I've just inherited a network that contains Windows 2000 and Windows NT machines. (NT remains the primary server platform.) I need to add new computers and delete old ones. What's the best way to accomplish this task?
All you need is the tried-and-true DOS batch file that lets you add workstations and servers that aren't domain controllers. You simply use the Net Computer command-line utility, which uses the following syntax:
net computer \\computername
You can use the /add or /delete switch. In the following example, the utility adds four new machine accounts to the domain:
net computer \\bob1 /add net computer \\bob2 /add net computer \\bob3 /add net computer \\bob4 /add net computer \\nt5 /add
To add machine accounts to the Server Manager database, run this utility on the PDC. An administrator can easily synchronize these accounts to a BDC. The /delete switch removes machine accounts from the domain.
Considering the recent frequency of intruders destroying systems, I need to add security to my Windows NT systems to help prevent open ports. Should I implement C2 security for as many ports as possible?
The basic NT architecture presents an inherent vulnerability. NT services use netbt.sys (i.e., NetBIOS over TCP/IP—NetBT), which opens TCP port 139 and UDP ports 137 and 138. As a result, a user-mode program can listen to these ports. This problem exists on all systems running NT 4.0 Service Pack 6a (SP6a) or earlier.
Fortunately, a post-SP6a hotfix or C2 update, in conjunction with a Registry change, handles the problem. To obtain Netbt-fix, go to ftp://ftp.microsoft.com/bussys/winnt/winnt-public/
fixes/usa/nt40/hotfixes-postsp6a/ c2-fix/. Then, go to the HKEY_LOCAL_ MACHINE\SYSTEM\CurrentControlSet\ Services\NetBT\Parameters Registry key and modify (or create) the value EnablePortLocking of type REG_ DWORD. The default value of 0 allows file share access, whereas a value of 1 disallows file share access.
After you apply Netbt-fix and set the value of EnablePortLocking to 1, the system denies user-mode programs access to the aforementioned TCP and UDP ports and enables C2 compliance. C2 security dictates that the system doesn't let any unprivileged user-mode program listen to the TCP and UDP ports. This rule holds regardless of the encryption placed on the NT service traffic that uses these ports. (By default, Windows 2000 doesn't allow file share access to the ports.)
My company has notebook PCs from several manufacturers. All the notebooks run Windows NT 4.0. Some of these machines use the TrackPoint device, and others use the touchpad device. However, I notice problems when I use a mouse on these notebooks. Occasionally, the mouse pointer goes insane: Screens open randomly, the notebook starts beeping, and finally, the pointer simply disappears. Do you know what is happening?
I've seen this behavior in notebooks that use the IBM Ps2 TrackPoint driver and TrackPoint configuration software. Changing the mouse driver or uninstalling the software won't help. To solve your problem, open the TrackPoint application and set the scrolling type to None.
My company uses the IMP80 Oracle command-line import utility on Windows NT Workstation 4.0 machines running Service Pack 6 (SP6). The machines contain 512MB of RAM. When I use this utility, I get Unable to allocate enough memory for statement error messages—for a 30MB database. I tried increasing the system's virtual memory to 1024MB, but the problem remains. What am I doing wrong?
When large database programs such as Oracle import a database, they attempt to occupy space in virtual memory simply because the space is available. Set your virtual memory to at least 2GB, and the import should proceed successfully.
I can't get my ATI Technologies 3D PRO TURBO video card to accept resolution greater than 640 x 480. Can you tell me how to get better resolution?
You need to obtain an updated driver from ATI's Web site (http://support .atitech.ca/drivers/drivers.html). Download the Windows NT driver version 3.1.76 or later display driver set. The self-extracting file contains the latest ATI display driver for NT 4.0. You use the standard NT configuration utilities to install and configure the display driver. Or simply buy a more recent video card—they're not very expensive.
My company's engineering department is looking into new source-control tools. We're using Microsoft Visual SourceSafe, but we need a change-management tool that works well in a heterogeneous environment. We also need a tool that has hooks into niche compilers such as the ARM Developer Kit. Do you have any experience with Windows NT-based source-control tools such as Rational Software's ClearCase?
I've worked with ClearCase. Although early versions of ClearCase require a UNIX back end if you use ClearCase in a mixed OS environment, version 4.1 overcomes this requirement. You can now run ClearCase from an NT server in a mixed OS environment.
ClearCase is a powerful tool that goes beyond source control. I consider ClearCase more of a process-control tool with change-management capabilities. Rational Software's ClearQuest builds on ClearCase by integrating strong project-management functions. Rational Software has been around for a long time and is well respected in the source-control arena.
If you're looking for a source-control tool that runs with an NT back end, look at StarBase's StarTeam. StarTeam doesn't have hooks into the ARM Developer Kit, but you can still use Windows Explorer to check software in and out. StarTeam offers a UNIX client that you can run from the command line or from a Java-enabled browser.
I need to upgrade my IBM ThinkPad 600's hard disk. I upgraded the hard disk once before by purchasing a new disk and reinstalling the OS and applications. However, I don't want to go through that process again because I have too much invested in my current configuration. Do you recommend Symantec's Norton Ghost?
If you use Ghost, you'll need to attach your existing disk and your new disk to a PC to replicate the existing disk. A better option might be to consider some of the new hard disk upgrade kits on the market. Many of these kits come with a PC Card and software that let you replicate your old disk onto the new disk. The kits work with Windows 2000, Windows NT 4.0, and Windows 9x. I've used Kingston Technology's StrataDrive kits to upgrade disks in the IBM ThinkPad 600E and ThinkPad 560 without difficulty.
If you obtain a large disk for the ThinkPad 600, make sure you have Logical Block Addressing (LBA) support. (LBA is a BIOS enhancement that lets you use large disks.) Hard disk upgrade kits will upgrade your disk regardless of whether you have LBA support, and you might not realize the disk isn't working properly until too late.
I recently lost my Web server to a Windows NT blue screen, and I didn't have a backup. The server, which was running Microsoft SQL Server 7.0, has a RAID controller that NT doesn't natively detect. If I use the manufacturer's automated installation process to recover the system, the system will reformat the primary disk and I'll lose any chance of recovering the SQL Server database. If I install Windows 2000, which has native drivers for the RAID controller, will the system let me rename the old SQL Server directories, install SQL Server into the default directory, and rename the old directories back to their default installation names?
The workaround you're considering rescued me from disaster when I was running SQL Server 6.5. Unfortunately, the process won't work in SQL Server 7.0. SQL Server 7.0 contains stored procedures that can address your problem, but you need to perform a few preparatory tasks.
First, get either Win2K or NT 4.0 running on the server again without reformatting the disks. Second, rename your old SQL Server directories and reinstall SQL Server. Next, copy your old .mdf and .ldf files from your database to the SQL Server data directory. You can manually type this query in ISQL/w, but an easier way to accomplish this task is to bring up SQL Server Books Online (BOL) and perform a search for SP_ attach_db. When you search the body of the stored procedure description, you'll see the following sample script:
exec sp_attach 'pubs', 'C:\mssql7\data\pubs.mdf', 'C:\mssql7\data\pubs_log.ldf'
In the sample script, substitute the listed pubs database with your old database name. Also, change the file pathnames to the renamed SQL Server directories that you created. Then, run the query. Your database will be live again. For this workaround to work properly, you need to keep the database names consistent. Also, to get your Web server running again, you might need to recreate the database's Data Source Name (DSN).
