\[Editor's Note: Share your Windows 2000 and Windows NT discoveries, comments, problems, solutions, and experiences with products and reach out to other Windows 2000 Magazine readers (including Microsoft). Email your contributions (400 words or less) to [email protected] Please include your phone number. We edit submissions for style, grammar, and length. If we print your submission, you'll get $100.\]
Win95 Systems Logging On to an NT Domain
If you have a Windows NT domain that includes both NT and Windows 95 workstations, you've probably experienced this problem. When a Win95 machine loses the network connection, the domain field of the logon prompt disappears. You can see only the username and password fields, even though Client for Microsoft Networks is installed and you've selected the Primary Network Logon option on the Control Panel Network applet's Configuration tab. One solution is to add a Microsoft NetBEUI protocol (e.g., TCP/IP) to the configuration, restart the system, then remove NetBEUI.
In the past few months, attacks on individual computers seem to be more frequent. On my Windows NT system, which uses a cable modem, I thought I had sufficient security settings to keep unwanted people out of my system. However, after using Gibson Research's Shields Up! utility, I discovered how inadequate my security settings were. When I researched a third-party solution, I had trouble finding a cheap firewall that worked with NT.
Then I discovered Zone Labs' ZoneAlarm 2.1 personal firewall software. This product's rule-based system of setup is easy, and when I ran Shields Up! after installing ZoneAlarm, my connection was completely invisible. The product asks you what programs or services on your system you want to let access the Internet and be accessed from the Internet. One of ZoneAlarm's key features is that it displays warnings of all attempts to access your computer, listing the IP address of the connecting system and the service or port that IP address is trying to access. ZoneAlarm works on NT and Windows 9x.
Add Windows Explorer Context Menu Options
In Windows 2000, when you right-click a file or folder in Windows Explorer, you get a context menu that displays various actions that you can perform on the file, such as Open, Copy, and Delete. With a small addition to the Registry, you can add options to this context menu that let you choose a directory to which you can copy or move the file or folder. Run regedit, and navigate to the HKEY_CLASSES_ROOTAllFilesystemObjects\shellex\Context MenuHandlers subkey. From the Edit menu, click New, Key; type
as the key name, then press Enter. Select the Copy To key you just created, and double-click the (Default) value in the right-hand pane. Set the value to
and click OK. The string contains only numbers and letters that come before G in the alphabet, so don't mistake the number 0 for the letter O. Close the Registry editor, and restart Windows Explorer. (You don't have to reboot for the change to take effect.) Right-click a file or folder, and the context menu will list a Copy To option. Selecting this option will open a Browse for Folder dialog box in which you can drill down to find the folder you want to copy the selected files or folders to. Click OK to complete the copy.
To add a Move To option to the Windows Explorer context menu, follow the previous instructions. However, when you add the new key, name it Move To and set the (Default) value to
Selecting the Move To option from the context menu will open the same Browse for Folder dialog box that the Copy To option brings up, but the resulting action will be a move instead of a copy.
Display Last Logon Time and Date
For security reasons, users in our organization need access to their last successful logon time and date. Our clients consist of Windows NT Workstation 4.0 and Windows 95 systems that connect to an NT Server 4.0 domain. For our login script processor, we use the Microsoft Windows NT Server 4.0 Resource Kit KiXtart utility, so I created the Lastlog .txt script in Listing 1, page 26, to display users' last logon time and date as well as a security notice.
To work, the script depends on the existence of a hidden share (i.e., SHARE1$) on the server (i.e., SERVER1). In addition, users must have change NTFS rights to the subdirectory associated to the share.
WinMSD Batch File
The Windows NT Diagnostics tool, WinMSD, provides administrators with useful and detailed configuration information. Unfortunately, few administrators have time to run this utility on every network NT system. To automate this task, I use the At command to run a batch file, RunWinMSD.bat, which Listing 2 shows. This batch file gathers the WinMSD files for every NT computer specified. To schedule the batch file, use the following command at a command prompt on the system from which you want to gather this information:
at \\mycomputer 06:00 /interactive /every:F c:\batchfiles\winmsd.bat
Apply Security Database Templates for Win2K Application Compatibility
My company uses applications that aren't Windows 2000 blessed. To handle these applications, Microsoft lets you apply security database (.sdb) templates that change the OS's default security settings. Microsoft even supplies a template that brings your Win2K installation to a Windows NT 4.0 compatibility level. The following steps walk you through how to manually apply the security database.
In the Start menu, click Run, then type
to open Microsoft Management Console (MMC). From MMC's Console menu, click Add/Remove Snap-in, and in the Add/Remove Snap-in dialog box, click Add. Select Security Configuration and Analysis, click Add, select Security Templates, click Add, then click Close in the Add Standalone Snap-in dialog box. In the resulting Add/Remove Snap-in dialog box, click OK. Next, in the MMC Console1 window, right-click Security Configuration and Analysis and select Open Database. Place the new security database (it has a .sdb extension) on the disk. Select the compatws.inf template to import, right-click Security Configuration and Analysis, and select Configure Computer Now. Accept the error log file placement. When the file placement is complete, right-click Security Configuration and Analysis and select the Analyze Computer Now option. Again, accept the error log file placement. To view the newly changed settings and see what types of template files Microsoft supplies, scroll through the Security Configuration and Analysis tree.
If applications are still causing problems on your system, you can modify the existing templates through the Security Templates snap-in. (A good practice is to always have a backup copy of a template before you modify the existing template.) This routine is particularly useful for clean Win2K installations.
Upgrade from Evaluation Copies
Microsoft gives away 120-day evaluation copies of Windows 2000 Professional, Win2K Server, and Win2K Advanced Server at every opportunity. Unfortunately, maintaining your settings when you upgrade from the evaluation copy to the full version is difficult. The competitive upgrade, which lets you upgrade to Win2K from other software publishers' OSs, requires you to prove that your system is running software that Microsoft has approved for the competitive upgrade option. In addition, you can't use this upgrade option to upgrade from Win2K evaluation software. The version upgrade requires you to have Windows NT 4.0; NT Server 4.0, Terminal Server Edition (WTS); or NT 3.51. This upgrade option searches your system for traces of the software before letting you upgrade. You also can't use this option to upgrade from the evaluation software. These upgrade options leave you no alternative other than to purchase the full version and perform a clean installation, which doesn't let you keep your evaluation version settings.
However, I discovered an executable named appupd.exe that you can download from http://www.microsoft.com/ windows2000/downloads/deployment/ evalupg/default.asp. When you run this program on a system running the evaluation Win2K version, then run the Win2K version upgrade, Win2K won't search your system for any software. Instead, the program prompts you to insert a CD-ROM that has a full version of NT 4.0, NT 3.51, or WTS. The upgrade software will then upgrade the evaluation copy to the full version without hesitation. This upgrade method saves you money in software costs and lets you keep the settings from your evaluation Win2K configuration.
Answers to This Month's Reader Challenge
You can find this month's Reader Challenge on page 22. The correct answers to the questions are as follows:
Corrections to this Article:
- Reader to Reader: "Win95 Systems Logging On to an NT Domain" incorrectly identifies TCP/IP as an example of a NetBEUI protocol. We apologize for any inconvenience this error might have caused.