Windows XP and 2000 Tips & Tricks UPDATE, May 12, 2003

Windows XP and 2000 Tips & Tricks UPDATE—brought to you by the Windows & .NET Magazine Network and the Windows 2000 FAQ site
http://www.windowsitpro.com

THIS ISSUE SPONSORED BY

Aelita Software
http://www.aelita.com/tiptricks0512

Windows & .NET Magazine
http://www.winnetmag.com/rd.cfm?code=edwi203dup

SPONSOR: AELITA SOFTWARE

Take Control of your Active Directory Register for a FREE Aelita Web seminar and learn how to take control of your changing Active Directory environment. In only one hour you’ll learn how to * Securely "prune & graft" with ZeroIMPACT(tm) on users
* Restructure your entire Active Directory with complete coexistence
* Get a free Aelita illuminated pen for attending
Hurry -- seating is limited!
http://www.aelita.com/tiptricks0512

May 12, 2003—In this issue:

1. COMMENTARY

2. FAQS

Q. How can I optimize the Server service for memory use or network throughput?
Q. How can I configure my system cache setting?
Q. How can I enable a Network Time Protocol (NTP) server?
Q. Why can't I access the encrypted data on my clustered shared disk?
Q. Why can't my users encrypt files on a Windows 2000 domain controller (DC)?
Q. How can I delete cached copies of roaming profiles in Windows 2000 and later?
Q. How can I install Windows Server 2003, Standard Edition?

3. HOT RELEASE (ADVERTISEMENT)

4. ANNOUNCEMENTS

Get the eBook That Will Help You Get Certified!
Cast Your Vote in Our Annual Readers' Choice Awards!

5. CONTACT US

See this section for a list of ways to contact us.

1. COMMENTARY
(contributed by John Savill, FAQ Editor, [email protected])

This week, I tell you how to optimize the Server service in Windows NT and later, how to configure the system cache setting, and how to enable a Network Time Protocol (NTP) server. I also explain why you might not be able to access encrypted data on a clustered shared disk, why you can't encrypt files on a Windows 2000 domain controller (DC), how to delete cached copies of roaming profiles in Win2K and later, and how to install Windows Server 2003, Standard Edition.

Around the industry this week, Microsoft has confirmed that the first beta for the next version of Windows (code-named Longhorn) will be available in 2004 and the final production release will be available in 2005. According to my sources, Microsoft has also confirmed that Windows XP Service Pack 2 (SP2) will support two concurrent XP sessions (1 local, 1 remote).

SPONSOR: WINDOWS & .NET MAGAZINE

Try Windows & .NET Magazine at 25% off! Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Exchange, and much more. Our expert authors deliver content you simply won't find anywhere else. Subscribe today at 25% off, and find out what over 100,000 readers know that you don't!
http://www.winnetmag.com/rd.cfm?code=edwi203dup

2. FAQS

Q. How can I optimize the Server service for memory use or network throughput?

A. All versions of NT and later include a Server service that the OS uses for several functions, including file, print, and named-pipe sharing. Depending on how you use your machine, you can optimize the Server service to either minimize memory use or maximize network throughput (which will use more memory) by performing the following steps:

Start a registry editor (e.g., regedit.exe).
Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters registry subkey.
Double-click the Size value and set it to 1 (minimize memory use), 2 (balance memory and network throughput), or 3 (maximize network throughput). Then click OK.
Close the registry editor.
Restart the computer for the change to take effect.

Q. How can I configure my system cache setting?

A. Desktop machines and servers typically perform different functions. Whereas desktops typically run applications in the foreground that require only available memory, servers typically require additional memory for file or data caching. If you use a desktop or server outside its typical role (e.g., a desktop computer as a file server), you can modify the cache setting by performing the following steps:

Start a registry editor (e.g., regedit.exe).
Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management registry subkey.
Double-click LargeSystemCache, set it to 0 for desktop mode or 1 for server mode, then click OK.
Close the registry editor.
Restart the computer for the change to take effect.

