Win2K Upgrade Installations; Print Operator Permissions; Various Win2K Connection Concerns

Determine Whether Win2K Is a New Install or an Upgrade
Here’s a quick way to determine whether a Windows 2000 system is a new install or an upgrade from an older OS. Win2K Setup creates a text file, winnt\system32\$winnt$.inf, that lists the actions that Setup performs when it installs the OS. The .inf file's \[data\] section contains a set of variables similar to the following list:

unattendedinstall = "no"
floppylessbootpath = "no"
producttype = "winnt"
standardserverupgrade = "no"
winntupgrade = "no"
win9xupgrade = "no"
win31upgrade = "no"
   sourcepath = "\device\cdrom0\"
   floppyless = "0"
   msdosinitiated = "0"

When the upgrade variables (e.g., winntupgrade) are set to "no," the OS that this .inf file describes is a clean install. When you upgrade from another OS to Win2K, Setup sets the corresponding upgrade variable to "yes." Other variables in this section indicate whether the install ran in unattended mode and whether it ran with setup floppies, and specify the location of the installation files (e.g., CD-ROM or network share). See Microsoft article Q258504 for details.

Win2K Print Operators Group Can't Add Third-Party Print Drivers
Members of the Windows 2000 Print Operators group have the necessary rights to create and manage print queues, but members encounter an access-denied error when they try to install third-party print drivers. When you add a print driver, Win2K copies the printer’s .inf file to the %systemroot%\inf directory. By default, the Print Operators group doesn't have write permission to this folder; as a result, the operation fails with an access-denied message.

Several workarounds exist for this problem. You can log on with an Administrator account and either install the printer driver or copy the .inf file to the Inf directory. Alternatively, if you want to let members of the Print Operators group install new third-party printers and create print queues, you can give these users write access to the Inf directory. This problem doesn't occur when a Print Operator attempts to install a native Win2K printer because Setup copies the .inf file for all native drivers to the Inf directory. Microsoft article Q259574 explains this problem in more detail.

Enable and Disable Win2K Disk Write Caching
Disk caching is similar to memory caching. When you enable disk write caching, the OS buffers data in an intermediate location before copying the data to the hard disk. Write caching enhances performance because when data is in the buffer, the device driver doesn’t wait for the write to complete before fetching more data. However, when you buffer data, you risk losing the data if the system crashes before the driver transfers data to the disk.

For reliability reasons, Win2K disables disk write caching. However, some third-party applications require you to enable or disable disk write caching. To accomplish this task, right-click My Computer and click Properties. Go to the Hardware tab, and click the Device Manager button. Expand the Disk Drives key, and right-click the drive on which you want to enable or disable disk write caching. Select Properties, click the Disk Properties tab, and either select or clear the Write Cache Enabled check box.

When you enable disk write caching, Win2K displays the following message to warn you about the potential downside: "By enabling write caching, file system corruption and/or data loss could occur if the machine experiences a power, device or system failure and cannot be shutdown properly." For more details, see Microsoft article Q259716.

Random DHCP Leases
Microsoft article Q263217 explains a potentially puzzling problem. All Windows 2000 platforms include the Internet Connection Sharing (ICS) feature. When you install Win2K on a system with a network adapter, Win2K sets the ICS service to start automatically when you boot the system. ICS lets multiple remote users share one Internet connection by sharing the network adapter. To accomplish the sharing, ICS uses a trimmed-down version of DHCP, a DHCP allocator, to assign default gateway and DNS settings to remote ICS clients. The remote client uses these values while accessing the Internet via the shared connection.

Here’s the puzzling part of this matter. If you disable or remove the network adapter that supports ICS connections but you don't disable the ICS service, the service continues to offer DHCP addresses to Win2K clients on the network. So, for example, when a user boots a Win2K DHCP client, the client requests a DHCP address. The Win2K system running ICS incorrectly responds to the client request with a DHCP lease.

In this situation, the remote client might receive a lease that contains the IP address, default gateway, and DNS settings of the system running the ICS service. This means a DHCP client can receive a lease from a computer running Win2K that isn't a DHCP server and doesn't currently have ICS enabled on any adapter. To avoid this problem, you must stop and disable the ICS service on the system providing leases. You can stop and disable ICS with the Services applet in Administrative Tools.

Win2K Legacy Client VPN Connections
I receive email every week from users trying to troubleshoot problems connecting legacy VPN clients to a Windows 2000 server. Sometimes VPN clients can connect, but are disconnected after a fixed interval; other times, only one client can connect. More common, legacy clients can't establish a VPN connection with the server. Readers often tell me that the only information they see on a VPN client is the message

"Error 629: The port was disconnected by the remote machine" 

Although numerous reasons exist why a client might not be able to connect, here’s one situation in which this problem will always occur. A VPN server might have one network adapter and multiple IP addresses or multiple network adapters and multiple IP addresses. To properly route incoming traffic on a multihomed server, you need to configure only one network adapter with a default gateway (the second adapter’s gateway is typically blank). If you configure your VPN server this way, when a legacy client sends a PPTP-connection request to one IP address, the VPN server can respond with a different IP address. The client notices that the reply address is different from the requesting address, terminates the connection attempt, and displays the "port was disconnected" message. To avoid this mixed-address problem, configure legacy PPTP clients to connect to the first IP address that is bound to the VPN server's network interface. Also, make sure that you define a gateway on the interface that is responding to connection requests.

In most cases, Win2K VPN clients don't end the connection when the VPN server replies with a different IP address. However, if the Win2K VPN client has Internet Connection Sharing (ICS) or network address translation (NAT) enabled, the Win2K VPN client ends the connection. See Microsoft article Q271731.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.