\[Editor's Note: Share your Windows 2000 and Windows NT discoveries, comments, problems, solutions, and experiences with products and reach out to other Windows 2000 Magazine readers (including Microsoft). Email your contributions (400 words or less) to [email protected] Please include your phone number. We edit submissions for style, grammar, and length. If we print your submission, you'll get $100.\]
Enabling IP Forwarding in Win2K Pro
In Forefront: "Working with Windows 2000" (June 2000), David Chernicoff shared his difficulties in trying to enable IP forwarding on a Windows 2000 Professional system. He mentioned that this process would have been simple on a Windows NT machine but was complicated on his Win2K Pro system. David concluded that the only solution he could find was to enable IP forwarding through the Win2K router wizard. I discovered a way to enable IP forwarding through a registry edit. To do so, open a registry editor, navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters subkey, and assign IPEnableRouter (type REG_DWORD) a value of 1. For more information about this registry edit, see the Microsoft article "How to Enable TCP/IP Forwarding in Windows 2000" (http://support.microsoft.com/support/kb/articles/q230/0/82.asp).
In Reader to Reader: "An NT Security Loophole" (June 2000), Priyank Pashine discussed some of Windows NT's vulnerabilities. I don't agree that the items he mentioned are security loopholes. Loophole implies a bug or design flaw that makes NT susceptible to unauthorized access. Priyank suggests that after someone cracks the administrator password, anyone can administer your domain from a computer that isn't logged on to your domain. This suggestion is equivalent to saying that after someone has a key to your house, they can get into your house. Rather than consider this a loophole, recognize the importance of guarding administrator passwords. In addition, you should hold passwords for accounts that have administrative privileges to a higher standard than other accounts: Passwords should be complex and long, and administrators should change them regularly.
Rdisk for Win2K
In Windows NT 4.0, I've written scripts to automatically create Emergency Repair Disks (ERDs). When I upgraded to Windows 2000, I noticed that the Rdisk utility is absent. Although Win2K's Ntbackup utility has a command-line interface, you can't use this tool to create only an ERD. In my experience, you must back up the entire system state to create a repair disk.
To work around this problem, I grabbed Rdisk off of an NT 4.0 machine, and the NT 4.0 Rdisk worked on Win2K. The only catch is that you must expand the ERD files after you create them. This way, when you can't boot your machine (even in Safe Mode), you can go into the Recovery Console and copy the files from winnt\repair to winnt\config. I attempted to use the Expand command in the Recovery Console, but you can't create a file in the console. Thus, I created a batch file, which Listing 1 shows, that includes the expanded functionality. I have tested this batch file by deleting the registry Software subkey, then booting into the Recovery Console to repair the deleted file.
Detailed Backup Reports
We recently received Windows NT 4.0 Workstation systems that we use NT's backup program to back up weekly, and I check each log the morning after the backup to ensure that there aren't any problems. Ntbackup appends each backup summary to the same file on these systems. I need detailed summaries, and the backup files were quickly becoming too long to navigate through. To work around this problem, I used the following steps to archive the backup file after each backup and include a date stamp in the new file's name:
- Create a folder called archived backup logs on the system.
- Create the following batch file and name it arch.bat:
- Use the At command to schedule this batch file to run after each backup. For example, I use the following command to schedule arch.bat to run every Tuesday at 3:00 a.m.:
move c:\backup.log c:\archiv~1\backup.log for /f "tokens=2,3,4 delims=/ " %%i in ('date /t') do (for /f "tokens=1,2 delims=: " %%a in ('time /t') do (ren c:\archiv~1\backup.log backup_%%i%%j%%k_%%a%%b.txt))
at 3:00AM /interactive /every:T "c:\arch.bat"
This process moves backup.log to a different folder and renames the folder something like backup_07182000_300a .txt for July 18, 2000, at 3:00 a.m.
Answers to This Month's Reader Challenge
You can find this month's Reader Challenge on page 24. The correct answers to the questions are as follows:
Incidentally, Question 4's incorrect answer D contains an embedded trick question. The net time parameter /s isn't valid in Windows 2000. Use net time /setsntp: ServerName to use SNTP with an external clock.