Be careful when changing this registry setting. Incorrectly setting the LargeSystemCache value can degrade performance (e.g., if you're running Microsoft SQL Server and you set the cache to desktop mode).

Q. How can I enable a Network Time Protocol (NTP) server?

A. All versions of Windows 2000 and later can serve as an NTP server. Other machines on the network can then use the NTP server to synchronize their time. To enable an NTP server, perform the following steps:

Start a registry editor (e.g., regedit.exe).
Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters registry subkey.
From the Edit menu, select New, DWORD Value.
Enter the name LocalNTP, then press Enter.
Double-click the new value, set it to 1 to enable or 0 to disable, then click OK.
Restart the computer for the change to take effect.

To configure other network computers to use the new NTP server, you must set their NtpServer registry value, which is located under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parametersregistry subkey, to point to the NTP server. For more information about configuring NTP settings, see the FAQ titled "How can I configure the time service in Windows 2000?".

Q. Why can't I access the encrypted data on my clustered shared disk?

A. If you're having trouble accessing encrypted data on a clustered shared disk, the reason might be that you're using a local profile rather than a roaming profile, and the server by which you accessed the shared disk has failed and another machine in the cluster is now hosting access. When you encrypt a file, the cluster node that provides access creates a certificate (i.e., an encryption key) and stores it in your profile. If the node fails, another node in the cluster will begin hosting the resource, and you'll no longer have the encryption key to access the data. To work around this problem, use a roaming profile or regularly export your encryption keys from the node in which you encrypted the data to the other nodes in which you might have local profiles.

Q. Why can't my users encrypt files on a Windows 2000 domain controller (DC)?

A. Users will be unable to encrypt files on a DC if all the following conditions are true:

Users have roaming profiles.
You configure the DCs with the "Delete cached copies of roaming profiles" setting.
The servers aren't running Win2K Service Pack 3 (SP3) or later.

Users can still encrypt files on member servers but will receive an error when they attempt to encrypt files on file shares hosted by DCs. To resolve this error, apply Win2K SP3 or later.

Q. How can I delete cached copies of roaming profiles in Windows 2000 and later?

A. When you use a roaming profile in Win2K or later, the OS typically caches a local copy of the profile. However, you can disable this caching by performing the following steps:

Open the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, right-click the container that holds the group policy that you want to use to apply the change, select Properties, select the Group Policy tab, then click Edit.
Navigate to Computer Configuration, Administrative Templates, System, Logon for Windows 2000 or Computer Configuration, Administrative Templates, System, then click User Profiles for Windows 2003.
Double-click "Delete cached copies of roaming profiles."
Select Enabled, then click OK.
Close the policy editor.

Don't use this policy if you enable slow-link detection for Windows XP and Win2K clients because this feature relies on cached profiles when a slow link is detected. You can also disable cached copies of roaming profiles directly in the registry by creating a registry value named DeleteRoamingCache of type REG_DWORD and setting it to 1 under the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System registry subkey.

Q. How can I install Windows Server 2003, Standard Edition?

A. To install Windows 2003 Standard Edition, perform the following steps:

Insert the Windows 2003 installation CD-ROM, then power on the machine. Windows Setup will check the computer's configuration, prompt you to press the F2 key to start system recovery (don't press this key), and load core files into memory.
When Windows Setup prompts you to Setup Windows, use the Recovery Console, or Exit, press Enter to continue the installation process.
When you see the license agreement appear onscreen, press F8 to continue.
Windows Setup will display the disk partition screen. Select an existing partition, create a new one by pressing C, or select an un-partitioned area of space and press Enter to continue installation.
When you're prompted to choose from the following options, make a selection, then press Enter:
- Format the partition using the NTFS file system (Quick)
- Format the partition using the FAT file system (Quick)
- Format the partition using the NTFS file system
- Format the partition using the FAQ file system
- Leave the file system intact
Windows Setup will format the partition (if required) and copy files to the disk from the installation CD-ROM.

