\[Editor's Note: Share your NT discoveries, comments, problems, solutions, and experiences with products and reach out to other Windows NT Magazine readers (including Microsoft). Email your contributions (400 words or less) to [email protected] Please include your phone number. We edit submissions for style, grammar, and length. If we print your submission, you'll get $100.\]
I read Mark Minasi's "DNS Disaster Recovery" (April 1999) with interest, and I'd like to share my experience of migrating DNS information from one Windows NT server to another. My company recently needed to replace the PDC because of a system partition failure. The PDC acted as both a WINS and DNS server; we didn't expect problems with WINS after the migration, but we were worried about having to rebuild the DNS data.
To prevent problems, I copied all the .dns files in the \%systemroot%\system32\dns directory, and I exported the old machine's Registry entries from HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\DNS. On the new PDC, I stopped the DNS service and I copied the .dns files to \%systemroot%\system32\dns. I decided to use Microsoft's native method of loading entries from the Registry. Two alternatives exist for this method. One alternative is to use a Registry editor. The other alternative is to use DNS Manager to create a dummy zone on the server (you can use any name for the zone), then delete the zone. The default value for the Registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\DNS\Parameters\EnableBootFromRegistry is 1. After I restarted DNS services, the DNS server loaded the correct zone information.
I recently obtained my MCSE at Royal Roads University in Victoria, British Columbia. The program I completed has more lab time than formal instruction, and it includes a period of work experience following the coursework portion. Even after that much practical experience, I'd rather not be pitchforked into a senior IT position without shadowing a more experienced network administrator for a couple of years. Therefore, I agree with David Chernicoff's opinion regarding practical experience for MCSEs (Forefront, "The Problem with Certification Programs," January 1999).
From what I've seen, the amount of hands-on experience someone with an MCSE has depends on which path the person uses to pursue certification. The three most common paths seem to be the paper MCSE, goal-oriented MCSE, and slow-and-steady MCSE.
In a paper MCSE program, candidates purchase their texts at a local bookstore, study the texts in the bathroom, memorize output from braindump Web sites, and pass the MCSE exams. Many of these MCSEs have never worked on a real (i.e., nonsimulated) network.
In a goal-oriented MCSE program, candidates complete an instructor-led program but spend most of the classroom time studying Transcender and Personal Exam Prep (PEP) tests. These candidates take any exam that they can pass quickly because they really want those letters after their name.
In a slow-and-steady MCSE program, candidates regard certification as a useful start in the IT field but recognize that they must supplement the degree with a continuing practical and theoretical commitment. These candidates would rather do a job well than finish it quickly.
Candidates who fall into the first two groups are preventing MCSE certification from becoming the IT equivalent of a Certified Management Accountant (CMA), Certified General Accountant (CGA), or Certified Accountant (CA) designation in accounting. I've worked in the accounting field for 6 years and understand the depth and extent of training that goes into these certifications. As IT professionals, we should seek to emulate this commitment to training.
Use WSH to Automate User Management
My company is in the process of making all user environments consistent. I use a Microsoft Excel spreadsheet to generate a batch file that creates user home directories, sets permissions, and creates network shares. All I need to do is enter the usernames in one column. Other columns use the usernames as variables and create commands according to a formula. Then, I copy the commands to a batch file that does the final work.
I decided to complete this project on a group basis because some groups have hundreds of users, and entering usernames individually in User Manager for Domains is painfully slow. I wanted to extract the username for each group and dump the usernames into the spreadsheet. I could have used the Microsoft Windows NT Server 4.0 Resource Kit's showmbrs.exe utility to direct the output to a file, but I found a better solution. I discovered that I could use the VBScript file in Listing 1, page X, with Microsoft Active Directory Service Interfaces (ADSI) and Windows Scripting Host (WSH) to put usernames directly into the spreadsheet. I also discovered that I could use this method to accomplish other tasks. For example, I used the code in Listing 2 to change the logon script for all the users. If you know the name of the group, you can use the code in Listing 3 to directly change the group members' logon script.
LaserJet Driver Blocks LPT Ports for Other Printers
I recently installed a print and fax server for one of my clients. As a print server, the computer uses a TCP/IP LAN connection to manage three physical printers on LPT ports and three HP LaserJet queues (for an HP LaserJet 4000 TN, HP LaserJet 5N, and HP LaserJet 5). As a fax server, the computer manages all the client's fax traffic. After I installed the server, I reinstalled Windows NT and Service Pack 4 (SP4).
