Ask Dr. Bob Your NT Questions - 01 Dec 1997

Send us your tips and questions. You can also visit Bob Chronister's online Tricks & Traps at forums/index.html.

Q: I just started getting the message, "Not enough server storage is available to process this command." I have not done anything different. What's causing this message?

A common cause for this message has to do with the PagedPoolSize in the Windows NT Registry. If you receive this message, you might have a non-zero PagedPoolSize entry in the Registry. Open the Registry and go to the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Control\ Session Manager\Memory Management key. Set the PagedPoolSize value to 0. If you have to change this value, you will have to reboot your system.

Q: I have several servers with lots of RAM (at least 256MB in each machine), and I would like to optimize the file system performance. Can I speed up the file system activity on these machines?

Given the amount of RAM on these machines, you might want to change the IoPageLockLimit value in the Registry. You can usually speed up file system activity by increasing this value from its default setting of 512KB to 4096KB or more. This value specifies the number of bytes that Windows NT can set aside for I/O operations. When this value is 0, the system uses the default setting (512KB). The maximum value is roughly the equivalent of physical memory minus pad (memory set aside for the file so the system can access the file from memory), which is 7MB for a small system and grows as the amount of memory grows. For a 64MB system, pad is about 16MB; for a 512MB system, pad is about 64MB. Using your favorite Registry editor, go to the HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Session Manager\Memory Management key. Find the IoPageLockLimit value, and increase the default limit (512KB). Screen 1, page 226, shows the hex value for 4096 in this value.

Q: I have been getting access denied errors when I try to install software in Windows NT. I have one software package that refuses to install; otherwise, the problem is sporadic. Can you help?

A file with the read-only attribute can commonly cause such an install failure. This file often resides in the %SystemRoot% directory and its subdirectories. To display files in your NT directory that have the read-only attribute, type the following command at a Command Prompt:

dir %systemroot%\*.* /ar /s

Screen 2, page 226, shows this command's output: some printer files that are all read-only. You will want to write down the names of the files and use the Properties setting in NT Explorer to turn off the read value. If you prefer to use the Command Prompt, you can easily change one value of all files. Specifically, you can remove the read-only attribute from a file with the attrib command. To remove the read-only attribute from all files in the NT directory and subdirectories, type

attrib -r %systemroot%\*.* /s

However, for security reasons, I don't recommend taking this approach.

Q: I am running Windows NT 4.0 Workstation and want to replace my hard disk and upgrade my computer from a Pentium 166MHz to a Pentium II 266MHz. Will this upgrade cause problems for NT? Will I have to reinstall NT?

Assuming you are installing the same type of hard disk (i.e., SCSI or IDE), the upgrade is simple. Do a tape backup of the original hard disk (including the NT Registry). Put together the new system, and install NT (you have to install NT on the new hard disk before you can restore the NT backup). After you install NT, simply restore the tape and reboot. If the system fails to boot properly, you will have to reinstall NT (but only as an upgrade). I have upgraded successfully from Service Pack (SP) 3 to SP1 and then immediately added the SP3 update.

Q: I just read your column about hacking the Windows NT Registry to change the default spool directory. The Registry is the only way I know to change the spool directory for a specific printer, but you can change the global spool directory by doing the following:

    1. Double-click My Computer.
    2. Double-click Printers.
    3. Right-click in the printers window (in the empty space).
    4. Choose Server Properties.
    5. Choose the Advanced tab, and set the spooler location.

Can you please share this information with your readers?

You are indeed correct. In general, I like to avoid editing the Registry if possible. Your method does work. Thanks for pointing it out.

Q: How can I display drives, folders, and even network systems when NT Explorer opens?

You can control the manner in which the NT Explorer opens. Most of us have favorite places to store files on our systems, but we also want to see connections to routine network systems. To specify how the NT Explorer appears, you have to set some options on the shortcut properties. The proper syntax is

Explorer.exe \[/n\] \[/e\] \[/root,object\] \[\[/select\],subobject\]


/n opens a new window even if the NT Explorer window is already open. The /e value lets you use the Explorer view. The /root,object value lets you specify the root directory that NT Explorer opens into. The default root is the desktop. You can change this default setting by specifying a new root (this setting can be a network system). The /select value specifies what you see in NT Explorer.