Your computer will then reboot (you can press Enter to avoid the 10-second delay),

and the graphical phase of the installation will begin. Windows Setup will complete the various installation stages, including installing devices and configuration. After the installation has finished detecting the computer's devices, Windows Setup will begin the portion of the installation that requires user input.
Windows Setup will prompt you to set regional and language options. Click the Customize and Details buttons, select the appropriate check boxes for the correct regional options, then click Next.
Enter a name and organization for the installation, then click Next.
Enter the product key, then click Next.
When the Licensing Modes option appears onscreen, select either the "per user" or "per server" option (along with the number of concurrent connections, if required, per server), then click Next.
Enter a computer name for the server and an Administrator password. If you attempt to use a password that doesn't meet Windows 2003's definition for a strong password (e.g., at least six characters; doesn't contain "Administrator" or "Admin"; contains uppercase and lowercase letters, numbers, and non-alphanumeric characters), Windows Setup will warn you and you'll have to click Yes to continue with your chosen password. Click Next.
When Windows Setup prompts you to enter the date and time settings, change the time zone if needed, select the automatic daylight savings setting (if appropriate), then click Next to begin the network installation phase.
After the network installation phase performs several checks and detects your network settings, confirm your TCP/IP settings when prompted. The installation defaults to using DHCP (to automatically assign an IP address), but you can configure a static IP address or specify a different configuration if the DHCP server isn't available. To modify the TCP/IP settings, select "Custom settings," click Next, select Internet Protocol (TCP/IP), then click Properties. After you finish modifying the TCP/IP settings, click OK, then click Next.
When Windows Setup prompts you, enter a workgroup or domain name, then click Next. The installation will continue without further user input. This final phase of the installation includes further configuration, including copying of files, creating the Start menu, registering components, and finalizing the settings. After the installation is finished, the machine will reboot.

3. HOT RELEASE (ADVERTISEMENT)

CDW

With Windows Server 2003, Microsoft delivers the fastest, most reliable, most secure Windows server operating system it has ever offered. The result: A highly productive infrastructure that helps make your network a strategic asset to your organization. Make the move to a more streamlined way of doing business today!
http://www.cdw.com/r.asp?n=31028

4. ANNOUNCEMENTS
(brought to you by Windows & .NET Magazine and its partners)

GET THE EBOOK THAT WILL HELP YOU GET CERTIFIED!

The "Insider's Guide to IT Certification," from the Windows & .NET Magazine Network, has one goal: to help you save time and money on your quest for certification. Find out how to choose the best study guides, save hundreds of dollars, and be successful as an IT professional. The amount of time you spend reading this book will be more than made up by the time you save preparing for your certification exams. Order your copy today!
http://winnet.bookaisle.com/ebookcover.asp?ebookid=13475

CAST YOUR VOTE IN OUR ANNUAL READERS' CHOICE AWARDS!

Which companies and products are the best on the market? Tell us by nominating your favorites in the annual Windows & .NET Magazine Readers' Choice Awards survey. Click here!
http://www.winnetmag.com/readerschoice

5. CONTACT US
Here's how to reach us with your comments and questions:

ABOUT THE FAQS — [email protected]
ABOUT THE NEWSLETTER IN GENERAL — [email protected]

(please mention the newsletter name in the subject line)

TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
PRODUCT NEWS — [email protected]
QUESTIONS ABOUT YOUR WINDOWS XP AND 2000 TIPS & TRICKS UPDATE SUBSCRIPTION?
Customer Support — [email protected]

WANT TO SPONSOR WINDOWS XP AND 2000 TIPS & TRICKS UPDATE?
[email protected]

This weekly email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
http://www.winnetmag.com/sub.cfm?code=wswi201x1z

Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email