Windows XP and 2000 Tips & Tricks UPDATE, June 24, 2002

This week, John Savill explains why an AD-integrated DNS server takes longer to load than a zone-based DNS server, why you receive an error when you change a "Grant To" table on a Windows NT 4.0 server, and more.

John Savill

June 23, 2002

10 Min Read
ITPro Today logo

Windows XP and 2000 Tips & Tricks UPDATE—brought to you by the Windows & .NET Magazine Network and the Windows 2000 FAQ site
http://www.windows2000faq.com

THIS ISSUE SPONSORED BY

Winternals Software - Administrator's Pak
http://www.winternals.com/savemybutt

VeriSign - The Value of Trust
http://www.verisign.com/cgi-bin/go.cgi?a=n253887390057000

(below COMMENTARY)

SPONSOR: WINTERNALS SOFTWARE - ADMINISTRATOR'S PAK

THERE'S A THOUSAND WAYS TO GET YOUR BUTT KICKED AT WORK: Dead systems. Forgotten passwords. Lost data. Corrupt registries. Damaged or deleted partitions. And (of course) angry co-workers. You feel the pain every day. That's why you need the Administrator's Pak. An award-winning suite of solutions to virtually any system repair emergency. It's powerful protection for your systems. And your butt. Get it today!
http://www.winternals.com/savemybutt

June 24, 2002—In this issue:

1. COMMENTARY

2. FAQS

  • Q. Why does an Active Directory (AD)-integrated DNS server take longer to start than a typical zone-based DNS server?

  • Q. Why do I receive the error message "You may not remove the local logon right from the Administrators local group" when I edit user rights?

  • Q. Why does my Windows XP client receive an error message when it connects to a Windows 2000 Server Terminal Services server?

  • Q. Why does the Windows boot process hang on a blank screen when I press the Esc key?

  • Q. How can I install specific applications from the Windows .NET Server (Win.NET Server) and Windows 2000 Administration Tools pack?

  • Q. How can I link my Windows XP user account to my Microsoft .NET Passport?

3. ANNOUNCEMENTS

  • Windows Scripting Solutions for the Systems Administrator

  • July Is Hot! Our Free Webinars Are Cool!

4. CONTACT US

  • See this section for a list of ways to contact us.

1. COMMENTARY
(contributed by John Savill, FAQ Editor, [email protected])

I've installed the beta version of Windows XP Service Pack 1 (SP1) on a couple of desktop and laptop machines, and everything looks stable so far. As a result of the antitrust court ruling, Microsoft has included a new wizard that lets you configure programs to use by default for Java, messaging, email, Internet browsing, and media access. However, Microsoft might change any of this before the final release.

This week, I explain why an Active Directory (AD)-integrated DNS server takes longer to load than a zone-based DNS server, why you receive an error when you change a "Grant To" table on a Windows NT 4.0 server, why a Windows XP client might receive an error while connecting to a Windows 2000 Server Terminal Services server, and why the Windows boot process can hang when you press the Esc key. I also tell you how to install individual applications from the Windows .NET Server (Win.NET Server) and Win2K Administration Tools pack, and how to link an XP account to your Microsoft .NET Passport.

Till next week, take care.

Editor's Note: We need your help to make this and other email newsletters from Windows & .NET Magazine as useful to you as they can be. To help us with our editorial planning, please answer the Windows & .NET Magazine Network Email Newsletter & Web Site Survey, available at the following URL. If you provide your email address at the end of the survey, we'll put your name in a drawing for a Windows & .NET Magazine T-shirt. Thank you! We appreciate your help.
http://www.zoomerang.com/survey.zgi?QN1V072PTHGA5PGS9R9LGR5R

SPONSOR: VERISIGN - THE VALUE OF TRUST

Learn how to build a secure e-commerce site with VeriSign's FREE White Paper, "Building an E-Commerce Trust Infrastructure." See how you can authenticate your site to customers, use 128-Bit SSL encryption to secure your web servers, and accept secure payments online. Click here:
http://www.verisign.com/cgi-bin/go.cgi?a=n253887390057000

2. FAQS

Q. Why does an Active Directory (AD)-integrated DNS server take longer to start than a typical zone-based DNS server?

A. Windows 2000 and later OSs can store DNS information in AD if the DNS server is a domain controller (DC). Alternatively, the OS can store DNS information on a standard primary zone-based DNS server, which is file based.

When the DNS service starts, it loads all zone information into a memory cache, regardless of whether the OS maintains the DNS information in AD or in a file. DNS information stored in a standard primary zone (i.e., read from a zone file) will load faster than information stored in an AD-integrated zone because the integrated zone must read all its records from AD. This difference in performance is simply an effect of reading information from different media (file versus AD).

Q. Why do I receive the error message "You may not remove the local logon right from the Administrators local group" when I edit user rights?

A. Before Microsoft developed the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, administrators used the User Manager for Domains tool to manage user accounts. You might still have a need to administer a Windows NT 4.0 domain from Windows 2000 or NT 4.0 clients, which can lead to problems when you try to add or remove user accounts from the "Grant To" list in the User Rights Policy dialog box and result in the following error message:

You may not remove the local logon right from the Administrators local group. Doing so will disable all local administration of this computer.

This error can result from the following conditions:

  • A Win2K Professional installation is running the NT 4.0 Administration Tools. Win2K machines must run the Win2K Administration Tools (i.e., adminpak.msi) that come with Win2K Server.

  • The "Grant To" list you're attempting to modify contains a deleted user or group. To resolve this problem, you must log on to the PDC of the NT 4.0 domain and use the local User Manager for Domains tool to remove the deleted account or group from the "Grant To" list.

Q. Why does my Windows XP client receive an error message when it connects to a Windows 2000 Server Terminal Services server?