I've set my NT Explorer to default to show me my F drive. I use the following syntax on the shortcut line, as you see in Screen 3:

%SystemRoot%\explorer.exe /select,F:\*.*

Now when I click NT Explorer, my F drive opens, as you see in Screen 4. You can open multiple instances of NT Explorer, so you can create several new shortcuts to NT Explorer and change the shortcut parameters. For example, to connect to my Primary Domain Controller (PDC) and connect to my D drive (must be a share name and one you have access to), the syntax is

%SystemRoot%\explorer.exe /e,/root,\\clydeone\clydeone-d\*.*

Screen 5 shows the window that NT Explorer opens with these settings. The obvious advantage to setting up NT Explorer in this fashion is the ability to copy and move files to and from my PDC and my drive F.

Q: I've recently seen major computer vendors selling preloaded Windows NT computers where they clone the NT Workstation setup, and thus clone the Security Accounts Manager (SAM) database. These vendors claim this practice is safe. Microsoft does not support this practice because the vendor is cloning the unique security identifier (SID) for each user as part of the workstation setup. Microsoft claims that you can't have duplicate SIDs and that having duplicates can cause problems with future releases of NT. Who's right and who's wrong?

This question is significant. The whole issue of cloning systems has created considerable confusion within the NT industry. Most of the confusion started with Microsoft stating that you can clone NT disk replication. However, when you carefully analyze the information in the Microsoft NT literature, you realize you can't clone a fully installed version of NT because you can't have duplicate primary SIDs (a combination of the computer name and username) on a network. In the case of cloning entire NT installations, Microsoft is right and the vendors are wrong. You can't clone fully installed NT installations. If you do, all primary SIDs will be the same and the network will fail. However, you can use cloning to assist you in mass rollouts of machines. Two methods come to mind.

Method 1
One correct procedure for cloning a system so that you create separate SIDs for each machine is as follows:

1. Start by modifying the Unattend.txt file so that user input is required for the ComputerName, User ID, and Password entries. For example, a standard UserData portion of an unattended text file will look similar to


FullName = "BobC"

OrgName = "Chronister Consultants"

ComputerName = BOB6

ProductId = 111-11111

Simply delete references to name (FullName), organization (OrgName), and computer name (ComputerName). You want to force the user to add this information when you place the cloned drive in a system and boot the system. When the NT installation enters the graphic phase, it will ask for the above information, thus making the SID unique to the machine and user on the network. Be certain that all other necessary information is in the unattended text file. This way, the installation will need only the information above supplied by the user.

2. If you plan on using Sysdiff.exe to add applications to a cloned NT disk, you need to generate any necessary sysdiff packages to install software and place the appropriate lines in Cmdlines.txt. You also need to create the necessary distribution directories. So, if you want to install Office 97 on multiple machines, you must include the difference files on the shared drive. For example, to install Office 97 on drive C, you create the folder I386\$OEM$\C\Msoffice on the share, create a Cmdlines.txt file in the $OEM$ folder, and add the line

SYSDIFF /apply /m Sysdiff_file

(The Sysdiff_file is the file made by Sysdiff /diff, and the /m flag remaps the file changes to the user profile for the default user. For more on using Sysdiff, see my column, "Tricks and Traps," May 1997.)

3. Set up a reference computer and install all necessary components. Start the unattended installation, but stop after the text mode phase by turning off the machine. You can now clone the reference drive you just made. Note that if you set up the reference computer properly, the drive will contain the temporary installation directory (i.e., the $WIN_NT$.~LS directory).

4. When the user turns on the new system, that user must supply a computer name, user ID, and password. Forcing the user to enter these values ensures that the machine creates a unique primary SID for the machine. For an NT network to work properly, you can't have multiple identical SIDs on the network.

Method 2
Another correct procedure for cloning a system is as follows:

1. Place all installation files including the I386 directory from the NT CD-ROM on a reference drive, and create the $OEM$ subdirectory.

2. Make the necessary Sysdiff difference files from the same reference computer, and add them to the $OEM$ subdirectory. Add the lines listed above to Cmdlines.txt.

