces, he never would have found the portal. Now would he?

Yours,

Mole

Big Brother wants to watch you: Monitoring security change events

Hi Mole,

How can I programmatically detect security change events such as: delete/disable/enable user accounts?

Nam Le, Software engineer

Dear Nam Le,

Good question, man. And the good news is, you won't be writing any custom code to monitor user account changes. The Auditing function built into Windows NT allows you to enable auditing, select the items to monitor and specify actions in response, according to your own designated criteria.

To activate security event logging, follow these steps:

  • Log on as the administrator of the local workstation.

  • Click the Start button, point to Programs, point to Administrative Tools, and then click User Manager.

  • On the Policies menu, click Audit.

  • Click the Audit These Events option.

  • Enable the options you want to use.

Once auditing is enabled, you can use Windows NT's Event Viewer to monitor the Security event log for the types of events you select.

Actually, this sounds like more fun than it is. Sitting there staring at the Event Viewer Screen gets tiresome after about four seconds. After four hours, the human brain turns to marshmallow. Call this Truth in Computing. What you really want is some way to be notified of these events wherever you happen to be, at any time, day or night, right? Mole thought so.

In this case, you need to turn to one of many third party solutions that provide this capability. Some of those companies include IPSentry (https://www.ipsentry.com/), Blue Lance (https://www.bluelance.com/), and Tivoli (https://www.tivoli.com/), just to name a few. Mole knows there's a whole bunch more out there—from your favorite browser, query on "Windows NT security" to find the one that best meets your criteria. And scan up the page a bit to the legal eagle disclaimer. Here, as above, Microsoft does not endorse any particular third party product. (Here Mole shrugs, to express his innocence of commercial considerations.)

Which does not mean he's above plugging a book he thinks would be of value MS Windows NT 4.0 Security, Audit, and Control by Microsoft Press. Good read.

Regards,

Mole

SQL Server on the Internet: What about security?

Dear Mole,

My ISP hosts my Windows NT 4.0 Server running IIS 4. I have some applications that I would like to deploy that require SQL 7.0. If I install SQL 7.0 on my Windows NT box that is hosted by my ISP, is it possible to make the SQL databases secure even though they are on a web server right on the Internet? If so, are there any whitepapers available that specifically state what should be changed and don't simply discuss theories of security with SQL?

Jay Griffin

Dear Jay,

As you may or may not know, all Windows NT security features are fully integrated into SQL Server for the first time in version 7.0. And yes, there is a magnificent whitepaper about Microsoft SQL Server 7.0 Security. Nitty gritty, specific, with lines and lines of code. It even gives explicit instructions for maintaining database security while upgrading from 6.5. All of this is stuff you'll want to implement no matter where your database resides.

The second issue is Internet security. It sounds as if you've already found SQL Server: Strategies for the Internet (https://support.microsoft.com/support/SQL/Content/SQL65/sqlinet.asp)

, an inspiring if largely visionary document. If you nose around the SQL Server section of the TechNet CD, you'll find a lot of resources, including a first-rate, hands-on kind of paper about Configuring Proxy Server for SQL Server Replication over the Internet. Bingo. This one is all about security.

If you're thinking e-commerce, SQL Server makes a good team member. Among the customer solutions case studies, check out the story of Madge.web at https://www.microsoft.com/customers/details.asp?solid=2671. This company made use of a number of the components you enumerate to implement secure online billing.

Here's something else to keep in mind. The people who know SQL Server love SQL server, with the result that this product generates one of the liveliest peer support communities Mole's seen. If you have specific questions, join one of the discussion groups or tune into one of the regularly scheduled chats and direct your questions to a genuine expert. You'll find a roster of possibilities at https://www.microsoft.com/technet/prodtechnol/sql/default.mspx. Mole's a mere generalist compared to these folks.

Finally, Mole suggests you have a little chat with that ISP you mention in your mail. After all, you pay this guy, don't you?

Cheers.

The Furry One

Which Server do I Want to Validate Me?

Mole,

Recently I heard in the coffee-room that someone somewhere had a utility that allows a LAN Manager to explicitly tell a WIN 95 client workstation to validate at a specific Windows NT server. It allowed up to three servers to be identified, with Priority 1, 2, etc.

Heard any news? Is it on the site?

Don Bews, Systems Analyst

Greetings, Don,

Mole is presently consuming his third large cup of Seattle's finest Sumatran blend, but even that doesn't alter the fact that the only way he knows to designate a specific logon server is using the %logonserver% environment variable on a Windows NT Workstation client. Nothing about Windows 9x clients, or wild coffee room rumors.

You might want to investigate the KiXtart utility, available at no charge from—where else?—the KiXtart Web site: https://www.kixtart.to. You can do just about anything with KiXtart that your caffeine-craving brain can conceive.

You know what Mole thinks, really? He thinks that your buddies in the coffee room were chatting about System Management Server, which does allow you to do just what you asked about.

This can be accomplished by substituting a specified logon server (or servers) for the domain entry in the [workgroup] section of the Smsls.ini file (located in the Sms\Site.srv\Maincfg.box directory of the site server).

A sample [workgroup] section specifying that all users in WorkgroupA use logon server ServerA or ServerB, and that users in WorkgroupB use the logon server ServerC would look like this:

[workgroup]

WorkgroupA=\\ServerAWorkgroupA=\\ServerBWorkgroupB=\\ServerCNo, Systems Management Server isn't a little utility that you can download—it's a real live server application that lives in the BackOffice suite. Check it out.

Make that a double.

Mole

Backtalk: Changing the default mail client

Just read your response to a query on how to determine the default MAPI client in the TechNet and hoped you would be able to help. My problem is that in Outlook Express 5.0 when the button under tools, options, general that reads "This application is the default mail handler" - there is no apparent way of undoing this.

How would you reset Outlook 97/98/2000 as the default MAPI client? The only way I can find to do this is to reinstall the program. Is there a registry setting that holds the default MAPI client details?

Andrew Hicks, Technical Consultant

Andrew,

No need to mess about with the registry or reinstall. The following applies to Outlook 97, 98, and Outlook 2000. To change the default mail client to be Outlook, first Start Internet Explorer. Then, within Internet Explorer:

Internet Explorer 5:

  • On the Tools menu, click Internet Options.

  • Click the Programs tab.

  • In the E-mail list, click Microsoft Outlook.

  • Click OK.

Internet Explorer 4.x:

  • On the View menu, click Internet Options.

  • Click the Programs tab.

  • In the Mail list, click Microsoft Outlook.

  • Click OK.

Regards,

Mole

Credits

Mole is, as usual, much in the debt of Mr. Lon Collins.

We at Microsoft Corporation hope that the information in this work is valuable to you. Your use of the information contained in this work, however, is at your sole risk. All information in this work is provided "as -is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Microsoft Corporation. Microsoft Corporation shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages. All prices for products mentioned in this document are subject to change without notice.