When it comes to managing Windows, I find myself turning time and time again to two Web sites. My first choice—the Microsoft Knowledge Base (http://support.microsoft.com/?scid=fh;\[ln\];kbhowto)—will be no surprise to anyone who supports Microsoft systems. You might not be as familiar, though, with my second most-visited spot: the Microsoft Download Center (www.microsoft.com/downloads). If your job involves running and fixing Windows networks, these sites offer a goldmine of free information and tools. Here are six of my favorite downloads—and a bonus tip to make navigating the Knowledge Base easier. (Note that I’m not providing specific URLs, for two reasons. First, Microsoft URLs generally are huge. Second, Microsoft loves to rearrange its Web sites every few weeks, so you’d end up spending 5 minutes typing in a complex URL only to get a 404 error message. I find that searching by keywords is the best bet.)
1. The GPMC
My number-one download pick has to be the Microsoft Group Policy Management Console (GPMC) with Service Pack 1 (SP1), released last November. Go to the Download Center, enter "GPMC" in the Keywords search box, and you’ll get a link to this essential tool. GPMC simplifies the use of Group Policy by letting you clearly see which Group Policy settings are configured for your systems and users. GPMC also generates quick summaries of the effects of any given Group Policy Object (GPO) and lets you back up and restore GPOs. This tool is essential, free, and (as of the SP1 version) legal for use even on an all–Windows 2000 network.
2. Windows Firewall
My number-two choice gets its ranking because of its timeliness. Go to the Download Center and run a keyword search on “windows firewall sp2.” You’ll end up with links to two documents: Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2 and Using the Windows Firewall INF File in Microsoft Windows XP Service Pack 2. XP SP2 includes Windows Firewall, an overhauled version of Internet Connection Firewall (ICF), and these two documents include a wealth of information about how to prepare for SP2’s changes to XP’s firewall. (For even more information, run the same search on the Windows & .NET Magazine Network's search site at http://search.winnetmag.com.)
3. Port Requirements
Speaking of XP SP2, Windows Firewall is going to add a new item to most administrators' to-do lists: configuring personal firewalls. If this realization has you struggling with the question of what ports you need to open to enable particular capabilities, run a Download Center keyword search for “port requirements” to find my third-favorite download: an Excel spreadsheet called Port Requirements for Microsoft Windows Server System. This spreadsheet also covers XP functions and details the port numbers associated with file sharing, Active Directory (AD), Remote Desktop, and other features.
4. Delegating AD Administration
Ever struggled with one of AD's greatest—and sometimes most confounding—features? I’m talking about delegation, which lets you create and fine-tune administrator accounts. For example, you can give someone the ability only to force replication between domain controllers (DCs)—but what particular permissions create such restricted power? Search for “delegating administration” on the Download Center and you’ll get a link to my number-four pick: Best Practices for Delegating Active Directory Administration Appendices. This document lists the specific permissions that you must give people to enable particular capabilities. You'll also get a link to the white paper itself, which is worth a read as well.
5. DSRevoke
While we're on the subject of delegation, search the Download Center for “dsrevoke” to find a link to number five, dsrevoke.exe. This nifty command-line utility lets you discover exactly which powers a particular user has on a domain and lets you remove all those powers through just one command.
6. NBLookup
To get my number-six choice, jump over to the Knowledge Base and run a search for "830578." That search will link you to one of my favorite tools, NBLookup (nblookup.exe). Have you ever used NSLookup to troubleshoot DNS problems? If you so, you’ve probably wished you had a similar tool for WINS … and here it is.
Now for that tip I promised. Over time, the Knowledge Base has gotten larger and more difficult to search, as you’ve probably noticed. But Microsoft has paid Google a ton of money to index the Microsoft Web site, and the Google Toolbar is absolutely the best way to find things in the Knowledge Base. First, go to toolbar.google.com, then download and install the Google Toolbar. To search the Knowledge Base, go to http://support.microsoft.com/?scid=fh;\[ln\];kbhowto and type your keywords not into the Knowledge Base Search for box but into the Google Toolbar’s search box. Instead of clicking Search Web on the toolbar, though, click the arrow to the right of that option and select Current Site from the drop-down menu. Give this tip—and the downloads—a try. I think you’ll agree that they're worth your time.