A. The Microsoft Clearinghouse, which authorizes Terminal Services License servers, has made a change to the certificates that the Clearinghouse provides to terminal servers that can result in the following error message when an XP client attempts to connect to the Win2K Terminal Services server:

Because of a security error, the client could not connect to the terminal server. After making sure that you are logged on to the network, try connecting to the server again.

XP clients have a built-in Client Access License (CAL) for accessing Win2K Terminal Services servers. To resolve the error, you need to delete the XP Terminal Services License information from the registry and modify the Certificate types on the Win2K Terminal Services server. On the Win2K Terminal Services server, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTermServiceParameters subkey.

  3. Delete the Certificate, X 509 Certificate, and X 509 Certificate ID values.

  4. Close the registry editor, then restart the server.

On the XP client, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to the HKEY_LOCAL_MACHINESOFTWAREMicrosoft subkey.

  3. Delete the MSLicensing subkey.

  4. Close the registry editor.

  5. Connect to the terminal server.

If performing these steps doesn't resolve your problem, you need to contact the Microsoft Clearinghouse to deactivate and reactivate your Win2K Terminal Services License server.

Q. Why does the Windows boot process hang on a blank screen when I press the Esc key?

A. During the Windows boot process, you can press the F5 key to specify Safe mode or the F8 key to specify boot options. Both keys have 3-byte key-codes, of which the first byte is the same as the Esc key. As a result, if you press Esc, Windows detects this byte and waits for another 2 bytes (but the key buffer is now empty because Esc is only 1 byte). To remedy this situation, press another key to fill the buffer with extra bytes and let Windows continue to boot.

Q. How can I install specific applications from the Windows .NET Server (Win.NET Server) and Windows 2000 Administration Tools pack?

A. Microsoft supplies the Win.NET Server and Win2K Administration Tools pack as one Windows Installer file (i.e., adminpak.msi). Executing the Windows Installer file installs the whole toolset to your machine. To install individual tools, perform the following steps:

  1. Open the command prompt by going to Start, Run and typing

    cmd.exe 
  2. Navigate to the folder that contains adminpak.msi.

  3. Type

    msiexec /i adminpak.msi ADDLOCAL= /qb

    For example, type

    msiexec /i adminpak.msi ADDLOCAL=FeADTools /qb 

    for the Active Directory (AD) tools.

  4. Close the command-prompt session.

    The full list of short codes is

       Abbreviation       Tool   ************       **********************   FeADTools          Active Directory Tools   FeCERTConsole      Certification Authority   FeClusterConsole   Cluster Administrator   FeCMAKConsole      Connection Manager Administration Kit   FeDHCPConsole      DHCP   FeDFSConsole       Distributed File System   FeDNSConsole       DNS   FeIASConsole       Internet Authentication Service   FeIISConsole       Internet Services Manager   FeACSConsole       QoS Admission Control   FeRSConsole        Remote Storage   FeRRASConsole      RRAS   FeTAPIConsole      Telephony   FeTSClientConsole  Terminal Services Client   FeTSMgrConsole     Terminal Services Tools   FeWINSConsole      WINS  

Q. How can I link my Windows XP user account to my Microsoft .NET Passport?

A. You can now save information about your .NET Passport within your XP user account. Many Microsoft and third-party Web sites use .NET Passport to confirm user credentials and enable extra services (you can find information and apply at http://www.passport.com).

If your computer is part of a domain, you can integrate your .NET Passport with your XP account by performing the following steps:

  1. Start the Microsoft Management Console (MMC) User Accounts Control Panel snap-in (go to Start, Settings, Control Panel, and click User Accounts).

  2. Select the Advanced tab.

  3. Under the "Passwords and .NET Passports" section, click the .NET Passport Wizard button.

  4. When the .NET Passport Wizard starts, follow the onscreen prompts to enter your .NET Passport details.

If your computer isn't part of a domain but is part of a workgroup, perform the following steps:

  1. Start the User Accounts Control Panel snap-in (go to Start, Settings, Control Panel, and click User Accounts).

  2. If you're an administrator, select your user account from the list (you can't change other users' .NET Passport options); otherwise, XP will select your account automatically and you can skip this step.

  3. Under the "What do you want to change about your account?" section, select "Set up my account to use a .NET Passport."

  4. When the .NET Passport Wizard starts, follow the onscreen prompts to enter your .NET Passport details.

3. ANNOUNCEMENTS
(brought to you by Windows & .NET Magazine and its partners)

  • WINDOWS SCRIPTING SOLUTIONS FOR THE SYSTEMS ADMINISTRATOR


So, you’re not a programmer, but that doesn’t mean you can’t learn to create and deploy timesaving, problem-solving scripts. Discover Windows Scripting Solutions online, the Web site that can help you tackle common problems and automate everyday tasks with simple tools, tricks, and scripts. While you're there, check out this article ( http://www.winscriptingsolutions.com/articles/index.cfm?articleid=20376 ) on WMI scripting for beginners!
http://www.winscriptingsolutions.com

  • JULY IS HOT! OUR FREE WEBINARS ARE COOL!


Check out our latest Web seminar offerings from Windows & .NET Magazine. "Storage, Availability, and You," sponsored by VERITAS, will help you bring your Windows storage under control. "Easing the Migration: 15 Tips for Your Windows 2000 Journey" will help you plan and implement a successful Win2K migration. Find out more and register today!
http://www.winnetmag.com/seminars

4. CONTACT US
Here's how to reach us with your comments and questions:

(please mention the newsletter name in the subject line)

This weekly email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
http://www.winnetmag.com/sub.cfm?code=wswi201x1z

Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email

Thank you for reading Windows XP and 2000 Tips & Tricks UPDATE.

About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like