When the client's users tried to use the server, they received the error message Error writing to LPTx: For document name. Access denied. I guessed that the problem might be a conflict between the fax server and SP4, so I tried to revert to the setup that existed before I installed SP4. However, a driver conflict prevented me from reverting to the previous installation. Finally, I reinstalled the server in an attempt to fix the problem.
After I reinstalled the LaserJet printers, but before I reinstalled SP4, I again received the error message. I searched Microsoft's Knowledge Base for information about this problem, and I found the article "Err Msg: Error Writing to LPT1: Access Denied" (http://support.microsoft.com/support/kb/ articles/q180/8/92.asp), which states that the HP LaserJet 4000 TN's driver causes the problem. I searched HP's Web site but couldn't find any information about this problem. I downloaded the latest drivers for the LaserJets and installed the drivers, but this action didn't solve the problem either. According to Microsoft, the problem occurs when you have the HP Complete Printing System for Windows NT 4.0 installed and you try to print to printers other than those in the HP 4000 series. I had to follow Microsoft's instructions to delete the Registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Print\Monitors\HP LaserJet 5 Language Monitor, remove the HP Printing System program from the list of installed programs in Control Panel, rename hpdrmon.dll in the \system32 directory, and restart the system to solve the problem.
Receiving Net Send Messages on Win9x
My company recently rolled out Quota software to a couple of thousand users and didn't have an immediate method of sending messages to those users. We needed a way to receive Net Send messages on our Windows 95 boxes. We thought about using WinPopup, but this program has two problems. First, WinPopup is always visible on the taskbar, and our users constantly close the program because they like a clean taskbar. Second, users can use WinPopup to send messages. This feature caused us concern because we have thousands of clients, and we didn't want users to be able to send messages that all our clients or our upper-management team might receive.
I used Borland C++ Builder 3.0 to write a small receiver program for the Win95 PCs. You can download the source code and executable from http://www.winntmag.com/articles. Enter 7531 in the InstantDoc ID text box. (The code also works on Win98.) This code works under any C++ compiler because I didn't use any Borland-centric pieces. I compiled the executable for a Pentium machine.
The program is easy to use. Run the executable to start the program, which runs as a hidden application (visible only on the task list). If you need to shut down the program (e.g., to update the .exe file), simply add the option quit to the command line.
The code works from the messenger mail slot that Net Send commands use. The program also creates a command mail slot to receive commands. Although the only currently supported command is Quit, the program could also use commands such as Logoff, Restart, and Shutdown.
I used a mutex to prevent multiple instances of the program from running on a machine. The only time you'll receive an error message when this program launches is if someone is using WinPopup or another messenger application that prevents the program from opening the mail slot. To prevent this occurrence, I configured the program to run from the Registry when the machine first starts by adding a string entry to the Registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\RunServices that specifies the full path to the executable (just as you'd enter on the Run line so that the program would start before another receiver program could start).
Detecting RAS at Logon
My office performs updates and displays messages for LAN users. However, our dial-up connections can't afford the time for large data transfers that occur during logon. We employ three methods that let Windows NT logon scripts test whether a connection is dial-up RAS.
One method is to use the IP address. This method requires only native NT services. Set a unique range of IP addresses for dial-in users. You can use the for /f command with ping as its information source to test octets. Listing 4 shows an example using an entire IP string. This template lets you test for an octet that is equal to or greater than a target number. For example, if you reserve 100.100.100.240 and above for dial-in, you can test token 6 for numbers greater than 239.
Another method is to use the PS freeware utility (available at http://www.merxsoft.com/mersoft-free/ descriptions/ps.htm). This method uses a current process listing to check whether the RAS monitor is running. Listing 5 shows an example using this method.
The third method is to use the Microsoft Windows NT Server 4.0 Resource Kit's tlist.exe utility. This method uses a current process listing to check whether the RAS monitor is running. Listing 6 shows an example using this method.
A Plug for Perl
I enjoyed Bob Wells' May 1999 Scripting Solutions, "Professor Fun," in which he demonstrated the use of Windows Scripting Host (WSH) and VBScript 5.0. Although Bob's example code was simple and clear and his comments well written and informative, I think he should have pointed out more clearly that Perl is perhaps better suited to this style of scripting than VBScript is.
Perl is simple to use, you can write Perl scripts quickly, and Perl scripts use far fewer system resources than VBScript uses for scripting applications. I also think that VBScript is too complex for the average user to employ in writing scripts for Windows NT. I think NT proponents give Perl short shrift because they perceive the language as a UNIX utility. However, Perl is a valuable addition to an NT programmer's or systems administrator's toolbox. To illustrate my point, I rewrote Bob's example program in Perl while drinking my first cup of coffee one morning. Listing 7 contains my script.