Ask the Doctor - 08 Mar 2000

For answers to more of your Windows 2000 and Windows NT questions, visit our online discussion forums at

I've instructed Microsoft Internet Explorer (IE) to store passwords I use for Web sites that I visit regularly. Also, I use Microsoft Outlook 2000 to make POP3 connections to my ISP's mail server. I'm experiencing problems with both setups. When I visit my regular Web sites, IE now generates a Protected Storage Service dialog box that asks for a password. In addition, Outlook 2000 refuses to save my mail account's POP3 password. Can you tell me what's causing these problems

The cause of your problems is the Protected Storage Service and the password cache it creates for your user account. Occasionally, the Registry data associated with this service becomes corrupted and requires reinitialization. The good news is that I have a fix for you. The bad news is that the fix will delete all the passwords residing in the cache, and you'll have to remind IE and Outlook about the passwords later.

Use the Control Panel Services applet to stop the Protected Storage Service. Next, use regedt32 to navigate to the HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider Registry key. Double-click this key to display its subkeys. As Screen 1, page 184, shows, at least one subkey has a name that is equivalent to your Windows NT user account's SID (e.g., S-1-5-21-36516332-637091160-1803697834-1001). You need to delete this subkey, but you don't have permission to do so. Therefore, you need to add yourself to the Registry key's ACL. Highlight the key that represents the SID, and select Permissions from the Security menu. Next, add your user account to the ACL with Full Control rights. Now you can delete the key and restart the Protected Storage Service in the Control Panel Services applet.

I want to configure RAS to dial an ISP at or after a reboot. Can I write commands to a batch file in the startup folder

Assuming you want your connection to remain permanently established (rather than simply initiated at startup and later dropped), I recommend Basta Computing's RascalPro—particularly on a Windows NT RAS server acting as an Internet router. You can launch the utility as an NT service; therefore, the utility can establish a RAS session (e.g., an ISP connection) independently of a user logon. You have other options, such as using NT's AutoLogon feature in conjunction with an autodialing script, but a service-based method offers better security.

I'm experiencing a problem with my Windows NT Server 4.0 implementation. Often, the server lets manager accounts connect to the domain but won't let domain users connect. Any suggestions

I'm familiar with this symptom—specifically, the domain users' inability to log on to the server. When I encountered this problem, it was because the administrator had installed NT Server from an evaluation or Microsoft Developer Network (MSDN) CD-ROM. Most evaluation versions of NT let only a limited number of users connect to the server simultaneously. However, administrators can always log on to the server.

I worked around the problem by adding all my users to the Local Machine Administrators group. Later, I reinstalled NT from a fully functional retail version. If you apply this solution, understand the security risks: All users are temporarily administrators, so everyone has access to all the computer's files. If the server in question is also your PDC, its accounts database is the domain accounts database, giving all administrators access to all servers in your domain.

I've heard stories about Windows NT Server and NT Workstation systems exhibiting a blue screen because administrators used demonstration disks to install the software. How can I determine whether my NT installation is an evaluation version or a fully functional retail version

If you install NT using setup disks that you created with an evaluation CD-ROM—even if you enter a registered product ID code and use a full-version CD-ROM—your installation will expire. The warning that Screen 2 shows gives you an hour's notice, then the blue screen appears, along with the following message:


Your NT System is an evaluation unit with an expiration date. The trial period is over.

If you receive this message, you can restart the computer and run it for another hour before it crashes again.

Microsoft doesn't provide a simple method to determine whether your installation will expire. The lack of such a tool is an annoyance, considering you get only an hour's notice before the system shuts down. However, you can use Win Info 2.3 to find this information. (You can download Win Info from download/ Win Info's Installation type value tells you whether you have a Full Version or a Time Limited Version (nnn days). Screen 3 shows a Windows 2000 (Win2K) beta installation that expires December 4, 2000. Systems Internals also offers an excellent command-line tool, IsTrial, that contains similar functionality. (You can download IsTrial from

After I upgraded from Windows NT 4.0 to Windows 2000 (Win2K), the timeout in boot.ini reset to 30 seconds. How can I change the value back to my previous value

The boot.ini file defines the timeout value, which is the amount of time you have to choose your OS during startup. When you upgrade to Win2K (or any version of Windows), the timeout value resets to 30 seconds, regardless of your past settings. To return to your preferred value, right-click My Computer on the desktop, then click Properties. On the Advanced tab, click Startup and Recovery. Change the value in the Display list of operating systems for X seconds box. Click OK twice.

You can also reset this value by directly editing the boot.ini file. Remember that the boot.ini file is a read-only file, so you first need to write-enable it. Simply go to Windows Explorer, right-click the file, select Properties, and clear the Read-only check box. Change the timeout value to the number of seconds you require:

\[boot loader\]
timeout=<number of seconds>

Can I install Microsoft IntelliPoint 3.0 on Windows 2000 (Win2K) and Windows NT systems

The new Microsoft mouse devices use IntelliPoint 3.0 software that runs under NT Service Pack 3 (SP3). Win2K doesn't support version 3.0. However, you can use the following command to install the software on a Win2K system:

C:\> <X>:\setup\setup setup win2000

where X is the drive letter of your CD-ROM drive (e.g., D). If you try to install directly from the CD-ROM's autorun program, you'll experience an OS error.

The new mouse has a Universal Serial Bus (USB) connection. Trying to connect through USB on NT 4.0 doesn't work, but Win2K's USB connection works. The Natural Keyboard Pro software also runs on Win2K, although not all the buttons work (e.g., volume, calculator, My Computer).

At press time, Microsoft has released IntelliPoint 3.1, which offers full Win2K support. You can download the software from hardware/mouse/driver/drivers_pc.htm.

My WINS clients have stopped registering and querying the WINS server. What happened

When clients stop using WINS, they exhibit the following telltale signs:

  • The client can't ping a remote computer (across a router) by its computer name (i.e., NetBIOS name).
  • The client can't log on to a domain if the only domain controllers are on the other side of the routers.
  • The client can't perform Net View or Net Use on computers that are on the other side of the routers.
  • The client can't retrieve the browse list of a remote domain that the client sees in its local browse list.

At boot, the client registers its name with the primary WINS server (or, when performing a name query, the client first sends the request to the primary WINS server). If the primary WINS server doesn't respond after three attempts, the client sends the registration or query to the secondary WINS server that the IP properties dialog box lists. If the secondary WINS server doesn't respond, the client resends the query to the primary WINS server, then alternates between the primary and secondary WINS server until one of them responds.

If the IP properties dialog box lists no secondary WINS server, you have a problem. The client might revert to broadcast-only (i.e., B-node) behavior and stop querying the WINS server completely. To solve this problem, you need to define a secondary WINS server. If you have only one WINS server, list it in both the primary and secondary boxes. You can update clients in the Control Panel Network applet. Select the Protocols tab, then TCP/IP. On the WINS tab, fill in the boxes. If the clients use DHCP, be sure to configure the scope with both primary and secondary servers.

Microsoft fixed this problem in Windows NT 4.0 and Windows 98, but it remains in NT 3.51 and Win95. For more information, see the Microsoft article "WINS Client Stops Querying or Renewing with WINS" at kb/articles/q155/5/01.asp.

\[Editor's Note: Sean Daily, John Savill, and John Green contributed answers to this Tricks & Traps.\]

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.