3. Clone the reference drive you just created. Boot to an unattended installation disk, but point to the local I386 directory. In this situation, all installation files are local and the time for the installation is substantially shorter than a network installation. In fact, the only time you will have network traffic is when you boot to the network and when you create accounts on the network.

Q: What is a security identifier (SID), and why is it important? When I look in the Windows NT Registry, I just see a string of numbers. What do they mean?

When you install NT on a computer, NT assigns the computer a SID. NT computes a statistically unique 96-bit number (the SID) for each workstation, server, and Primary Domain Controller (PDC). For an NT Backup Domain Controller (BDC), the SID is identical to the PDC's SID (this arrangement explains why you can promote a BDC to a PDC and why a domain controller is always a domain controller).

SIDs are the identifiers that let NT networks identify individual machines and users on networks. The primary SID, a prefix of the SID, does not change even if you rename the machine. User SIDs are typically identified by the last set of digits in the string of numbers comprising the SID.

SIDs are typically shown in a standardized notation consisting of



S identifies the series of digits as a SID

R identifies the revision level

I identifies the identifier-authority value

S identifies the subauthority values

You can write a SID in notation as S-1-5-32-544, where the SID has a revision level of 1, an identifier-authority value of 5, a first subauthority value of 32, and a second subauthority value of 544.

NT Setup generates a primary SID, for all local user accounts and group accounts created on a particular computer. NT concatenates the primary SID with the Relative Identifier (RID) for the user account to create the account's unique identifier. If two systems have the same primary SID (i.e., cloning one NT installation creates multiple identical SIDs), the first accounts that NT creates on each cloned system will be identical because the SIDs will be the same on these machines.

You can use Regedt32.exe to view the local user's SID and see the primary SID. If you create several local accounts, you will see a separate SID for each account when you log on as each user. Examples of local machine accounts on one of my systems are

S-1-5-21-1386095753-747252464-832717053-500 Administrator

S-1-5-21-1386095753-747252464-832717053-1002 BIGCLYDE

S-1-5-21-1386095753-747252464-832717053-1024 OpenStor

S-1-5-21-1386095753-747252464-832717053-1032 Repl

Notice that NT increments only the last four digits as you add new accounts. This uniqueness lets local users have rights on other computers and have user-specific access to resources. If every SID were the same number, you would have no way of managing security for any shares (ownership would be compromised).

The HKEY_LOCAL_MACHINE\System\CurrentControlSet\ControlHiveList key in the Registry lists all hives (i.e., user profiles) that are active, but it doesn't list any user profiles that are not active. The ProfileList subkey lists all user profiles known on the computer and whether the profiles are active under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\SID_# key.

Each installed user profile has a subkey under the ProfileList subkey, and that subkey contains the following entry:

ProfileImagePath REG_EXPAND_SZ

Range: Profile hive filename
Default: %SystemRoot%\system32\config\hiveFilename

This entry specifies the path and filename for the hive for this user. The hive filename that is the value for ProfileImagePath includes a portion of the username associated with that SID_#, so that you can identify the user to which it belongs.


Range: Number assigned by system

This entry specifies the SID in binary or hex.

Problems That Can Occur with SIDs
If you are aware of the problems that you might encounter with SIDs, you can avoid certain pitfalls associated with assigning them. For example, what do you do when the server's computer name and your computer name both claim to be an NT domain controller for the domain? Remove one of the servers from the domain because each server has a different SID. This problem can happen if you place identically named domains from different networks on the same network.

Likewise, what happens to the SIDs when you change domain names? You can rename a domain in the following order:

1. You must change the Primary Domain Controller's (PDC's) domain name first.

2. You must change the domain name on all other computers in the domain to the new domain name. (The only way you can separate a machine from its domain's SID is by reinstalling NT. Therefore, to change a domain's SID, you must reinstall NT Server.) Note: No SIDs will change in this procedure; only the domain name changes.

Finally, suppose you have multiple PDCs on your network and that the administrator shuts down a PDC and installs a new one. If the original PDC comes back online at some point (in this situation, the PDCs have different primary SIDs), the NetLogon service discovers multiple PDCs on the network. NetLogon fails, and the original PDC can no longer participate in the domain. You need to remove one of the PDCs.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.